Infected message delivered

Pavel Zichovsky zichovsky at TRUL.CZ
Wed Aug 11 22:08:13 IST 2004


Unfortunately this patch did not help :(
^M stays in log as before, and messages with virus (EICAR) are treated as
uninfected.
 
Pavel Zichovsky

> -----Pùvodní zpráva-----
> Od: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] za u¾ivatele Julian Field
> Odesláno: 11. srpna 2004 15:02
> Komu: MAILSCANNER at JISCMAIL.AC.UK
> Pøedmìt: Re: [MAILSCANNER] Infected message delivered
> 
> Please try this patch to SweepViruses.pm:
> 
> -----SNIP-----
> --- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
> +++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
> @@ -2474,6 +2474,9 @@
>     #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
>     #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus 
> identified  EICAR_Test (+2)
> 
> +  # Remove all the duff carriage-returns from the line  $line =~ 
> + s/[\r\n]//g;
> +
>     #print STDERR "Line: $line\n";
>     return 0 unless $line =~ /Virus identified  (.+)$/;
> 
> -----SNIP-----
> 
> Let me know if that helps. I need to get a new version of 
> Antivir to work on this.
> 
> At 13:26 11/08/2004, you wrote:
> >Hi there,
> >
> >I am using MailScanner (currently 4.32.5-1) with AVG Antivirus (and 
> >Bitdefender as second antivirus). All was good, but now, 
> when only AVG 
> >indetifies virus (Bitdefender not), Mailscanner will pass message as 
> >uninfected to recipient.
> >
> >Fragment of maillog:
> >-------------------
> >Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 
> >messages,
> >1479 bytes
> >Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: 
> Starting Aug 11 
> >14:10:30 server MailScanner[3547]: Virus and Content Scanning:
> >Starting
> >Aug 11 14:10:31 server MailScanner[3547]:
> >^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified  
> >EICAR_Test
> >(+6)
> >Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: 
> Avg found 1 
> >infections Aug 11 14:10:32 server MailScanner[3547]: Uninfected: 
> >Delivered 1 messages
> >--------------------
> >
> >I suppose, that it is connected with "^M" problem in path 
> (as written 
> >in another message). But virus passing through MailScanner 
> is alarming.
> >
> >What to do with this?
> >
> >With Regards
> >Pavel Zichovsky (zichovsky at trul.cz)
> >
> >-------------------------- MailScanner list ----------------------
> >To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> >Before posting, please see the Most Asked Questions at
> >http://www.mailscanner.biz/maq/     and the archives at
> >http://www.jiscmail.ac.uk/lists/mailscanner.html
> 
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



More information about the MailScanner mailing list