Hacked in virus scanner, now it won't clean
Thomas DuVally
thomas_duvally at BROWN.EDU
Wed Dec 4 16:44:32 GMT 2002
Julian, you are the man!
I looked again at the code and realized that v4 adds the PID as a
directory in incoming. My hack has the number of directories to the
file taken into account, and the change threw it all off.
Thank you, it works now!
On Wed, 2002-12-04 at 11:17, Julian Field wrote:
> My guess would be that's it not extracting the infected filename out of the
> virus scanner report properly.
>
> At 16:01 04/12/2002, you wrote:
> >I may not understand some of the options in v4, so bare with me:
> >
> >I've looked into the archives and found no real help on this one, so
> >here's my problem.
> >
> >I've added support for Symantec Carrier Scanner, which is working great
> >in 3.22-14 in production (200K messages per day)
> >
> >I've gotten 4.10-1 patched and it DOES scan, but the infected messages
> >still get delivered. Here is what the log shows:
> >
> >
> >mailscanner[5744]: New Batch: Scanning 1 messages, 121180 bytes
> >mailscanner[5744]: Spam Checks: Starting
> >mailscanner[5744]: Virus and Content Scanning: Starting
> >mailscanner[5744]: Infected:
> >/MailScanner/venus/spool/incoming/5744/gB4Fel205792/install.exe
> >mailscanner[5744]: Info: W32.Klez.H at mm
> >mailscanner[5744]: Virus Scanning: symcmd found 1 infections
> >mailscanner[5744]: Virus Scanning: Found 1 viruses
> >mailscanner[5744]: Uninfected: Delivered 1 messages
> >
> >It looks like mailscanner did recognize that the virus scanner (called
> >symcmd here) found a virus, but the last line seems to show it regards
> >it uninfected and sends it along as such.
> >
> >The received messages has the infected file attached and mailscanner has
> >tagged the messages as "Found to be clean".
> >
> >If this is a simple conf file issue, I'll feel stupid, but thankful.
> >
> >
> >--
> >Thomas J. DuVally
> >Lead Systems Prog.
> >CIS, Brown Univ.
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
--
Thomas DuVally
Lead Sys. Prog.
CIS, Brown Univ.
401.863.9466
More information about the MailScanner
mailing list