----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]>
> >Scott, we have the following entry in our virus.cfg files on both of our > >IMail/Declude servers: > > > >SCANFILE2 C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q > >/VSTEMP=m:\temp\ /LR=report.txt > >VIRUSCODE2 1 > >REPORT2 Found > > > >I also have: PRESCAN OFF > > > >However, this particular PayPal phishing message is not getting caught by > >Declude Virus. If I run the following from the command-line: > > This is almost certainly because your AV program is reporting a different > error code when it finds a phishing message than it does when it finds a > virus. If you check the log file, you should see the code that they return > when they detect a phishing message. Here is the debug output from one of these BOFRA.B messages: ===== Scanning files (2 scanners) Starting scanner #1: M:\FSI\F-Prot\fpcmd.exe /AI /ARCHIVE=5 /DUMB /NOBOOT /NOBREAK /NOMEM /PACKED /PARANOID /SAFEREMOVE /SERVER /SILENT /TYPE /REPORT=report.txt M:\IMail\spool\D74D13~1.VIR\ Scanner to start immediately, no need to wait for others to end. Virus Scanner Started: M:\FSI\F-Prot\fpcmd.exe /AI /ARCHIVE=5 /DUMB /NOBOOT /NOBREAK /NOMEM /PACKED /PARANOID /SAFEREMOVE /SERVER /SILENT /TYPE /REPORT=report.txt M:\IMail\spool\D74D13~1.VIR\ Process Time: 140ms [kernel=15 user=125] Virus scanner 1 reports exit code of 0 Starting scanner #2: C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q /VSTEMP=m:\temp\ /LR=report.txt M:\IMail\spool\D74D13~1.VIR\ Scanner to start immediately, no need to wait for others to end. Virus Scanner Started: C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q /VSTEMP=m:\temp\ /LR=report.txt M:\IMail\spool\D74D13~1.VIR\ Process Time: 453ms [kernel=156 user=296] Virus scanner 2 reports exit code of 0 ===== As you can see, Declude is seeing the exit code as 0 from both scanners. How is the file changed when scanned by Declude Virus versus when scanned manually by TrendMicro that would cause TrendMicro to report the file differently? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
