strange behaviour detected with W32/Mimail@MM

Thu Sep 4 21:03:04 IST 2003

Or else just keep the incoming directory somewhere outside the 
distribution, e.g. /var/spool/MailScanner/incoming.

At 20:54 04/09/2003, you wrote:
>F#&k it!
>You're right... and I _had_ read that before (long time before), but once I
>did a test and I thought it worked 'cause I saw the message from mcafee
>saying that if found the virus...
>
>Then I used symlinks to do smooth upgrades... well it seems I'll have to
>remember to edit the incoming working directory...
>
>Thanx a lot, Julian!
>
>El 4 Sep 2003 a las 20:40, Julian Field escribió:
>
> > Are you using a path containing any links in your MailScanner.conf.
> > You possibly have /app/mailScanner/var/incoming as your working directory?
> > As it says in the conf file, you *must* use the real path, particularly
> > with mcafee.
> >
> > At 20:30 04/09/2003, you wrote:
> > >Hi Julian,
> > >
> > >I know I wrote this a month ago, but I couldn't lay my hands on a spare
> > >server... I upgraded one of the production servers to MailScanner 4.23-11
> > >today and I'm getting the same results.
> > >
> > >I think all the McAfee reports are disappearing from 
> $message->{allreports}
> > >somehow... I think this 'cause I modified the SQL loggin' routines to 
> get a
> > >plain text log in real time and I only see filename reports there, never a
> > >virus report...
> > >
> > >Here's a log sample with the current version of MailScanner:
> > >
> > >Sep  4 16:11:46 or Alerce-OR[24018]: New Batch: Scanning 1 messages, 29148
> > >bytes
> > >Sep  4 16:11:46 or Alerce-OR[24018]: Spam Checks: Starting
> > >Sep  4 16:11:46 or Alerce-OR[24018]: Virus and Content Scanning: Starting
> > >Sep  4 16:11:47 or Alerce-OR[24018]: /app/mailScanner.4.23-
> > >11/var/incoming/24018/130309/message.zip        Found the W32/
> > >Mimail at MM virus !!!
> > >Sep  4 16:11:47 or Alerce-OR[24018]: Virus Scanning: McAfee found 1
> > >infections
> > >Sep  4 16:11:47 or Alerce-OR[24018]: Virus Scanning: Found 1 viruses
> > >Sep  4 16:11:47 or Alerce-OR[24018]: Filename Checks: Allowing msg-24018-
> > >1.txt
> > >Sep  4 16:11:47 or Alerce-OR[24018]: Filename Checks: Allowing message.zip
> > >Sep  4 16:11:47 or Alerce-OR[24018]: Filetype Checks: Allowing msg-24018-
> > >1.txt
> > >Sep  4 16:11:47 or Alerce-OR[24018]: Filetype Checks: Allowing message.zip
> > >Sep  4 16:11:47 or Alerce-OR[24018]: ZM: message 130309 renamed into 
> 1563661
> > >Sep  4 16:11:47 or Alerce-OR[24018]: Uninfected: Delivered 1 messages
> > >
> > >You can see that McAfee does find the virus (and logs it), but lastly, it
> > >says it delivered the message 'cause it was uninfected
> > >
>
>--
>Mariano Absatz
>El Baby
>----------------------------------------------------------
>I don't suffer from insanity. I enjoy every minute of it.

-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support