That was it friends! All is working as is should, and the offending email is deleted. Thank you for the help! Edinilson, if you make a fix that is different, please tell us about it. Also, do you want me to send you the infected email?
Tony ----- Original Message ----- From: Edinilson J. Santos To: [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 2:23 PM Subject: [xmail] Re: AV Filter for Win32 XMAIL Here we are using the same version, Program version 6.307, database version 168 But when a virus is detected, itīs generate a string like Virus found or Virus identified Something strange is happening I will test and report you ASAP. Edinilson --------------------------------------------------------- ATINET-Afiliado UOL de Atibaia Rua Francisco R. Santos, 54 sala 3 ATIBAIA/SP Cep: 12940-250 Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 13, 2001 8:07 PM Subject: [xmail] Re: AV Filter for Win32 XMAIL Edinilson; Here is the report created for an infected file: AVG 6.0 Anti-Virus System Copyright GRISOFT Inc. 2001 Program version 6.307, database version 168 Command line: [/HEUR c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* /REPORT c:\xxmail\mailroot\avfilter\temp\rep-1008279248678.401.defiant.txt /NOMEM /NOHIMEM /NOBOOT] Testing c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\*.* volume DRIVEC serial ACBD-E688 c:\xxmail\mailroot\avfilter\1008279248678.401.defiant\server.exe Trojan horse BackDoor.Subseven ------------------------------------------------------------ Test start 12/13/01 14:01:14 Elapsed time: 0 sec. ------------------------------------------------------------ Scanned files : 2 Scanned sectors : 0 Infected files : 1 Infected sectors : 0 ------------------------------------------------------------ If I understand the script correctly, this line: if (repfileStr.indexOf('Virus found') != -1 || repfileStr.indexOf('Virus identified') != -1) { is looking for the phrase Virus Found or Virus Identified - neither one of which appears in the report. This would account for the reason no virus are being detected by the script. Are you using a different version of the AVG engine, or perhaps a slightly different version of the script than I am? Tony ----- Original Message ----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 1:56 PM Subject: [xmail] Re: AV Filter for Win32 XMAIL Edinilson; Much better now. Everything in the avfilter.bat that is supposed to happen does! Now I know the problem must be in the avfilter.js, after the bat is called. The infected emails still get delivered, and no warning message gets sent. We are closer - any more ideas? Thanks in advanc! Tony ----- Original Message ----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 12:56 PM Subject: [xmail] Re: AV Filter for Win32 XMAIL I had certainly checked and rechecked. Still - you were correct. The directory and file deletions in avfilter\temp were not being done due to a path problem! Also, without any more changes - the report file is now being created in the temp dir as expected! Closer than ever to sucess. The report file now stays in the temp dir. Still no emails being sent, and it seems the infected mail is still delivered. More hints please? And THANK YOU. Tony ----- Original Message ----- From: Edinilson J. Santos To: [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 12:41 PM Subject: [xmail] Re: AV Filter for Win32 XMAIL Are you sure that all drives and paths was replaced with your own path (for me drive is D: and xmail path is \mailroot) in avfilter.js and avfilter.bat ? Itīs a very simple script but rely on specific paths Edinilson --------------------------------------------------------- ATINET-Afiliado UOL de Atibaia Rua Francisco R. Santos, 54 sala 3 ATIBAIA/SP Cep: 12940-250 Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 13, 2001 6:33 PM Subject: [xmail] Re: AV Filter for Win32 XMAIL New, more information. On more testing, the last statement in avfilter.bat that I can verify is being run sucessfully is uudecode. If I run the line which invokes AVG by hand (substituting values for %2), it runs correctly, and creates the report in the \avfilter\temp directory. Tony ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 13, 2001 10:17 AM Subject: [xmail] Re: AV Filter for Win32 XMAIL > Thank your Mr. Santos! > > After your recommended test, here is the results. > > The mail file was copied to the created dir in avfilter as expected. The > virus attachment was extracted, and in the same DIR. (I rem'd the code that > deletes this temp file and dir so I could better track the results of the > test.) > > The \avfilter\temp dir seems to have something written in to it, but if so, > it was deleted before I could see it there. I can only tell because the > avfilter/temp directory moved (as it does when something is written to it) > it position in the dir list. > > No emails warning of virus were sent to either address, and the original > email with the virus was delivered to the end user. :( > > Do you have any thoughts on this problem? > > Thank again > > Tony > > ----- Original Message ----- > From: "Edinilson J. Santos" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, December 13, 2001 3:49 AM > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > > May I help you? > > > > Try to do the following: > > Open a command prompt window. > > > > cd\mailroot\avfilter > > cscript avfilter.js SOME-EMAIL-FILE [EMAIL PROTECTED] YOUR-EMAIL-ADDRESS > > > > And report me what happens. > > > > Edinilson > > --------------------------------------------------------- > > ATINET-Afiliado UOL de Atibaia > > Rua Francisco R. Santos, 54 sala 3 > > ATIBAIA/SP Cep: 12940-250 > > Tel Voz: (0xx11) 4412-0876 > > http://www.atinet.com.br > > > > > > ----- Original Message ----- > > From: <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, December 12, 2001 6:08 PM > > Subject: [xmail] Re: AV Filter for Win32 XMAIL > > > > > > I do not have success with these scripts. Can anyone help? It seems the > > AVG engine ins't making the temp file - or something in that area. ANyone > > please? > > > > Tony > > ----- Original Message ----- > > From: "Edinilson J. Santos" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, December 10, 2001 4:13 AM > > Subject: [xmail] AV Filter for Win32 XMAIL > > > > > > > For those looking for a AV filter script that works with XMail for > Win32, > > > try: > > > http://www.atinet.com.br/xmail/avfilter.zip > > > > > > Edinilson > > > --------------------------------------------------------- > > > ATINET-Afiliado UOL de Atibaia > > > Rua Francisco R. Santos, 54 sala 3 > > > ATIBAIA/SP Cep: 12940-250 > > > Tel Voz: (0xx11) 4412-0876 > > > http://www.atinet.com.br > > > > > > > > > --- > > > Outgoing mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.306 / Virus Database: 166 - Release Date: 04/12/2001 > > > > > > - > > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > > the body of a message to [EMAIL PROTECTED] > > > For general help: send the line "help" in the body of a message to > > > [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > the body of a message to [EMAIL PROTECTED] > > For general help: send the line "help" in the body of a message to > > [EMAIL PROTECTED] > > > > > > > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001 > > > > - > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > the body of a message to [EMAIL PROTECTED] > > For general help: send the line "help" in the body of a message to > > [EMAIL PROTECTED] > > > > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001 - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/2001 - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
