Log issue

[Carl Boberg]

Hi,
I noticed that MS does a rescan on every virus infected message. That is all
well and good but I have a little problem with this...
Im using David Whiles perlscript to scan the maillog to find viruses which
does this with a regular exp. to find the line with the virus name and the
infected filename. Since MS does the rescan I get the double amount of
viruses in my output...

Question is:
Is the rescan really neccessary? (Probably is a good idea)
If so, can I modify the rescan log entries somehow?
If not, how do I turn it off?

>From my log:

First scan:
...
MailScanner[1281]: New Batch: Scanning 1 messages, 2491 bytes
MailScanner[1281]: Spam Checks: Starting
MailScanner[1281]: [./gA8BPSU01371/eicar.zip] eicar.com^Iinfection:
EICAR_Test_File
MailScanner[1281]: [./gA8BPSU01371/eicar-1.zip] eicar.com^Iinfection:
EICAR_Test_File
MailScanner[1281]: Virus Scanning: f-secure found 2 infections
MailScanner[1281]: Virus Scanning: Found 2 viruses
MailScanner[1281]: Saved infected "eicar-1.zip" to
/.../20021108/gA8BPSU01371
MailScanner[1281]: Saved infected "eicar.zip" to
/.../quarantine/20021108/gA8BPSU01371
MailScanner[1281]: Cleaned: Delivered 1 cleaned messages
....
Then Rescan:
....
MailScanner[1281]: Notices: Warned about 1 messages
MailScanner[1281]: Disinfection: Attempting to disinfect 1 messages
MailScanner[1281]: [./gA8BPSU01371/eicar.zip] eicar.com^Iinfection:
EICAR_Test_File
MailScanner[1281]: [./gA8BPSU01371/eicar-1.zip] eicar.com^Iinfection:
EICAR_Test_File
MailScanner[1281]: Virus Scanning: f-secure found 2 infections
MailScanner[1281]: Disinfection: Rescan found only 2 viruses
....

BTW. Julian Field ROCKS!

Best regards
---------------------------------
Carl Boberg
System & Network Administrator
Dept. of Information Technology
Swedish Museum of Natural History
Frescativ. 40
104 05 Stockholm
carl.boberg at nrm.se
Phone: 08-519 551 16
Mobile: 0701-82 40 55
---------------------------------