Problems with F-secure and MS

Carl Boberg carl.boberg at NRM.SE
Wed May 7 15:38:48 IST 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks!
It seems to be working now. What was this problem and how did it
arise?

May  7 16:36:55 smtp MailScanner[23677]: New Batch: Scanning 1
messages, 33216 bytes
May  7 16:36:55 smtp MailScanner[23677]: Spam Checks: Starting
May  7 16:36:56 smtp MailScanner[23677]: Virus and Content Scanning:
Starting
May  7 16:36:56 smtp MailScanner[23677]:
./h47Eat2r023690/joke.ex_^Iinfection: W32/Hybris.worm.B
May  7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure
found virus W32/Hybris.worm.B
May  7 16:36:56 smtp MailScanner[23677]: Virus Scanning: F-Secure
found 1 infections
May  7 16:36:56 smtp MailScanner[23677]: Virus Scanning: Found 1
viruses
May  7 16:36:56 smtp MailScanner[23677]: Saved infected "joke.ex_" to
/var/spool/MailScanner/quarantine/20030507/h47Eat2r023690
May  7 16:36:56 smtp MailScanner[23677]: Cleaned: Delivered 1 cleaned
messages

/ carl

>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>Behalf Of Julian Field
>Sent: Wednesday, May 07, 2003 15:23
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Problems with F-secure and MS
>
>
>Please apply this patch to SweepViruses.pm and try it again for me:
>
>--- SweepViruses.pm     2003-05-03 11:10:03.000000000 +0100
>+++ SweepViruses.pm.new 2003-05-07 14:23:13.000000000 +0100
>@@ -1190,7 +1190,8 @@
>    #system("echo -n '$line' | od -c");
>
>    # Lose header
>-  if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i) {
>+  if ($fsecure_InHeader < 0 && $line =~ /version ([\d.]+)/i &&
>+      !$fsecure_Version) {
>      $fsecure_Version = $1 + 0.0;
>      #MailScanner::Log::InfoLog("Found F-Secure version
>$1=$fsecure_Version\n");
>      return 0;
>
>
>At 14:04 07/05/2003, you wrote:
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Are theese sufficient?
>>
>>May  7 15:02:22 smtp MailScanner[19448]: New Batch: Scanning 1
>>messages, 33216 bytes
>>May  7 15:02:22 smtp MailScanner[19448]: Spam Checks: Starting
>>May  7 15:02:22 smtp MailScanner[19448]: Virus and Content
>>Scanning: Starting
>>May  7 15:02:22 smtp MailScanner[19448]: Found F-Secure version
>>3.11=3.11
>>May  7 15:02:22 smtp MailScanner[19448]: Found F-Secure version
>>2003=2003
>>May  7 15:02:22 smtp last message repeated 2 times
>>May  7 15:02:22 smtp MailScanner[19448]:
>>./h47D2Ltq019476/joke.ex_^Iinfection: W32/Hybris.worm.B
>>May  7 15:02:22 smtp MailScanner[19448]: Uninfected: Delivered 1
>>messages
>>
>>/ Carl
>>
>> >-----Original Message-----
>> >From: MailScanner mailing list
>> >[mailto:MAILSCANNER at JISCMAIL.AC.UK]On Behalf Of Julian Field
>> >Sent: Wednesday, May 07, 2003 14:48
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >Subject: Re: Problems with F-secure and MS
>> >
>> >
>> >In SweepViruses.pm (/usr/lib/MailScanner/MailScanner), you will
>> >find a function ProcessFSecureOutput. In there, just after a
>> >"Lose
>> >header"
>> >comment, they will be a line commented out that logs the version
>> >number. Please remove the # from the start of that line, then
>> >restart MailScanner and run an infected message through it. What
>> >did it log?
>> >
>> >At 13:31 07/05/2003, you wrote:
>> >>
>> >>-----BEGIN PGP SIGNED MESSAGE-----
>> >>Hash: SHA1
>> >>
>> >>I found this in the maillog:
>> >>
>> >>May  7 11:47:38 smtp MailScanner[5306]:
>> >>./h479lamb007627/joke.ex_^Iinfection: W32/Hybris.worm.B
>> >>11:40:18 sm7:38 smtp MailScanner[5306]: Uninfected: Delivered 1
>> >>messages
>> >>
>> >>WHAT! It says it is uninfected and delivers as ususal, but has
>> >>found an infection?
>> >>
>> >>Im confused to what might be the problem here...
>> >>
>> >>/ Carl
>> >>
>> >> >-----Original Message-----
>> >> >From: MailScanner mailing list
>> >> >[mailto:MAILSCANNER at JISCMAIL.AC.UK]On Behalf Of Carl Boberg
>> >> >Sent: Wednesday, May 07, 2003 14:05
>> >> >To: MAILSCANNER at JISCMAIL.AC.UK
>> >> >Subject: Problems with F-secure and MS
>> >> >
>> >> >
>> >> >
>> >> >-----BEGIN PGP SIGNED MESSAGE-----
>> >> >Hash: SHA1
>> >> >
>> >> >Hi,
>> >> >I have recently noticed that my f-secure ver. 4.15 on linux is
>> >> >not working with MS
>> >> >anymore... It isnt scanning viruses. I have tested it with
>> >> >eicar and a real virus.
>> >> >Nothing happens! It just passes through.
>> >> >
>> >> >It has been working quite well. I think it might have stopped
>> >> >when i uppgraded to
>> >> >the MS version before last, 4.15 something... I have now
>> >> >uppgraded to 4.20 but still
>> >> >no function.
>> >> >
>> >> >I have checked the config and cant see anything strange. I
>> >> >checked the wrapper script
>> >> >and commented out the check for f-secure 4.50. I tested the
>> >> >wrapper-script:
>> >> >
>> >> >./f-secure-wrapper virus.file
>> >> >
>> >> >and that works. But it doesnt work when I send email through
>> >> >MS...
>> >> >
>> >> >Any idea what this might bee? I am now running latest sophos
>> >> >beta AND f-secure, in that
>> >> >order. Headers in mail with virus says:
>> >> >
>> >> >X-MailScanner: Found to be infected, Found to be clean
>> >> >
>> >> >Would really appreciate som help on this one :-)
>> >> >
>> >> >Best regards
>> >> >- ---------------------------------
>> >> >Carl Boberg
>> >> >System & Network Administrator
>> >> >Dept. of Information Technology
>> >> >Swedish Museum of Natural History
>> >> >Frescativ. 40
>> >> >104 05 Stockholm
>> >> >carl.boberg at nrm.se
>> >> >Phone: 08-519 551 16
>> >> >Mobile: 0701-82 40 55
>> >> >- ---------------------------------
>> >> >
>> >> >-----BEGIN PGP SIGNATURE-----
>> >> >Version: PGPfreeware 7.0.3 for non-commercial use
>> >> ><http://www.pgp.com>
>> >> >
>> >> >iQA/AwUBPrj2hOi5vtTaHS+IEQLcKQCgwtqVS1k9Nld8HXZYI5nq5TKTgzsAn15
>> >> >f Bk36uVPBg7cF9jgCEGKBRW/A
>> >> >=XJbq
>> >> >-----END PGP SIGNATURE-----
>> >>
>> >>-----BEGIN PGP SIGNATURE-----
>> >>Version: PGPfreeware 7.0.3 for non-commercial use
>> >><http://www.pgp.com>
>> >>
>> >>iQA/AwUBPrj8lOi5vtTaHS+IEQKy1wCfaW0Zs3G83aWfrMFeYqQ4cIYku8oAoMaU
>> >>Eu/Ybp4j0uofC5vq/yWwJnAO
>> >>=E1IX
>> >>-----END PGP SIGNATURE-----
>> >
>> >--
>> >Julian Field
>> >www.MailScanner.info
>> >MailScanner thanks transtec Computers for their support
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: PGPfreeware 7.0.3 for non-commercial use
>><http://www.pgp.com>  
>>
>>iQA/AwUBPrkERui5vtTaHS+IEQI1+wCgjBpAlCwh8Skzn1q/VUvOtsWprogAoO4E
>>vVf1HiDAritxlDdJ/OITC/uT
>>=2a9b
>>-----END PGP SIGNATURE-----
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPrkac+i5vtTaHS+IEQLSlwCfd2ug16Y0/p65I3P9HiFT5lrp9+AAoNv3
eyajp/3NzpWHrKMaeCm9kQAM
=b6hk
-----END PGP SIGNATURE-----




More information about the MailScanner mailing list