Thanks for the input, Scott.
Darin.
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 1:12 PM
Subject: Re: [Declude.Virus] Log error with latest interim release
>Scott, your thoughts?
Scott, your thoughts?
Darin.
- Original Message -
From: "Bill Landry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 12:58 PM
Subject: Re: [Declude.Virus] Log error with latest interim release
My understanding is that Scott d
Scott, your thoughts?
From what I have seen, AV heuristics just don't do a good enough job to be
useful. Specifically, they seem to catch legitimate E-mails regularly
(typically .doc/.xls files). However, depending on your needs, it may be
worthwhile to use the heuristics, if the occasional
AIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 9:48 AM
Subject: Re: [Declude.Virus] Log error with latest interim release
> Hi Bill,
>
> Yeah, I had seen your configs...just wanted to get Scott's feedback on
> the -AI and -PACKED switches.
, March 18, 2004 12:35 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Log error with latest interim release
I just upgraded to version 3 and am still seeing this. I will contact
F-Prot to see if they can give me some insight on this.
Sincerely,
Grant Griffith, Vice President
EI8HT LEGS
clude.Virus] Log error with latest interim release
- Original Message -
From: "Darin Cox" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 8:08 AM
Subject: Re: [Declude.Virus] Log error with latest interim release
> Scott,
>
> Wh
Gotcha. So it just different virus scanners clsify threats differently?[
The other
scanners are flagging these as viruses.]
If F-Prot returns an exit code other than 6, it did not detect a virus.
Is there a way to display different strings from reportt.txt?
No.
> >"Could not find parse string Infection: in report.txt"
>
> That is normal, if the virus scanner does not detect a virus (but instead
> reports a vulnerability).
Gotcha. So it just different virus scanners clsify threats differently?[ The other
scanners are flagging these as viruses.]
Is ther
PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Thursday, March 18, 2004 12:04 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Log error with latest interim release
>03/18/2004 11:20:01 Qcc24005d0536a2e6 Error 128 in virus scanner 1.
>03/18/2004 11:21:09 Qcc661aa8032aa581
I to am recording an error:
"Could not find parse string Infection: in report.txt"
That is normal, if the virus scanner does not detect a virus (but instead
reports a vulnerability).
-Scott
---
Declude JunkMail: The advanced anti-spam solution
Scott,
I to am recording an error:
"Could not find parse string Infection: in report.txt"
Circumstances are occuring only with fprot, and only on banned extensions or on
[banned] encrypted zips. I only looked at todays logs so I really do not know if it
started with the latest interim release
03/18/2004 11:20:01 Qcc24005d0536a2e6 Error 128 in virus scanner 1.
03/18/2004 11:21:09 Qcc661aa8032aa581 Error 128 in virus scanner 1.
F-Prot doesn't define an exit code of 128 -- I would recommend reinstalling
F-Prot and/or moving to the latest version of F-Prot.
- Original Message -
From: "Darin Cox" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 8:08 AM
Subject: Re: [Declude.Virus] Log error with latest interim release
> Scott,
>
> What are your thoughts on the /AI and /PACKED switch
You might want to use the 32b version of the scanner, as well.
# F-PROT - 1st scanner
SCANFILE1 C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOBOOT
/DUMB /REPORT=report.txt
VIRUSCODE1 3
VIRUSCODE1 6
REPORT1 Infection:
Thursday, March 18, 2004, 9:57:41
Scott,
We are seeing something similar since upgrading to interim release 178i27.
Logs:
03/18/2004 11:19:34 Qcc0742d003962ecf Could not find report file
D:\IMAIL\spool\Dcc0742d003962ecf.vir\report.txt.
03/18/2004 11:19:34 Qcc0742d003962ecf Scanned: Banned file extension. [MIME: 2 22185]
03/18/20
Scott,
What are your thoughts on the /AI and /PACKED switches? Any particular
reason to use or not use them?
Darin.
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 18, 2004 10:57 AM
Subject: Re: [De
We have been running the latest interims for a couple of weeks (since
the EZIP stuff came out). We are seeing the following error in the
virus logs:
03/18/2004 07:25:33 Qa32252df006a099c Could not find parse string
Infection: in report.txt
03/18/2004 07:25:33 Qa32252df006a099c Error 8 in virus sc
17 matches
Mail list logo
