R: Doesnt more detect sophos
Nicola Piazzi
Nicola.Piazzi at gruppocomet.it
Thu Jan 3 07:28:22 UTC 2019
Here output, it seems correct
[root at EFA42 ~]# savscan /eictestfile
SAVScan virus detection utility
Version 5.53.0 [Linux/AMD64]
Virus data version 5.58, December 2018
Includes detection for 28304520 viruses, Trojans and worms
Copyright (c) 1989-2018 Sophos Limited. All rights reserved.
System time 08:27:29 AM, System date 03 January 2019
IDE directory is: /opt/sophos-av/lib/sav
Using IDE file emot-ajp.ide
Using IDE file inje-dqo.ide
Using IDE file rtfdl-dt.ide
Using IDE file steal-et.ide
Using IDE file trikb-bq.ide
Using IDE file pdfdw-jm.ide
Using IDE file encdo-et.ide
Using IDE file docd-qmw.ide
Using IDE file inje-dqx.ide
Using IDE file emot-ake.ide
Using IDE file emot-akh.ide
Using IDE file fare-gds.ide
Using IDE file trick-kr.ide
Using IDE file zbot-msx.ide
Using IDE file bank-gxl.ide
Using IDE file bckdo-ak.ide
Using IDE file phis-edi.ide
Using IDE file xtbl-bb.ide
Using IDE file pdfu-gnt.ide
Using IDE file rans-fcq.ide
Using IDE file drop-ahu.ide
Using IDE file age-baef.ide
Using IDE file blada-lb.ide
Using IDE file betab-bs.ide
Using IDE file fare-gea.ide
Using IDE file phis-edn.ide
Using IDE file nanoc-bi.ide
Using IDE file zbot-mte.ide
Using IDE file emot-ako.ide
Using IDE file trick-kv.ide
Using IDE file emot-akt.ide
Using IDE file emot-aku.ide
Using IDE file vools-e.ide
Using IDE file miner-qa.ide
Using IDE file pdfu-gol.ide
Using IDE file fare-gem.ide
Using IDE file fare-geq.ide
Using IDE file pdfu-goq.ide
Using IDE file fare-ges.ide
Using IDE file fare-gex.ide
Using IDE file zbot-mtw.ide
Using IDE file gootki-n.ide
Using IDE file emot-alq.ide
Using IDE file zbot-mub.ide
Using IDE file gootki-o.ide
Using IDE file drid-aak.ide
Using IDE file encdo-fz.ide
Using IDE file formb-gj.ide
Using IDE file age-bafb.ide
Using IDE file zbot-muc.ide
Using IDE file emot-alr.ide
Using IDE file age-bafd.ide
Using IDE file htmld-kj.ide
Using IDE file nanocr-f.ide
Using IDE file xtbl-bf.ide
Using IDE file emot-amc.ide
Using IDE file fare-gfo.ide
Using IDE file docd-qsr.ide
Using IDE file fare-geg.ide
Using IDE file zbot-muv.ide
Using IDE file rans-fcy.ide
Using IDE file fare-gei.ide
Using IDE file bdoo-bhh.ide
Using IDE file emot-ams.ide
Using IDE file nymai-iq.ide
Using IDE file batdl-af.ide
Using IDE file emot-amy.ide
Using IDE file keylo-vo.ide
Using IDE file loit-w.ide
Using IDE file emot-alh.ide
Using IDE file emot-anj.ide
Using IDE file emot-anm.ide
Using IDE file gootki-y.ide
Using IDE file emot-anr.ide
Using IDE file docd-qve.ide
Using IDE file phis-efr.ide
Using IDE file msil-lyd.ide
Using IDE file msil-lye.ide
Using IDE file msil-lyf.ide
Using IDE file emot-ans.ide
Using IDE file steal-ff.ide
Using IDE file lnkrun-x.ide
Using IDE file retefe-n.ide
Using IDE file age-bagh.ide
Using IDE file steal-fi.ide
Using IDE file rtfdl-fh.ide
Using IDE file fare-ggz.ide
Using IDE file msil-lyi.ide
Using IDE file emot-aop.ide
Using IDE file lnk-bc.ide
Using IDE file emot-aox.ide
Using IDE file remco-fd.ide
Using IDE file emot-apc.ide
Using IDE file remco-fe.ide
Using IDE file pubdl-o.ide
Using IDE file delf-had.ide
Using IDE file trick-lo.ide
Using IDE file fare-ghu.ide
Using IDE file recam-cz.ide
Using IDE file inje-dsf.ide
Using IDE file zbot-mvp.ide
Using IDE file rans-fdh.ide
Using IDE file emot-ann.ide
Using IDE file emot-anq.ide
Using IDE file trick-ls.ide
Using IDE file formb-go.ide
Using IDE file phis-egq.ide
Using IDE file cryakl-q.ide
Using IDE file docd-qzt.ide
Using IDE file hawke-ss.ide
Using IDE file rtfdl-gb.ide
Using IDE file bokbot-b.ide
Using IDE file fare-gip.ide
Using IDE file lokib-bn.ide
Using IDE file stolpe-c.ide
Using IDE file zbot-mwb.ide
Using IDE file inje-dsj.ide
Using IDE file age-baig.ide
Using IDE file encdo-hc.ide
Using IDE file age-baij.ide
Using IDE file fare-gjf.ide
Using IDE file emot-ara.ide
Using IDE file zbot-mwj.ide
Using IDE file fare-gji.ide
Using IDE file pdfu-grf.ide
Using IDE file emot-ari.ide
Using IDE file dwnl-wzk.ide
Using IDE file docd-rdi.ide
Using IDE file emot-arn.ide
Using IDE file fare-gjm.ide
Using IDE file htmld-kt.ide
Using IDE file inje-dsp.ide
Using IDE file emot-aro.ide
Using IDE file msil-lyt.ide
Using IDE file zbot-mwk.ide
Using IDE file fuerbo-w.ide
Using IDE file msil-lyu.ide
Using IDE file inje-dsr.ide
Using IDE file trick-lv.ide
Using IDE file delf-gzt.ide
Using IDE file zbot-mwn.ide
Using IDE file inje-dsv.ide
Using IDE file nanoc-bs.ide
Using IDE file fare-gjx.ide
Using IDE file zbot-mwx.ide
Using IDE file fare-gkc.ide
Using IDE file emot-aqj.ide
Using IDE file phis-ehp.ide
Using IDE file msil-lzb.ide
Using IDE file rans-fdq.ide
Using IDE file cryakl-u.ide
Using IDE file steal-fy.ide
Using IDE file phis-eia.ide
Using IDE file pdfu-gsb.ide
Using IDE file emot-asr.ide
Using IDE file spy-auk.ide
Using IDE file steal-fv.ide
Using IDE file fare-gkk.ide
Using IDE file age-bair.ide
Using IDE file phis-eid.ide
Using IDE file pdfu-gsf.ide
Using IDE file cryakl-w.ide
Using IDE file zbot-mxb.ide
Using IDE file inje-dsu.ide
Using IDE file phis-eig.ide
Using IDE file zegos-kn.ide
Using IDE file phis-eih.ide
Using IDE file fare-gjn.ide
Using IDE file rans-fds.ide
Using IDE file icedid-c.ide
Using IDE file zbot-mxg.ide
Using IDE file age-bake.ide
Using IDE file spy-aul.ide
Using IDE file dharma-c.ide
Using IDE file trick-md.ide
Using IDE file encdo-hn.ide
Using IDE file fare-gkp.ide
Using IDE file fare-gkq.ide
Using IDE file msil-lzh.ide
Using IDE file trick-mj.ide
Using IDE file docd-rgz.ide
Using IDE file rans-fdx.ide
Using IDE file drid-aap.ide
Using IDE file rans-fdy.ide
Using IDE file blada-lx.ide
Using IDE file rans-fdz.ide
Using IDE file steal-ga.ide
Using IDE file nukesp-a.ide
Using IDE file xtbl-bo.ide
Using IDE file docph-cj.ide
Using IDE file darkc-ib.ide
Using IDE file fare-gkj.ide
Using IDE file auto-chk.ide
Using IDE file fare-gkt.ide
Using IDE file trick-ml.ide
Using IDE file pdfu-gsh.ide
Using IDE file miner-qo.ide
Using IDE file docd-rhg.ide
Using IDE file trick-mm.ide
Using IDE file emot-asw.ide
Using IDE file trick-mo.ide
Using IDE file phis-eir.ide
Using IDE file trick-mp.ide
Using IDE file rans-feb.ide
Using IDE file trikb-cc.ide
Quick Scanning
>>> Virus 'EICAR-AV-Test' found in file /eictestfile
1 file scanned in 7 seconds.
1 virus was discovered.
1 file out of 1 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
End of Scan.
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.comet.it<http://www.comet.it/>
[Nuova immagine bitmap]
Da: MailScanner <mailscanner-bounces+nicola.piazzi=gruppocomet.it at lists.mailscanner.info> Per conto di Shawn Iverson via MailScanner
Inviato: giovedì 3 gennaio 2019 00:23
A: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Cc: Shawn Iverson <iversons at rushville.k12.in.us>
Oggetto: Re: Doesnt more detect sophos
Priorità: Bassa
Nicola,
Can you run savscan on an EICAR test file and capture the entire output?
On Mon, Dec 31, 2018 at 11:15 AM Nicola Piazzi <Nicola.Piazzi at gruppocomet.it<mailto:Nicola.Piazzi at gruppocomet.it>> wrote:
Hi,
I found that mailscanner doesn no more catch sophos virus, this in an existing installation and also in a fresh install
Here maillog of a working message :
2018-12-03T01:13:17.634913+01:00 EFA42 MailScanner[4191]: >>> Virus 'Mal/DrodAce-A' found in file ./27176108233.AC1B9/201283765ref20181203_xls.ace
2018-12-03T01:13:17.635238+01:00 EFA42 MailScanner[4191]: Virus Scanning: Sophos found 1 infections
2018-12-03T01:13:17.635417+01:00 EFA42 MailScanner[4191]: Infected message 27176108233.AC1B9 came from 82.193.37.22
2018-12-03T01:13:17.635543+01:00 EFA42 MailScanner[4191]: Virus Scanning: Found 1 viruses
Here maillog of a non working message :
2018-12-17T16:21:48.334526+01:00 EFA42 MailScanner[2649]: >>> Virus 'Mal/DrodAce-A' found in file /var/pool/MailScanner/incoming/2649/DB73A106051.A5516/nPO-18191111060.ace
2018-12-17T16:21:48.334859+01:00 EFA42 MailScanner[2649]: Virus Scanning: Sophos found 1 infections
2018-12-17T16:21:48.335071+01:00 EFA42 MailScanner[2649]: Infected message var came from
2018-12-17T16:21:48.335207+01:00 EFA42 MailScanner[2649]: Virus Scanning: Found 1 viruses
NOTE Infected message “var” instead real file name !!!
This is newest installed version
[root at EFA41 sbin]# sweep --version
SAVScan virus detection utility
Copyright (c) 1989-2018 Sophos Limited. All rights reserved.
System time 05:01:58 PM, System date 31 December 2018
Product version : 5.53.0
Engine version : 3.74.2
Virus data version : 5.58
User interface version : 2.03.074
Platform : Linux/AMD64
Released : 11 December 2018
Total viruses (with IDEs) : 28304428
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
[https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ]
[https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190103/e63da70d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6129 bytes
Desc: image001.png
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190103/e63da70d/attachment-0001.png>
More information about the MailScanner
mailing list