zip-virus problems

Julian Field mailscanner at ecs.soton.ac.uk
Sun Nov 21 12:09:16 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Can you try the latest CVS build of ClamAV please. There are some known
problems with the reporting of viruses in some archives in 0.80.

Also, from your log entries your incoming work dir is /usr/varnew/.....
Is this really the path you put into MailScanner.conf. As the comments
in there make very clear, you *must* put in the *real* path name to the
directory, and not some path that gets their via symlinks.

Carl Wernhart - MailScannerAdm wrote:

>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Ugo Bellavance
>>Sent: Saturday, November 20, 2004 2:53 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: [MAILSCANNER] zip-virus problems
>>
>>
>
>[...]
>
>
>
>>Could we see some log entries?
>>
>>
>
>sure!
>
>Nov 20 16:00:00 scanner sm-mta[21772]: iAKExxis021772:
>from=<carl.wernhart at acw.at>, size=31682, class=0, nrcpts=1,
>msgid=<419F5BE9.9030604 at acw.at>, proto=ESMTP, daemon=MTA,
>relay=line210.acw.at [195.230.52.210]
>Nov 20 16:00:00 scanner sm-mta[21772]: iAKExxis021772:
>to=<carl at wernhart.priv.at>, delay=00:00:00, mailer=smtp, pri=61682,
>stat=queued
>Nov 20 16:00:00 scanner MailScanner[21372]: New Batch: Scanning 1 messages,
>32143 bytes
>Nov 20 16:00:00 scanner MailScanner[21372]: Spam Checks: Starting
>Nov 20 16:00:02 scanner MailScanner[21372]: Message iAKExxis021772 from
>195.230.52.210 (carl.wernhart at acw.at) to wernhart.priv.at is not spam,
>SpamAssassin (Wertung=-5.77, benoetigt 6, autolearn=not spam, ALL_TRUSTED
>-3.30, AWL 0.13, BAYES_00 -2.60)
>Nov 20 16:00:02 scanner MailScanner[21372]: Virus and Content Scanning:
>Starting
>Nov 20 16:00:04 scanner MailScanner[21372]:
>/usr/varnew/spool/MailScanner/incoming/21372/./iAKExxis021772/Informations.z
>ip: Worm.SomeFool.Z FOUND
>Nov 20 16:00:04 scanner MailScanner[21372]: Virus Scanning: ClamAV found 1
>infections
>Nov 20 16:00:04 scanner MailScanner[21372]: Infected message usr came from
>Nov 20 16:00:04 scanner MailScanner[21372]: Virus Scanning: Found 1 viruses
>Nov 20 16:00:04 scanner MailScanner[21372]: Filename Checks: Allowing
>iAKExxis021772 msg-21372-5.txt
>Nov 20 16:00:04 scanner MailScanner[21372]: Filename Checks: Allowing
>iAKExxis021772 Informations.zip
>Nov 20 16:00:04 scanner MailScanner[21372]: Filename Checks: Allowing
>iAKExxis021772 msg-21372-6.txt
>Nov 20 16:00:04 scanner MailScanner[21372]: Filename Checks: Allowing
>iAKExxis021772 msg-21372-7.txt
>Nov 20 16:00:04 scanner MailScanner[21372]: Filetype Checks: Allowing
>iAKExxis021772 msg-21372-6.txt
>Nov 20 16:00:04 scanner MailScanner[21372]: Filetype Checks: Allowing
>iAKExxis021772 msg-21372-7.txt
>Nov 20 16:00:04 scanner MailScanner[21372]: Filetype Checks: Allowing
>iAKExxis021772 msg-21372-5.txt
>Nov 20 16:00:04 scanner MailScanner[21372]: Filetype Checks: Allowing
>iAKExxis021772 Informations.zip
>Nov 20 16:00:04 scanner MailScanner[21372]: Uninfected: Delivered 1 messages
>Nov 20 16:00:05 scanner sendmail[21793]: iAKExxis021772:
>to=<carl at wernhart.priv.at>, delay=00:00:05, xdelay=00:00:01, mailer=smtp,
>pri=151682, relay=mail.wernhart.priv.at [217.116.177.18], dsn=2.0.0,
>stat=Sent (iAKF04v7032632 Message accepted for delivery)
>
>
> carl
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list