Re: [Declude.Virus] 4.2.3 Built-in scanner slight off topic reply
I just switched to 4x and noticed in the logs that scan times are recorded - here are some sample scan times against the same email - 2062ms Clamscan 468ms Mcafee scan.exe 171ms fprot These relative scan time proportional differences appear to remain the same against other emails. Switching from clamscan.exe to clamdscan.exe ClamAV averages 15ms against all emails it sees. That is like a factor of 10 faster than fprot its closest performance competitor. Since its free and w/Sanesecurity phish sigs I give it an editors choice :) It would be nice to see [feature request?] the ms response time for AVG - -Nick John Shacklett wrote: Sorry for the tardy response, I've been traveling. I used mcafee on my old system in combination with f-prot, and never had any problems there either. On my new box [new since May], I started out with a different program from eTrust because we're moving away from McAfee across the board, but I had issues with the new program and switched to scan.exe. I don't remember exactly when I made that last switch, but I have NEVER gotten scan to return anything on anything it has scanned. I send myself a report daily on activity for the previous day, and it always says in the virus detections that "0 mcafee detected for 07-10-2006", a day when clamav found 82 and f-prot and AVG each found four more. I'm away from my office until next week, and I'm going to do some more experimenting then to figure out why mcafee fails. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, 06 July 2006 4:51 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner John, What problems are you having with scan.exe? A lot of us use McAfee and have no issues. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. John Shacklett writes: After loading 4.2.20 this afternoon, my AVG scanner is now finally detecting viruses. Oh happy day. Now if I can just get scan.exe to work, I'll have a full house. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett Sent: Thursday, 11 May 2006 11:44 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner "Declude 4.2.3 Diagnostics" right on the top line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Carter Sent: Thursday, 11 May 2006 9:30 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just curious, what does your diags.txt? Did 4.2.3 in fact get fully installed and running? John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett Sent: Thursday, May 11, 2006 6:56 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any
RE: [Declude.Virus] 4.2.3 Built-in scanner
Sorry for the tardy response, I've been traveling. I used mcafee on my old system in combination with f-prot, and never had any problems there either. On my new box [new since May], I started out with a different program from eTrust because we're moving away from McAfee across the board, but I had issues with the new program and switched to scan.exe. I don't remember exactly when I made that last switch, but I have NEVER gotten scan to return anything on anything it has scanned. I send myself a report daily on activity for the previous day, and it always says in the virus detections that "0 mcafee detected for 07-10-2006", a day when clamav found 82 and f-prot and AVG each found four more. I'm away from my office until next week, and I'm going to do some more experimenting then to figure out why mcafee fails. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, 06 July 2006 4:51 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner John, What problems are you having with scan.exe? A lot of us use McAfee and have no issues. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. John Shacklett writes: > After loading 4.2.20 this afternoon, my AVG scanner is now finally > detecting viruses. Oh happy day. Now if I can just get scan.exe to > work, I'll have a full house. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Thursday, 11 May 2006 11:44 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > "Declude 4.2.3 Diagnostics" right on the top line. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Carter > Sent: Thursday, 11 May 2006 9:30 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Just curious, what does your diags.txt? Did 4.2.3 in fact get fully > installed and running? > > John C > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Thursday, May 11, 2006 6:56 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > I guess I should have been more dramatic. What I intended this to mean > was that I still don't see any evidence that AVG is working at all. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Tuesday, 09 May 2006 3:04 PM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Just for fun, I completely commented out the three scanners in my > virus.cfg and resent the eicar plain test file, and it made it to my Inbox. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Tuesday, 09 May 2006 9:58 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Forget my last post, I have different problems. Sorry. > > I followed John C's suggestion and sent myself a standard base64 MIME > encoded eicar.com file [which should have occurred to me earlier], and > I ended up with the following lines in the debug output: > > 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus > 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports > exit code of 3 > 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports > exit code of 0 > 05/09/2006 09:50:58.616 q9e3d01cb0000331c.smd Virus scanner 3 reports > exit code of 0 > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Carter > Sent: Tuesday, 09 May 2006 9:41 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > > Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It > should show AVG working. MID and HIGH levels didn't show which scanner > caught EICAR, but DEBUG did. > > John C > > > 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not > continuing with any remaining scanners. > 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: > EICAR_Test > 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:
Re: [Declude.Virus] 4.2.3 Built-in scanner
John, What problems are you having with scan.exe? A lot of us use McAfee and have no issues. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. John Shacklett writes: After loading 4.2.20 this afternoon, my AVG scanner is now finally detecting viruses. Oh happy day. Now if I can just get scan.exe to work, I'll have a full house. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, 11 May 2006 11:44 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner "Declude 4.2.3 Diagnostics" right on the top line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, 11 May 2006 9:30 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just curious, what does your diags.txt? Did 4.2.3 in fact get fully installed and running? John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, May 11, 2006 6:56 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EM
RE: [Declude.Virus] 4.2.3 Built-in scanner
After loading 4.2.20 this afternoon, my AVG scanner is now finally detecting viruses. Oh happy day. Now if I can just get scan.exe to work, I'll have a full house. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, 11 May 2006 11:44 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner "Declude 4.2.3 Diagnostics" right on the top line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, 11 May 2006 9:30 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just curious, what does your diags.txt? Did 4.2.3 in fact get fully installed and running? John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, May 11, 2006 6:56 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just s
RE: [Declude.Virus] 4.2.3 Built-in scanner
"Declude 4.2.3 Diagnostics" right on the top line. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, 11 May 2006 9:30 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just curious, what does your diags.txt? Did 4.2.3 in fact get fully installed and running? John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, May 11, 2006 6:56 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail cam
RE: [Declude.Virus] 4.2.3 Built-in scanner
Just curious, what does your diags.txt? Did 4.2.3 in fact get fully installed and running? John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Thursday, May 11, 2006 6:56 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
I guess I should have been more dramatic. What I intended this to mean was that I still don't see any evidence that AVG is working at all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 3:04 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Just for fun, I completely commented out the three scanners in my virus.cfg and resent the eicar plain test file, and it made it to my Inbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, 09 May 2006 9:58 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Uwe, I will look into this - what I do know that if "Unknown Virus in Unknown File" means that the virus scanner is not reporting the name of the virus, I see this a lot with Clamav however I will have to check on the AVG David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Info Wind Sent: Tuesday, May 09, 2006 12:39 PM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] 4.2.3 Built-in scanner Dear David, since I use 4.2.3 I get always "Unknown Virus in Unknown File" in the message. It seems that the Virusname variables have a problem. Could you check this? Thank you, Uwe - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 09, 2006 3:13 PM Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner > 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 > 2. Check your virus logs > 3. Declude\Scanners\AVG\DB > 4. Check the date on the database files > > David B > www.declude.com > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett > Sent: Tuesday, May 09, 2006 8:45 AM > To: Declude.Virus@declude.com > Subject: [Declude.Virus] 4.2.3 Built-in scanner > > > How do I determine if the built-in scanner is working? Where do the virus > signature files live? How do I tell if those files are being updated? > > -- > > John S > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just > send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus".The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] 4.2.3 Built-in scanner
Dear David, since I use 4.2.3 I get always "Unknown Virus in Unknown File" in the message. It seems that the Virusname variables have a problem. Could you check this? Thank you, Uwe - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 09, 2006 3:13 PM Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Really? I read this as AVG detected a virus, and then went on to scanners #1 and #2. 05/09/2006 10:20:59.531 qb3591c200020536d.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 10:20:59.531 qb3591c200020536d.smd AVG Reports Not Healable 05/09/2006 10:20:59.531 qb3591c200020536d.smd Starting scanner #1: C:\Panda\Pavcl32\pavcl.com /NOM /NOB /AEX /CMP /NOS /NOR C:\IMail\spool\proc\work\DB3591~1.VIR\ 05/09/2006 10:20:59.531 qb3591c200020536d.smd Scanner to start immediately, no need to wait for others to end. 05/09/2006 10:20:59.531 qb3591c200020536d.smd Virus Scanner Started: C:\Panda\Pavcl32\pavcl.com /NOM /NOB /AEX /CMP /NOS /NOR C:\IMail\spool\proc\work\DB3591~1.VIR\ 05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanning Time: 265ms [kernel=31 user=234] 05/09/2006 10:20:59.843 qb3591c200020536d.smd Virus scanner 1 reports exit code of 16777472 05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanner #1 detected a virus 05/09/2006 10:20:59.843 qb3591c200020536d.smd Starting scanner #2: C:\IMail\spool\proc\work\DB3591~1.VIR\ 05/09/2006 10:20:59.843 qb3591c200020536d.smd Scanner to start immediately, no need to wait for others to end. 05/09/2006 10:20:59.843 qb3591c200020536d.smd Your virus scanner DOES NOT EXIST (at C:\IMail\spool\proc\work\DB3591~1.VIR\); NOT SCANNING ATTACHMENTS! [2] Error String: [The system cannot find the file specified.] Why is scanner #2 constantly failing too? I am deleting viruses upon detection, and it looks like it's erroring because that infected mail no longer exists. Is there a way to prevent this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 10:04 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner That is true except for the built in scanner which if it finds a virus does not call the additional scanners. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 9:49 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I sent myself a test virus after installing the update, and it was stopped by my existing scanner. I don't see any indication of additional log lines as a result of adding AVG. The default virus.cfg file states that "The default behavior is for Declude to call all scanners" and I have the "EXITSCANONVIRUSDETECT OFF" line still completely commented out, but looking at the logs it appears that the default behavior is just the opposite. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, 09 May 2006 9:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
That is true except for the built in scanner which if it finds a virus does not call the additional scanners. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 9:49 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner I sent myself a test virus after installing the update, and it was stopped by my existing scanner. I don't see any indication of additional log lines as a result of adding AVG. The default virus.cfg file states that "The default behavior is for Declude to call all scanners" and I have the "EXITSCANONVIRUSDETECT OFF" line still completely commented out, but looking at the logs it appears that the default behavior is just the opposite. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, 09 May 2006 9:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Forget my last post, I have different problems. Sorry. I followed John C's suggestion and sent myself a standard base64 MIME encoded eicar.com file [which should have occurred to me earlier], and I ended up with the following lines in the debug output: 05/09/2006 09:50:57.007 q9e3d01cb331c.smd AVG Reports No Virus 05/09/2006 09:50:57.178 q9e3d01cb331c.smd Virus scanner 1 reports exit code of 3 05/09/2006 09:50:58.444 q9e3d01cb331c.smd Virus scanner 2 reports exit code of 0 05/09/2006 09:50:58.616 q9e3d01cb331c.smd Virus scanner 3 reports exit code of 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, 09 May 2006 9:41 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
I sent myself a test virus after installing the update, and it was stopped by my existing scanner. I don't see any indication of additional log lines as a result of adding AVG. The default virus.cfg file states that "The default behavior is for Declude to call all scanners" and I have the "EXITSCANONVIRUSDETECT OFF" line still completely commented out, but looking at the logs it appears that the default behavior is just the opposite. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, 09 May 2006 9:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Temporarily go to LOGLEVEL DEBUG and use the test virus sender. It should show AVG working. MID and HIGH levels didn't show which scanner caught EICAR, but DEBUG did. John C 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Virus detected. Not continuing with any remaining scanners. 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports VIRUS: EICAR_Test 05/09/2006 08:34:55.687 q9a7b016d30e4.smd AVG Reports Not Healable -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, May 09, 2006 8:13 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] 4.2.3 Built-in scanner 1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
Declude/scanners/avg I disabled my other test, which would leave AVG the only running one. Logs showed scanning activity with test virus. I assumed all was working as intended. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 7:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] 4.2.3 Built-in scanner
1. Use the test virus sender http://www.declude.com/Articles.asp?ID=99 2. Check your virus logs 3. Declude\Scanners\AVG\DB 4. Check the date on the database files David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, May 09, 2006 8:45 AM To: Declude.Virus@declude.com Subject: [Declude.Virus] 4.2.3 Built-in scanner How do I determine if the built-in scanner is working? Where do the virus signature files live? How do I tell if those files are being updated? -- John S --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.