syslog reporting of viruses found

Dustin Baer dustin.baer at IHS.COM
Fri Jan 4 15:38:45 GMT 2002


Julian Field wrote:
>
> At 15:19 04/01/2002, you wrote:
> >I have noticed that if a file extension is being blocked (e.g. \.exe$)
> >and an infected attachment arrives with that extension (e.g.
> >zacker.exe), the syslog report says that there are two viruses found:
> >
> >Jan  4 08:14:29 mail2.ihs.com mailscanner[25522]: >>> Virus
> >'W32/Maldal-G' found in file ./g04FEIrM025524/ZaCker1.exe
> >Jan  4 08:14:29 mail2.ihs.com mailscanner[25522]: .exe file in
> >ZaCker1.exe
> >Jan  4 08:14:29 mail2.ihs.com mailscanner[25522]: Found 2 viruses in
> >messages g04FEIrM025524
> >
> >This isn't a big deal, but just wanted to make you aware of it, if you
> >weren't already.
>
> I decided not to change it as doing so would break people's automatic log
> analysis scripts.

Unless the log analysis script counts how many viruses were caught based
on that line...which will lead to a "virus + 1" total in this situation
and any other filename included in filename.rules.conf that also
contains a virus.

--

Dustin



More information about the MailScanner mailing list