Bug? in syslog infection messages
Richard Lynch
rich at MAIL.WVNET.EDU
Mon Jun 6 13:56:56 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I upgraded to the latest stable over the weekend. The infection
messages in the syslog are now formatted like this...
Jun 6 04:33:33 helen MailScanner[9301]: ./eyghn.zip->eyghn.htm
Infection: W32/Mytob.EK at mm
Prior to the upgrade the messages are formatted like this...
Jun 4 04:16:30 barney MailScanner[18024]:
/var/spool/MailScanner/incoming/18024/j548EsXL032151/tyve.scr
Infection: W32/Mytob.CZ at mm
Note that the full path is missing. Unfortunately, I'm counting on the
old message format in order to tie an infected message back to the
sending site and targeted user. I'm using the message-id to do that.
This is used for reports which I send to customers. Is there an easy
way to return to the old message format?
Richard Lynch
WVNET
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list