Reporting quirqs
Steve Freegard
steve.freegard at LBSLTD.CO.UK
Tue Apr 29 15:10:58 IST 2003
Jason,
> Maybe Clam is the cause?
Looks like you are correct - I've changed my settings to say "Virus Scanners
= sophossavi sophos" and now I get:
>>> Warning: This message has had one or more attachments removed
>>> Warning: (eicar_com.zip).
>>> Warning: Please read the "VirusWarning.txt" attachment(s) for more
information.
>>> At Tue Apr 29 13:59:08 2003 the virus scanner said:
>>> SophosSAVI: eicar_com.zip was infected by EICAR-AV-Test
>>> Sophos: >>> Virus 'EICAR-AV-Test' found in file eicar_com.zip/eicar.com
Regards,
Steve.
-----Original Message-----
From: Desai, Jason [mailto:jase at SENSIS.COM]
Sent: 29 April 2003 13:49
To: MAILSCANNER at jiscmail.ac.uk
And I can confirm this too with Clam and McAfee. Maybe Clam is the cause?
Jason
> -----Original Message-----
> From: Steve Freegard [mailto:steve.freegard at LBSLTD.CO.UK]
> Sent: Tuesday, April 29, 2003 6:43 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Reporting quirqs
>
>
> Raymond/Julian,
>
> I can confirm a similar reporting error with SophosSAVI and Clam with
> 'Include Scanner Name In Reports = yes'
>
> > Warning: This message has had one or more attachments removed
> > Warning: (ClamAV: eicar_com.zip, eicar_com.zip).
> > Warning: Please read the "VirusWarning.txt" attachment(s) for more
> information.
>
> <--SNIP-->
> > At Tue Apr 29 11:33:20 2003 the virus scanner said:
> > SophosSAVI: eicar_com.zip was infected by EICAR-AV-Test
> <--SNIP-->
>
> The ClamAV report is shown in the warning header, and the
> SAVI report is
> shown in the attachment.
>
> Regards,
> Steve.
>
> -----Original Message-----
> From: Raymond Dijkxhoorn [mailto:raymond at PROLOCATION.NET]
> Sent: 29 April 2003 07:14
> To: MAILSCANNER at jiscmail.ac.uk
>
> Hi!
>
> I got a virus mailed myself, and noticed this:
>
> Warning: This message has had one or more attachments removed
> Warning: (LGKJPCLG.EXE, ClamAV: LGKJPCLG.EXE).
> Warning: Please read the "VirusWarning.txt" attachment(s) for more
> information.
>
>
> This is a message from the MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail attachment "LGKJPCLG.EXE"
> was believed to be infected by a virus and has been replaced by this
> warning
> message.
>
> If you wish to receive a copy of the *infected* attachment, please
> e-mail helpdesk and include the whole of this message
> in your request. Alternatively, you can call them, with
> the contents of this message to hand when you call.
>
> At Time::tm=ARRAY(0x90952b4) the virus scanner said:
> F-Prot: LGKJPCLG.EXE Infection: W32/Hybris.worm.B
> Executable DOS/Windows programs are dangerous in email
> (LGKJPCLG.EXE)
>
> The 'At Time::' isnt right it seems :)
> Its with MailScanner-4.15-9, f-prot and clamav.
>
> It also looks strange that the inline warning tells ClamAV: and the
> attachment only tells about f-prot ...
>
> Bye,
> Raymond.
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.lbsltd.co.uk
> **********************************************************************
>
More information about the MailScanner
mailing list