ZIP File problem

Jan-Peter Koopmann Jan-Peter.Koopmann at seceidos.de
Tue Oct 19 18:31:49 IST 2004 

On Tuesday, October 19, 2004 6:54 PM MailScanner mailing list wrote:

> Both.
> For filename and filetype rules.conf files, MailScanner does
> it if you have set "Maximum Archive Depth" to something other than 0.
> For virus-scanning it's down to the virus scanners.

Thought so. Strange thing: The VirusWarning message said only this:

At Tue Oct 19 19:28:41 2004 the virus scanner said:
   MailScanner: Executable DOS/Windows programs are dangerous in email
(eicar.com)



But the logfile shows that eicar _was_ detected and everything is fine:

Oct 19 19:28:39 proxy MailScanner[23721]:
[./1CJxmi-0008ip-GS/eicar_g0.zip] eicar.com: Infected: EICAR_Test_File 
[Libra]
Oct 19 19:28:39 proxy MailScanner[23721]: Virus Scanning: F-Secure found
virus EICAR_Test_File
Oct 19 19:28:39 proxy MailScanner[23721]:
[./1CJxmi-0008ip-GS/eicar_g0.zip] eicar.com: Infected: EICAR Test File
[Orion]
Oct 19 19:28:39 proxy MailScanner[23721]: Virus Scanning: F-Secure found
virus EICAR Test File
Oct 19 19:28:39 proxy MailScanner[23721]:
[./1CJxmi-0008ip-GS/eicar_g0.zip] eicar.com: Infected: EICAR-Test-File
[AVP]
Oct 19 19:28:39 proxy MailScanner[23721]: Virus Scanning: F-Secure found
virus EICAR-Test-File
Oct 19 19:28:39 proxy MailScanner[23721]: Scan ended at Tue Oct 19
19:28:39 2004
Oct 19 19:28:39 proxy MailScanner[23721]: 5 files scanned
Oct 19 19:28:39 proxy MailScanner[23721]: 1 file infected
Oct 19 19:28:39 proxy MailScanner[23721]: Virus Scanning: F-Secure found
1 infections
Oct 19 19:28:40 proxy MailScanner[23721]:
/1CJxmi-0008ip-GS/eicar_g0.zip/EICAR.COM        Found: EICAR test file
NOT a virus.
Oct 19 19:28:40 proxy MailScanner[23721]: Virus Scanning: McAfee found 1
infections
Oct 19 19:28:40 proxy MailScanner[23721]:
/var/spool/MailScanner/incoming/23721/./1CJxmi-0008ip-GS/eicar_g0.zip:
Eicar-Test-Signature FOUND
Oct 19 19:28:40 proxy MailScanner[23721]: Virus Scanning: ClamAV found 1
infections
Oct 19 19:28:40 proxy MailScanner[23721]: ALERT: [Eicar-Test-Signature
virus] ./1CJxmi-0008ip-GS/eicar_g0.zip -->
 eicar.com <<< Contains code of the Eicar-Test-Signature virus


Parsing problems?

Regards,
  JP

More information about the MailScanner mailing list