Would it be possible to E-mail one of the quarantined D*.SMD files to our
virustrap@ account? We can then analyze it and should be able to get a
better idea of why this is happening.
I sent sample d*.smd virus files and postmaster and log file txt to the
virustrap account.
It looks like
I'm using Grisoft's AVG 7.0 professional, and I've been getting this a
lot:
02/03/2004 08:44:02 Qb395000802285220 Error 6 in virus scanner 1.
02/03/2004 08:44:02 Qb395000802285220 Scanned: Error in virus scanner.
[MIME: 2 800]
I already emailed AVG, but haven't heard back. Anyone have any idea
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Would it be possible to E-mail one of the quarantined D*.SMD files to
our
virustrap@ account? We can then analyze it and should be able to get
a
better idea of why this is happening.
I sent sample d*.smd virus files
I resent it last night from my yahoo account. Did you receive it at the
virustrap address?
No -- the only E-mail to arrive there was the one from GroupShield for
Exchange.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
I resent it last night from my yahoo account. Did you receive it at the
virustrap address?
No -- the only E-mail to arrive there was the one from GroupShield for
Exchange.
Please check the virustrap mailbox again,
Please check the virustrap mailbox again, hopefully third attempt is a
charm...
It came through -- it looks like the one from last night probably did as
well, but got caught here.
Are you running 3 virus scanners with Declude Virus? The only thing that I
can think of that could account for
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Please check the virustrap mailbox again, hopefully third attempt is a
charm...
It came through -- it looks like the one from last night probably did as
well, but got caught here.
Are you running 3 virus scanners with
Are you running 3 virus scanners with Declude Virus? The only thing that I
can think of that could account for this happening is if there are 3 or
more virus scanners being used with Declude Virus.
No, just two. We replaced McAfee with TrendMicro. Here are the actual
virus scanner config
This is indeed due to an issue with Declude Virus -- it will be fixed in
the next interim release.
Scott, I upgraded to Declude v1.77i26 and that took care of the file name
issue - thanks! However, I am now noticing that about 1 in 10 postmaster
messages is displaying virus in Unknown File,
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
This is indeed due to an issue with Declude Virus -- it will be fixed
in
the next interim release.
Scott, I upgraded to Declude v1.77i26 and that took care of the file name
issue - thanks! However, I am now noticing
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 2: Virus=
[ WORM_MYDOOM.A](1) in
M:\IMail\spool\D38168~1.VIR\1.zip,(body.txt
is that appearing all on one line, or on two separate lines in the log
file?
All
Attached are 5 recent samples. Let me know if you need more.
Thanks -- that information is very helpful. It seems that the problem
occurs when there are more than 2 MIME segments (perhaps these are coming
from bounce messages).
Would it be possible to E-mail one of the quarantined D*.SMD
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
This is indeed due to an issue with Declude Virus -- it will be fixed in
the next interim release.
Scott, I upgraded to Declude v1.77i26 and that took care of the file name
issue - thanks! However, I am now noticing that
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
Scott, I am running Declude v1.77i24 and I am wondering why Declude Virus
is
using the file name from the second virus scanner instead of the first...
This should only happen if the first virus scanner did not report the
F-Prot is the first virus and the log samples I provided show the F-Prot did
report the virus name. In fact, the log and postmaster report both use the
first scanners reported virus name (in this case F-Prot reported the virus
as Mydoom) instead of the second scanner (TrendMicro, which reports
15 matches
Mail list logo
