Sophos issues

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Thu Jan 23 13:48:05 GMT 2003 

Hello,

Yesterday I added Sophos to McAfee as my virus scanners in MS.  I then
noticed the following messages in my logs:
Jan 22 12:21:20 smtp2 MailScanner[10906]: Could not check ./h0MHL9O22471/StAR2001_2002Fleury et alH.rar/StAR2001_2002Fleury et alH.doc (format not supported)
Jan 22 12:21:20 smtp2 MailScanner[10906]: Could not check ./h0MHL9O22471/StAR2001_2002Fleury et alH.rar (corrupt)
Jan 22 12:21:20 smtp2 MailScanner[10906]: Virus Scanning: sophos found 2 infections
Jan 22 12:21:20 smtp2 MailScanner[10906]: Virus Scanning: Found 2 viruses
Jan 22 12:21:20 smtp2 MailScanner[10906]: Saved infected "StAR2001_2002Fleury et alH.rar (corrupt)" to /quarantaine/usherbrooke/20030122/h0MHL9O22471
Jan 22 12:21:20 smtp2 MailScanner[10906]: Saved infected "StAR2001_2002Fleury et alH.rar" to /quarantaine/usherbrooke/20030122/h0MHL9O22471
Jan 22 12:58:33 smtp2 MailScanner[10824]: Could not check ./h0MHwPO31882/Calendrier2003.pps (corrupt)
Jan 22 12:58:33 smtp2 MailScanner[10824]: Could not check ./h0MHwPO31882/Calendrier2003.pps (corrupt)
Jan 22 12:58:34 smtp2 MailScanner[10824]: Virus Scanning: sophos found 1 infections
Jan 22 12:58:34 smtp2 MailScanner[10824]: Virus Scanning: Found 1 viruses
Jan 22 12:58:34 smtp2 MailScanner[10824]: Saved infected "Calendrier2003.pps (corrupt)" to /quarantaine/hermes/20030122/h0MHwPO31882
Jan 22 16:26:55 smtp2 MailScanner[22132]: Could not check ./h0MLQmO04098/winmail.dat (corrupt)
Jan 22 16:26:55 smtp2 MailScanner[22132]: Virus Re-scanning: sophos found 1 infections                                                                          Jan 22 16:26:55 smtp2 MailScanner[22132]: Disinfection: Rescan found only 1 viruses

I checked my old logs and these messages had never appeared before I
added Sophos so I'm pretty sure it is the culprit.  McAfee didn't
complain about those files.

I'm running version 4.11-1 on RH 7.3 with the external winmail.dat
extractor.

The problem is annoying because the attachments were not transmitted to
the users and even though MS informed them that they were quarantined in
directory X, they are not there except for the RAR file. For the others,
the directory is empty.

Until this issue is resolved I deactivated Sophos.  Anyhow the Sophos
quote I received was based on the number of users my mail gateways
protect and was way too expensive for us.

Thanks again!

Denis
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list