Sophos and Sophos SAVI

[Julian Field]

At 21:35 15/09/2003, you wrote:

>Just installed Sophos and SophosSAVI following directions on
>www.mailscanner.info
>
>MailScanner seems to spit out the message "Virus Scanning: SophosSAVI
>found 1 infections" for every batch.

Not sure why that is happening. Other people haven't reported it.


>Example:
>
>Sep 15 16:13:32 lime MailScanner[7589]: New Batch: Found 2 messages waiting
>Sep 15 16:13:32 lime MailScanner[7589]: New Batch: Scanning 1 messages,
>5774 bytes
>Sep 15 16:13:32 lime MailScanner[7589]: Spam Checks: Starting
>Sep 15 16:13:41 lime MailScanner[7589]: Virus and Content Scanning: Starting
>Sep 15 16:13:41 lime MailScanner[7589]: Namelist is
>/opt/MailScanner/etc/reports/en/languages.conf
>Sep 15 16:13:42 lime MailScanner[7589]: Virus Scanning: SophosSAVI found 1
>infections
>Sep 15 16:13:44 lime MailScanner[7589]: Uninfected: Delivered 1 messages
>
># grep "Virus Scanning: SophosSAVI found 1 infections" /var/log/syslog |
>wc -l
>      174
># grep INFECTED /var/log/syslog | wc -l
>        2
>#
>
>Is this normail?
>
>I did send an eicar test through the server and it caught that...
>
>Sep 15 15:59:29 lime MailScanner[7581]: INFECTED:: EICAR-AV-Test::
>./h8FJxLN09987/eicar.com.txt
>
>Is there a way to get the scanner name in the report?

Set
Include Scanner Name In Reports = yes
in MailScanner.conf.



>     Report: eicar.com.txt was infected by EICAR-AV-Test
>             eicar.com.txt contains Eicar-Test-Signature
>
>MailScanner 4.20-3 running on Sparc Solaris 8.
>
>Thanks,
>
>Derek Winkler
>Security Administrator
>Algorithmics Inc., Toronto
>Tel: (416) 217-4107
>Fax: (416) 971-6263
>www.algorithmics.com

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support