Full message scan oddity

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Wed Aug 22 16:41:00 IST 2007


Hello,

I just upgraded 2 MS servers to the latest stable and enabled the 
following option:
ClamAV Full Message Scan = yes

I sent a virus-infected email and noticed the following:
Aug 22 11:16:59 smtpe4 MailScanner[21708]: 
l7MFGi0o022717/01_05_2005.txt:infected: Win32.Bagle.BO at mm
Aug 22 11:17:00 smtpe4 MailScanner[21708]: ClamAV Module::INFECTED:: 
Worm.Bagle.DK:: ./l7MFGi0o022717/
Aug 22 11:17:00 smtpe4 MailScanner[21708]: ClamAV Module::INFECTED:: 
Worm.Bagle.DK:: ./l7MFGi0o022717/01_05_2005.txt
Aug 22 11:17:00 smtpe4 MailScanner[21708]: 
/l7MFGi0o022717.message/00000350.EML/01_05_2005.txt        contient le 
virus W32/Bagle.dldr.gen !!!
Aug 22 11:17:00 smtpe4 MailScanner[21708]: 
/l7MFGi0o022717/01_05_2005.txt        contient le virus 
W32/Bagle.dldr.gen !!!

On a different server without this new feature, I get:
Aug 22 11:34:31 132.210.244.93 MailScanner[4049]: 
/l7MFXTYu031455/01_05_2005.txt        contient le virus 
W32/Bagle.dldr.gen !!!
Aug 22 11:34:41 132.210.244.93 MailScanner[4049]: 
l7MFXTYu031455/01_05_2005.txt:infected: Win32.Bagle.BO at mm
Aug 22 11:34:41 132.210.244.93 MailScanner[4049]: 
ClamAVModule::INFECTED:: Worm.Bagle.DK:: ./l7MFXTYu031455/01_05_2005.txt

I now get 2 hits from McAfee and ClamAV, but only 1 from Bitdefender...  
is there a way to pass only the full message to the AV scanners?  That 
way we would get only 1 warning and the server would also be working less.

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070822/7baa5548/smime.bin


More information about the MailScanner mailing list