Sophos and Sophos SAVI

Mon Sep 15 21:35:39 IST 2003

Just installed Sophos and SophosSAVI following directions on
www.mailscanner.info

MailScanner seems to spit out the message "Virus Scanning: SophosSAVI found
1 infections" for every batch.

Example:

Sep 15 16:13:32 lime MailScanner[7589]: New Batch: Found 2 messages waiting
Sep 15 16:13:32 lime MailScanner[7589]: New Batch: Scanning 1 messages, 5774
bytes
Sep 15 16:13:32 lime MailScanner[7589]: Spam Checks: Starting
Sep 15 16:13:41 lime MailScanner[7589]: Virus and Content Scanning: Starting
Sep 15 16:13:41 lime MailScanner[7589]: Namelist is
/opt/MailScanner/etc/reports/en/languages.conf
Sep 15 16:13:42 lime MailScanner[7589]: Virus Scanning: SophosSAVI found 1
infections
Sep 15 16:13:44 lime MailScanner[7589]: Uninfected: Delivered 1 messages

# grep "Virus Scanning: SophosSAVI found 1 infections" /var/log/syslog | wc
-l
     174
# grep INFECTED /var/log/syslog | wc -l
       2
#

Is this normail?

I did send an eicar test through the server and it caught that...

Sep 15 15:59:29 lime MailScanner[7581]: INFECTED:: EICAR-AV-Test::
./h8FJxLN09987/eicar.com.txt

Is there a way to get the scanner name in the report?

    Report: eicar.com.txt was infected by EICAR-AV-Test
            eicar.com.txt contains Eicar-Test-Signature

MailScanner 4.20-3 running on Sparc Solaris 8.

Thanks,

Derek Winkler
Security Administrator
Algorithmics Inc., Toronto
Tel: (416) 217-4107
Fax: (416) 971-6263
www.algorithmics.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030915/c199fea7/attachment.html