|
Matt,
What version of F-Prot are you using?
Darrell
------------------------------------------- Check out http://www.invariantsystems.com for
utilities for Declude And Imail. IMail Queue Monitoring, Declude Overflow
Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log
Parsers.
----- Original Message -----
Sent: Wednesday, April 27, 2005 6:57
PM
Subject: Re: [Declude.Virus] High CPU
F-Prot
I did some monitoring and
fpcmd.exe isn't normally causing excessive load and it's completely
updated. On the other hand, I have seen now 9 different timeouts for
F-Prot on my system today, and every timeout for F-Prot was for a message that
McAfee detected as a virus. There are two possibilities here that I can
think of. The most obvious would be that this variant of Mytob is
causing issues with F-Prot, possibly targeting a bug in the app that we don't
know about. The second issue might be related to the fact that I
upgraded last night from 1.82 and so I can't rule that out, but I'm leaning
heavily towards F-Prot having issues. Looks like yet another F-Prot
hiccup...
4/27/2005 01:32:09 Q23D834BB010C8222 MIME file: file.zip
[base64; Length=50820 Checksum=6317600]
04/27/2005 01:32:39
Q23D834BB010C8222 ERROR: Virus scanner 1 didn't finish after 30 seconds;
terminating.
04/27/2005 01:32:42 Q23D834BB010C8222 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 01:32:42 Q23D834BB010C8222
File(s) are INFECTED [the W32/[EMAIL PROTECTED]: 13]
04/27/2005 01:32:42
Q23D834BB010C8222 Deleting file with virus
04/27/2005 01:32:42
Q23D834BB010C8222 Deleting E-mail with virus!
04/27/2005 01:32:42
Q23D834BB010C8222 Scanned: CONTAINS A VIRUS [MIME: 2 50998]
04/27/2005
01:32:42 Q23D834BB010C8222 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from
208.7.179.200]
04/27/2005 01:32:42 Q23D834BB010C8222 Subject: Mail
Delivery System
04/27/2005 01:32:34 Q23F1665600C08266 MIME file:
document.zip [base64; Length=50828 Checksum=6318531]
04/27/2005 01:33:04
Q23F1665600C08266 ERROR: Virus scanner 1 didn't finish after 30 seconds;
terminating.
04/27/2005 01:33:06 Q23F1665600C08266 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 01:33:06 Q23F1665600C08266
File(s) are INFECTED [the W32/[EMAIL PROTECTED]: 13]
04/27/2005 01:33:06
Q23F1665600C08266 Deleting file with virus
04/27/2005 01:33:06
Q23F1665600C08266 Deleting E-mail with virus!
04/27/2005 01:33:06
Q23F1665600C08266 Scanned: CONTAINS A VIRUS [MIME: 2 51075]
04/27/2005
01:33:06 Q23F1665600C08266 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from
208.7.179.200]
04/27/2005 01:33:06 Q23F1665600C08266 Subject: Good
day
04/27/2005 12:53:45 QC34F126601208E36 MIME file: readme.zip
[base64; Length=60534 Checksum=7436894]
04/27/2005 12:54:15
QC34F126601208E36 ERROR: Virus scanner 1 didn't finish after 30 seconds;
terminating.
04/27/2005 12:54:16 QC34F126601208E36 Scanner 2: Virus=the
<Anonymous Driver> Attachment= [0] O
04/27/2005 12:54:16
QC34F126601208E36 File(s) are INFECTED [the <Anonymous Driver>:
13]
04/27/2005 12:54:16 QC34F126601208E36 Deleting file with
virus
04/27/2005 12:54:16 QC34F126601208E36 Deleting E-mail with
virus!
04/27/2005 12:54:16 QC34F126601208E36 Scanned: CONTAINS A VIRUS
[MIME: 2 60735]
04/27/2005 12:54:16 QC34F126601208E36 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from
208.7.179.200]
04/27/2005 12:54:16 QC34F126601208E36 Subject: MAIL
TRANSACTION FAILED
04/27/2005 15:01:22 QE18023A80136D4FB MIME file:
message.pif [base64; Length=68608 Checksum=8328934]
04/27/2005 15:01:22
QE18023A80136D4FB Banning file with PIF extension
[application/octet-stream].
04/27/2005 15:01:52 QE18023A80136D4FB ERROR:
Virus scanner 1 didn't finish after 30 seconds; terminating.
04/27/2005
15:01:54 QE18023A80136D4FB Scanner 2: Virus=the W32/[EMAIL PROTECTED]
Attachment=message.pif [0] O
04/27/2005 15:01:54 QE18023A80136D4FB
Invalid PIF Vulnerability
04/27/2005 15:01:54 QE18023A80136D4FB Found a
bogus .pif file
04/27/2005 15:01:54 QE18023A80136D4FB File(s) are
INFECTED [the W32/[EMAIL PROTECTED]: 13]
04/27/2005 15:01:54 QE18023A80136D4FB
Deleting file with virus
04/27/2005 15:01:54 QE18023A80136D4FB Deleting
E-mail with virus!
04/27/2005 15:01:54 QE18023A80136D4FB Scanned:
CONTAINS A VIRUS [MIME: 2 68855]
04/27/2005 15:01:54 QE18023A80136D4FB
From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from
208.7.179.200]
04/27/2005 15:01:54 QE18023A80136D4FB Subject:
hello
04/27/2005 15:03:07 QE1E8CDE50080D601 MIME file: document.zip
[base64; Length=68878 Checksum=8339217]
04/27/2005 15:03:37
QE1E8CDE50080D601 ERROR: Virus scanner 1 didn't finish after 30 seconds;
terminating.
04/27/2005 15:03:38 QE1E8CDE50080D601 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 15:03:38 QE1E8CDE50080D601
File(s) are INFECTED [the W32/[EMAIL PROTECTED]: 13]
04/27/2005 15:03:38
QE1E8CDE50080D601 Deleting file with virus
04/27/2005 15:03:38
QE1E8CDE50080D601 Deleting E-mail with virus!
04/27/2005 15:03:38
QE1E8CDE50080D601 Scanned: CONTAINS A VIRUS [MIME: 2 70364]
04/27/2005
15:03:38 QE1E8CDE50080D601 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from
208.7.179.200]
04/27/2005 15:03:38 QE1E8CDE50080D601 Subject:
hello
04/27/2005 17:50:01 Q08DE5B0200CC296E MIME file: test.exe
[base64; Length=64512 Checksum=7880003]
04/27/2005 17:50:01
Q08DE5B0200CC296E Banning file with EXE extension
[application/octet-stream].
04/27/2005 17:50:31 Q08DE5B0200CC296E ERROR:
Virus scanner 1 didn't finish after 30 seconds; terminating.
04/27/2005
17:50:32 Q08DE5B0200CC296E Scanner 2: Virus=the W32/[EMAIL PROTECTED]
Attachment=test.exe [0] O
04/27/2005 17:50:32 Q08DE5B0200CC296E File(s)
are INFECTED [the W32/[EMAIL PROTECTED]: 13]
04/27/2005 17:50:32
Q08DE5B0200CC296E Deleting file with virus
04/27/2005 17:50:32
Q08DE5B0200CC296E Deleting E-mail with virus!
04/27/2005 17:50:32
Q08DE5B0200CC296E Scanned: CONTAINS A VIRUS [MIME: 2 64690]
04/27/2005
17:50:32 Q08DE5B0200CC296E From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from
12.152.254.47]
04/27/2005 17:50:32 Q08DE5B0200CC296E Subject:
Hello
04/27/2005 17:50:29 Q08E35B0200CC2989 MIME file: file.zip
[base64; Length=64774 Checksum=7891080]
04/27/2005 17:50:59
Q08E35B0200CC2989 ERROR: Virus scanner 1 didn't finish after 30 seconds;
terminating.
04/27/2005 17:51:01 Q08E35B0200CC2989 Scanner 2: Virus=the
W32/[EMAIL PROTECTED] Attachment= [0] O
04/27/2005 17:51:01 Q08E35B0200CC2989
File(s) are INFECTED [the W32/[EMAIL PROTECTED]: 13]
04/27/2005 17:51:01
Q08E35B0200CC2989 Deleting file with virus
04/27/2005 17:51:01
Q08E35B0200CC2989 Deleting E-mail with virus!
04/27/2005 17:51:01
Q08E35B0200CC2989 Scanned: CONTAINS A VIRUS [MIME: 2 64952]
04/27/2005
17:51:01 Q08E35B0200CC2989 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [outgoing from
12.152.254.47]
04/27/2005 17:51:01 Q08E35B0200CC2989 Subject:
Vzvqvwnocdebkj
Markus Gufler wrote:
11:59pm here so it's not a good time to watch the cpu usage as most people
has leaved the office some hours ago. Time to say good night for me too
after haven't seen anything strange with f-prot on my server at the moment.
|-)
Markus
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Wednesday, April 27, 2005 11:53 PM
To: [email protected]
Subject: Re: [Declude.Virus] High CPU F-Prot
I saw F-Prot time out 3 times today in my logs, and I can't
remember that ever happening before. McAfee didn't time out
once, and that's usually the first to go. Maybe this
explains the issue. I think it's time to so some performance
monitoring to see what is up.
Matt
Darrell ([EMAIL PROTECTED]) wrote:
In the last 24 hours I have seen F-Prot start to use an excessive
amount of CPU. Normally it very rarely shows up in task
manager and
now it has been using a considerable amount of CPU.
Thoughts?
Darrell
----------------------------------------------------
Comprehensive Declude Virus and Junkmail reporting with
DLAnalyzer -
http://www.invariantsystems.com
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
