Why mailscanner fails recognizing a forwarded infected.

[Remco Barendse]

<x-flowed>
On Mon, 6 Sep 2004, Mirko Bovati wrote:

> On Friday 03 September 2004 17:29, you wrote:
>> Mirko Bovati wrote:
>>> On Friday 03 September 2004 16:28, you wrote:
>>>> Mirko
>>>>
>>>> do these scanners recognise the virus is called from the command line on
>>>> the MS computer??
>>>
>>> hi Martin,
>>>
>>> The local antivirus who finds the virus is VisusScan 7.0 on a MS
>>> computer. VirusScan doesn't clean the email. I forward the infected email
>>> (and MailScanner say it is clean) and the recipient again find it is
>>> infected.
>>>
>>> But, on another way, if I after receiving the infected email, I save the
>>> attach (i.e. the virus) and I send a new email with the saved attach
>>> attached, the MailScanner find the virus.
>>>
>>> I don't know if I answered your question.
>>>
>>> mirko
>>
>> Mirko
>>
>> OK are you keeping archive copies of the mails? If so what happens if
>> you run the virus scanner on the infected message it misses - ie run the
>> virus outside of MS control, from the command line, on the infected
>> message.
>
> Running from command line on a linux box, uvscan misses the infected messages.
> the same happens df/qf pair.
>
> So it seems e mcafee problem.

Did you read/follow the part about not using any symlinks anywhere for
mcafee? On some systems this causes mcafee to behave strange and not
detect virii that it does properly find from the command line

I used to have symlinks to my dat files and binary untill I got badly
bitten....

I decided to ditch mcafee completely but that's another subject :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>