Antivir and Clam patches

Marcel Blenkers marcel at IRC-ADDICTS.DE
Fri Aug 13 19:00:28 IST 2004 

Hi there,

ok..i patched the original SweepViruses.pm with the applied patch.

First the good news:

The RAR-File with the Eicar-Test-File within was blocked.

Now the depressing part..

but i do got some error-messages..and it said, within the mail would be 3
infected files..even if there is only one ..

secondary..how can i get rid of those entries within my logfile..

i just would like to see

Incoming Mail
Checking Mail
Infected..

as it worked within the past.

within my config of MailScanner it says NO to every Log-Entry possible..

and now..

my Logfile-Excerpt...if you would like to see it:

Aug 13 19:56:02 marcel MailScanner[23384]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug 13 19:56:05 marcel MailScanner[23384]: Using locktype = flock
Aug 13 19:56:12 marcel MailScanner[23395]: MailScanner E-Mail Virus
Scanner version 4.32.5 starting...
Aug 13 19:56:15 marcel MailScanner[23395]: Using locktype = flock
Aug 13 19:56:18 marcel sendmail-in[23400]: i7DHuHV9023400:
from=<emailcheck-robot at ct.heise.de>, size=1927, class=0, nrcpts=1,
msgid=<E1BvgHk-00040o-00.octo20 at www.heise.de>, proto=ESMTP, daemon=MTA,
relay=www.heise.de [193.99.144.71]
Aug 13 19:56:20 marcel MailScanner[23384]: New Batch: Scanning 1 messages,
2405 bytes
Aug 13 19:56:23 marcel MailScanner[23384]: Virus and Content Scanning:
Starting
Aug 13 19:56:24 marcel MailScanner[23384]: UNRAR 3.00 freeware
Copyright (c) 1993-2002 Eugene Roshal
Aug 13 19:56:24 marcel MailScanner[23384]: ProcessClamAVOutput:
unrecognised line "UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene
Roshal". Please contact the authors!
Aug 13 19:56:24 marcel MailScanner[23384]:
/tmp/clamav.23409/clamav-7d5afde136b48adc/eicar.com: Eicar-Test-Signature
FOUND
Aug 13 19:56:24 marcel MailScanner[23384]:
/tmp/clamav.23409/clamav-545f3ac5700ba6ea/eicar.rar: Infected Archive
FOUND
Aug 13 19:56:24 marcel MailScanner[23384]: (Real infected archive:
/var/spool/MailScanner/incoming/23384/./i7DHuHV9023400/eicar.rar)
Aug 13 19:56:24 marcel MailScanner[23384]: Virus Scanning: ClamAV found 3
infections
Aug 13 19:56:25 marcel MailScanner[23384]: Infected message i7DHuHV9023400
came from 193.99.144.71
Aug 13 19:56:25 marcel MailScanner[23384]: Saved infected "eicar.rar" to
/var/spool/MailScanner/quarantine/20040813/i7DHuHV9023400
Aug 13 19:56:25 marcel MailScanner[23384]: Silent: Delivered 1 messages
containing silent viruses
Aug 13 19:56:26 marcel sendmail[23430]: i7DHuPIR023430: from=postmaster,
size=1164, class=0, nrcpts=1,
msgid=<200408131756.i7DHuPIR023430 at marcel.netfinish.de>,
relay=root at localhost
Aug 13 19:56:26 marcel sendmail-in[23435]: i7DHuQV9023435:
from=<postmaster at marcel.netfinish.de>, size=1435, class=0, nrcpts=1,
msgid=<200408131756.i7DHuPIR023430 at marcel.netfinish.de>, proto=ESMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Aug 13 19:56:27 marcel sendmail[23430]: i7DHuPIR023430: to=postmaster,
delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=30073,
relay=localhost.netfinish.de. [127.0.0.1], dsn=2.0.0, stat=Sent
(i7DHuQV9023435 Message accepted for delivery)
Aug 13 19:56:27 marcel MailScanner[23384]: Notices: Warned about 1
messages
Aug 13 19:56:27 marcel MailScanner[23384]: New Batch: Scanning 1 messages,
1908 bytes
Aug 13 19:56:29 marcel sendmail[23431]: i7DHuHV9023400:
to=<marcel at irc-addicts.de>, delay=00:00:11, xdelay=00:00:04, mailer=local,
pri=120515, dsn=2.0.0, stat=Sent
Aug 13 19:56:30 marcel MailScanner[23384]: Virus and Content Scanning:
Starting
Aug 13 19:56:32 marcel MailScanner[23384]: Uninfected: Delivered 1
messages
Aug 13 19:56:35 marcel sendmail[23462]: i7DHuQV9023435: to=root,
delay=00:00:09, xdelay=00:00:03, mailer=local, pri=120344, dsn=2.0.0,
stat=Sent


On Fri, 13 Aug 2004, Julian Field wrote:

> At 18:02 13/08/2004, you wrote:
> > > Attached to this message is a patch file for SweepViruses.pm which
> >
> >Am I blind or did you forget to attach it? :-)
>
> It's been a long day...
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list