Silent viruses are silent in logs as well?
Antony Stone
Antony at SOFT-SOLUTIONS.CO.UK
Wed Jul 2 16:47:23 IST 2003
On Wednesday 02 July 2003 4:39 pm, Raymond Dijkxhoorn wrote:
> Hi!
>
> > Is it correct that a silent virus isn't even reported as Found in the
> > syslogs?
> >
> > I think I'd prefer it if my syslogs told me everything my server had
> > found, even if it doesn't try to bounce back to the (false) sender...
>
> I have this:
>
> Jul 2 17:37:49 vmx10 MailScanner[12118]:
> /var/spool/MailScanner/incoming/12118/h62FbA90013905/your_details.zip->deta
>ils.pif Infection: W32/Sobig.E at mm
> Jul 2 17:37:49 vmx10 MailScanner[12118]: Virus Scanning: F-Prot found
> virus W32/Sobig.E at mm
>
> And as you know, i posted my silent list yesterday, this is in my silent
> list also. So no, i dont think its not reporting those. In my case it
> certainly is....
Well, almost...
I think if you look for a virus which isn't on your silent list, you will
*also* find in the syslog file an entry, after all the antivirus engines have
said they found something, saying:
Virus Scanning: Found 1 viruses
The reason I'm interested in this is that this message only appears once for
each mail which is scanned and found to contain a virus - the others (naming
the particular antivirus engine which identified the infection) can appear
multiple times per message, depending on how many antivirus engines you use,
and also vary a bit in syntax between the different engines.
I'm trying to get a consistent way to track the effectiveness of the
antivirus checking system, which will work across several servers which use
different vendors' antivirus engines (but which all use MailScanner).
Antony.
--
How I want a drink, alcoholic of course, after the heavy chapters
involving quantum mechanics.
- 3.14159265358979
More information about the MailScanner
mailing list