all virus scanners reporting found virus

Julian Field MailScanner at ecs.soton.ac.uk
Thu Nov 6 14:19:41 GMT 2008 

Please try the attached SweepViruses.pm file with the latest release of 
MailScanner.
Hopefully this will fix the problem. It's actually just a reporting bug.

Jules.

Paul Houselander (SME) wrote:
>
> Hi
>
> I’m using MailScanner version 4.72.5 with clamd, f-prot and kaspersky
>
> I’m using the sanesecurity clam sigs as well.
>
> I’ve just noticed that when Clamd finds an infection the other virus 
> scanners also say they found an infection even though they didn’t
>
> Nov 6 12:02:19 tokyo MailScanner[27046]: New Batch: Scanning 1 
> messages, 1269 bytes
>
> Nov 6 12:02:19 tokyo MailScanner[27046]: SpamAssassin cache hit for 
> message mA6C2Gie027792
>
> Nov 6 12:02:19 tokyo MailScanner[27046]: Spam Checks: Found 1 spam 
> messages
>
> Nov 6 12:02:19 tokyo MailScanner[27046]: Virus and Content Scanning: 
> Starting
>
> Nov 6 12:02:19 tokyo MailScanner[27046]: Clamd::INFECTED:: 
> Sanesecurity.Hdr.8232.UNOFFICIAL :: ./mA6C2Gie027792/
>
> Nov 6 12:02:19 tokyo MailScanner[27046]: Virus Scanning: Clamd found 2 
> infections
>
> Nov 6 12:02:21 tokyo MailScanner[27046]: Virus Scanning: F-Prot6 found 
> 2 infections
>
> Nov 6 12:02:21 tokyo MailScanner[27046]: Virus Scanning: Kaspersky 
> found 2 infections
>
> Nov 6 12:02:21 tokyo MailScanner[27046]: Infected message 
> mA6C2Gie027792 came from 79.139.143.136
>
> Nov 6 12:02:21 tokyo MailScanner[27046]: Virus Scanning: Found 2 viruses
>
> Is this expected behavior? I’ve only recently upgraded (and also only 
> just started using clamd, I used to use clamavmodule) so not sure if 
> it’s always done it or since the upgrade.
>
> Cheers
>
> Paul
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SweepViruses.pm.zip
Type: application/x-zip-compressed
Size: 33965 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081106/4cdb7525/SweepViruses.pm.bin

More information about the MailScanner mailing list