Problems with Bitdefender

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Tue May 31 18:45:46 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:

> Denis Beauchemin wrote:
>
>> Hello,
>>
>> I run Bitdefender and McAfee on my MS servers (4.35.5 and 4.34.4).  
>> This morning I noticed my quarantine dir getting bigger.
>>
>> Since I don't quarantine virus infected messages, it had to be 
>> something else.  Turns out it was an undetected virus by McAfee 
>> (another one).  Bitdefender was catching it (last updated this 
>> morning at 10:41 and file was quarantined at 11:02) but MS still 
>> quarantined it.
>>
>> Is there something wrong with MS' virus detection with Bitdefender?
>>
>> Denis
>>
> Some log information:
> May 31 11:28:36 smtpe2 sendmail[12101]: j4VFSYb7012101: 
> from=<questions at cheapnfltickets.com>, size=25281, class=0, nrcpts=1, 
> msgid=<pawpouljezuwqpmljyc at usherbrooke.ca>, proto=SMTP, daemon=MTA, 
> relay=host18-9.pool80207.interbusiness.it [80.207.9.18]
> May 31 11:28:36 smtpe2 sendmail[12101]: j4VFSYb7012101: to=<...>, 
> delay=00:00:01, mailer=relay, pri=55281, stat=queued
> May 31 11:28:40 smtpe2 MailScanner[8358]: 
> /var/spool/MailScanner/incoming/8358/./j4VFSYb7012101/20_04_2005.exe  
> infected: Win32.Bagle.BO at mm
> May 31 11:28:40 smtpe2 MailScanner[8358]: 
> /var/spool/MailScanner/incoming/8358/./j4VFSYb7012101/5.zip=>20_04_2005.exe   
> infected: Win32.Bagle.BO at mm
> May 31 11:28:40 smtpe2 MailScanner[8358]: Infected message 
> j4VFSYb7012101 came from 80.207.9.18
> May 31 11:28:40 smtpe2 MailScanner[8358]: Filename Checks: Fichiers 
> EXE dangereux (j4VFSYb7012101 20_04_2005.exe)
> May 31 11:28:40 smtpe2 MailScanner[8358]: Saved entire message to 
> /quarantaine/usherbrooke/20050531/j4VFSYb7012101
> May 31 11:28:40 smtpe2 MailScanner[8358]: Saved infected 
> "20_04_2005.exe" to /quarantaine/usherbrooke/20050531/j4VFSYb7012101
> May 31 11:28:40 smtpe2 MailScanner[8358]: Saved infected "5.zip" to 
> /quarantaine/usherbrooke/20050531/j4VFSYb7012101
> May 31 11:28:41 smtpe2 sendmail[12174]: j4VFSYb7012101: to=<...>, 
> delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=145281, 
> relay=courriel.usherbrooke.ca. [132.210.244.161], dsn=2.0.0, stat=Sent 
> (j4VFSf105362 Message accepted for delivery)
>
> Denis
>
Sorry, my mistake...  I have a ruleset for Quarantine Infections and it 
is geared towards McAfee and not Bitdefender (I don't quarantine W32/ 
and Phish-BankFraud).  I just added Win32 to the list.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]

More information about the MailScanner mailing list