Problems with F-secure and MS

Julian Field mailscanner at ecs.soton.ac.uk
Wed May 7 14:22:58 IST 2003 

Please apply this patch to SweepViruses.pm and try it again for me:

--- SweepViruses.pm     2003-05-03 11:10:03.000000000 +0100
+++ SweepViruses.pm.new 2003-05-07 14:23:13.000000000 +0100
@@ -1190,7 +1190,8 @@
    #system("echo -n '$line' | od -c");

    # Lose header
-  if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i) {
+  if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i &&
+      !$fsecure_Version) {
      $fsecure_Version = $1 + 0.0;
      #MailScanner::Log::InfoLog("Found F-Secure version
$1=$fsecure_Version\n");
      return 0;


At 14:04 07/05/2003, you wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Are theese sufficient?
>
>May  7 15:02:22 smtp MailScanner[19448]: New Batch: Scanning 1
>messages, 33216 bytes
>May  7 15:02:22 smtp MailScanner[19448]: Spam Checks: Starting
>May  7 15:02:22 smtp MailScanner[19448]: Virus and Content Scanning:
>Starting
>May  7 15:02:22 smtp MailScanner[19448]: Found F-Secure version
>3.11=3.11
>May  7 15:02:22 smtp MailScanner[19448]: Found F-Secure version
>2003=2003
>May  7 15:02:22 smtp last message repeated 2 times
>May  7 15:02:22 smtp MailScanner[19448]:
>./h47D2Ltq019476/joke.ex_^Iinfection: W32/Hybris.worm.B
>May  7 15:02:22 smtp MailScanner[19448]: Uninfected: Delivered 1
>messages
>
>/ Carl
>
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> >Behalf Of Julian Field
> >Sent: Wednesday, May 07, 2003 14:48
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Re: Problems with F-secure and MS
> >
> >
> >In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will find
> >a function ProcessFSecureOutput. In there, just after a "Lose
> >header"
> >comment, they will be a line commented out that logs the version
> >number. Please remove the # from the start of that line, then
> >restart MailScanner and run an infected message through it. What did
> >it log?
> >
> >At 13:31 07/05/2003, you wrote:
> >>
> >>-----BEGIN PGP SIGNED MESSAGE-----
> >>Hash: SHA1
> >>
> >>I found this in the maillog:
> >>
> >>May  7 11:47:38 smtp MailScanner[5306]:
> >>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B
> >>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1
> >>messages
> >>
> >>WHAT! It says it is uninfected and delivers as ususal, but has
> >>found an infection?
> >>
> >>Im confused to what might be the problem here...
> >>
> >>/ Carl
> >>
> >> >-----Original Message-----
> >> >From: MailScanner mailing list
> >> >[mailto:MAILSCANNER at JISCMAIL.AC.UK]On Behalf Of Carl Boberg
> >> >Sent: Wednesday, May 07, 2003 14:05
> >> >To: MAILSCANNER at JISCMAIL.AC.UK
> >> >Subject: Problems with F-secure and MS
> >> >
> >> >
> >> >
> >> >-----BEGIN PGP SIGNED MESSAGE-----
> >> >Hash: SHA1
> >> >
> >> >Hi,
> >> >I have recently noticed that my f-secure ver. 4.15 on linux is
> >> >not working with MS
> >> >anymore... It isnt scanning viruses. I have tested it with eicar
> >> >and a real virus.
> >> >Nothing happens! It just passes through.
> >> >
> >> >It has been working quite well. I think it might have stopped
> >> >when i uppgraded to
> >> >the MS version before last, 4.15 something... I have now
> >> >uppgraded to 4.20 but still
> >> >no function.
> >> >
> >> >I have checked the config and cant see anything strange. I
> >> >checked the wrapper script
> >> >and commented out the check for f-secure 4.50. I tested the
> >> >wrapper-script:
> >> >
> >> >./f-secure-wrapper virus.file
> >> >
> >> >and that works. But it doesnt work when I send email through
> >> >MS...
> >> >
> >> >Any idea what this might bee? I am now running latest sophos beta
> >> >AND f-secure, in that
> >> >order. Headers in mail with virus says:
> >> >
> >> >X-MailScanner: Found to be infected, Found to be clean
> >> >
> >> >Would really appreciate som help on this one :-)
> >> >
> >> >Best regards
> >> >- ---------------------------------
> >> >Carl Boberg
> >> >System & Network Administrator
> >> >Dept. of Information Technology
> >> >Swedish Museum of Natural History
> >> >Frescativ. 40
> >> >104 05 Stockholm
> >> >carl.boberg at nrm.se
> >> >Phone: 08-519 551 16
> >> >Mobile: 0701-82 40 55
> >> >- ---------------------------------
> >> >
> >> >-----BEGIN PGP SIGNATURE-----
> >> >Version: PGPfreeware 7.0.3 for non-commercial use
> >> ><http://www.pgp.com>
> >> >
> >> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15f
> >> >Bk36uVPBg7cF9jgCEGKBRW/A
> >> >=XJbq
> >> >-----END PGP SIGNATURE-----
> >>
> >>-----BEGIN PGP SIGNATURE-----
> >>Version: PGPfreeware 7.0.3 for non-commercial use
> >><http://www.pgp.com>
> >>
> >>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU
> >>Eu/Ybp4j0uofC5vq/yWwJnAO
> >>=E1IX
> >>-----END PGP SIGNATURE-----
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBPrkERui5vtTaHS+IEQI1+wCgjBpAlCwh8Skzn1q/VUvOtsWprogAoO4E
>vVf1HiDAritxlDdJ/OITC/uT
>=2a9b
>-----END PGP SIGNATURE-----

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list