'Include Scanner Name In Reports' query...

[Peter Bates]

Hello all...

I've got 'Include Scanner Name In Reports = yes' set in MailScanner.conf.

In the 'admin' message (i.e. message generated when virus is intercepted) I see:

The following e-mail messages were found to have viruses in them:

<snip snip>
 MessageID: 2F18414A13B
    Report: SophosSAVI:TMA FORM- Hsm(e) HS203.doc was infected by WM97/Ethan
            F-Prot: /var/spool/MailScanner/incoming/27430/./2F18414A13B/TMA FORM- Hsm(e) HS203.doc  Infection: W97M/Ethan.A
            McAfee: /2F18414A13B/TMA FORM- Hsm(e) HS203.doc        Found the W97M/Ethan.a virus !!!

... which I like.

However, in the message to the sender to warn them of their possible infection, I also see:

Our virus detector has just been triggered by a message you sent:-
<snip>
Report: SophosSAVI:TMA FORM- Hsm(e) HS203.doc was infected by WM97/Ethan
F-Prot: TMA FORM- Hsm(e) HS203.doc  Infection: W97M/Ethan.A
McAfee: TMA FORM- Hsm(e) HS203.doc        Found the W97M/Ethan.a virus !!!

It's just a pedantic point, and one that has been mentioned before, but is there a way of avoiding revealing the names of the AV scanners going out the senders? I think it was mentioned in the past with respect to people identifying which AV scanners are being used at a site... it always pays to be paranoid ;)

Is this possible, does it involve major Perl brain surgery, or is it not a feature people are particularly using?

Thanks...





--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838