Virus still being picked up an hour later
Julian Field
MailScanner at ecs.soton.ac.uk
Thu Jan 19 14:58:10 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 19 Jan 2006, at 14:18, Jim Holland wrote:
> Hi
>
> On Thu, 19 Jan 2006, Dhawal Doshy wrote:
>
>>> I have a problem with mailscanner where it doesnt seem to be
>>> getting rid of a virus from the filesystem once its found.
>>> Heres an example:
>>> Below is the first instance.
>>> Jan 19 12:35:22 proxy2 MailScanner[27476]: /var/spool/MailScanner/
>>> incoming/27476/./6BCB544E5D5.ED322/eBook.PIF: Worm.VB-8 FOUND
>>>
>>> Sometimes (but not every time) mailscanner also picks up the bad
>>> filename.
>>> Jan 19 12:35:22 proxy2 MailScanner[27476]: Filename Checks:
>>> Possible MS-Dos program shortcut attack (6BCB544E5D5.ED322
>>> eBook.PIF)
>>>
>>> As of this moment, mailscanner is still picking up this same
>>> instance (1 hour later)
>>> Jan 19 13:35:04 proxy2 MailScanner[27476]: /var/spool/MailScanner/
>>> incoming/27476/./6BCB544E5D5.ED322/eBook.PIF: Worm.VB-8 FOUND
>>>
>>> Any idea why this might be happening?
>>
>> This is precisely what i have been unsuccessfully trying to convey
>> all
>> evening to Julian.. somehow no else seemed to be in this situation..
>>
>> Here's what i observed.. all files (even legit ones) continue to be
>> lying in the MailScanner incoming directory (within their
>> respective PID
>> directory) and do NOT get deleted post batch processing.. as a result
>> MailScanner keeps on checking them again and again..
>>
>> I am at a loss to take it any forward, since i haven't slept all
>> night
>> long trying to figure out the reason.. :-(
Fixed in the latest beta. There was a typo in one file. I must have
pressed something in vi by mistake and not noticed. Sorry about that.
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.4 (Build 4042)
iQEVAwUBQ8+pBPw32o+k+q+hAQF3Egf9GvhcnkAjek5hshcuh7OxBglAjJYykOrH
C3nvZ9Zl6bF0Lwt+kIPnoIMDMQnOirbask+g7zMlIjpE8bnW1u/CcLDTlLhTYvB0
UrA5cJHHyROjgmD+e4OQ28oMtxqf3Esc88w+BGdhjUD/l5ulcvp+AYcRD3KdXl6g
hfZ/AtfpMiafMXMsNX+QjQZfMB+2L8/SVQu+S7PP1bq6AmgSluLd3hp7+InndKtg
GPQlZw87Zl0GDFawg62R68mQ3ERKC8xBXvKYW6dWyDpdVvV6WQuuByt+Byf4k0rF
vsWrUkL5Ou8448s8f3fUenLLhNKQx0pDUdnIR9VzZBTHC3pCfXRTrA==
=X2ok
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list