Matt,
My config is similar to yours except you have AI/Packed/SERVER. What are
the additional benefits to using these switches?
Mark Reimer IT Project Manager American
CareSource 214-596-2464
Kami,
This is F-Prot that is detecting this
and not Declude. I believe that the reason is the "/PARANOID" switch
that you are using. This is not a commonly used switch and it's not
documented in the executable's help. Here's my config for F-Prot.
I believe this should stop your issues if you change to
it:
C:\Progra~1\FSI\F-Prot\fpcmd.exe /AI /SILENT
/NOBOOT /NOMEM /ARCHIVE=5 /PACKED /SERVER /DUMB /REPORT=report.txt
I
have no virus hits that match what you are showing for F-Prot using this
config.
Matt
Kami Razvan wrote:
Hi Matt..
thanks for your quick reply. Here is the virus log
entries:
03/24/2006 14:34:08.042 q49aa017400001b4f.smd Vulnerability flags =
0 03/24/2006 14:34:10.777 q49aa017400001b4f.smd Virus scanner 1 reports
exit code of 0 03/24/2006 14:34:11.871 q49aa017400001b4f.smd Virus
scanner 2 reports exit code of 8 03/24/2006 14:34:11.965
q49aa017400001b4f.smd Scanner 2: Virus= Possibly a new variant of JS/
Attachment=[HTML segment] [17] I 03/24/2006 14:34:12.012
q49aa017400001b4f.smd File(s) are INFECTED [ Possibly a new variant of JS/:
8] 03/24/2006 14:34:12.059 q49aa017400001b4f.smd Deleting file with
virus 03/24/2006 14:34:12.121 q49aa017400001b4f.smd Deleting E-mail with
virus! 03/24/2006 14:34:12.153 q49aa017400001b4f.smd Scanned: CONTAINS A
VIRUS [MIME: 1 2652] 03/24/2006 14:34:12.184 q49aa017400001b4f.smd From:
[EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from
10.119.249.109] 03/24/2006 14:34:12.215 q49aa017400001b4f.smd Subject:
Response
& here is our entries in the virus.cfg file
SCANFILE1
C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM
/NOBEEP /PANALYZE /NOBREAK /UNZIP /SILENT /NODDA /REPORT
report.txt VIRUSCODE1
13 REPORT1 Found
# F-PROT - 2nd scanner
SCANFILE2 C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI /TYPE /SILENT
/server /PARANOID /NOMEM /ARCHIVE=5 /PACKED /NOBOOT /DUMB
/REPORT=report.txt VIRUSCODE2 3 VIRUSCODE2 6 VIRUSCODE2
8 REPORT2 Infection:
# AVG - 3rd
Scanner SCANFILE3
C:\Progra~1\Grisoft\AVG7\avgscan.exe /NOMEM /NOBOOT /NOHIMEM /NOSELF
/ARC /RT /ARCW /RTW /MACROW
/REPORT=report.txt VIRUSCODE3 4 VIRUSCODE3 5 VIRUSCODE3 6 VIRUSCODE3 7 VIRUSCODE3 9 REPORT3
identified
# CLAM- 4th
Scanner SCANFILE4 C:\clamav-devel\bin\clamscan.exe --quiet
--log-verbose --no-summary --max-ratio 0 -l report.txt VIRUSCODE4
1
Hope that helps..
Regards,
- Kami
Kami,
You might want to post your full
Declude Virus log snippet for one such message and identify both your
Declude version and your virus
scanners.
Matt
|