I predict there will be a fix for this issue at the very beginning of the
week.
David Franco-Rocha
Declude Technical / Engineering
----- Original Message -----
From: "Markus Gufler" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, October 28, 2005 1:53 PM
Subject: RE: [Declude.Virus] Virus name reported as different than what
scanner detected.
Hmm, looks like there is one single variable containing the last detected
virus name and several threads writing to and reading from this
variable...
Markus
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, October 28, 2005 6:44 PM
To: [email protected]
Subject: Re: [Declude.Virus] Virus name reported as different
than what scanner detected.
A little more checking and this seems to be happening on any
message infected with a virus.... Possible bug...
Running 3.x, AVAFTERJM, with EXITSCANONVIRUSDETECT ON
10/28/2005 00:39:56.359 qab8ff7a40618ffdf.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
10/28/2005 00:41:47.968 qabfaf7c50618004e.smd Virus scanner 1
reports exit code of 3
10/28/2005 00:41:47.968 qabfaf7c50618004e.smd Scanner 1:
Virus= W32/[EMAIL PROTECTED] Attachment=email-details.zip [11] O
10/28/2005 00:41:47.984 qabfaf7c50618004e.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
10/28/2005 00:56:05.015 qaf506d06099e03ac.smd Scanner 1:
Virus= W32/[EMAIL PROTECTED] Attachment=email-password.zip [11] O
10/28/2005 00:56:05.015 qaf506d06099e03ac.smd File(s) are INFECTED [
W32/[EMAIL PROTECTED]: 3]
Darrell ([EMAIL PROTECTED]) writes:
> Anyone seen this before? The message (attachment) have the
W97M/Thus
> Virus and is detected by McAfee as having such, but the final virus
> string somehow ends up at Netsky?
>
> Darrell
>
> x:\imail\spool>grep -i q41c378d5099ed6c9.smd vir1028.log
> 10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd Vulnerability
flags = 0
> 10/28/2005 11:21:09.718 q41c378d5099ed6c9.smd MIME file: HD
New Look
> list.doc [base64; Length=59
> 904 Checksum=2996157]
> 10/28/2005 11:21:10.750 q41c378d5099ed6c9.smd Virus scanner
1 reports
> exit code of 0
> 10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Virus scanner
2 reports
> exit code of 13
> 10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd Scanner 2: Virus= the
> W97M/Thus.gen Attachment=HD New Look List.doc [11] I
> 10/28/2005 11:21:11.359 q41c378d5099ed6c9.smd File(s) are INFECTED [
> W32/[EMAIL PROTECTED]: 13]
> 10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Scanned: CONTAINS A
> VIRUS
> [MIME: 2 60102]
> 10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd From:
> [EMAIL PROTECTED]
> To: [EMAIL PROTECTED] [
> incoming from 64.207.161.182]
> 10/28/2005 11:21:32.796 q41c378d5099ed6c9.smd Subject: Here we go
> Again - Proposal
>
>
>
>
----------------------------------------------------------------------
> -- Check out http://www.invariantsystems.com for utilities
for Declude
> And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI
> integration, MRTG Integration, and Log Parsers.
>
>
--------------------------------------------------------------
----------
Check out http://www.invariantsystems.com for utilities for
Declude And Imail. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
