BitDefender and f-prot

Res res at ausics.net
Tue Jun 5 22:52:11 IST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 5 Jun 2007, Rick Cooper wrote:

> I noticed something odd while testing the clamd stuff that has me pulling my
> hair out.
>
> Bitdefender is not finding any eicar infections and f-prot only finds
> infected .zips not .rar. I will find the infected file in a rar since
> MailScanner unrars them. Both scanners work perfectly when called from the
> command line and when the wrapper is called from the command line. If I log
> the incoming lines the parser sees f-prot doesn't seem to even see the rar
> file and bitdefender scans everything but shows OK. To make it worse even
> though f-prot sees the infected file that was in the rar file MailScanner
> passes the rar back uninfected because it never ends up in {parts}.

f-prot identifies and deletes, user doesnt get anything

/var/spool/MailScanner/incoming/29027/l55Lk6vS012506/rootkit.rar->shv5-rootk
Virus Scanning: F-Prot found virus Unix/Agent.SH
Virus Scanning: F-Prot found 8 infections


- -- 
Cheers
Res
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGZdsOsWhAmSIQh7MRAqzhAKCJF6i1vgzqlzMGKo9ZxkHCkmBOVwCfYhT6
2kWJLlthWivbltl7UP6++W8=
=umK0
-----END PGP SIGNATURE-----


More information about the MailScanner mailing list