RE: [Declude.Virus] Viruses slipping thru after move to new server....server....

Tue, 21 Jan 2003 05:15:03 -0800 



I have never been able to stop ALL of the EICAR tests from the Declude
site. (even with the old server),




It's usually OK for a few to go through (such as the 'eicarprescan').  But 
if there are more than a few that are not caught, there may be a problem.




 but I have looked at the -diag screen
(it's showing status of 'registered'), the logs, I don't quite
understand how to read. Here is a snippet:

01/20/2003 15:25:04 Q693000030158845b Outlook 'CR' vulnerability [Content-ty]



This like indicates that Declude Virus detected a vulnerability.




01/20/2003 15:25:05 Q693000030158845b File(s) are INFECTED [0]
01/20/2003 15:25:05 Q693000030158845b Scanned: CONTAINS A VIRUS




These will appear when a virus or vulnerability is detected.  The first 
line has the "[0]" in it to indicate the return code that your virus 
scanner is reporting -- the "0" means that it did not detect a virus.



But, these are the log file entries for E-mails that Declude Virus *did* 
catch.  What I'm interested in is the log file entries for the ones that it 
did not catch -- they can provide a clue.




I also have this to add:

When loading up the new sever, our web administration of Imail was
extremely slow, after about 2 hours of checking we found out that if we
disable the 'network associates McShield' service, the performance
problem goes away, and using the web mail stuff is instantaneous (as it
should be).




Quite true.  If you have the virus scanner set to do "real time scanning", 
it will scan all the files on the server.  On a mail server, that can eat 
up a lot of CPU time.




After doing this, I didn't see the SCAN.exe process
starting up in the task manager anymore, so I became suspicious of the
whole operation.  Which has led me here.....



Aha!  That's a very big clue.




When I migrated the server over, I grabbed the declude info along with
the imail directory.  I double checked the url to the scan.exe file when
it was on the new server...




If you can send me your \IMail\Declude\virus.cfg file, I can probably tell 
from that what the problem is.

                                        -Scott



---

[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]



---

This E-mail came from the Declude.Virus mailing list.  To

unsubscribe, just send an E-mail to [EMAIL PROTECTED], and

type "unsubscribe Declude.Virus".    The archives can be found

at http://www.mail-archive.com.

























					Reply via email to