A little more checking and this seems to be happening on any message
infected with a virus.... Possible bug...
Running 3.x, AVAFTERJM, with EXITSCANONVIRUSDETECT ON
10/28/2005 00:39:56.359 qab8ff7a40618ffdf.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
10/28/2005 00:41:47.968 qabfaf7c50618004e.smd Virus scanner 1 reports exit
code of 3
10/28/2005 00:41:47.968 qabfaf7c50618004e.smd Scanner 1: Virus=
W32/[EMAIL PROTECTED] Attachment=email-details.zip [11] O
10/28/2005 00:41:47.984 qabfaf7c50618004e.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
10/28/2005 00:56:05.015 qaf506d06099e03ac.smd Scanner 1: Virus=
W32/[EMAIL PROTECTED] Attachment=email-password.zip [11] O
10/28/2005 00:56:05.015 qaf506d06099e03ac.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
Darrell ([EMAIL PROTECTED]) writes:
Anyone seen this before? The message (attachment) have the W97M/Thus
Virus and is detected by McAfee as having such, but the final virus string
somehow ends up at Netsky?
Darrell
x:\imail\spool>grep -i q41c378d5099ed6c9.smd vir1028.log
10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd Vulnerability flags = 0
10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd MIME file: HD New Look
list.doc [base64; Length=59
904 Checksum=2996157]
10/28/2005 11:21:10.750 q41c378d5099ed6c9.smd Virus scanner 1 reports exit
code of 0
10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Virus scanner 2 reports exit
code of 13
10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Scanner 2: Virus= the
W97M/Thus.gen Attachment=HD
New Look List.doc [11] I
10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 13]
10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Scanned: CONTAINS A VIRUS
[MIME: 2 60102]
10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [
incoming from 64.207.161.182]
10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Subject: Here we go Again -
Proposal
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
MRTG Integration, and Log Parsers.
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
