Bitdefender infected – but delivered

Julian Field MailScanner at ecs.soton.ac.uk
Wed Mar 11 19:16:54 GMT 2009 

Please try 4.75.8-3 and let me know if it works any better. They changed 
the output format slightly, by swapping the requested scanned 
subdirectory with the full path to the files instead.
The new code should work with old and new Bitdefender versions.

On 11/3/09 13:57, Jakob Venning - Vestings wrote:
> I just tried with worm - same thing the worm gets to my inbox
>
> MailScanner[26427]: Virus and Content Scanning: Starting
> MailScanner[26427]: 
> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/httpd:infected: 
> Unix.Worm.Scalper.G
> MailScanner[26427]: 
> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq:infected: 
> Generic.Slapper.F18A8CB9
> MailScanner[26427]: 
> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.bugtraq.c:infected: 
> Linux.Worm.Slapper.A (SH)
> MailScanner[26427]: 
> /var/spool/MailScanner/incoming/26427/n2BDmFV8030872/bugtraqworm.tgz=>(gzip)=>bug/.uubugtraq=>.bugtraq.c:infected: 
> Linux.Worm.Slapper.A (SH)
> MailScanner[26427]: Virus Scanning: Bitdefender found 4 infections
> MailScanner[26427]: Virus Scanning: Found 4 viruses
> MailScanner[26427]: Uninfected: Delivered 1 messages
>
> Jakob
>
> Kai Schaetzl skrev:
>> Jakob Venning - Vestings wrote on Tue, 10 Mar 2009 20:29:26 +0100:
>>
>>> Any comments?
>>
>> Hm. I wonder why it says infected and not a virus at the same time. 
>> Is there a chance that bitdefender gives a special response if it 
>> recognizes the EICAR test virus? As, obviously, it is not a virus but 
>> a signature test. Have you tested with a *real* virus? (not a 
>> phishing or HTML one, you will probably need a "real" binary malware)
>>
>> Kai
>>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list