virus detection reporting wrong scanner

Julian Field MailScanner at ecs.soton.ac.uk
Tue Sep 2 09:01:41 IST 2008 


Jeff Mills wrote:
>  
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info 
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
>> Of Paul Hutchings
>> Sent: Monday, 1 September 2008 11:03 PM
>> To: MailScanner discussion
>> Subject: RE: virus detection reporting wrong scanner
>>
>> The lint seems to check out just fine.  Maybe my 
>> understanding is wrong, but I thought that if multiple 
>> engines caught a virus in a message it listed that multiple 
>> engines had detected something in the report that's sent to 
>> postmaster (or wherever) - all I know is I have an entry in 
>> maillog by vba32 saying it detected a virus, at the same time 
>> an email was deleted and a report sent to postmaster saying 
>> it was because clam32 had detected a virus - yet there's no 
>> report in the postmaster mailbox that mentions vba32.
>>
>>     
>
> I have a similar issue, but have never bothered with it.
> Clamav finds a virus, and MailScanner reports that F-Prot and
> Bitdefender find it too.
>   
What does your "Virus Scanners =" line say in MailScanner.conf?

>
> Sep  2 03:16:53 sam MailScanner[8070]: Clamd::INFECTED::
> Email.Spam.Gen3737.Sanesecurity.08072802.StormSpam FOUND ::
> ./8C34AD3E132.E90B8/
> Sep  2 03:16:53 sam MailScanner[8070]: Virus Scanning: Clamd found 1
> infections
> Sep  2 03:16:53 sam MailScanner[8070]: Virus Scanning: F-Prot found 1
> infections
> Sep  2 03:16:53 sam MailScanner[8070]: Virus Scanning: Bitdefender found
> 1 infections
> Sep  2 03:16:53 sam MailScanner[8070]: Infected message
> 8C34AD3E132.E90B8 came from 88.243.8.69
> Sep  2 03:16:53 sam MailScanner[8070]: Virus Scanning: Found 1 viruses
> Sep  2 03:16:53 sam MailScanner[8070]: Virus Scanning completed at 3371
> bytes per second
> Sep  2 03:16:53 sam MailScanner[8070]: Viruses marked as silent: Clamd:
> message was infected:
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list