Bug in SweepViruses.pm?
Glenn Steen
glenn.steen at gmail.com
Thu Sep 14 19:13:46 IST 2006
On 14/09/06, Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
> How about I use the minimum value of all the counters from the different
> virus scanners?
And what would that mean? Not sure that would be good at all:-).
> How do we define what this number represents?
> Maybe it's best to use the maximum value of all the counters, as this
> will hopefully reflect the number of different viruses found, regardless
> of their name?
>
> That sounds good to me.
> What do you think?
Yep, that one gets my vote:).
>
> Holger Gebhard wrote:
> > Thanks Julian,
> >
> > the patch only works particulary...
> > With the applied patch all scanners followed a known virus shows
> > "...found .. infections" and the Viruscount grow with every scanner
> > found the virus.
> > I think when only one file is infected and both scanners find a virus
> > (with different Virusnames) the Viruscount might always be 1?
> >
> >
> > ----- Original Message ----- From: "Julian Field"
> > <MailScanner at ecs.soton.ac.uk>
> > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Cc: "Steve Freegard" <steve.freegard at fsl.com>
> > Sent: Thursday, September 14, 2006 1:01 PM
> > Subject: Re: Bug in SweepViruses.pm?
> >
> >
> >> Please can you try applying the attached patch to SweepViruses.pm. It
> >> is a 1 character change :-)
> >> Many thanks for reporting it. I hope it doesn't do much harm to
> >> MailWatch or DefenderMX.
> >>
> >>
> >>
> >
> >
> > --------------------------------------------------------------------------------
> >
> >
> >
> >>
> >>
> >> On 14 Sep 2006, at 10:51, Holger Gebhard wrote:
> >>
> >>> Hi Group,
> >>>
> >>> i noticed a small failure in Maillog...
> >>> I use two virus scanners, f-secure and clamavmodule.
> >>>
> >>> In MailScanner.conf the first entry is clamavmodule and the second
> >>> is f-secure .
> >>>
> >>> When i receive a Virusmessage all thems to work...
> >>> The Maillog shows all the the infected mails, the virussender ip, etc.
> >>> The Mail is blocked and the Postmaster receives a warning...
> >>>
> >>> I use MailScanner-MRTG for counting viruses.
> >>> The counting script match a logline created by MailScanner: "Virus
> >>> Scanning found .. viruses".
> >>>
> >>> The Logline is created in MessageBatch.pm "sub VirusScan".
> >>> This function starts "scanbatch" in SweepViruses.pm.
> >>> "Scanbatch" runs all the virustests and finaly returns a number of
> >>> viruses found ($NumInfections).
> >>>
> >>> Here is a small bug...
> >>>
> >>> When the first scanner (clamav) found one virus and the second does
> >>> not, the value of "$NumInfections" is always "0" (must be 1).
> >>> When i change the order of the scanners in MailScanner.conf for
> >>> example to f-secure and clamavmodule the value of "$NumInfections"
> >>> is "1".
> >>> It seems that the last Scanner overwrites all other results in this
> >>> variable?
> >>>
> >>> Hope anyone can help?
> >>>
> >>>
> >>> Holger
> >>> --
> >>> MailScanner mailing list
> >>> mailscanner at lists.mailscanner.info
> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>
> >>> Before posting, read http://wiki.mailscanner.info/posting
> >>>
> >>> Support MailScanner development - buy the book off the website!
> >>
> >> --
> >> Julian Field
> >> MailScanner at ecs.soton.ac.uk
> >>
> >>
> >>
> >
> >
> > --------------------------------------------------------------------------------
> >
> >
> >
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list