<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2655.35">
<TITLE>Sophos and Sophos SAVI</TITLE>
</HEAD>
<BODY>
<BR>
<P><FONT SIZE=2>Just installed Sophos and SophosSAVI following directions on www.mailscanner.info</FONT>
</P>
<P><FONT SIZE=2>MailScanner seems to spit out the message "Virus Scanning: SophosSAVI found 1 infections" for every batch.</FONT>
</P>
<P><FONT SIZE=2>Example:</FONT>
</P>
<P><FONT SIZE=2>Sep 15 16:13:32 lime MailScanner[7589]: New Batch: Found 2 messages waiting</FONT>
<BR><FONT SIZE=2>Sep 15 16:13:32 lime MailScanner[7589]: New Batch: Scanning 1 messages, 5774 bytes</FONT>
<BR><FONT SIZE=2>Sep 15 16:13:32 lime MailScanner[7589]: Spam Checks: Starting</FONT>
<BR><FONT SIZE=2>Sep 15 16:13:41 lime MailScanner[7589]: Virus and Content Scanning: Starting</FONT>
<BR><FONT SIZE=2>Sep 15 16:13:41 lime MailScanner[7589]: Namelist is /opt/MailScanner/etc/reports/en/languages.conf</FONT>
<BR><FONT SIZE=2>Sep 15 16:13:42 lime MailScanner[7589]: Virus Scanning: SophosSAVI found 1 infections</FONT>
<BR><FONT SIZE=2>Sep 15 16:13:44 lime MailScanner[7589]: Uninfected: Delivered 1 messages</FONT>
</P>
<P><FONT SIZE=2># grep "Virus Scanning: SophosSAVI found 1 infections" /var/log/syslog | wc -l</FONT>
<BR><FONT SIZE=2> 174</FONT>
<BR><FONT SIZE=2># grep INFECTED /var/log/syslog | wc -l</FONT>
<BR><FONT SIZE=2> 2</FONT>
<BR><FONT SIZE=2>#</FONT>
</P>
<P><FONT SIZE=2>Is this normail?</FONT>
</P>
<P><FONT SIZE=2>I did send an eicar test through the server and it caught that...</FONT>
</P>
<P><FONT SIZE=2>Sep 15 15:59:29 lime MailScanner[7581]: INFECTED:: EICAR-AV-Test:: ./h8FJxLN09987/eicar.com.txt</FONT>
</P>
<P><FONT SIZE=2>Is there a way to get the scanner name in the report?</FONT>
</P>
<P><FONT SIZE=2> Report: eicar.com.txt was infected by EICAR-AV-Test</FONT>
<BR><FONT SIZE=2> eicar.com.txt contains Eicar-Test-Signature </FONT>
</P>
<P><FONT SIZE=2>MailScanner 4.20-3 running on Sparc Solaris 8.</FONT>
</P>
<P><FONT SIZE=2>Thanks,</FONT>
</P>
<P><FONT SIZE=2>Derek Winkler</FONT>
<BR><FONT SIZE=2>Security Administrator </FONT>
<BR><FONT SIZE=2>Algorithmics Inc., Toronto </FONT>
<BR><FONT SIZE=2>Tel: (416) 217-4107 </FONT>
<BR><FONT SIZE=2>Fax: (416) 971-6263 </FONT>
<BR><FONT SIZE=2>www.algorithmics.com </FONT>
</P>
</BODY>
</HTML>