I did some monitoring and fpcmd.exe isn't normally causing excessive
load and it's completely updated. On the other hand, I have seen now 9
different timeouts for F-Prot on my system today, and every timeout for
F-Prot was for a message that McAfee detected as a virus. There are
two possibilities here that I can think of. The most obvious would be
that this variant of Mytob is causing issues with F-Prot, possibly
targeting a bug in the app that we don't know about. The second issue
might be related to the fact that I upgraded last night from 1.82 and
so I can't rule that out, but I'm leaning heavily towards F-Prot having
issues. Looks like yet another F-Prot hiccup...
4/27/2005 01:32:09 Q23D834BB010C8222 MIME file:
file.zip [base64; Length=50820 Checksum=6317600]
04/27/2005 01:32:39 Q23D834BB010C8222 ERROR: Virus scanner 1 didn't
finish after 30 seconds; terminating.
04/27/2005 01:32:42 Q23D834BB010C8222 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 01:32:42 Q23D834BB010C8222 File(s) are INFECTED [the
W32/[EMAIL PROTECTED]: 13]
04/27/2005 01:32:42 Q23D834BB010C8222 Deleting file with virus
04/27/2005 01:32:42 Q23D834BB010C8222 Deleting E-mail with virus!
04/27/2005 01:32:42 Q23D834BB010C8222 Scanned: CONTAINS A VIRUS [MIME:
2 50998]
04/27/2005 01:32:42 Q23D834BB010C8222 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 208.7.179.200]
04/27/2005 01:32:42 Q23D834BB010C8222 Subject: Mail Delivery System
04/27/2005 01:32:34 Q23F1665600C08266 MIME file: document.zip [base64;
Length=50828 Checksum=6318531]
04/27/2005 01:33:04 Q23F1665600C08266 ERROR: Virus scanner 1 didn't
finish after 30 seconds; terminating.
04/27/2005 01:33:06 Q23F1665600C08266 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 01:33:06 Q23F1665600C08266 File(s) are INFECTED [the
W32/[EMAIL PROTECTED]: 13]
04/27/2005 01:33:06 Q23F1665600C08266 Deleting file with virus
04/27/2005 01:33:06 Q23F1665600C08266 Deleting E-mail with virus!
04/27/2005 01:33:06 Q23F1665600C08266 Scanned: CONTAINS A VIRUS [MIME:
2 51075]
04/27/2005 01:33:06 Q23F1665600C08266 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 208.7.179.200]
04/27/2005 01:33:06 Q23F1665600C08266 Subject: Good day
04/27/2005 12:53:45 QC34F126601208E36 MIME file: readme.zip [base64;
Length=60534 Checksum=7436894]
04/27/2005 12:54:15 QC34F126601208E36 ERROR: Virus scanner 1 didn't
finish after 30 seconds; terminating.
04/27/2005 12:54:16 QC34F126601208E36 Scanner 2: Virus=the
<Anonymous Driver> Attachment= [0] O
04/27/2005 12:54:16 QC34F126601208E36 File(s) are INFECTED [the
<Anonymous Driver>: 13]
04/27/2005 12:54:16 QC34F126601208E36 Deleting file with virus
04/27/2005 12:54:16 QC34F126601208E36 Deleting E-mail with virus!
04/27/2005 12:54:16 QC34F126601208E36 Scanned: CONTAINS A VIRUS [MIME:
2 60735]
04/27/2005 12:54:16 QC34F126601208E36 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 208.7.179.200]
04/27/2005 12:54:16 QC34F126601208E36 Subject: MAIL TRANSACTION FAILED
04/27/2005 15:01:22 QE18023A80136D4FB MIME file: message.pif [base64;
Length=68608 Checksum=8328934]
04/27/2005 15:01:22 QE18023A80136D4FB Banning file with PIF extension
[application/octet-stream].
04/27/2005 15:01:52 QE18023A80136D4FB ERROR: Virus scanner 1 didn't
finish after 30 seconds; terminating.
04/27/2005 15:01:54 QE18023A80136D4FB Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment=message.pif [0] O
04/27/2005 15:01:54 QE18023A80136D4FB Invalid PIF Vulnerability
04/27/2005 15:01:54 QE18023A80136D4FB Found a bogus .pif file
04/27/2005 15:01:54 QE18023A80136D4FB File(s) are INFECTED [the
W32/[EMAIL PROTECTED]: 13]
04/27/2005 15:01:54 QE18023A80136D4FB Deleting file with virus
04/27/2005 15:01:54 QE18023A80136D4FB Deleting E-mail with virus!
04/27/2005 15:01:54 QE18023A80136D4FB Scanned: CONTAINS A VIRUS [MIME:
2 68855]
04/27/2005 15:01:54 QE18023A80136D4FB From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 208.7.179.200]
04/27/2005 15:01:54 QE18023A80136D4FB Subject: hello
04/27/2005 15:03:07 QE1E8CDE50080D601 MIME file: document.zip [base64;
Length=68878 Checksum=8339217]
04/27/2005 15:03:37 QE1E8CDE50080D601 ERROR: Virus scanner 1 didn't
finish after 30 seconds; terminating.
04/27/2005 15:03:38 QE1E8CDE50080D601 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 15:03:38 QE1E8CDE50080D601 File(s) are INFECTED [the
W32/[EMAIL PROTECTED]: 13]
04/27/2005 15:03:38 QE1E8CDE50080D601 Deleting file with virus
04/27/2005 15:03:38 QE1E8CDE50080D601 Deleting E-mail with virus!
04/27/2005 15:03:38 QE1E8CDE50080D601 Scanned: CONTAINS A VIRUS [MIME:
2 70364]
04/27/2005 15:03:38 QE1E8CDE50080D601 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 208.7.179.200]
04/27/2005 15:03:38 QE1E8CDE50080D601 Subject: hello
04/27/2005 17:50:01 Q08DE5B0200CC296E MIME file: test.exe [base64;
Length=64512 Checksum=7880003]
04/27/2005 17:50:01 Q08DE5B0200CC296E Banning file with EXE extension
[application/octet-stream].
04/27/2005 17:50:31 Q08DE5B0200CC296E ERROR: Virus scanner 1 didn't
finish after 30 seconds; terminating.
04/27/2005 17:50:32 Q08DE5B0200CC296E Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment=test.exe [0] O
04/27/2005 17:50:32 Q08DE5B0200CC296E File(s) are INFECTED [the
W32/[EMAIL PROTECTED]: 13]
04/27/2005 17:50:32 Q08DE5B0200CC296E Deleting file with virus
04/27/2005 17:50:32 Q08DE5B0200CC296E Deleting E-mail with virus!
04/27/2005 17:50:32 Q08DE5B0200CC296E Scanned: CONTAINS A VIRUS [MIME:
2 64690]
04/27/2005 17:50:32 Q08DE5B0200CC296E From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 12.152.254.47]
04/27/2005 17:50:32 Q08DE5B0200CC296E Subject: Hello
04/27/2005 17:50:29 Q08E35B0200CC2989 MIME file: file.zip [base64;
Length=64774 Checksum=7891080]
04/27/2005 17:50:59 Q08E35B0200CC2989 ERROR: Virus scanner 1 didn't
finish after 30 seconds; terminating.
04/27/2005 17:51:01 Q08E35B0200CC2989 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 17:51:01 Q08E35B0200CC2989 File(s) are INFECTED [the
W32/[EMAIL PROTECTED]: 13]
04/27/2005 17:51:01 Q08E35B0200CC2989 Deleting file with virus
04/27/2005 17:51:01 Q08E35B0200CC2989 Deleting E-mail with virus!
04/27/2005 17:51:01 Q08E35B0200CC2989 Scanned: CONTAINS A VIRUS [MIME:
2 64952]
04/27/2005 17:51:01 Q08E35B0200CC2989 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] [outgoing from 12.152.254.47]
04/27/2005 17:51:01 Q08E35B0200CC2989 Subject: Vzvqvwnocdebkj
Markus Gufler wrote:
11:59pm here so it's not a good time to watch the cpu usage as most people
has leaved the office some hours ago. Time to say good night for me too
after haven't seen anything strange with f-prot on my server at the moment.
|-)
Markus
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Wednesday, April 27, 2005 11:53 PM
To: [email protected]
Subject: Re: [Declude.Virus] High CPU F-Prot
I saw F-Prot time out 3 times today in my logs, and I can't
remember that ever happening before. McAfee didn't time out
once, and that's usually the first to go. Maybe this
explains the issue. I think it's time to so some performance
monitoring to see what is up.
Matt
Darrell ([EMAIL PROTECTED]) wrote:
In the last 24 hours I have seen F-Prot start to use an excessive
amount of CPU. Normally it very rarely shows up in task
manager and
now it has been using a considerable amount of CPU.
Thoughts?
Darrell
----------------------------------------------------
Comprehensive Declude Virus and Junkmail reporting with
DLAnalyzer -
http://www.invariantsystems.com
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
