Re: [Mimedefang] MD 2.43 - Missing Viruses

[Albert Whale]

Following this one step further:
grep INPUTMBOX clamd.log
Wed May 19 21:48:25 2004 -> 
/var/spool/MIMEDefang/mdefang-i4K1mO9A006766/Work/INPUTMBOX: 
Worm.SomeFool.Gen-1 FOUND
Thu May 20 06:04:02 2004 -> 
/var/spool/MIMEDefang/mdefang-i4KA3t9A000777/Work/INPUTMBOX: 
Worm.Lovgate.X FOUND
Mon May 24 03:33:14 2004 -> 
/var/spool/MIMEDefang/mdefang-i4O7XA9A020857/Work/INPUTMBOX: Worm.Gibe.F 
FOUND
Mon May 24 03:33:14 2004 -> 
/var/spool/MIMEDefang/mdefang-i4O7XA9A020857/Work/INPUTMBOX: Worm.Gibe.F 
FOUND
Mon May 24 04:18:33 2004 -> 
/var/spool/MIMEDefang/mdefang-i4O8IU9A022786/Work/INPUTMBOX: Worm.Gibe.F 
FOUND
Mon May 24 04:18:33 2004 -> 
/var/spool/MIMEDefang/mdefang-i4O8IU9A022786/Work/INPUTMBOX: Worm.Gibe.F 
FOUND
Mon May 24 05:43:30 2004 -> 
/var/spool/MIMEDefang/mdefang-i4O9hQ9A031071/Work/INPUTMBOX: Worm.Gibe.F 
FOUND
Mon May 24 05:43:30 2004 -> 
/var/spool/MIMEDefang/mdefang-i4O9hQ9A031071/Work/INPUTMBOX: Worm.Gibe.F 
FOUND
Tue May 25 13:13:20 2004 -> 
/var/spool/MIMEDefang/mdefang-i4PHDI2X001873/Work/INPUTMBOX: 
Worm.SomeFool.Gen-1 FOUND
Tue May 25 13:13:29 2004 -> 
/var/spool/MIMEDefang/mdefang-i4PHDS2X001890/Work/INPUTMBOX: 
Worm.SomeFool.Gen-1 FOUND
Tue May 25 13:13:32 2004 -> 
/var/spool/MIMEDefang/mdefang-i4PHDS2Y001890/Work/INPUTMBOX: 
Worm.SomeFool.Gen-1 FOUND
Sat May 29 01:20:59 2004 -> 
/var/spool/MIMEDefang/mdefang-i4T5Kvvp010138/Work/INPUTMBOX: 
Worm.SomeFool.P FOUND
Sun May 30 16:50:47 2004 -> 
/var/spool/MIMEDefang/mdefang-i4UKojPx030927/Work/INPUTMBOX: 
Worm.SomeFool.P FOUND

It would appear that there is further evidence in the INPUTMBOX Logs.  
Most of the INPUTMBOX entries include double entries for the same 
message, however there are a few which have only been identified once.  
I suspect that these are the ones getting through.

Now if we can determine what makes some of these message have a single 
entry and others have duplicate entries .... The saga continues.

--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com 
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
SPAM Zapper - www.No-JunkMail.com - SPAM Stops Here.
Founding Board of Directors of Pittsburgh FBI - InfraGard

_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang