Infected message delivered

Pavel Zichovsky zichovsky at TRUL.CZ
Wed Aug 11 22:48:39 IST 2004 

Yes, I am now runnig MailScanner in debug mode to see what it does with
messages. So it is started/stopped on every batch.

If patch solved it to you, maybe I applied patch incorrectly... Could you
please send me whole patched SweepViruses.pm?

Thanks in advance

With regards
Pavel Zichovsky (zichovsky at trul)
 

> 
> Pavel,
> 
>         This solved for me.
> 
>         You stop and star Mailscanner ?
> 
> Vladimir M Costa
> 
> 
> > Unfortunately this patch did not help :( ^M stays in log as before, 
> > and messages with virus (EICAR) are treated as uninfected.
> >  
> > Pavel Zichovsky
> > 
> > 
> >>-----Původní zpráva-----
> >>Od: MailScanner mailing list
> >>[mailto:MAILSCANNER at JISCMAIL.AC.UK] za u¾ivatele Julian Field
> >>Odesláno: 11. srpna 2004 15:02
> >>Komu: MAILSCANNER at JISCMAIL.AC.UK
> >>Předmět: Re: [MAILSCANNER] Infected message delivered
> >>
> >>Please try this patch to SweepViruses.pm:
> >>
> >>-----SNIP-----
> >>--- SweepViruses.pm.old    2004-08-05 16:25:35.000000000 +0100
> >>+++ SweepViruses.pm     2004-08-11 14:00:25.000000000 +0100
> >>@@ -2474,6 +2474,9 @@
> >>    #./1B978O-0000g2-Iq/eicar.com  Virus identified  EICAR_Test (+2)
> >>    #./1B978O-0000g2-Iq/eicar.zip:\eicar.com  Virus identified  
> >>EICAR_Test (+2)
> >>
> >>+  # Remove all the duff carriage-returns from the line  $line =~ 
> >>+ s/[\r\n]//g;
> >>+
> >>    #print STDERR "Line: $line\n";
> >>    return 0 unless $line =~ /Virus identified  (.+)$/;
> >>
> >>-----SNIP-----
> >>
> >>Let me know if that helps. I need to get a new version of 
> Antivir to 
> >>work on this.
> >>
> >>At 13:26 11/08/2004, you wrote:
> >>
> >>>Hi there,
> >>>
> >>>I am using MailScanner (currently 4.32.5-1) with AVG 
> Antivirus (and 
> >>>Bitdefender as second antivirus). All was good, but now,
> >>
> >>when only AVG
> >>
> >>>indetifies virus (Bitdefender not), Mailscanner will pass 
> message as 
> >>>uninfected to recipient.
> >>>
> >>>Fragment of maillog:
> >>>-------------------
> >>>Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1 
> >>>messages,
> >>>1479 bytes
> >>>Aug 11 14:10:28 server MailScanner[3547]: Spam Checks: 
> >>
> >>Starting Aug 11
> >>
> >>>14:10:30 server MailScanner[3547]: Virus and Content Scanning:
> >>>Starting
> >>>Aug 11 14:10:31 server MailScanner[3547]:
> >>>^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin  Virus identified 
> >>>EICAR_Test
> >>>(+6)
> >>>Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning: 
> >>
> >>Avg found 1
> >>
> >>>infections Aug 11 14:10:32 server MailScanner[3547]: Uninfected: 
> >>>Delivered 1 messages
> >>>--------------------
> >>>
> >>>I suppose, that it is connected with "^M" problem in path
> >>
> >>(as written
> >>
> >>>in another message). But virus passing through MailScanner
> >>
> >>is alarming.
> >>
> >>>What to do with this?
> >>>
> >>>With Regards
> >>>Pavel Zichovsky (zichovsky at trul.cz)
> >>>
> >>>-------------------------- MailScanner list ----------------------
> >>>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> >>>Before posting, please see the Most Asked Questions at
> >>>http://www.mailscanner.biz/maq/     and the archives at
> >>>http://www.jiscmail.ac.uk/lists/mailscanner.html
> >>
> >>--
> >>Julian Field
> >>www.MailScanner.info
> >>MailScanner thanks transtec Computers for their support
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>-------------------------- MailScanner list ----------------------
> >>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> >>Before posting, please see the Most Asked Questions at
> >>http://www.mailscanner.biz/maq/     and the archives at
> >>http://www.jiscmail.ac.uk/lists/mailscanner.html
> >>
> > 
> > 
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ 
> (http://www.mailscanner.biz/maq/) and the archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list