Problems with F-secure and MS

Wed May 7 13:48:11 IST 2003

In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will find a
function ProcessFSecureOutput. In there, just after a "Lose header"
comment, they will be a line commented out that logs the version number.
Please remove the # from the start of that line, then restart MailScanner
and run an infected message through it. What did it log?

At 13:31 07/05/2003, you wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I found this in the maillog:
>
>May  7 11:47:38 smtp MailScanner[5306]:
>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B
>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1
>messages
>
>WHAT! It says it is uninfected and delivers as ususal, but has found
>an infection?
>
>Im confused to what might be the problem here...
>
>/ Carl
>
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> >Behalf Of Carl Boberg
> >Sent: Wednesday, May 07, 2003 14:05
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Problems with F-secure and MS
> >
> >
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Hi,
> >I have recently noticed that my f-secure ver. 4.15 on linux is not
> >working with MS
> >anymore... It isnt scanning viruses. I have tested it with eicar and
> >a real virus.
> >Nothing happens! It just passes through.
> >
> >It has been working quite well. I think it might have stopped when i
> >uppgraded to
> >the MS version before last, 4.15 something... I have now uppgraded
> >to 4.20 but still
> >no function.
> >
> >I have checked the config and cant see anything strange. I checked
> >the wrapper script
> >and commented out the check for f-secure 4.50. I tested the
> >wrapper-script:
> >
> >./f-secure-wrapper virus.file
> >
> >and that works. But it doesnt work when I send email through MS...
> >
> >Any idea what this might bee? I am now running latest sophos beta
> >AND f-secure, in that
> >order. Headers in mail with virus says:
> >
> >X-MailScanner: Found to be infected, Found to be clean
> >
> >Would really appreciate som help on this one :-)
> >
> >Best regards
> >- ---------------------------------
> >Carl Boberg
> >System & Network Administrator
> >Dept. of Information Technology
> >Swedish Museum of Natural History
> >Frescativ. 40
> >104 05 Stockholm
> >carl.boberg at nrm.se
> >Phone: 08-519 551 16
> >Mobile: 0701-82 40 55
> >- ---------------------------------
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: PGPfreeware 7.0.3 for non-commercial use
> ><http://www.pgp.com>
> >
> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15f
> >Bk36uVPBg7cF9jgCEGKBRW/A
> >=XJbq
> >-----END PGP SIGNATURE-----
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU
>Eu/Ybp4j0uofC5vq/yWwJnAO
>=E1IX
>-----END PGP SIGNATURE-----

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support