Infected message delivered

Julian Field mailscanner at ecs.soton.ac.uk
Wed Aug 11 14:02:00 IST 2004 

<x-flowed>
Please try this patch to SweepViruses.pm:

-----SNIP-----
--- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
+++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
@@ -2474,6 +2474,9 @@
    #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
    #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus identified  EICAR_Test (+2)

+  # Remove all the duff carriage-returns from the line
+  $line =~ s/[\r\n]//g;
+
    #print STDERR "Line: $line\n";
    return 0 unless $line =~ /Virus identified  (.+)$/;

-----SNIP-----

Let me know if that helps. I need to get a new version of Antivir to work
on this.

At 13:26 11/08/2004, you wrote:
>Hi there,
>
>I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and
>Bitdefender as second antivirus). All was good, but now, when only AVG
>indetifies virus (Bitdefender not), Mailscanner will pass message as
>uninfected to recipient.
>
>Fragment of maillog:
>-------------------
>Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 messages,
>1479 bytes
>Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: Starting
>Aug 11 14:10:30 server MailScanner[3547]: Virus and Content Scanning:
>Starting
>Aug 11 14:10:31 server MailScanner[3547]:
>^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified  EICAR_Test
>(+6)
>Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: Avg found 1
>infections
>Aug 11 14:10:32 server MailScanner[3547]: Uninfected: Delivered 1 messages
>--------------------
>
>I suppose, that it is connected with "^M" problem in path (as written in
>another message). But virus passing through MailScanner is alarming.
>
>What to do with this?
>
>With Regards
>Pavel Zichovsky (zichovsky at trul.cz)
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
</x-flowed>

More information about the MailScanner mailing list