R: Doesnt more detect sophos

Wed Jan 2 09:29:43 UTC 2019

Doing a MailScanner --lint you can see that it tell that sophos found virus as clam do but in "Virus Scanner test reports" it report clam only
Note that clam report a relative and correct path and sophos report an incorrect one
(pool instead spool, and neicar.com instead eicar.com)

MailScanner.conf says "Virus Scanners = clamd sophos"
Found these virus scanners installed: clamavmodule, sophos, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
>>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/7314/1/neicar.com
Virus Scanning: Sophos found 1 infections
Infected message 1 came from 10.1.1.1
Infected message var came from
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel.  +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.comet.it

-----Messaggio originale-----
Da: MailScanner <mailscanner-bounces+nicola.piazzi=gruppocomet.it at lists.mailscanner.info> Per conto di Mark Sapiro
Inviato: lunedì 31 dicembre 2018 20:50
A: mailscanner at lists.mailscanner.info
Oggetto: Re: Doesnt more detect sophos
Priorità: Bassa

On 12/31/18 8:15 AM, Nicola Piazzi wrote:
> 
> Here maillog of a non working message :
> 
> 2018-12-17T16:21:48.334526+01:00 EFA42 MailScanner[2649]: >>> Virus 
> 'Mal/DrodAce-A' found in file 
> /var/pool/MailScanner/incoming/2649/DB73A106051.A5516/nPO-18191111060.
> ace
> 
> 2018-12-17T16:21:48.334859+01:00 EFA42 MailScanner[2649]: Virus
> Scanning: Sophos found 1 infections
> 
> 2018-12-17T16:21:48.335071+01:00 EFA42 MailScanner[2649]: Infected 
> message var came from
> 
> 2018-12-17T16:21:48.335207+01:00 EFA42 MailScanner[2649]: Virus
> Scanning: Found 1 viruses
> 
>  
> 
> NOTE Infected message “var” instead real file name !!!

Is there some issue besides this particular message? It appears that MailScanner is detecting the virus.

Perhaps the Sophos report has changed in some way in the latest version.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner