Silent viruses not silent anymore

Julian Field mailscanner at ecs.soton.ac.uk
Mon May 5 15:37:06 IST 2003 

At 15:15 05/05/2003, you wrote:
>Hello,
>
>I am running mailscanner-4.14-9 and just found out that the silent virus
>setting is not working:
>Silent Viruses = /etc/MailScanner/rules/viruses.to.delete.conf

In order to be able to distinguish between a virus name (or substring of a 
virus name) that happens to contain "/" characters and the filename of a 
ruleset, the check for this parameter is quite strict.

Rename
         viruses.to.delete.conf
to
         viruses.to.delete.rules
and it should all work (does in 4.20 anyway).

># cat /etc/MailScanner/rules/viruses.to.delete.conf
>FromorTo: default W32/Klez W32/Yaha W32/Bugbear at MM W32/Braid W32/Korvar 
>W32/Sobig W32/Lirva W32/Avril W32/Ganda W32/Lovgate W32/Gibe.gen at MM
>
>I tried both with a Yaha and Gibe virus and I received 2 warnings.
>
>Could this be related to a mod I made to SweepViruses.pm to translate
>McAfee output to French (this used to work with previous versions):
>
># diff SweepViruses.pm SweepViruses.pm.orig
>919,926d918
><   # Modif de Denis Beauchemin le 20021210
><   $currentline =~ s/Found the (.*) (virus) !!!/contient le \2 \1 !!!/;
><   $currentline =~ s/Found the (.*) worm !!!/contient le ver \1 !!!/;
><   # Modif de Denis Beauchemin le 20030103
><   $currentline =~ s/Found the (.*) trojan !!!/contient le cheval de 
>Troie \1 !!!/;
><   # Modif de Denis Beauchemin le 20030313
><   $currentline =~ s/Found trojan or variant (.*) !!!/contient le cheval 
>de Troie \1 !!!/;
><
>
>Here is an excerpt from my log:
>May  5 09:47:43 MailScanner[32466]: Virus and Content Scanning: Starting
>May  5 09:47:44 MailScanner[32466]: McAfee said 
>"/var/spool/MailScanner/incoming/32466/h45DldY00518/gibe.exe"
>May  5 09:47:44 MailScanner[32466]: McAfee said "        Found the 
>W32/Gibe.gen at MM virus !!!"
>May  5 09:47:44 MailScanner[32466]: /h45DldY00518/gibe.exe        contient 
>le virus W32/Gibe.gen at MM !!!
>May  5 09:47:44 MailScanner[32466]: Virus Scanning: McAfee found 1 infections
>May  5 09:47:44 MailScanner[32466]: Virus Scanning: Found 1 viruses
>May  5 09:47:44 MailScanner[32466]: Filename Checks: Fichiers EXE 
>dangereux (gibe.exe)
>May  5 09:47:44 MailScanner[32466]: Other Checks: Found 1 problems
>May  5 09:47:44 MailScanner[32466]: Saved infected "gibe.exe" to 
>/quarantaine/usherbrooke/20030505/h45DldY00518
>May  5 09:47:44 MailScanner[32466]: Uninfected: Delivered 2 messages
>May  5 09:47:44 MailScanner[32466]: Cleaned: Delivered 1 cleaned messages
>May  5 09:47:44 MailScanner[32466]: Sender Warnings: Delivered 1 warnings 
>to virus senders
>
>Thanks again!
>
>Denis
>--
>Denis Beauchemin, analyste
>Université de Sherbrooke, S.T.I.
>T: 819.821.8000x2252 F: 819.821.8045

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list