Virus still being picked up an hour later

Jeff Mills Jeff.Mills at versacold.com.au
Thu Jan 19 02:40:28 GMT 2006 

Hi all,

I have a problem with mailscanner where it doesnt seem to be getting rid of a virus from the filesystem once its found.
Heres an example:
Below is the first instance.
Jan 19 12:35:22 proxy2 MailScanner[27476]: /var/spool/MailScanner/incoming/27476/./6BCB544E5D5.ED322/eBook.PIF: Worm.VB-8 FOUND

Sometimes (but not every time) mailscanner also picks up the bad filename.
Jan 19 12:35:22 proxy2 MailScanner[27476]: Filename Checks: Possible MS-Dos program shortcut attack (6BCB544E5D5.ED322 eBook.PIF)

As of this moment, mailscanner is still picking up this same instance (1 hour later)
Jan 19 13:35:04 proxy2 MailScanner[27476]: /var/spool/MailScanner/incoming/27476/./6BCB544E5D5.ED322/eBook.PIF: Worm.VB-8 FOUND

Any idea why this might be happening?

My mailscanner version:
?/opt/MailScanner/bin/MailScanner --version
Running on
Linux SMP PREEMPT Wed Nov 16 15:16:39 EST 2005 i686 Intel(R) Xeon(TM) CPU 2.00GHz GenuineIntel GNU/Linux
This is Perl version 5.008007 (5.8.7)

This is MailScanner version 4.50.4
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.04    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.07    File::Path
0.16    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.11    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.415   MIME::Decoder
5.415   MIME::Decoder::UU
5.415   MIME::Head
5.415   MIME::Parser
3.03    MIME::QuotedPrint
5.415   MIME::Tools
0.11    Net::CIDR
1.08    POSIX
1.77    Socket
0.06    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.814   DB_File
1.13    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.10    Digest::SHA1
missing Inline
missing Mail::ClamAV
3.001000        Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
0.53    Net::DNS
0.32    Net::LDAP
missing Parse::RecDescent
missing SAVI
missing Sys::Hostname::Long
2.42    Test::Harness
0.62    Test::Simple
1.95    Text::Balanced
1.35    URI



*** "This company is now part of the Versacold Holdings Corp. and is no longer owned by or affiliated with the P&O Group" ***

************** www.versacold.com **************

More information about the MailScanner mailing list