Re: [Declude.Virus] 4.2.3 Built-in scanner slight off topic reply

2006-07-12 Thread Nick Hayer




I just switched to 4x and noticed in the logs that scan times are
recorded - 
here are some sample scan times against the same email - 
2062ms Clamscan
468ms Mcafee scan.exe
171ms fprot

These relative scan time proportional differences appear to remain the
same against other emails.

Switching from clamscan.exe to clamdscan.exe ClamAV averages 15ms
against all emails it sees.  That is like a factor of 10 faster than
fprot its closest performance competitor.  Since its free and
w/Sanesecurity phish sigs I give it an editors choice  :)

It would be nice to see [feature request?] the ms response time for AVG
-

-Nick



John Shacklett wrote:

  Sorry for the tardy response, I've been traveling.

I used mcafee on my old system in combination with f-prot, and never had any
problems there either. On my new box [new since May], I started out with a
different program from eTrust because we're moving away from McAfee across
the board, but I had issues with the new program and switched to scan.exe. I
don't remember exactly when I made that last switch, but I have NEVER gotten
scan to return anything on anything it has scanned. I send myself a report
daily on activity for the previous day, and it always says in the virus
detections that "0 mcafee detected for 07-10-2006", a day when clamav found
82 and f-prot and AVG each found four more. 

I'm away from my office until next week, and I'm going to do some more
experimenting then to figure out why mcafee fails.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Thursday, 06 July 2006 4:51 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner

John, 

What problems are you having with scan.exe?  A lot of us use McAfee and have
no issues. 

Darrell
 ---
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF.  IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers. 


John Shacklett writes: 

  
  
After loading 4.2.20 this afternoon, my AVG scanner is now finally 
detecting viruses. Oh happy day. Now if I can just get scan.exe to 
work, I'll have a full house.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett
Sent: Thursday, 11 May 2006 11:44 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

"Declude 4.2.3 Diagnostics" right on the top line.  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Carter
Sent: Thursday, 11 May 2006 9:30 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just curious, what does your diags.txt?  Did 4.2.3 in fact get fully 
installed and running?

John C

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett
Sent: Thursday, May 11, 2006 6:56 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

I guess I should have been more dramatic. What I intended this to mean 
was that I still don't see any evidence that AVG is working at all.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 3:04 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just for fun, I completely commented out the three scanners in my 
virus.cfg and resent the eicar plain test file, and it made it to my

  
  Inbox.
  
  
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 9:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Forget my last post, I have different problems. Sorry. 

I followed John C's suggestion and sent myself a standard base64 MIME 
encoded eicar.com file [which should have occurred to me earlier], and 
I ended up with the following lines in the debug output:

05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports 
exit code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports 
exit code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports 
exit code of 0

 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It 
should show AVG working. MID and HIGH levels didn't show which scanner 
caught EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not 
continuing with any 

RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-07-12 Thread John Shacklett
Sorry for the tardy response, I've been traveling.

I used mcafee on my old system in combination with f-prot, and never had any
problems there either. On my new box [new since May], I started out with a
different program from eTrust because we're moving away from McAfee across
the board, but I had issues with the new program and switched to scan.exe. I
don't remember exactly when I made that last switch, but I have NEVER gotten
scan to return anything on anything it has scanned. I send myself a report
daily on activity for the previous day, and it always says in the virus
detections that "0 mcafee detected for 07-10-2006", a day when clamav found
82 and f-prot and AVG each found four more. 

I'm away from my office until next week, and I'm going to do some more
experimenting then to figure out why mcafee fails.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Thursday, 06 July 2006 4:51 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner

John, 

What problems are you having with scan.exe?  A lot of us use McAfee and have
no issues. 

Darrell
 ---
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF.  IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers. 


John Shacklett writes: 

> After loading 4.2.20 this afternoon, my AVG scanner is now finally 
> detecting viruses. Oh happy day. Now if I can just get scan.exe to 
> work, I'll have a full house.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
> Sent: Thursday, 11 May 2006 11:44 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner
> 
> "Declude 4.2.3 Diagnostics" right on the top line.  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Carter
> Sent: Thursday, 11 May 2006 9:30 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner
> 
> Just curious, what does your diags.txt?  Did 4.2.3 in fact get fully 
> installed and running?
> 
> John C
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
> Sent: Thursday, May 11, 2006 6:56 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner
> 
> I guess I should have been more dramatic. What I intended this to mean 
> was that I still don't see any evidence that AVG is working at all.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
> Sent: Tuesday, 09 May 2006 3:04 PM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner
> 
> Just for fun, I completely commented out the three scanners in my 
> virus.cfg and resent the eicar plain test file, and it made it to my
Inbox.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
> Sent: Tuesday, 09 May 2006 9:58 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner
> 
> Forget my last post, I have different problems. Sorry. 
> 
> I followed John C's suggestion and sent myself a standard base64 MIME 
> encoded eicar.com file [which should have occurred to me earlier], and 
> I ended up with the following lines in the debug output:
> 
> 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
> 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports 
> exit code of 3
> 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports 
> exit code of 0
> 05/09/2006 09:50:58.616 q9e3d01cb0000331c.smd Virus scanner 3 reports 
> exit code of 0
> 
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Carter
> Sent: Tuesday, 09 May 2006 9:41 AM
> To: Declude.Virus@declude.com
> Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner
> 
> Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It 
> should show AVG working. MID and HIGH levels didn't show which scanner 
> caught EICAR, but DEBUG did.
> 
> John C
> 
> 
> 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not 
> continuing with any remaining scanners.
> 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: 
> EICAR_Test
> 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:

Re: [Declude.Virus] 4.2.3 Built-in scanner

2006-07-06 Thread Darrell \([EMAIL PROTECTED])
John, 

What problems are you having with scan.exe?  A lot of us use McAfee and have 
no issues. 


Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude, Imail, 
mxGuard, and ORF.  IMail/Declude Overflow Queue Monitoring, SURBL/URI 
integration, MRTG Integration, and Log Parsers. 



John Shacklett writes: 


After loading 4.2.20 this afternoon, my AVG scanner is now finally detecting
viruses. Oh happy day. Now if I can just get scan.exe to work, I'll have a
full house. 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Thursday, 11 May 2006 11:44 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 

"Declude 4.2.3 Diagnostics" right on the top line.  


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Thursday, 11 May 2006 9:30 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 


Just curious, what does your diags.txt?  Did 4.2.3 in fact get fully
installed and running? 

John C  


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Thursday, May 11, 2006 6:56 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 


I guess I should have been more dramatic. What I intended this to mean was
that I still don't see any evidence that AVG is working at all.  


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 3:04 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 


Just for fun, I completely commented out the three scanners in my virus.cfg
and resent the eicar plain test file, and it made it to my Inbox.  


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 9:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 

Forget my last post, I have different problems. Sorry. 


I followed John C's suggestion and sent myself a standard base64 MIME
encoded eicar.com file [which should have occurred to me earlier], and I
ended up with the following lines in the debug output: 


05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit
code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit
code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit
code of 0 

 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 


Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did. 

John C 



05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 


1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files 


David B
www.declude.com  


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner 



How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated? 


--

John S 


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EM

RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-07-06 Thread John Shacklett
After loading 4.2.20 this afternoon, my AVG scanner is now finally detecting
viruses. Oh happy day. Now if I can just get scan.exe to work, I'll have a
full house.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Thursday, 11 May 2006 11:44 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

"Declude 4.2.3 Diagnostics" right on the top line. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Thursday, 11 May 2006 9:30 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just curious, what does your diags.txt?  Did 4.2.3 in fact get fully
installed and running?

John C 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Thursday, May 11, 2006 6:56 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

I guess I should have been more dramatic. What I intended this to mean was
that I still don't see any evidence that AVG is working at all. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 3:04 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just for fun, I completely commented out the three scanners in my virus.cfg
and resent the eicar plain test file, and it made it to my Inbox. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 9:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Forget my last post, I have different problems. Sorry.

I followed John C's suggestion and sent myself a standard base64 MIME
encoded eicar.com file [which should have occurred to me earlier], and I
ended up with the following lines in the debug output:

05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit
code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit
code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit
code of 0



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
s

RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-11 Thread John Shacklett
"Declude 4.2.3 Diagnostics" right on the top line. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Thursday, 11 May 2006 9:30 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just curious, what does your diags.txt?  Did 4.2.3 in fact get fully
installed and running?

John C 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Thursday, May 11, 2006 6:56 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

I guess I should have been more dramatic. What I intended this to mean was
that I still don't see any evidence that AVG is working at all. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 3:04 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just for fun, I completely commented out the three scanners in my virus.cfg
and resent the eicar plain test file, and it made it to my Inbox. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 9:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Forget my last post, I have different problems. Sorry.

I followed John C's suggestion and sent myself a standard base64 MIME
encoded eicar.com file [which should have occurred to me earlier], and I
ended up with the following lines in the debug output:

05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit
code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit
code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit
code of 0



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail cam

RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-11 Thread John Carter
Just curious, what does your diags.txt?  Did 4.2.3 in fact get fully
installed and running?

John C 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Thursday, May 11, 2006 6:56 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

I guess I should have been more dramatic. What I intended this to mean was
that I still don't see any evidence that AVG is working at all. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 3:04 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just for fun, I completely commented out the three scanners in my virus.cfg
and resent the eicar plain test file, and it made it to my Inbox. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 9:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Forget my last post, I have different problems. Sorry.

I followed John C's suggestion and sent myself a standard base64 MIME
encoded eicar.com file [which should have occurred to me earlier], and I
ended up with the following lines in the debug output:

05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit
code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit
code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit
code of 0



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-11 Thread John Shacklett
I guess I should have been more dramatic. What I intended this to mean was
that I still don't see any evidence that AVG is working at all. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 3:04 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Just for fun, I completely commented out the three scanners in my virus.cfg
and resent the eicar plain test file, and it made it to my Inbox. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 9:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Forget my last post, I have different problems. Sorry.

I followed John C's suggestion and sent myself a standard base64 MIME
encoded eicar.com file [which should have occurred to me earlier], and I
ended up with the following lines in the debug output:

05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit
code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit
code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit
code of 0



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread John Shacklett
Just for fun, I completely commented out the three scanners in my virus.cfg
and resent the eicar plain test file, and it made it to my Inbox. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, 09 May 2006 9:58 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Forget my last post, I have different problems. Sorry.

I followed John C's suggestion and sent myself a standard base64 MIME
encoded eicar.com file [which should have occurred to me earlier], and I
ended up with the following lines in the debug output:

05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit
code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit
code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit
code of 0



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread David Barker
Uwe,

I will look into this - what I do know that if "Unknown Virus in Unknown
File" means that the virus scanner is not reporting the name of the virus, I
see this a lot with Clamav however I will have to check on the AVG

David B
www.declude.com

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Info Wind
Sent: Tuesday, May 09, 2006 12:39 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner

Dear David,

since I use 4.2.3 I get always "Unknown Virus in Unknown File" in the
message. It seems that the Virusname variables have a problem. Could you
check this?

Thank you,
Uwe

- Original Message -
From: "David Barker" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, May 09, 2006 3:13 PM
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner


> 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
> 2. Check your virus logs
> 3. Declude\Scanners\AVG\DB
> 4. Check the date on the database files
>
> David B
> www.declude.com
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
> Sent: Tuesday, May 09, 2006 8:45 AM
> To: Declude.Virus@declude.com
> Subject: [Declude.Virus] 4.2.3 Built-in scanner
>
>
> How do I determine if the built-in scanner is working? Where do the virus
> signature files live? How do I tell if those files are being updated?
>
> --
>
> John S
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To unsubscribe, 
> just
> send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
>
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".The archives can be found
> at http://www.mail-archive.com.
> 

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


Re: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread Info Wind

Dear David,

since I use 4.2.3 I get always "Unknown Virus in Unknown File" in the 
message. It seems that the Virusname variables have a problem. Could you 
check this?


Thank you,
Uwe

- Original Message - 
From: "David Barker" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, May 09, 2006 3:13 PM
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner



1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, 
just

send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread mhiltner
Really?  I read this as AVG detected a virus, and then went on to scanners
#1 and #2.

05/09/2006 10:20:59.531 qb3591c200020536d.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 10:20:59.531 qb3591c200020536d.smd AVG Reports Not Healable
05/09/2006 10:20:59.531 qb3591c200020536d.smd Starting scanner #1:
C:\Panda\Pavcl32\pavcl.com /NOM /NOB /AEX /CMP /NOS /NOR
C:\IMail\spool\proc\work\DB3591~1.VIR\
05/09/2006 10:20:59.531 qb3591c200020536d.smd Scanner to start immediately,
no need to wait for others to end.
05/09/2006 10:20:59.531 qb3591c200020536d.smd Virus Scanner Started:
C:\Panda\Pavcl32\pavcl.com /NOM /NOB /AEX /CMP /NOS /NOR
C:\IMail\spool\proc\work\DB3591~1.VIR\
05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanning Time: 265ms
[kernel=31 user=234]
05/09/2006 10:20:59.843 qb3591c200020536d.smd Virus scanner 1 reports exit
code of 16777472
05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanner #1 detected a virus
05/09/2006 10:20:59.843 qb3591c200020536d.smd Starting scanner #2:
C:\IMail\spool\proc\work\DB3591~1.VIR\
05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanner to start immediately,
no need to wait for others to end.
05/09/2006 10:20:59.843 qb3591c200020536d.smd Your virus scanner DOES NOT
EXIST (at  C:\IMail\spool\proc\work\DB3591~1.VIR\); NOT SCANNING
ATTACHMENTS! [2] Error String: [The system cannot find the file specified.]

Why is scanner #2 constantly failing too?  I am deleting viruses upon
detection, and it looks like it's erroring because that infected mail no
longer exists.  Is there a way to prevent this?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 10:04 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

That is true except for the built in scanner which if it finds a virus does
not call the additional scanners.

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 9:49 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

I sent myself a test virus after installing the update, and it was stopped
by my existing scanner. I don't see any indication of additional log lines
as a result of adding AVG.

The default virus.cfg file states that "The default behavior is for Declude
to call all scanners" and I have the "EXITSCANONVIRUSDETECT   OFF" line
still completely commented out, but looking at the logs it appears that the
default behavior is just the opposite.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, 09 May 2006 9:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread David Barker
That is true except for the built in scanner which if it finds a virus does
not call the additional scanners.

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 9:49 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

I sent myself a test virus after installing the update, and it was stopped
by my existing scanner. I don't see any indication of additional log lines
as a result of adding AVG.

The default virus.cfg file states that "The default behavior is for Declude
to call all scanners" and I have the "EXITSCANONVIRUSDETECT   OFF" line
still completely commented out, but looking at the logs it appears that the
default behavior is just the opposite.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, 09 May 2006 9:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread John Shacklett
Forget my last post, I have different problems. Sorry.

I followed John C's suggestion and sent myself a standard base64 MIME
encoded eicar.com file [which should have occurred to me earlier], and I
ended up with the following lines in the debug output:

05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus
05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit
code of 3
05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit
code of 0
05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit
code of 0



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent: Tuesday, 09 May 2006 9:41 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread John Shacklett
I sent myself a test virus after installing the update, and it was stopped
by my existing scanner. I don't see any indication of additional log lines
as a result of adding AVG.

The default virus.cfg file states that "The default behavior is for Declude
to call all scanners" and I have the "EXITSCANONVIRUSDETECT   OFF" line
still completely commented out, but looking at the logs it appears that the
default behavior is just the opposite.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, 09 May 2006 9:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread John Carter
Temporarily go to LOGLEVEL DEBUG and use the test virus sender.  It should
show AVG working. MID and HIGH levels didn't show which scanner caught
EICAR, but DEBUG did.

John C


05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not
continuing with any remaining scanners.
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test
05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Tuesday, May 09, 2006 8:13 AM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner

1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread mhiltner
Declude/scanners/avg

I disabled my other test, which would leave AVG the only running one.  Logs
showed scanning activity with test virus.  I assumed all was working as
intended.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 7:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.


RE: [Declude.Virus] 4.2.3 Built-in scanner

2006-05-09 Thread David Barker
1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99
2. Check your virus logs
3. Declude\Scanners\AVG\DB
4. Check the date on the database files

David B
www.declude.com 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett
Sent: Tuesday, May 09, 2006 8:45 AM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] 4.2.3 Built-in scanner


How do I determine if the built-in scanner is working? Where do the virus
signature files live? How do I tell if those files are being updated?

--

John S

---
This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.