Bug in SweepViruses.pm?

Julian Field MailScanner at ecs.soton.ac.uk
Thu Sep 14 18:06:09 IST 2006 

How about I use the minimum value of all the counters from the different 
virus scanners?
How do we define what this number represents?
Maybe it's best to use the maximum value of all the counters, as this 
will hopefully reflect the number of different viruses found, regardless 
of their name?

That sounds good to me.
What do you think?

Holger Gebhard wrote:
> Thanks Julian,
>
> the patch only works particulary...
> With the applied patch all scanners followed a  known virus shows 
> "...found .. infections" and the Viruscount grow with every scanner 
> found the virus.
> I think when only one file is infected and both scanners find a virus 
> (with different Virusnames) the Viruscount might always be 1?
>
>
> ----- Original Message ----- From: "Julian Field" 
> <MailScanner at ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Cc: "Steve Freegard" <steve.freegard at fsl.com>
> Sent: Thursday, September 14, 2006 1:01 PM
> Subject: Re: Bug in SweepViruses.pm?
>
>
>> Please can you try applying the attached patch to SweepViruses.pm. It
>> is a 1 character change :-)
>> Many thanks for reporting it. I hope it doesn't do much harm to
>> MailWatch or DefenderMX.
>>
>>
>>
>
>
> -------------------------------------------------------------------------------- 
>
>
>
>>
>>
>> On 14 Sep 2006, at 10:51, Holger Gebhard wrote:
>>
>>> Hi Group,
>>>
>>> i noticed a small failure in Maillog...
>>> I use two virus scanners, f-secure and clamavmodule.
>>>
>>> In MailScanner.conf the first entry is clamavmodule and the second
>>> is f-secure .
>>>
>>> When i receive a Virusmessage all thems to work...
>>> The Maillog shows all the the infected mails, the virussender ip, etc.
>>> The Mail is blocked and the Postmaster receives a warning...
>>>
>>> I use MailScanner-MRTG for counting viruses.
>>> The counting script match a logline created by MailScanner: "Virus
>>> Scanning found .. viruses".
>>>
>>> The Logline is created in MessageBatch.pm "sub VirusScan".
>>> This function starts "scanbatch" in SweepViruses.pm.
>>> "Scanbatch" runs all the virustests and finaly returns a number of
>>> viruses found ($NumInfections).
>>>
>>> Here is a small bug...
>>>
>>> When the first scanner (clamav) found one virus and the second does
>>> not, the value of "$NumInfections" is always "0" (must be 1).
>>> When i change the order of the scanners in MailScanner.conf for
>>> example to f-secure and clamavmodule the value of "$NumInfections"
>>> is "1".
>>> It seems that the last Scanner overwrites all other results in this
>>> variable?
>>>
>>> Hope anyone can help?
>>>
>>>
>>> Holger
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>> -- 
>> Julian Field
>> MailScanner at ecs.soton.ac.uk
>>
>>
>>
>
>
> -------------------------------------------------------------------------------- 
>
>
>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list