Re: [Declude.Virus] Virus report and log entry question
Would it be possible to E-mail one of the quarantined D*.SMD files to our virustrap@ account? We can then analyze it and should be able to get a better idea of why this is happening. I sent sample d*.smd virus files and postmaster and log file txt to the virustrap account. It looks like Groupshield blocked it. Perhaps you could .ZIP it in a password-protected .ZIP file, which should prevent it from getting blocked? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
I'm using Grisoft's AVG 7.0 professional, and I've been getting this a lot: 02/03/2004 08:44:02 Qb395000802285220 Error 6 in virus scanner 1. 02/03/2004 08:44:02 Qb395000802285220 Scanned: Error in virus scanner. [MIME: 2 800] I already emailed AVG, but haven't heard back. Anyone have any idea what may be causing this? That is actually normal -- it just means that AVG found a virus. To fix the problem, you can add the following line to your \IMail\Declude\virus.cfg file: VIRUSCODE 6 -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] Would it be possible to E-mail one of the quarantined D*.SMD files to our virustrap@ account? We can then analyze it and should be able to get a better idea of why this is happening. I sent sample d*.smd virus files and postmaster and log file txt to the virustrap account. It looks like Groupshield blocked it. Perhaps you could .ZIP it in a password-protected .ZIP file, which should prevent it from getting blocked? I resent it last night from my yahoo account. Did you receive it at the virustrap address? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
I resent it last night from my yahoo account. Did you receive it at the virustrap address? No -- the only E-mail to arrive there was the one from GroupShield for Exchange. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] I resent it last night from my yahoo account. Did you receive it at the virustrap address? No -- the only E-mail to arrive there was the one from GroupShield for Exchange. Please check the virustrap mailbox again, hopefully third attempt is a charm... Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
Please check the virustrap mailbox again, hopefully third attempt is a charm... It came through -- it looks like the one from last night probably did as well, but got caught here. Are you running 3 virus scanners with Declude Virus? The only thing that I can think of that could account for this happening is if there are 3 or more virus scanners being used with Declude Virus. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] Please check the virustrap mailbox again, hopefully third attempt is a charm... It came through -- it looks like the one from last night probably did as well, but got caught here. Are you running 3 virus scanners with Declude Virus? The only thing that I can think of that could account for this happening is if there are 3 or more virus scanners being used with Declude Virus. No, just two. We replaced McAfee with TrendMicro. Here are the actual virus scanner config entries: # F-Prot SCANFILE1 C:\Progra~1\FSI\F-Prot\fpcmd.exe -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM -PACKED -SILENT -TYPE -REPORT=report.txt VIRUSCODE1 3 VIRUSCODE1 6 VIRUSCODE1 8 REPORT1 Infection: # McAfee # SCANFILE2 C:\Progra~1\Common~1\Networ~1\Viruss~1\4.0.xx\scan.exe /ALL /ANALYZE /NOBEEP /NOBOOT /NOBREAK /NODDA /NOMEM /PROGRAM /SILENT /UNZIP /REPORT report.txt # VIRUSCODE2 13 # REPORT2 Found # TrendMicro SCANFILE2 C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q /LR=report.txt VIRUSCODE2 1 REPORT2 Found Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
Are you running 3 virus scanners with Declude Virus? The only thing that I can think of that could account for this happening is if there are 3 or more virus scanners being used with Declude Virus. No, just two. We replaced McAfee with TrendMicro. Here are the actual virus scanner config entries: Were you noticing this at all before the latest interim release? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
This is indeed due to an issue with Declude Virus -- it will be fixed in the next interim release. Scott, I upgraded to Declude v1.77i26 and that took care of the file name issue - thanks! However, I am now noticing that about 1 in 10 postmaster messages is displaying virus in Unknown File, even though most times the file name is correctly identified in the virus log (see attachment). What is the REPORT2 line in your \IMail\Declude\virus.cfg file? In the line: 02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D38168~1.VIR\1.zip,(body.txt is that appearing all on one line, or on two separate lines in the log file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] This is indeed due to an issue with Declude Virus -- it will be fixed in the next interim release. Scott, I upgraded to Declude v1.77i26 and that took care of the file name issue - thanks! However, I am now noticing that about 1 in 10 postmaster messages is displaying virus in Unknown File, even though most times the file name is correctly identified in the virus log (see attachment). What is the REPORT2 line in your \IMail\Declude\virus.cfg file? # TrendMicro SCANFILE2 C:\Progra~1\Trend\Sprotect\vscantm.bin /NBPM /NM /NB /NC /Q /LR=report.txt VIRUSCODE2 1 REPORT2 Found In the line: 02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D38168~1.VIR\1.zip,(body.txt is that appearing all on one line, or on two separate lines in the log file? All on one line. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] 02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D38168~1.VIR\1.zip,(body.txt is that appearing all on one line, or on two separate lines in the log file? All on one line. This is strange -- Declude Virus should be using the file name that it reports in the log file. Do you have sample log file entries for an E-mail with a virus that was caught, where Unknown File was not used? Attached are 5 recent samples. Let me know if you need more. Bill Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in sfehy.zip from [Forged] to: [Removed] Date: 02/02/2004 14:40:20 Subject:Mail Transaction Failed Spool File: Dd1ce048100aec351.SMD Remote IP: 204.189.38.3 02/02/2004 14:40:19 Qd1ce048100aec351 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=sfehy.zip [13] O 02/02/2004 14:40:20 Qd1ce048100aec351 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\DD1CE0~1.VIR\0.zip,(sfehy.pif) Attachment=sfehy.zip [13] O 02/02/2004 14:40:20 Qd1ce048100aec351 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/02/2004 14:40:20 Qd1ce048100aec351 Scanned: CONTAINS A VIRUS [MIME: 2 22794] 02/02/2004 14:40:20 Qd1ce048100aec351 From: [Forged] To: [Removed] [outgoing from 204.189.38.3] 02/02/2004 14:40:20 Qd1ce048100aec351 Subject: Mail Transaction Failed --- Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in text.zip from [Forged] to: [Removed] Date: 02/02/2004 14:40:36 Subject: Spool File: Dd1df049000ae0645.SMD Remote IP: 204.189.38.4 02/02/2004 14:40:35 Qd1df049000ae0645 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=text.zip [13] O 02/02/2004 14:40:36 Qd1df049000ae0645 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\DD1DF0~1.VIR\0.zip,(text.exe) Attachment=text.zip [13] O 02/02/2004 14:40:36 Qd1df049000ae0645 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/02/2004 14:40:36 Qd1df049000ae0645 Scanned: CONTAINS A VIRUS [MIME: 2 22873] 02/02/2004 14:40:36 Qd1df049000ae0645 From: [Forged] To: [Removed] [outgoing from 204.189.38.4] 02/02/2004 14:40:36 Qd1df049000ae0645 Subject: --- Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in doc.zip from [Forged] to: [Removed] Date: 02/02/2004 14:40:52 Subject:hello Spool File: Dd1e8049500ae28e1.SMD Remote IP: 204.189.38.3 02/02/2004 14:40:51 Qd1e8049500ae28e1 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=doc.zip [13] O 02/02/2004 14:40:52 Qd1e8049500ae28e1 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\DD1E80~1.VIR\0.zip,(doc.pif) Attachment=doc.zip [13] O 02/02/2004 14:40:52 Qd1e8049500ae28e1 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/02/2004 14:40:52 Qd1e8049500ae28e1 Scanned: CONTAINS A VIRUS [MIME: 2 22871] 02/02/2004 14:40:52 Qd1e8049500ae28e1 From: [Forged] To: [Removed] [outgoing from 204.189.38.3] 02/02/2004 14:40:52 Qd1e8049500ae28e1 Subject: hello --- Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in readme.zip from [Forged] to: [Removed] Date: 02/02/2004 14:41:10 Subject:Hi Spool File: Dd1e50bb100a21fe8.SMD Remote IP: 204.189.38.3 02/02/2004 14:41:09 Qd1e50bb100a21fe8 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=readme.zip [13] O 02/02/2004 14:41:10 Qd1e50bb100a21fe8 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\DD1E50~1.VIR\0.zip,(readme.cmd) Attachment=readme.zip [13] O 02/02/2004 14:41:10 Qd1e50bb100a21fe8 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/02/2004 14:41:10 Qd1e50bb100a21fe8 Scanned: CONTAINS A VIRUS [MIME: 2 22877] 02/02/2004 14:41:10 Qd1e50bb100a21fe8 From: [Forged] To: [Removed] [outgoing from 204.189.38.3] 02/02/2004 14:41:10 Qd1e50bb100a21fe8 Subject: Hi --- Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in message.pif from [Forged] to: [Removed] Date: 02/02/2004 14:41:25 Subject:Error Spool File: Dd1cd0bac00a2c218.SMD Remote IP: 204.189.38.3 02/02/2004 14:41:24 Qd1cd0bac00a2c218 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=message.pif [13] O 02/02/2004 14:41:25 Qd1cd0bac00a2c218 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\DD1CD0~1.VIR\0.pif Attachment=message.pif [13] O 02/02/2004 14:41:25 Qd1cd0bac00a2c218 Found a bogus .pif file 02/02/2004 14:41:25 Qd1cd0bac00a2c218 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/02/2004 14:41:25 Qd1cd0bac00a2c218 Scanned: CONTAINS A VIRUS [MIME: 2 22777] 02/02/2004 14:41:25 Qd1cd0bac00a2c218 From: [Forged] To: [Removed] [outgoing from 204.189.38.3] 02/02/2004 14:41:25 Qd1cd0bac00a2c218 Subject: Error
Re: [Declude.Virus] Virus report and log entry question
Attached are 5 recent samples. Let me know if you need more. Thanks -- that information is very helpful. It seems that the problem occurs when there are more than 2 MIME segments (perhaps these are coming from bounce messages). Would it be possible to E-mail one of the quarantined D*.SMD files to our virustrap@ account? We can then analyze it and should be able to get a better idea of why this is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] This is indeed due to an issue with Declude Virus -- it will be fixed in the next interim release. Scott, I upgraded to Declude v1.77i26 and that took care of the file name issue - thanks! However, I am now noticing that about 1 in 10 postmaster messages is displaying virus in Unknown File, even though most times the file name is correctly identified in the virus log (see attachment). Not that big a deal, just an FYI... Bill Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:26:43 Subject:Mail System Error - Returned Mail Spool File: D36d2853b009e5f08.SMD 02/01/2004 09:26:43 Q36d2853b009e5f08 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=doc.zip [13] O 02/01/2004 09:26:43 Q36d2853b009e5f08 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D36D28~1.VIR\1.zip,(doc.scr) Attachment= [13] O 02/01/2004 09:26:43 Q36d2853b009e5f08 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:26:43 Q36d2853b009e5f08 Scanned: CONTAINS A VIRUS [MIME: 4 25840] 02/01/2004 09:26:43 Q36d2853b009e5f08 From: [Forged] To: [removed] [outgoing from 204.189.38.4] 02/01/2004 09:26:43 Q36d2853b009e5f08 Subject: Mail System Error - Returned Mail === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:32:06 Subject:Delivery Status Notification (Failure) Spool File: D3816855d009e4e46.SMD 02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=body.zip [13] O 02/01/2004 09:32:06 Q3816855d009e4e46 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D38168~1.VIR\1.zip,(body.txt 02/01/2004 09:32:06 Q3816855d009e4e46 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:32:06 Q3816855d009e4e46 Scanned: CONTAINS A VIRUS [MIME: 4 25206] 02/01/2004 09:32:06 Q3816855d009e4e46 From: [Forged] To: [removed] [outgoing from 204.189.38.4] 02/01/2004 09:32:06 Q3816855d009e4e46 Subject: Delivery Status Notification (Failure) === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:37:06 Subject:failure notice Spool File: D394063ce005add44.SMD 02/01/2004 09:37:05 Q394063ce005add44 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment= [13] O 02/01/2004 09:37:06 Q394063ce005add44 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D39406~1.VIR\0,(document.htm 02/01/2004 09:37:06 Q394063ce005add44 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:37:06 Q394063ce005add44 Scanned: CONTAINS A VIRUS 02/01/2004 09:37:06 Q394063ce005add44 From: [Forged] To: [removed] [outgoing from 204.189.38.4] 02/01/2004 09:37:06 Q394063ce005add44 Subject: failure notice === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:44:28 Subject:Delivery Status Notification (Failure) Spool File: D3af9338a00289760.SMD 02/01/2004 09:44:27 Q3af9338a00289760 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=file.pif [13] O 02/01/2004 09:44:28 Q3af9338a00289760 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D3AF93~1.VIR\1.pif Attachment= [13] O 02/01/2004 09:44:28 Q3af9338a00289760 Found a bogus .pif file 02/01/2004 09:44:28 Q3af9338a00289760 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:44:28 Q3af9338a00289760 Scanned: CONTAINS A VIRUS [MIME: 4 2] 02/01/2004 09:44:28 Q3af9338a00289760 From: [Forged] To: [removed] [outgoing from 204.189.38.3] 02/01/2004 09:44:28 Q3af9338a00289760 Subject: Delivery Status Notification (Failure) === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:45:46 Subject:Returned mail: see transcript for details Spool File: D3b499bcf0082ceb7.SMD 02/01/2004 09:45:45 Q3b499bcf0082ceb7 Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=doc.zip [13] O 02/01/2004 09:45:46 Q3b499bcf0082ceb7 Scanner 2: Virus= [ WORM_MYDOOM.A](1) in M:\IMail\spool\D3B499~1.VIR\1.zip,(doc.htm 02/01/2004 09:45:46 Q3b499bcf0082ceb7 File(s) are INFECTED [ W32/[EMAIL PROTECTED]: 1] 02/01/2004 09:45:46 Q3b499bcf0082ceb7 Scanned: CONTAINS A VIRUS [MIME: 4 24197] 02/01/2004 09:45:46 Q3b499bcf0082ceb7 From: [Forged] To: [removed] [outgoing from 204.189.38.3] 02/01/2004 09:45:46 Q3b499bcf0082ceb7 Subject: Returned mail: see transcript for details === Declude Antivirus v1.77i26 caught the W32/[EMAIL PROTECTED] virus in Unknown File from [Forged] to: [removed] Date: 02/01/2004 09:51:31 Subject:Delivery Status Notification (Failure) Spool File: D3ca335a6002e14ff.SMD 02/01/2004 09:51:31 Q3ca335a6002e14ff Scanner 1: Virus= W32/[EMAIL PROTECTED] Attachment=readme.zip [13] O 02/01/2004 09:51:31
Re: [Declude.Virus] Virus report and log entry question
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] Scott, I am running Declude v1.77i24 and I am wondering why Declude Virus is using the file name from the second virus scanner instead of the first... This should only happen if the first virus scanner did not report the virus name, or if the virus name contains vulnerability in it (in which case a real virus name takes priority). F-Prot is the first virus and the log samples I provided show the F-Prot did report the virus name. In fact, the log and postmaster report both use the first scanners reported virus name (in this case F-Prot reported the virus as Mydoom) instead of the second scanner (TrendMicro, which reports the virus as WORM_MIMAIL.R). However, the report and log file show the seconds scanners file name, which is showing up missing the first letter in the file name in both, which is not missing in either as reported by the first scanner. The problem here is that the report file format is different for a .SMD file that is scanned versus an actual attachment (Declude Virus decodes the attachments). Could you send a sample file for scanning a directory with just a single eicar.com file in it? Here you go: C:\Program Files\Trend\SPROTECTvscantm.bin /NBPM /NM /NB /NC /Q /LR=report.txt L:\VirusTest 1 files have been checked. Found 1 files containing viruses. - C:\Program Files\Trend\SPROTECTcat report.txt Copyright (c) 1990 - 2002 Trend Micro Inc. Report Date : 1/29/2004 17:10:52 VSAPI Engine Version : 6.810-1005 VSCANTM Version : 1.0-1728 Virus Pattern Version : 749 (58124 Patterns) (2004/01/28) (174900) Command Line: vscantm.bin /NBPM /NM /NB /NC /Q /LR=report.txt L:\VirusTest Found [ Eicar_test_file](1) in L:\VirusTest\eicar.com 1 files have been read. 1 files have been checked. 1 files have been scanned. 1 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 1/29/2004 17:10:530.00 seconds has elapsed. -*-*-*-*-*-*-*-- ---* Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Virus report and log entry question
F-Prot is the first virus and the log samples I provided show the F-Prot did report the virus name. In fact, the log and postmaster report both use the first scanners reported virus name (in this case F-Prot reported the virus as Mydoom) instead of the second scanner (TrendMicro, which reports the virus as WORM_MIMAIL.R). However, the report and log file show the seconds scanners file name, which is showing up missing the first letter in the file name in both, which is not missing in either as reported by the first scanner. This is indeed due to an issue with Declude Virus -- it will be fixed in the next interim release. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
