Infected message delivered
Vladimir M Costa
cpd at UNIVAP.BR
Thu Aug 12 12:59:40 IST 2004
Pavell,
I'm sending the Sweep file in off.
Vladimir M Costa
> Yes, I am now runnig MailScanner in debug mode to see what it does with
> messages. So it is started/stopped on every batch.
>
> If patch solved it to you, maybe I applied patch incorrectly... Could you
> please send me whole patched SweepViruses.pm?
>
> Thanks in advance
>
> With regards
> Pavel Zichovsky (zichovsky at trul)
>
>
>
>>Pavel,
>>
>> This solved for me.
>>
>> You stop and star Mailscanner ?
>>
>>Vladimir M Costa
>>
>>
>>
>>>Unfortunately this patch did not help :( ^M stays in log as before,
>>>and messages with virus (EICAR) are treated as uninfected.
>>>
>>>Pavel Zichovsky
>>>
>>>
>>>
>>>>-----Původní zpráva-----
>>>>Od: MailScanner mailing list
>>>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] za u^Þivatele Julian Field
>>>>Odesláno: 11. srpna 2004 15:02
>>>>Komu: MAILSCANNER at JISCMAIL.AC.UK
>>>>Předmět: Re: [MAILSCANNER] Infected message delivered
>>>>
>>>>Please try this patch to SweepViruses.pm:
>>>>
>>>>-----SNIP-----
>>>>--- SweepViruses.pm.old 2004-08-05 16:25:35.000000000 +0100
>>>>+++ SweepViruses.pm 2004-08-11 14:00:25.000000000 +0100
>>>>@@ -2474,6 +2474,9 @@
>>>> #./1B978O-0000g2-Iq/eicar.com Virus identified EICAR_Test (+2)
>>>> #./1B978O-0000g2-Iq/eicar.zip:\eicar.com Virus identified
>>>>EICAR_Test (+2)
>>>>
>>>>+ # Remove all the duff carriage-returns from the line $line =~
>>>>+ s/[\r\n]//g;
>>>>+
>>>> #print STDERR "Line: $line\n";
>>>> return 0 unless $line =~ /Virus identified (.+)$/;
>>>>
>>>>-----SNIP-----
>>>>
>>>>Let me know if that helps. I need to get a new version of
>>
>>Antivir to
>>
>>>>work on this.
>>>>
>>>>At 13:26 11/08/2004, you wrote:
>>>>
>>>>
>>>>>Hi there,
>>>>>
>>>>>I am using MailScanner (currently 4.32.5-1) with AVG
>>
>>Antivirus (and
>>
>>>>>Bitdefender as second antivirus). All was good, but now,
>>>>
>>>>when only AVG
>>>>
>>>>
>>>>>indetifies virus (Bitdefender not), Mailscanner will pass
>>
>>message as
>>
>>>>>uninfected to recipient.
>>>>>
>>>>>Fragment of maillog:
>>>>>-------------------
>>>>>Aug 11 14:10:28 server MailScanner[3547]: New Batch: Scanning 1
>>>>>messages,
>>>>>1479 bytes
>>>>>Aug 11 14:10:28 server MailScanner[3547]: Spam Checks:
>>>>
>>>>Starting Aug 11
>>>>
>>>>
>>>>>14:10:30 server MailScanner[3547]: Virus and Content Scanning:
>>>>>Starting
>>>>>Aug 11 14:10:31 server MailScanner[3547]:
>>>>>^M^M^M^M^M^M^M./i7BCALN04049/msg-3547-3.bin Virus identified
>>>>>EICAR_Test
>>>>>(+6)
>>>>>Aug 11 14:10:31 server MailScanner[3547]: Virus Scanning:
>>>>
>>>>Avg found 1
>>>>
>>>>
>>>>>infections Aug 11 14:10:32 server MailScanner[3547]: Uninfected:
>>>>>Delivered 1 messages
>>>>>--------------------
>>>>>
>>>>>I suppose, that it is connected with "^M" problem in path
>>>>
>>>>(as written
>>>>
>>>>
>>>>>in another message). But virus passing through MailScanner
>>>>
>>>>is alarming.
>>>>
>>>>
>>>>>What to do with this?
>>>>>
>>>>>With Regards
>>>>>Pavel Zichovsky (zichovsky at trul.cz)
>>>>>
>>>>>-------------------------- MailScanner list ----------------------
>>>>>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>>>>>Before posting, please see the Most Asked Questions at
>>>>>http://www.mailscanner.biz/maq/ and the archives at
>>>>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>>>
>>>>--
>>>>Julian Field
>>>>www.MailScanner.info
>>>>MailScanner thanks transtec Computers for their support
>>>>
>>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list