Silent viruses are silent in logs as well?

Antony Stone Antony at SOFT-SOLUTIONS.CO.UK
Wed Jul 2 16:47:23 IST 2003

On Wednesday 02 July 2003 4:39 pm, Raymond Dijkxhoorn wrote:

> Hi!
> > Is it correct that a silent virus isn't even reported as Found in the
> > syslogs?
> >
> > I think I'd prefer it if my syslogs told me everything my server had
> > found, even if it doesn't try to bounce back to the (false) sender...
> I have this:
> Jul  2 17:37:49 vmx10 MailScanner[12118]:
> /var/spool/MailScanner/incoming/12118/h62FbA90013905/>deta
>ils.pif Infection: W32/Sobig.E at mm
> Jul  2 17:37:49 vmx10 MailScanner[12118]: Virus Scanning: F-Prot found
> virus W32/Sobig.E at mm
> And as you know, i posted my silent list yesterday, this is in my silent
> list also. So no, i dont think its not reporting those. In my case it
> certainly is....

Well, almost...

I think if you look for a virus which isn't on your silent list, you will
*also* find in the syslog file an entry, after all the antivirus engines have
said they found something, saying:

Virus Scanning: Found 1 viruses

The reason I'm interested in this is that this message only appears once for
each mail which is scanned and found to contain a virus - the others (naming
the particular antivirus engine which identified the infection) can appear
multiple times per message, depending on how many antivirus engines you use,
and also vary a bit in syntax between the different engines.

I'm trying to get a consistent way to track the effectiveness of the
antivirus checking system, which will work across several servers which use
different vendors' antivirus engines (but which all use MailScanner).



How I want a drink, alcoholic of course, after the heavy chapters
involving quantum mechanics.

 - 3.14159265358979

More information about the MailScanner mailing list