Virus Scanning Misreporting ?
UxBoD
uxbod at splatnix.net
Tue Nov 27 11:33:27 GMT 2007
Hi,
We run clamav for our virus scanning but have been testing nod32 aswell. Just noticed in our logfiles this :-
Nov 27 06:03:51 bianchi MailScanner[23803]: Virus and Content Scanning: Starting
Nov 27 06:03:51 bianchi clamd[31077]: /var/spool/MailScanner/incoming/23803/10B1D7CF74A.AAFF8.message: Email.Phishing.RB-2033 FOUND
Nov 27 06:03:51 bianchi clamd[31077]: /var/spool/MailScanner/incoming/23803/10B1D7CF74A.AAFF8/msg-23803-3.html: Email.Phishing.RB-2033 FOUND
Nov 27 06:03:51 bianchi MailScanner[23803]: Clamd::INFECTED:: Email.Phishing.RB-2033 FOUND :: ./10B1D7CF74A.AAFF8/
Nov 27 06:03:51 bianchi MailScanner[23803]: Clamd::INFECTED:: Email.Phishing.RB-2033 FOUND :: ./10B1D7CF74A.AAFF8/msg-23803-3.html
Nov 27 06:03:51 bianchi MailScanner[23803]: Virus Scanning: Clamd found 2 infections
Nov 27 06:03:53 bianchi MailScanner[23803]: Virus Scanning: Nod32 found 2 infections
Nov 27 06:03:53 bianchi MailScanner[23803]: Infected message 10B1D7CF74A.AAFF8 came from 79.176.158.147
Nov 27 06:03:53 bianchi MailScanner[23803]: Virus Scanning: Found 2 viruses
Nov 27 06:03:53 bianchi MailScanner[23803]: Logging message 10B1D7CF74A.AAFF8 to SQL
Yet nod32 has not actually detected anything, because the detection is from the SaneSecurity database. Is this the expected behaviour ?
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list