Silent viruses are silent in logs as well?
Antony Stone
Antony at SOFT-SOLUTIONS.CO.UK
Wed Jul 2 17:40:14 IST 2003
On Wednesday 02 July 2003 5:27 pm, Julian Field wrote:
> At 16:47 02/07/2003, you wrote:
> >I'm trying to get a consistent way to track the effectiveness of the
> >antivirus checking system, which will work across several servers which
> > use different vendors' antivirus engines (but which all use MailScanner).
>
> Look for the syslog entries that are actually the output from each virus
> scanner. They are usually easy to find. Don't rely on any other stats, the
> actual virus scanner reports will tell you everything that it finds.
Unfortunately that means a variable number of reports per infected email (eg
one virus might be picked up by one antivirus engine, another might be picked
up by another, or by both, etc). This makes it difficult to get a reliable
number of "how many emails containing viruses did we block today?"
Just out of interest, have I made an accurate diagnosis that viruses which
are not on the Silent list will result in the "Virus Scanning: Found n
viruses", and viruses which are on the list will not, or is the rule more
complicated than this?
Antony.
--
In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.
In poetry, it is the exact opposite.
- Paul Dirac
More information about the MailScanner
mailing list