syslog reporting of viruses found

Julian Field jkf at ecs.soton.ac.uk
Fri Jan 4 15:22:48 GMT 2002


At 15:19 04/01/2002, you wrote:
>I have noticed that if a file extension is being blocked (e.g. \.exe$)
>and an infected attachment arrives with that extension (e.g.
>zacker.exe), the syslog report says that there are two viruses found:
>
>Jan  4 08:14:29 mail2.ihs.com mailscanner[25522]: >>> Virus
>'W32/Maldal-G' found in file ./g04FEIrM025524/ZaCker1.exe
>Jan  4 08:14:29 mail2.ihs.com mailscanner[25522]: .exe file in
>ZaCker1.exe
>Jan  4 08:14:29 mail2.ihs.com mailscanner[25522]: Found 2 viruses in
>messages g04FEIrM025524
>
>This isn't a big deal, but just wanted to make you aware of it, if you
>weren't already.

I decided not to change it as doing so would break people's automatic log
analysis scripts.

>   I do like the fact that the syslog now reports when
>attachments are quarantined due to the filename.rules.conf file.
>
>Thanks,
>
>Dustin Baer
>Unix Administrator
>Information Handling Services
>15 Inverness Way East
>Englewood, CO 80112
>303-397-2836

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list