Tony, Why don't you e-mail Edinilson your test file with the virus and see if his system catches it. Maybe the problem is because it's a trojan and not a virus so the message reported is different. If it doesn't catch it then he has a test file to use to fix the script.
Bill >---------- >From: Edinilson J. Santos[SMTP:[EMAIL PROTECTED]] >Sent: Thursday, December 13, 2001 2:23 PM >To: [EMAIL PROTECTED] >Subject: [xmail] Re: AV Filter for Win32 XMAIL > >Here we are using the same version, Program version 6.307, database version >168 >But when a virus is detected, it�s generate a string like Virus found or >Virus identified > >Something strange is happening > >I will test and report you ASAP. > >Edinilson >--------------------------------------------------------- >ATINET-Afiliado UOL de Atibaia >Rua Francisco R. Santos, 54 sala 3 >ATIBAIA/SP Cep: 12940-250 >Tel Voz: (0xx11) 4412-0876 >http://www.atinet.com.br > > >----- Original Message ----- >From: <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, December 13, 2001 8:07 PM >Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > >Edinilson; > >Here is the report created for an infected file: > >AVG 6.0 Anti-Virus System >Copyright GRISOFT Inc. 2001 >Program version 6.307, database version 168 >Command line: [/HEUR >c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT >c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM >/NOHIMEM /NOBOOT] >Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume >DRIVEC serial ACBD-E688 >c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan >horse BackDoor.Subseven > >------------------------------------------------------------ >Test start 12/13/01 14:01:14 >Elapsed time: 0 sec. >------------------------------------------------------------ >Scanned files : 2 >Scanned sectors : 0 >Infected files : 1 >Infected sectors : 0 >------------------------------------------------------------ > >If I understand the script correctly, this line: > > if (repfileStr.indexOf('Virus found') != -1 || repfileStr.indexOf('Virus >identified') != -1) { > >is looking for the phrase Virus Found or Virus Identified - neither one of >which appears in the report. This would account for the reason no virus are >being detected by the script. Are you using a different version of the AVG >engine, or perhaps a slightly different version of the script than I am? > >Tony > > > ----- Original Message ----- > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Sent: Thursday, December 13, 2001 1:56 PM > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > > Edinilson; > Much better now. Everything in the avfilter.bat that is supposed to >happen does! > Now I know the problem must be in the avfilter.js, after the bat is >called. > The infected emails still get delivered, and no warning message gets sent. >We are closer - any more ideas? > Thanks in advanc! > Tony > ----- Original Message ----- > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Sent: Thursday, December 13, 2001 12:56 PM > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > > I had certainly checked and rechecked. Still - you were correct. The >directory and file deletions in avfilter\temp were not being done due to a >path problem! Also, without any more changes - the report file is now being >created in the temp dir as expected! Closer than ever to sucess. > > The report file now stays in the temp dir. Still no emails being sent, >and it seems the infected mail is still delivered. More hints please? And >THANK YOU. > > Tony > > ----- Original Message ----- > From: Edinilson J. Santos > To: [EMAIL PROTECTED] > Sent: Thursday, December 13, 2001 12:41 PM > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > Are you sure that all drives and paths was replaced with your own path >(for > me drive is D: and xmail path is \mailroot) in avfilter.js and >avfilter.bat > ? > It�s a very simple script but rely on specific paths > > Edinilson > --------------------------------------------------------- > ATINET-Afiliado UOL de Atibaia > Rua Francisco R. Santos, 54 sala 3 > ATIBAIA/SP Cep: 12940-250 > Tel Voz: (0xx11) 4412-0876 > http://www.atinet.com.br > > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 13, 2001 6:33 PM > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > New, more information. > > On more testing, the last statement in avfilter.bat that I can verify >is > being run sucessfully is uudecode. If I run the line which invokes >AVG by > hand (substituting values for %2), it runs correctly, and creates the >report > in the \avfilter\temp directory. > > Tony > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 13, 2001 10:17 AM > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > > Thank your Mr. Santos! > > > > After your recommended test, here is the results. > > > > The mail file was copied to the created dir in avfilter as expected. >The > > virus attachment was extracted, and in the same DIR. (I rem'd the >code > that > > deletes this temp file and dir so I could better track the results >of the > > test.) > > > > The \avfilter\temp dir seems to have something written in to it, but >if > so, > > it was deleted before I could see it there. I can only tell because >the > > avfilter/temp directory moved (as it does when something is written >to it) > > it position in the dir list. > > > > No emails warning of virus were sent to either address, and the >original > > email with the virus was delivered to the end user. :( > > > > Do you have any thoughts on this problem? > > > > Thank again > > > > Tony > > > > ----- Original Message ----- > > From: "Edinilson J. Santos" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, December 13, 2001 3:49 AM > > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > > > > > May I help you? > > > > > > Try to do the following: > > > Open a command prompt window. > > > > > > cd\mailroot\avfilter > > > cscript avfilter.js SOME-EMAIL-FILE [EMAIL PROTECTED] >YOUR-EMAIL-ADDRESS > > > > > > And report me what happens. > > > > > > Edinilson > > > --------------------------------------------------------- > > > ATINET-Afiliado UOL de Atibaia > > > Rua Francisco R. Santos, 54 sala 3 > > > ATIBAIA/SP Cep: 12940-250 > > > Tel Voz: (0xx11) 4412-0876 > > > http://www.atinet.com.br > > > > > > > > > ----- Original Message ----- > > > From: <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, December 12, 2001 6:08 PM > > > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > > > > > > > I do not have success with these scripts. Can anyone help? It >seems > the > > > AVG engine ins't making the temp file - or something in that area. > ANyone > > > please? > > > > > > Tony > > > ----- Original Message ----- > > > From: "Edinilson J. Santos" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Monday, December 10, 2001 4:13 AM > > > Subject: [xmail] AV Filter for Win32 XMAIL > > > > > > > > > > For those looking for a AV filter script that works with XMail >for > > Win32, > > > > try: > > > > http://www.atinet.com.br/xmail/avfilter.zip > > > > > > > > Edinilson > > > > --------------------------------------------------------- > > > > ATINET-Afiliado UOL de Atibaia > > > > Rua Francisco R. Santos, 54 sala 3 > > > > ATIBAIA/SP Cep: 12940-250 > > > > Tel Voz: (0xx11) 4412-0876 > > > > http://www.atinet.com.br > > > > > > > > > > > > --- > > > > Outgoing mail is certified Virus Free. > > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > > Version: 6.0.306 / Virus Database: 166 - Release Date: >04/12/2001 > > > > > > > > - > > > > To unsubscribe from this list: send the line "unsubscribe xmail" >in > > > > the body of a message to [EMAIL PROTECTED] > > > > For general help: send the line "help" in the body of a message >to > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > - > > > To unsubscribe from this list: send the line "unsubscribe xmail" >in > > > the body of a message to [EMAIL PROTECTED] > > > For general help: send the line "help" in the body of a message to > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > --- > > > Outgoing mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001 > > > > > > - > > > To unsubscribe from this list: send the line "unsubscribe xmail" >in > > > the body of a message to [EMAIL PROTECTED] > > > For general help: send the line "help" in the body of a message to > > > [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > the body of a message to [EMAIL PROTECTED] > > For general help: send the line "help" in the body of a message to > > [EMAIL PROTECTED] > > > > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001 > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001 > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
