Mailscanner Logging Anomaly
Joan Bryan
joan.bryan at KCL.AC.UK
Fri Apr 26 12:25:16 IST 2002
In trying to analyse the number of different viruses received in one day
there is a slight anomaly in the reporting of the virus type found and
attachments with suspicious extentions in the mailscanner log.
In the extraction from the mailscanner log shown below mailscanner has
reported finding 2 viruses in a message, however the mail.info message has
reported just the one virus type in one message and simply named the
suspicious extension in the second message.
I wonder if it is possible to separate suspicious extensions from viruses in
the mailscanner log in a future release?
Thanks very much.
Log extract:-
Apr 25 01:32:21 angelo mailscanner[19176]: Going to scan 2 messages
Apr 25 01:32:22 angelo mailscanner[19176]: Possible MS-Dos program shortcut
attack in Geocities_Free_sites.TXT.pif
Apr 25 01:32:22 angelo mailscanner[19176]: Found 2 viruses in messages
g380WKPL022628
Apr 25 01:32:22 angelo mailscanner[19176]: Scanned 2 messages, 462023 bytes
in 1 seconds
Apr 25 01:32:23 angelo mailscanner[19176]: Saved infections to
/var/spool/MailScanner/quarantine/20020408/g380WKPL022628
Apr 25 01:32:23 angelo mailscanner[19176]: About to deliver 1 messages
Apr 25 01:32:23 angelo mailscanner[19176]: Notified senders about 1
infections
Apr 25 01:32:23 angelo mailscanner[19176]: Notified virus-info at kcl.ac.uk
about 1 infections
Apr 25 01:32:24 angelo mailscanner: [ID 702911 mail.info]
/var/spool/MailScanner/incoming/g380WKPL022628/Geocities_Free_sites.TXT.pif
Apr 25 01:32:24 angelo mailscanner: [ID 702911 mail.info] Found the
W95/MTX at M virus !!!
Apr 25 01:32:24 angelo mailscanner: [ID 702911 mail.info] The file
has been deleted.
Apr 25 01:32:24 angelo mailscanner[19176]: Commercial disinfector mcafee
returned 3072
Joan
Joan Bryan
C&IT Services
Unix System Team
King's College London
020 7848 2671
mailto:joan.bryan at kcl.ac.uk
More information about the MailScanner
mailing list