'Include Scanner Name In Reports' query...
Julian Field
mailscanner at ecs.soton.ac.uk
Fri Apr 25 10:35:11 IST 2003
At 10:19 25/04/2003, you wrote:
>Hello all...
>
>I've got 'Include Scanner Name In Reports = yes' set in MailScanner.conf.
>
>In the 'admin' message (i.e. message generated when virus is intercepted)
>I see:
>
>The following e-mail messages were found to have viruses in them:
>
><snip snip>
> MessageID: 2F18414A13B
> Report: SophosSAVI:TMA FORM- Hsm(e) HS203.doc was infected by WM97/Ethan
> F-Prot:
> /var/spool/MailScanner/incoming/27430/./2F18414A13B/TMA FORM- Hsm(e)
> HS203.doc Infection: W97M/Ethan.A
> McAfee: /2F18414A13B/TMA FORM- Hsm(e) HS203.doc Found
> the W97M/Ethan.a virus !!!
>
>... which I like.
>
>However, in the message to the sender to warn them of their possible
>infection, I also see:
>
>Our virus detector has just been triggered by a message you sent:-
><snip>
>Report: SophosSAVI:TMA FORM- Hsm(e) HS203.doc was infected by WM97/Ethan
>F-Prot: TMA FORM- Hsm(e) HS203.doc Infection: W97M/Ethan.A
>McAfee: TMA FORM- Hsm(e) HS203.doc Found the W97M/Ethan.a virus !!!
>
>It's just a pedantic point, and one that has been mentioned before, but is
>there a way of avoiding revealing the names of the AV scanners going out
>the senders? I think it was mentioned in the past with respect to people
>identifying which AV scanners are being used at a site... it always pays
>to be paranoid ;)
>
>Is this possible, does it involve major Perl brain surgery, or is it not a
>feature people are particularly using?
It's a real pain to do it, as currently the user reports and sysadmin
notices are built from the same array of strings. So you either get them
always or not at all. Sorry about that.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list