CLAMAV

Raymond Dijkxhoorn raymond at PROLOCATION.NET
Tue Apr 29 00:39:26 IST 2003 

Hi!

Just a short note, i installed clamav to do some testing and i was a
little surprised on its behaviour...

Nothing on MS, just something for user running clam ... :)

See:

Apr 29 01:34:41 vmx01 MailScanner[8197]: New Batch: Scanning 1 messages,
331018 bytes
Apr 29 01:34:41 vmx01 MailScanner[8197]: Spam Checks: Starting
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus and Content Scanning:
Starting
Apr 29 01:34:42 vmx01 MailScanner[8197]:
/var/spool/MailScanner/incoming/8197/./h3SNYekp008205/test.zip->Gaq.scr
Infection: W32/Klez.H at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: F-Prot found
virus W32/Klez.H at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]:
/var/spool/MailScanner/incoming/8197/./h3SNYekp008205/test.zip->Hacker.scr
Infection: W32/Lentin.H at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: F-Prot found
virus W32/Lentin.H at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]:
/var/spool/MailScanner/incoming/8197/./h3SNYekp008205/test.zip->Movie_0074.mpeg.pif
Infection: W32/Sobig.A at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: F-Prot found
virus W32/Sobig.A at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]:
/var/spool/MailScanner/incoming/8197/./h3SNYekp008205/test.zip->picacu.exe
Infection: W32/Klez.H at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: F-Prot found
virus W32/Klez.H at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]:
/var/spool/MailScanner/incoming/8197/./h3SNYekp008205/test.zip->xx.scr
Infection: W32/Ganda.A at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: F-Prot found
virus W32/Ganda.A at mm
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: F-Prot found 5
infections
Apr 29 01:34:42 vmx01 MailScanner[8197]: Autodetected 2 CPUs. Starting 2
threads.
Apr 29 01:34:42 vmx01 MailScanner[8197]:
/var/spool/MailScanner/incoming/8197/./h3SNYekp008205/test.zip:
Worm/Klez.H FOUND
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: ClamAV found 1
infections
Apr 29 01:34:42 vmx01 MailScanner[8197]: Virus Scanning: Found 1 viruses
Apr 29 01:34:42 vmx01 MailScanner[8197]: Saved infected "ClamAV: test.zip"
to /var/spool/MailScanner/quarantine/20030429/h3SNYekp008205
Apr 29 01:34:43 vmx01 MailScanner[8197]: Saved infected "test.zip" to
/var/spool/MailScanner/quarantine/20030429/h3SNYekp00820

It looks like it only scans the first virus and then stops.
F-prot found 5, Clan found 1, and that one was present twice in the same
zip, looks really weird to me :)

Bye,
Raymond.

More information about the MailScanner mailing list