esets false positive

Shawn Iverson iversons at rushville.k12.in.us
Thu Oct 11 12:50:31 UTC 2018 

That is most likely the esets wrapper and SweepViruses.pm function failing
to parse the output of the virus scanner properly.

I would start there and run a manual scan based on the parameters in the
wrapper against a file that triggers the problem.  I would then take a look
at the ProcessEsetsOutput function and see if the regex in there make sense
for the output.

On Thu, Oct 11, 2018 at 5:34 AM Nerijus Baliunas <
nerijus at users.sourceforge.net> wrote:

> Hello,
>
> I use latest mailscanner 5.1.1-1 with esets. It works OK, but occasionally
> it "detects" viruses in harmless files. For example:
>
> Oct 11 11:55:18 mail MailScanner[3063]: New Batch: Scanning 1 messages,
> 4623339 bytes
> Oct 11 11:55:19 mail MailScanner[3063]: Virus and Content Scanning:
> Starting
> Oct 11 11:55:24 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:24 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Esets::INFECTED::
> Oct 11 11:55:25 mail MailScanner[3063]: Virus Scanning: esets found 17
> infections
> Oct 11 11:55:26 mail MailScanner[3063]: Infected message
> 9231B2A14054.A15A2 came from 192.168.x.x
> Oct 11 11:55:26 mail MailScanner[3063]: Virus Scanning: Found 17 viruses
>
> While a real virus output looks like this:
> Oct 11 01:39:44 mail MailScanner[4184]: New Batch: Scanning 1 messages,
> 2104 bytes
> Oct 11 01:39:44 mail MailScanner[4184]: Virus and Content Scanning:
> Starting
> Oct 11 01:39:49 mail MailScanner[4184]: Esets::INFECTED::Eicar test file
> Oct 11 01:39:49 mail MailScanner[4184]: Esets::INFECTED::Eicar test file
> Oct 11 01:39:49 mail MailScanner[4184]: Esets::INFECTED::Eicar test file
> Oct 11 01:39:49 mail MailScanner[4184]: Virus Scanning: esets found 3
> infections
> Oct 11 01:39:49 mail MailScanner[4184]: Infected message
> EF7F72A14053.A770C came from 5.2.x.x
> Oct 11 01:39:49 mail MailScanner[4184]: Virus Scanning: Found 3 viruses
>
> How do I debug this?
>
> Regards,
> Nerijus
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x1171
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181011/7fb05466/attachment.html>

More information about the MailScanner mailing list