Hacked in virus scanner, now it won't clean
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Dec 4 16:17:57 GMT 2002
My guess would be that's it not extracting the infected filename out of the
virus scanner report properly.
At 16:01 04/12/2002, you wrote:
>I may not understand some of the options in v4, so bare with me:
>
>I've looked into the archives and found no real help on this one, so
>here's my problem.
>
>I've added support for Symantec Carrier Scanner, which is working great
>in 3.22-14 in production (200K messages per day)
>
>I've gotten 4.10-1 patched and it DOES scan, but the infected messages
>still get delivered. Here is what the log shows:
>
>
>mailscanner[5744]: New Batch: Scanning 1 messages, 121180 bytes
>mailscanner[5744]: Spam Checks: Starting
>mailscanner[5744]: Virus and Content Scanning: Starting
>mailscanner[5744]: Infected:
>/MailScanner/venus/spool/incoming/5744/gB4Fel205792/install.exe
>mailscanner[5744]: Info: W32.Klez.H at mm
>mailscanner[5744]: Virus Scanning: symcmd found 1 infections
>mailscanner[5744]: Virus Scanning: Found 1 viruses
>mailscanner[5744]: Uninfected: Delivered 1 messages
>
>It looks like mailscanner did recognize that the virus scanner (called
>symcmd here) found a virus, but the last line seems to show it regards
>it uninfected and sends it along as such.
>
>The received messages has the infected file attached and mailscanner has
>tagged the messages as "Found to be clean".
>
>If this is a simple conf file issue, I'll feel stupid, but thankful.
>
>
>--
>Thomas J. DuVally
>Lead Systems Prog.
>CIS, Brown Univ.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list