Anti-Phishing / Spear-Phishing script IMPORTANT update

Mike Wallace mike at mlrw.com
Sat Sep 26 15:51:37 IST 2009 

Jules,

I have found an anomaly in the beta with the --lint virus scan results.

On a MailScanner box running 4.77.1, when I run MailScanner --lint I  
get the following for virus checking:

MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
= 
= 
= 
========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
= 
= 
= 
========================================================================

On a MailScanner box running 4.78.16 I get the following:

MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamd
= 
= 
= 
========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
= 
= 
= 
========================================================================


Both boxes were built the same way with the only difference being the  
version of MailScanner installed.

Is this behavior correct?

Thanks.

Mike




On Sep 20, 2009, at 4:44 PM, Jules Field wrote:

> Firstly, I'm still here, don't worry :-)
> Just my day job is really busy at the moment, as we're now in the  
> run-up to the start of the new academic year, and I have taken on a  
> load of extra work to ease the strain on the guys who work for me.
>
> I'm still intending to do a stable release of MailScanner on 1st  
> October. So if there's anything important I need to know about the  
> current version, please tell me in a reply to this message (to the  
> list is fine, just I can then just check 1 thread).
>
> However, the point of this message is to tell you I have updated
>    http://www.jules.fm/Logbook/files/anti-phishing-v2.html
> as the location of the original Google-hosted data file has moved to  
> SourceForge, and so the address of it has changed.
>
> If you don't update the script to the new version, it won't be doing  
> anything at all for you right now.
>
> Best regards,
> Jules.
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> This message has been scanned for viruses and dangerous content by  
> MailScanner, and is believed to be clean.
>

More information about the MailScanner mailing list