Anti-Phishing / Spear-Phishing script IMPORTANT update
Mike Wallace
mike at mlrw.com
Mon Sep 28 00:10:22 IST 2009
Mark,
Both machines definitely have "ClamAV Full Message Scan = yes", so
that is not the case for the difference.
To even verify that it had nothing to do with me using includes for my
site specific configuration, I took the 4.77 config file and used that
on the 4.78 system. The virus scan results were the same, the only
complaint being the version in the config file did not match the
running version.
So I guess Jules fixed a bug that we had never noticed before.
Mike
On Sep 27, 2009, at 2:34 PM, Mark Sapiro wrote:
> Jules Field wrote:/;
>>
>> On 26/09/2009 15:51, Mike Wallace wrote:
>>> Jules,
>>>
>>> I have found an anomaly in the beta with the --lint virus scan
>>> results.
>>>
>>> On a MailScanner box running 4.77.1, when I run MailScanner --lint I
>>> get the following for virus checking:
>>>
>>> MailScanner.conf says "Virus Scanners = clamd"
>>> Found these virus scanners installed: clamd
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>
>>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>>> Other Checks: Found 1 problems
>>> Virus and Content Scanning: Starting
>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>>> Virus Scanning: Clamd found 2 infections
>>> Infected message 1 came from 10.1.1.1
>>> Virus Scanning: Found 2 viruses
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>
>>>
>>> On a MailScanner box running 4.78.16 I get the following:
>>>
>>> MailScanner.conf says "Virus Scanners = clamd"
>>> Found these virus scanners installed: clamd
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>
>>> Filename Checks: Windows/DOS Executable (1 eicar.com)
>>> Other Checks: Found 1 problems
>>> Virus and Content Scanning: Starting
>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>>> Virus Scanning: Clamd found 1 infections
>>> Infected message 1 came from 10.1.1.1
>>> Virus Scanning: Found 1 viruses
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> =
>>> ====================================================================
>>>
>>>
>>>
>>> Both boxes were built the same way with the only difference being
>>> the
>>> version of MailScanner installed.
>>>
>>> Is this behavior correct?
>> Looks like a bug-fix to me. There's only 1 infection in the test
>> message, so it should only report 1 infection.
>
>
> If I am not mistaken, this is normal and expected. The box that
> reports
> 2 infections has
>
> ClamAV Full Message Scan = yes
>
> and the box that reports 1 has
>
> ClamAV Full Message Scan = no
>
> The full message scan results in two hits - one on the full message
> and
> one on the attached file.
>
> I know Mike has said in another thread
> <http://lists.mailscanner.info/pipermail/mailscanner/2009-September/093276.html
> >
> that these settings are the same (yes) on both boxes, but in my
> experience since well before and including several 4.77.x versions,
> but
> maybe not 4.77.1, on Centos 5.0 with ClamAV Full Message Scan = yes, I
> always get 2 infections reported from MailScanner --lint.
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
>
More information about the MailScanner
mailing list