difficulty with MS and drweb

Wed Mar 31 10:18:35 IST 2004

I update SweepViruses.pm:
MailScanner::Log::InfoLog("#### $BaseDir - $id - $part - ".join(",", at rest).
",end");

I sent eacar.zip

/var/log/maillog:
Mar 31 13:32:09 rmb1 MailScanner[12184]: RBL Checks: returned 0
Mar 31 13:32:09 rmb1 MailScanner[12184]: Created attachment dirs for 1
messages
Mar 31 13:32:09 rmb1 MailScanner[12184]: Virus and Content Scanning:
Starting
Mar 31 13:32:09 rmb1 MailScanner[12184]: Commencing scanning by drweb...
Mar 31 13:32:11 rmb1 MailScanner[12184]:
/var/spool/MailScanner/incoming/12184/A00191000ABF/eicar.com infected with
EICAR Test File (NOT a Virus!)
Mar 31 13:32:11 rmb1 MailScanner[12184]: ####
/var/spool/MailScanner/incoming/12184 - A00191000ABF - eicar.com - ,end
Mar 31 13:32:11 rmb1 MailScanner[12184]: Completed scanning by drweb
Mar 31 13:32:11 rmb1 MailScanner[12184]: Virus Scanning: DrWeb found 1
infections
Mar 31 13:32:11 rmb1 MailScanner[12184]: Infected message A00191000ABF came
from 192.168.10.114
Mar 31 13:32:11 rmb1 MailScanner[12184]: Virus Scanning: Found 1 viruses
Mar 31 13:32:11 rmb1 MailScanner[12184]: Filename Checks: Windows/DOS
Executable (A00191000ABF eicar.com)
Mar 31 13:32:11 rmb1 MailScanner[12184]: Other Checks: Found 1 problems
Mar 31 13:32:11 rmb1 MailScanner[12184]: Saved infected "eicar.com" to
/var/spool/MailScanner/quarantine/20040331/A00191000ABF
Mar 31 13:32:11 rmb1 MailScanner[12184]: Saved infected "eicar.zip" to
/var/spool/MailScanner/quarantine/20040331/A00191000ABF
Mar 31 13:32:11 rmb1 MailScanner[12184]: Requeue: A00191000ABF to 1CC20B9
Mar 31 13:32:11 rmb1 MailScanner[12184]: About to deliver 1 messages

for eacar.arj:
Mar 31 13:34:06 rmb1 MailScanner[12213]: New Batch: Scanning 1 messages,
1362 bytes
Mar 31 13:34:06 rmb1 MailScanner[12213]: RBL Checks: returned 0
Mar 31 13:34:06 rmb1 MailScanner[12213]: Created attachment dirs for 1
messages
Mar 31 13:34:06 rmb1 MailScanner[12213]: Virus and Content Scanning:
Starting
Mar 31 13:34:06 rmb1 MailScanner[12213]: Commencing scanning by drweb...
Mar 31 13:34:08 rmb1 MailScanner[12213]: Completed scanning by drweb
Mar 31 13:34:08 rmb1 MailScanner[12213]: Requeue: D5FA31000ABF to 8441CB3
Mar 31 13:34:08 rmb1 MailScanner[12213]: About to deliver 1 messages
Mar 31 13:34:08 rmb1 MailScanner[12213]: Uninfected: Delivered 1 messages

-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: Wednesday, March 31, 2004 12:32 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: difficulty with MS and drweb

I don't think I wrote the DrWeb output handler, so I'm not taking
responsibility for the bugs :-)

In SweepViruses.pm, you will find a line saying
sub ProcessDrwebOutput {

Below that, there is a line in that function that currently says
#MailScanner::Log::InfoLog("#### $BaseDir - $id - $part");

Change that to

MailScanner::Log::InfoLog("#### $BaseDir - $id - $part - " .
join(",", at rest) . ",end");

Please then run the tests you ran before, and mail me the output from the
maillog.