Here's a more pertinent selection from the mail log files showing that a
virus was found and yet the conclusion and marking in the e-mail was
"Uninfected". How can I get that fixed?
Apr 27 17:39:24 kingsmere MailScanner[29517]: Virus and Content Scanning:
Starting
Apr 27 17:39:30 kingsmere MailScanner[29517]:
/usr/share/spool/MailScanner/incoming/29517/./i3RLctN00386/dinner.zip:
Worm.SomeFool.Gen-2 FOUND
Apr 27 17:39:30 kingsmere MailScanner[29517]: Virus Scanning: ClamAV found 1
infections
Apr 27 17:39:35 kingsmere MailScanner[29517]:
/usr/share/spool/MailScanner/incoming/29517/i3RLctN00386/dinner.zip/dinner.scr
INFECTED I-Worm.NetSky.c
Apr 27 17:39:35 kingsmere MailScanner[29517]: Virus Scanning: Kaspersky found
1 infections
Apr 27 17:39:35 kingsmere MailScanner[29517]: Virus Scanning: Found 1 viruses
Apr 27 17:39:36 kingsmere MailScanner[29517]: Uninfected: Delivered 1 messages
The resulting e-mail was marked as:
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
My mail users are NOT impressed !
Help ?????
Alex Vandenham
Avantel Systems
=============
========previous message===========
After some more checking - let me revise my question. According to the mail
log files, Clamav and Kapersky are finding the virus files inside the zip
archive but the e-mail is passed to the destination without a {Virus} warning
- just the normal signature block saying the mail is scanned & found to be
clean and the zip file remains attached.
Alex
====
==========previous message============
Both ClamAV and Kaspersky are installed but zip files are not being scanned -
or if they are, the virus files contained in the archive are not detected. I
have confirmed that the zip files contain virus files by extracting the file
and sending it to myself and then the virus is "detected". Although detection
appears to be based more on the file type rather than the content of the file
- it's deleted for being a banned filetype rather than for being an obvious
virus file.
Am I missing a setting somewhere or is my openprotect misconfigured or what?
Alex
====
On April 23, 2004 08:42 pm, S Karthikeyan wrote:
> Dear Alex @ Avantel,
>
> > Does openprotect (or the scan engines used) support the scanning of zip
> > files. If so, I can't find anything that tells me how to configure that.
> > TIA
> >
> > Alex
> > ====
>
> If you have installed ClamAV or Kaspersky with OpenProtect, it will scan
> zip, arj, arc and other popular formats.
>
> cheers,
> Karthikeyan, S.
-------------------------------------------------------
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
