ANNOUNCE: more bug fixes
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Oct 22 18:46:53 IST 2002
That log extract shows it finding Klez. Klez is in the default list of
"Silent Viruses" so I wouldn't expect a report in that case.
Please can you try this with the Eicar test file from www.eicar.org?
At 18:14 22/10/2002, you wrote:
>Notifications don't seem to be working here with V4.01-6:
>
>Oct 22 11:30:44 redline sendmail[21488]: g9MGUgb21488:
>from=<dnelzen at cablenet-va.com>, size=133361, class=0, nrcpts=1,
>msgid=<200210221631.g9MGV7n04107 at smtp.cablenet-va.com>, proto=ESMTP,
>daemon=MTA, relay=smtp.cablenet-va.com [24.197.1.58]
>Oct 22 11:30:49 redline MailScanner[14100]: New Batch: Scanning 1
>messages, 133822 bytes
>Oct 22 11:30:49 redline MailScanner[14100]: Spam Checks: Starting
>Oct 22 11:30:49 redline MailScanner[14100]: Spam Checks: Found 0 spam
>messages
>Oct 22 11:30:49 redline MailScanner[14100]: Virus Scanning: Starting
>Oct 22 11:30:50 redline MailScanner[14100]: >>> Virus 'W32/Klez-H' found
>in file ./g9MGUgb21488/.pif
>Oct 22 11:30:50 redline MailScanner[14100]: Virus Scanning: sophos found
>1 infections
>Oct 22 11:30:50 redline MailScanner[14100]: Virus Scanning: Found 1
>viruses
>Oct 22 11:30:51 redline MailScanner[14100]: Other Checks: Starting
>Oct 22 11:30:51 redline MailScanner[14100]: Filename Checks: Possible
>MS-Dos program shortcut attack (.pif)
>Oct 22 11:30:51 redline MailScanner[14100]: Other Checks: Found 1
>problems
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Starting
>Oct 22 11:30:51 redline MailScanner[14100]: HTML IFrame tag found in
>message from dnelzen at cablenet-va.com
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Detected
>Microsoft-specific exploits in g9MGUgb21488
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Need to
>convert HTML to plain text in 1 messages
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Found 1
>problems
>Oct 22 11:30:51 redline MailScanner[14100]: Content Checks: Detected and
>will convert HTML message to plain text in g9MGUgb21488
>Oct 22 11:30:51 redline MailScanner[14100]: Silent: Delivered 1 messages
>containing silent viruses
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list