Aha! That was a fishy circumstance. Those errors were red herrings
raised by my other virus scanner, not the AVG scanner.
 
If anybody is interested, this is what the log lines looked like at the
last time that AVG triggered on a virus was April 3rd, 2009:
 
04/03/2009 08:54:05.047 Q003993048.smd Vulnerability flags = 2047
04/03/2009 08:54:05.047 Q003993048.smd MIME file: [text/html][8bit;
Length=2371 Checksum=206516]
04/03/2009 08:54:05.062 Q003993048.smd MIME file: postcard.zip [base64;
Length=449806 Checksum=56953283]
04/03/2009 08:54:05.062 Q003993048.smd Banning .ZIP file with SCR
extension.
04/03/2009 08:54:07.501 Q003993048.smd AVG Reports VIRUS: Win32/Cryptor
04/03/2009 08:54:07.501 Q003993048.smd File(s) are INFECTED
[Win32/Cryptor: 7]
04/03/2009 08:54:08.220 Q003993048.smd Virus scanner 1 reports exit code
of 0
04/03/2009 08:54:08.345 Q003993048.smd Scanned: CONTAINS A VIRUS
[Prescan OK][MIME: 2 452321]
04/03/2009 08:54:08.345 Q003993048.smd From: postca...@hallmark.com
<mailto:postca...@hallmark.com>  To: <snip>
<mailto:mcpie...@bentall.com>  [outgoing from 69.156.243.37]
04/03/2009 08:54:08.345 Q003993048.smd Subject: You've received A
Hallmark E-Card!
 
There were three of those, and otherwise I had no detections, and no
interesting messages from AVG or with "error" in the log line.
 
After stopping the DecludeProc service, then replacing decludeproc.exe
with the Imail version, decludeproc_IM4635.exe as decludeproc.exe, and
then restarting the DecludeProc service, I can then send a test email
with the EICAR test virus as an attachment, and AVG does pick it up.
 
06/01/2009 18:11:11.305 Q000595199.smd Vulnerability flags = 2047
06/01/2009 18:11:11.305 Q000595199.smd MIME file: eicar.com [base64;
Length=68 Checksum=6829]
06/01/2009 18:11:13.711 Q000595199.smd AVG Reports VIRUS: EICAR_Test
06/01/2009 18:11:13.711 Q000595199.smd File(s) are INFECTED [EICAR_Test:
7]
06/01/2009 18:11:13.727 Q000595199.smd Found a bogus .com file
06/01/2009 18:11:13.727 Q000595199.smd Scanned: CONTAINS A VIRUS [MIME:
2 157]
06/01/2009 18:11:13.727 Q000595199.smd From: <snip>
<mailto:acolb...@bentall.com>  To: <snip> <mailto:acolb...@bentall.com>
[outgoing from <snip>]
06/01/2009 18:11:13.727 Q000595199.smd Subject: test 03
 
 
Andrew.
 
 
 

________________________________

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David Barker
Sent: Monday, June 01, 2009 2:00 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX



Not for everyone, but certainly for your server that would be true if
that is what your logs indicate.

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
Colbeck, Andrew
Sent: Monday, June 01, 2009 4:03 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

 

David, this log excerpt seems to indicate that my AVG hasn't been
working since May 1st 2009. Is this correct?

 

C:\IMail\Spool>grep -c "smd Scanned: Error in virus scanner" vir????.log
vir0401.log:0
vir0402.log:0
vir0403.log:0
vir0404.log:0
vir0405.log:0
vir0406.log:0
vir0407.log:0
vir0408.log:0
vir0409.log:0
vir0410.log:0
vir0411.log:0
vir0412.log:0
vir0413.log:0
vir0414.log:0
vir0415.log:0
vir0416.log:0
vir0417.log:0
vir0418.log:0
vir0419.log:0
vir0420.log:0
vir0421.log:0
vir0422.log:0
vir0423.log:0
vir0424.log:0
vir0425.log:0
vir0426.log:0
vir0427.log:0
vir0428.log:0
vir0429.log:0
vir0430.log:0
vir0501.log:2722
vir0502.log:640
vir0503.log:623
vir0504.log:3143
vir0505.log:2885
vir0506.log:2568
vir0507.log:2761
vir0508.log:2554
vir0509.log:386
vir0510.log:415
vir0511.log:3110
vir0512.log:2920
vir0513.log:2761
vir0514.log:2771
vir0515.log:2429
vir0516.log:300
vir0517.log:376
vir0518.log:857
vir0519.log:2605
vir0520.log:2793
vir0521.log:2574
vir0522.log:2598
vir0523.log:279
vir0524.log:430
vir0525.log:2630
vir0526.log:2751
vir0527.log:3217
vir0528.log:3026
vir0529.log:2532
vir0530.log:336
vir0531.log:608
vir0601.log:1894

 

 

Andrew.

 

 

________________________________

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David Barker
Sent: Monday, June 01, 2009 12:38 PM
To: declude.junkm...@declude.com; declude.virus@declude.com
Subject: [Declude.Virus] Upgrade 4.6.35 AVG not scanning - FIX

If your AVG is not scanning emails, please upgrade immediately to 4.6.35
which is available from the Declude website.

 

If you are unsure whether this means you, we suggest you upgrade, if you
need any assistance in this matter please contact supp...@declude.com

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com <mailto:dbar...@declude.com> 

 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to