Mailscanner Version 4.71.10-1 / ClamAV 0.94 infection reporting.

Julian Field MailScanner at ecs.soton.ac.uk
Thu Sep 4 14:04:16 IST 2008



Alex Broens wrote:
> On 9/4/2008 11:33 AM, Julian Field wrote:
>>
>>
>> Alex Broens wrote:
>>> Good day All,
>>>
>>> Mailscanner Version 4.71.10-1 / ClamAV 0.94 using ClamD
>>>
>>>
>>> MailScanner --lint:
>>>
>>> Virus and Content Scanning: Starting
>>> ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/
>>> ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>>> Virus Scanning: Clamd found 2 infections
>>> Infected message 1 came from 10.1.1.1
>>> Virus Scanning: Found 2 viruses
>>> Filename Checks:  (1 eicar.com)
>>>
>>> Doesn't seem right/elegant to me.
>>>
>>> It causes Mailwatch 1.x to report:
>>>
>>> Clamd: message was infected: Trojan.Fakealert-532 FOUND
>>> Clamd: Late.Night.rar was infected: Trojan.Fakealert-532
>>>
>>>
>>> Can anybody reproduce running "MailScanner --lint"
>>>
>>> Jules?
>> The "./1/" line is caused by "ClamAV Full Message Scan = yes".
>> I believe it is the correct output.
>> Can anyone contradict me?
>
> If that would be the case, is the logging is slightly borked?
> imo, only the infected file is relevant.
But everything that Mailwatch has reported is correct.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list