Quarantine Silent Viruses = no not working ?
Raymond Dijkxhoorn
raymond at PROLOCATION.NET
Sun Jun 20 12:48:39 IST 2004
Hi Julian,
I was just testing with the Quarantine Silent Viruses = no but either i am
doing something wrong or its not working properly.
Currently i am scanning with 3 virus scanners.
This is a sample from the log:
Jun 20 13:44:01 vmx01 MailScanner[18961]: Virus Scanning: F-Prot found
virus W32/Netsky.P at mm
Jun 20 13:44:01 vmx01 MailScanner[18961]: Virus Scanning: F-Prot found 1
infections
Jun 20 13:44:01 vmx01 MailScanner[18961]: ClamAVModule::INFECTED::
Worm.SomeFool.P:: ./1Bc0jl-0004xr-FC/message.scr
Jun 20 13:44:02 vmx01 MailScanner[18961]: Virus Scanning: ClamAV Module
found 1 infections
Jun 20 13:44:02 vmx01 MailScanner[18961]: Infected message
1Bc0jl-0004xr-FC came from 82.217.235.158
Jun 20 13:44:02 vmx01 MailScanner[18961]: Virus Scanning: Found 1 viruses
Jun 20 13:44:02 vmx01 MailScanner[18961]: Filename Checks: Possible virus
hidden in a screensaver (1Bc0jl-0004xr-FC message.scr)
Jun 20 13:44:02 vmx01 MailScanner[18961]: Other Checks: Found 1 problems
Jun 20 13:44:02 vmx01 MailScanner[18961]: Content Checks: Detected
HTML-specific exploits in 1Bc0jl-0004xr-FC
Jun 20 13:44:02 vmx01 MailScanner[18961]: Content Checks: Found 1 problems
Jun 20 13:44:02 vmx01 MailScanner[18961]: Saved infected "message.scr" to
/var/spool/MailScanner/quarantine/20040620/1Bc0jl-0004xr-FC
Jun 20 13:44:02 vmx01 MailScanner[18961]: Saved infected
"msg-18961-2.html" to
/var/spool/MailScanner/quarantine/20040620/1Bc0jl-0004xr-FC
My silent viruslist looks like:
Silent Viruses = Klez Yaha Bugbear Lentin Sobig Mimail Lovelorn Dumaru
Gibe Ganda Lovgate Fizzer Hybris Akosw Swen Sober Bagle
Mydoom Netsky Worm Torvil JS.Spam Zafi
And i have Quarantine Silent Viruses = no
But i still see those ones going to my quarantine dir...
Am i missing something ? Or is it broken? I tested on 2 servers.
Bye,
Raymond.
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list