strange behaviour detected with W32/Mimail@MM

Thu Sep 4 20:40:18 IST 2003

Are you using a path containing any links in your MailScanner.conf.
You possibly have /app/mailScanner/var/incoming as your working directory?
As it says in the conf file, you *must* use the real path, particularly 
with mcafee.

At 20:30 04/09/2003, you wrote:
>Hi Julian,
>
>I know I wrote this a month ago, but I couldn't lay my hands on a spare
>server... I upgraded one of the production servers to MailScanner 4.23-11
>today and I'm getting the same results.
>
>I think all the McAfee reports are disappearing from $message->{allreports}
>somehow... I think this 'cause I modified the SQL loggin' routines to get a
>plain text log in real time and I only see filename reports there, never a
>virus report...
>
>Here's a log sample with the current version of MailScanner:
>
>Sep  4 16:11:46 or Alerce-OR[24018]: New Batch: Scanning 1 messages, 29148
>bytes
>Sep  4 16:11:46 or Alerce-OR[24018]: Spam Checks: Starting
>Sep  4 16:11:46 or Alerce-OR[24018]: Virus and Content Scanning: Starting
>Sep  4 16:11:47 or Alerce-OR[24018]: /app/mailScanner.4.23-
>11/var/incoming/24018/130309/message.zip        Found the W32/
>Mimail at MM virus !!!
>Sep  4 16:11:47 or Alerce-OR[24018]: Virus Scanning: McAfee found 1
>infections
>Sep  4 16:11:47 or Alerce-OR[24018]: Virus Scanning: Found 1 viruses
>Sep  4 16:11:47 or Alerce-OR[24018]: Filename Checks: Allowing msg-24018-
>1.txt
>Sep  4 16:11:47 or Alerce-OR[24018]: Filename Checks: Allowing message.zip
>Sep  4 16:11:47 or Alerce-OR[24018]: Filetype Checks: Allowing msg-24018-
>1.txt
>Sep  4 16:11:47 or Alerce-OR[24018]: Filetype Checks: Allowing message.zip
>Sep  4 16:11:47 or Alerce-OR[24018]: ZM: message 130309 renamed into 1563661
>Sep  4 16:11:47 or Alerce-OR[24018]: Uninfected: Delivered 1 messages
>
>You can see that McAfee does find the virus (and logs it), but lastly, it
>says it delivered the message 'cause it was uninfected
>
>El 4 Aug 2003 a las 10:33, Mariano Absatz escribió:
>
> > These are a couple of production servers, I'll see if I can find a spare
> > machine, set everything up and tell you later today.
> >
> > El 3 Aug 2003 a las 21:53, Julian Field escribió:
> >
> > > Can you confirm that this is still a problem with the latest MailScanner
> > > please?
> > >
> > > I can't immediately see why it would do this.
> > >
> > > If this is still a problem, then it's obviously something I need to 
> take a
> > > look at urgently.
> > >
> > > At 01:26 02/08/2003, you wrote:
> > > >I know, I know... my mailer decide to use base64 no matter I told it
> > > >otherwise... well, the log excerpts are at
> > > >http://baby.com.ar/MailScanner/mailscanner-log-excerpts
> > > >
> > > >Thanx.
> > > >
> > > >El 1 Aug 2003 a las 21:21, Mariano Absatz escribió:
> > > >
> > > > >
> > > > > I'm enclosing a text file with results from everyone of these tests.
> > > > >
> > > > > For every test I put the relevant log lines from syslog (luckily
> > > > enough, the
> > > > > trafic was so low, that every test message passed thru 
> mailscanner as a
> > > > > complete batch).
> > > > >
> > > > > Following it there are 2 or 3 lines (MSG: / TO : / RPT:) that are
> > > > equivalent
> > > > > to the mysql log (generated by &AlerceLogging, that is a modified
> > > > version of
> > > > > SQLLogging that doesn't do any SQL).
> > > > >
> > > > > Finally, the relevant MailScanner header lines in the received 
> message.
> > > > >
> > > >
> > > >--
> > > >Mariano Absatz
> > > >El Baby
> > > >----------------------------------------------------------
> > > >Always remember you're unique, just like everyone else.
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > Professional Support Services at www.MailScanner.biz
> > > MailScanner thanks transtec Computers for their support
> >
> >
> > --
> > Mariano Absatz
> > El Baby
> > ----------------------------------------------------------
> > The instructions said to use Windows 98 or better,
> > so I installed GNU/Linux 2.4.
>
>
>--
>Mariano Absatz
>El Baby
>----------------------------------------------------------
>Lottery: A tax on people who are bad at math.

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support