3.23-1 swearing like a pirate...

Julian Field mailscanner at ecs.soton.ac.uk
Tue Sep 24 18:23:31 IST 2002 

Okay, sorted.

You can either apply this patch to explode.pl or else give me 5 minutes and
you can download 3.23-2.

--- explode.pl.old      Tue Sep 24 18:34:51 2002
+++ explode.pl  Tue Sep 24 18:34:21 2002
@@ -343,7 +343,7 @@
    for ($i=0; $i<@parts; $i++) {
      ($infectednum=$i),last if $parts[$i]==$infected;
    }
-  Log::WarnLog("Oh shit, missed infected entity in message :-( $MsgId"),
return
+  Log::WarnLog("Oh bother, missed infected entity in message :-( $MsgId"),
return
      if $infectednum<0;

    # Now to actually do something about it...
@@ -420,6 +420,10 @@
                        $id,
                        $filename,
                        $basedir);
+
+      # If we just replaced the entire message, don't try any more
+      # disinfecting (cleaning) on this message as it isn't there any more.
+      last if $file eq "";
      }

      # Mark the message as disinfected, if the user wants us to

At 17:20 24/09/2002, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Tuesday 24 September 2002 11:06, Julian Field wrote:
> > At 03:12 24/09/2002, you wrote:
> > >Julian,
> > >    I upgraded from 3.22-14 to 3.23-1 this afternoon and my syslog file
> > >looks a wee bit more profane than before.  I'm getting a lot of "oh shit"
> > >complaints, eg:
> >
> >     # Now to actually do something about it...
> >
> > Can you try sending yourself one and confirm whether MailScanner has
> > actually disabled the Microsoft-specific exploit or not. I can't get it to
> > go wrong on my system :-(
> >
>
>I too have some swearing in the log file. It seems that when the antivirus
>finds a virus in a message suffering from a Microsoft-specific exploit (in
>these days, Klez), the message is triggered.
>
>I also noticed that in these cases the infected file, that used to linger in
>the quarantine directory, is cancelled.
>My quarantine directories are now almost empty, just containing the 'message'
>files, besides a few exceptions for non-Klez viri.
>
>Maurizio
>
>- --
>______
>      / Maurizio M. Munafo'                         /   dMMMMMMMMb  dMMMMb
>     / Dip. di Elettronica - Politecnico di Torino /   dMP"dMP"dMP    "dMP
>    / Corso Duca degli Abruzzi 24                 /   dMP dMP dMP   dMMK"
>   / I-10129 Torino (Italia)                     /   dMP dMP dMP     dMF
>  / Tel: +39 011 5644128  Fax: +39 011 5644099  /   dMP dMP dMP dMMMMP"
>/ E-mail: munafo at polito.it                    /__________________________
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.6 (GNU/Linux)
>Comment: For info see http://www.gnupg.org
>
>iD8DBQE9kJDQtgCCNnfQWWkRAm7/AJ9XH3j4qylEZaaAFEdK4Ip03BWVnACfVRTM
>eUjJ4XKoep7RsUY7aXIkuZs=
>=aQiX
>-----END PGP SIGNATURE-----

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list