Bug? in syslog infection messages

Richard Lynch rich at MAIL.WVNET.EDU
Mon Jun 6 13:56:56 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I upgraded to the latest stable over the weekend.  The infection 
messages in the syslog are now formatted like this...

Jun  6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm 
Infection: W32/Mytob.EK at mm

Prior to the upgrade the messages are formatted like this...

Jun  4 04:16:30 barney MailScanner[18024]: 
/var/spool/MailScanner/incoming/18024/j548EsXL032151/tyve.scr  
Infection: W32/Mytob.CZ at mm

Note that the full path is missing.  Unfortunately, I'm counting on the 
old message format in order to tie an infected message back to the 
sending site and targeted user.  I'm using the message-id to do that.  
This is used for reports which I send to customers.  Is there an easy 
way to return to the old message format?

Richard Lynch
WVNET

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list