Viruses Undetected in MailScanner after Sophos Update
glenn.steen at gmail.com
Thu Oct 29 14:40:56 GMT 2009
2009/10/29 Daniel Straka <Dstraka at caspercollege.edu>:
>>>> On 10/28/2009 at 4:17 PM, in message <4AE8C2F4.3080906 at vanderkooij.org>, Hugo
> van der Kooij <hvdkooij at vanderkooij.org> wrote:
>> On 10/28/09 16:23, Daniel Straka wrote:
>>> Hi all,
>>> Two days ago I upgraded Sophos as I do every two months to version 446,
>> after which virus laden attachments began coming through my MailScanner
>> system undetected.
>>> So, I back-revved to version 444 and the virus attachments are again being
>> detected and removed from the messages properly. (whew)
>>> Does anyone know if Sophos has made some changes to their
>> "linux.intel.libc6.glibc.2.2.tar.Z" distributions that breaks it
>> functionality with MailScanner?
>> Gather a few suspect files. Then run both versions and see how they
>> report their results.
>> My guess is that the output format has been changed
> I did run some messages with virused attachments through MailScanner with Sophos v446 installed and they came straight through to my mailbox without being detected or reported in the mail log as they had been with Sophos v444. I guess I'll wait till Sophos v447 is released and try that distribution.
What Hugo was after, presumably, was that you'd manually run the
actual commandline Sophos "tool" and compare outputs, or (if you feel
a bit savvy:-) if you run the SAVI thing, look for/insert appropriate
print statements in the SAVI handler (in SweepVirus.pm), run the same
message through (including virus, of course) and compare the
respective outputs... Sort of do the groundwork for Jules, as well as
make sure your upgrade was a successful one;-).
Since I don't use Sophos, I can't help you further than this, but ...
as you probably know, numerous others on the list does... So keep at
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner