How could this have happened???? How long has this been going on for? I think some kind of explanation should be forthcoming.
David? Don Winsauer Net1 Media ----- Original Message ----- From: Colbeck, Andrew To: declude.virus@declude.com Sent: Monday, June 01, 2009 5:24 PM Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX Aha! That was a fishy circumstance. Those errors were red herrings raised by my other virus scanner, not the AVG scanner. If anybody is interested, this is what the log lines looked like at the last time that AVG triggered on a virus was April 3rd, 2009: 04/03/2009 08:54:05.047 Q003993048.smd Vulnerability flags = 2047 04/03/2009 08:54:05.047 Q003993048.smd MIME file: [text/html][8bit; Length=2371 Checksum=206516] 04/03/2009 08:54:05.062 Q003993048.smd MIME file: postcard.zip [base64; Length=449806 Checksum=56953283] 04/03/2009 08:54:05.062 Q003993048.smd Banning .ZIP file with SCR extension. 04/03/2009 08:54:07.501 Q003993048.smd AVG Reports VIRUS: Win32/Cryptor 04/03/2009 08:54:07.501 Q003993048.smd File(s) are INFECTED [Win32/Cryptor: 7] 04/03/2009 08:54:08.220 Q003993048.smd Virus scanner 1 reports exit code of 0 04/03/2009 08:54:08.345 Q003993048.smd Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 2 452321] 04/03/2009 08:54:08.345 Q003993048.smd From: postca...@hallmark.com To: <snip> [outgoing from 69.156.243.37] 04/03/2009 08:54:08.345 Q003993048.smd Subject: You've received A Hallmark E-Card! There were three of those, and otherwise I had no detections, and no interesting messages from AVG or with "error" in the log line. After stopping the DecludeProc service, then replacing decludeproc.exe with the Imail version, decludeproc_IM4635.exe as decludeproc.exe, and then restarting the DecludeProc service, I can then send a test email with the EICAR test virus as an attachment, and AVG does pick it up. 06/01/2009 18:11:11.305 Q000595199.smd Vulnerability flags = 2047 06/01/2009 18:11:11.305 Q000595199.smd MIME file: eicar.com [base64; Length=68 Checksum=6829] 06/01/2009 18:11:13.711 Q000595199.smd AVG Reports VIRUS: EICAR_Test 06/01/2009 18:11:13.711 Q000595199.smd File(s) are INFECTED [EICAR_Test: 7] 06/01/2009 18:11:13.727 Q000595199.smd Found a bogus .com file 06/01/2009 18:11:13.727 Q000595199.smd Scanned: CONTAINS A VIRUS [MIME: 2 157] 06/01/2009 18:11:13.727 Q000595199.smd From: <snip> To: <snip> [outgoing from <snip>] 06/01/2009 18:11:13.727 Q000595199.smd Subject: test 03 Andrew. ------------------------------------------------------------------------------ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, June 01, 2009 2:00 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX Not for everyone, but certainly for your server that would be true if that is what your logs indicate. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, Andrew Sent: Monday, June 01, 2009 4:03 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX David, this log excerpt seems to indicate that my AVG hasn't been working since May 1st 2009. Is this correct? C:\IMail\Spool>grep -c "smd Scanned: Error in virus scanner" vir????.log vir0401.log:0 vir0402.log:0 vir0403.log:0 vir0404.log:0 vir0405.log:0 vir0406.log:0 vir0407.log:0 vir0408.log:0 vir0409.log:0 vir0410.log:0 vir0411.log:0 vir0412.log:0 vir0413.log:0 vir0414.log:0 vir0415.log:0 vir0416.log:0 vir0417.log:0 vir0418.log:0 vir0419.log:0 vir0420.log:0 vir0421.log:0 vir0422.log:0 vir0423.log:0 vir0424.log:0 vir0425.log:0 vir0426.log:0 vir0427.log:0 vir0428.log:0 vir0429.log:0 vir0430.log:0 vir0501.log:2722 vir0502.log:640 vir0503.log:623 vir0504.log:3143 vir0505.log:2885 vir0506.log:2568 vir0507.log:2761 vir0508.log:2554 vir0509.log:386 vir0510.log:415 vir0511.log:3110 vir0512.log:2920 vir0513.log:2761 vir0514.log:2771 vir0515.log:2429 vir0516.log:300 vir0517.log:376 vir0518.log:857 vir0519.log:2605 vir0520.log:2793 vir0521.log:2574 vir0522.log:2598 vir0523.log:279 vir0524.log:430 vir0525.log:2630 vir0526.log:2751 vir0527.log:3217 vir0528.log:3026 vir0529.log:2532 vir0530.log:336 vir0531.log:608 vir0601.log:1894 Andrew. ------------------------------------------------------------------------------ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, June 01, 2009 12:38 PM To: declude.junkm...@declude.com; declude.virus@declude.com Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX If your AVG is not scanning emails, please upgrade immediately to 4.6.35 which is available from the Declude website. If you are unsure whether this means you, we suggest you upgrade, if you need any assistance in this matter please contact supp...@declude.com David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
