Small problem
Denis Beauchemin
Denis.Beauchemin at USHERBROOKE.CA
Wed Oct 27 19:13:32 IST 2004
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Julian Field wrote:
> Denis Beauchemin wrote:
>
>> Julian Field wrote:
>>
>>> Sure. Patch for SweepViruses.pm attached.
>>>
>>> Please let me know if it fixes the problem for you.
>>>
>>>
>>> On 27/10/04 3:54 pm, "Denis Beauchemin"
>>> <Denis.Beauchemin at USHERBROOKE.CA>
>>> wrote:
>>>
>>>
>>>
>>>> Julian Field wrote:
>>>>
>>>>
>>>>
>>>>> Unfortunately that one isn't easy to fix, it comes straight from
>>>>> the virus
>>>>> report, and I'm not sure whether I can get at the real name safely
>>>>> from
>>>>> there. Judging by the fact that it's also listed in upper case, I
>>>>> suspect I
>>>>> can't find the safe name. The lookup table will have the lower case
>>>>> version.
>>>>> I can't just generally force the names to lower case as that may
>>>>> cause other
>>>>> filename clashes.
>>>>>
>>>>>
>>>>> On 27/10/04 1:42 pm, "Denis Beauchemin"
>>>>> <Denis.Beauchemin at USHERBROOKE.CA>
>>>>> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> MS seems to forget to clean file names when a virus is detected in
>>>>>> a ZIP
>>>>>> file:
>>>>>> Oct 27 07:56:05 132.210.244.90 MailScanner[12979]:
>>>>>> /i9RBth1s025464/message.txt .scr Found the W32/Mabutu.a at MM
>>>>>> virus !!!
>>>>>> Oct 27 07:56:05 132.210.244.90 MailScanner[12979]:
>>>>>> /i9RBth1s025464/message.zip/MESSAGE.TXT
>>>>>> .SCR Found the W32/Mabutu.a at MM virus !!!
>>>>>>
>>>>>> This is McAfee syslog output on MS 4.35.1. The first line is OK
>>>>>> but the
>>>>>> second one has lots of white space...
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>> Julian,
>>>>
>>>> Understood. But what was really annoying me was the long file name
>>>> (many spaces before the .scr).
>>>>
>>>> Couldn't you just sanitize this with something like s/\s+/ /g before
>>>> using it in reports and logs?
>>>>
>>>> Denis
>>>>
>> Julian,
>>
>> It's not working. I stopped and restarted MS and I still get the
>> following in my logs (McAfee and Bitdefender output):
>>
>> Oct 27 12:03:28 smtpi2 MailScanner[29112]:
>> /i9RG3KwO029166/message.zip/MESSAGE.TXT
>> .SCR Found the W32/Mabutu.a at MM virus !!!
>>
>> Oct 27 12:03:29 smtpi2 MailScanner[29112]:
>> /var/spool/MailScanner/incoming/29112/./i9RG3KwO029166/message.zip=>message.txt
>>
>> .scr infected: Win32.Mabutu.A at mm
>
>
> It wasn't the syslog output I fixed, it was the output that goes in the
> user report. I would rather have the genuine text in the syslog, it's
> length-limited by the syslog spec anyway.
Julian,
Then it is working, but it was not what I was looking for... 8-(
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list