strange behaviour detected with W32/Mimail@MM

Mariano Absatz mailscanner at LISTS.COM.AR
Thu Sep 4 20:54:38 IST 2003 

F#&k it!
You're right... and I _had_ read that before (long time before), but once I 
did a test and I thought it worked 'cause I saw the message from mcafee 
saying that if found the virus...

Then I used symlinks to do smooth upgrades... well it seems I'll have to 
remember to edit the incoming working directory... 

Thanx a lot, Julian!

El 4 Sep 2003 a las 20:40, Julian Field escribió:

> Are you using a path containing any links in your MailScanner.conf.
> You possibly have /app/mailScanner/var/incoming as your working directory?
> As it says in the conf file, you *must* use the real path, particularly 
> with mcafee.
> 
> At 20:30 04/09/2003, you wrote:
> >Hi Julian,
> >
> >I know I wrote this a month ago, but I couldn't lay my hands on a spare
> >server... I upgraded one of the production servers to MailScanner 4.23-11
> >today and I'm getting the same results.
> >
> >I think all the McAfee reports are disappearing from $message->{allreports}
> >somehow... I think this 'cause I modified the SQL loggin' routines to get a
> >plain text log in real time and I only see filename reports there, never a
> >virus report...
> >
> >Here's a log sample with the current version of MailScanner:
> >
> >Sep  4 16:11:46 or Alerce-OR[24018]: New Batch: Scanning 1 messages, 29148
> >bytes
> >Sep  4 16:11:46 or Alerce-OR[24018]: Spam Checks: Starting
> >Sep  4 16:11:46 or Alerce-OR[24018]: Virus and Content Scanning: Starting
> >Sep  4 16:11:47 or Alerce-OR[24018]: /app/mailScanner.4.23-
> >11/var/incoming/24018/130309/message.zip        Found the W32/
> >Mimail at MM virus !!!
> >Sep  4 16:11:47 or Alerce-OR[24018]: Virus Scanning: McAfee found 1
> >infections
> >Sep  4 16:11:47 or Alerce-OR[24018]: Virus Scanning: Found 1 viruses
> >Sep  4 16:11:47 or Alerce-OR[24018]: Filename Checks: Allowing msg-24018-
> >1.txt
> >Sep  4 16:11:47 or Alerce-OR[24018]: Filename Checks: Allowing message.zip
> >Sep  4 16:11:47 or Alerce-OR[24018]: Filetype Checks: Allowing msg-24018-
> >1.txt
> >Sep  4 16:11:47 or Alerce-OR[24018]: Filetype Checks: Allowing message.zip
> >Sep  4 16:11:47 or Alerce-OR[24018]: ZM: message 130309 renamed into 1563661
> >Sep  4 16:11:47 or Alerce-OR[24018]: Uninfected: Delivered 1 messages
> >
> >You can see that McAfee does find the virus (and logs it), but lastly, it
> >says it delivered the message 'cause it was uninfected
> >

--
Mariano Absatz
El Baby
----------------------------------------------------------
I don't suffer from insanity. I enjoy every minute of it.

More information about the MailScanner mailing list