[Declude.Virus] F-Prot missing viruses and is slow (renamed)

[Matt]

Ok, I've captured one of these files and confirmed from a manual scan that it is still taking an excessive amount of time...but wait, there's more.  The report.txt file that it creates shows that it detected Mytob, but every test where I send this to myself in E-mail results in no virus detected by F-Prot using VIRUSCODE 3, 6, 8, 9 or 10.  I haven't gone as far as coding something up that can capture the exit code from the command line yet, but I would be curious what if any was returned. Here's what Declude Virus shows for this file when I send it to myself: 04/28/2005 17:40:57 Q58666795008E87C7 MIME file: [text/html][7bit; Length=695 Checksum=54365] 04/28/2005 17:40:57 Q58666795008E87C7 MIME file: doc.zip [base64; Length=56432 Checksum=6987426] --- 10 second gap while F-Prot scans --- 04/28/2005 17:41:07 Q58666795008E87C7 Could not find parse string Infection:  in report.txt 04/28/2005 17:41:08 Q58666795008E87C7 Scanner 2: Virus=the W32/[EMAIL PROTECTED] Attachment= [0] I 04/28/2005 17:41:08 Q58666795008E87C7 File(s) are INFECTED [the W32/[EMAIL PROTECTED]: 13] 04/28/2005 17:41:08 Q58666795008E87C7 Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 3 57490] 04/28/2005 17:41:08 Q58666795008E87C7 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 192.168.100.100] 04/28/2005 17:41:08 Q58666795008E87C7 Subject: [Fwd: Mail Delivery System] Here's a link to the virus for those that might want to test it out for themselves.  Turn off your real-time virus scanner, right click the file and press save as, and rename it as doc.zip (it's not really a text file). http://administration.mailpure.com/virus/doc.txt Here's the command line for F-Prot that I was using with the file located in C:\test\doc.zip: C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOBOOT /NOMEM /ARCHIVE=5 /PACKED /DUMB /REPORT=C:\test\report.txt C:\test\doc.zip Here's the output from the report.txt file when manually scanned: Virus scanning report  -  28 April 2005 @ 17:45 F-PROT ANTIVIRUS Program version: 3.16b Engine version: 3.16.6 VIRUS SIGNATURE FILES SIGN.DEF created 28 April 2005 SIGN2.DEF created 28 April 2005 MACRO.DEF created 20 April 2005 Search: C:\test\doc.zip Action: Report only Files: "Dumb" scan of all files Switches: /ARCHIVE /PACKED /SERVER /REPORT=C:\test\report.txt /SILENT /NOBOOT /NOMEM Memory was not scanned. Hard disk boot sectors were not scanned. C:\test\doc.zip->doc.scr->(Packed)  is a security risk named W32/[EMAIL PROTECTED] Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 2 Infected: 0 Suspicious: 1 Disinfected: 0 Deleted: 0 Renamed: 0 Time: 0:10 So it takes 10 seconds, find a "security risk named W32/[EMAIL PROTECTED]" and says it is "Suspicious", but I have Declude configured to treat an exit code of 8 as a virus currently, and that's what Suspicious files are supposedly marked as.  I don't know if there is a different code being returned, or if F-Prot is just bugging out and not returning a code.  Maybe some of you can clear that part up. Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================