[Declude.Virus] Issues running the fpcmd.exe scanner

Fri, 20 Dec 2002 10:32:35 -0800

Title: Issues running the fpcmd.exe scanner

Reading some of the archives suggested that if using F-Prot it was best to use the fpcmd.exe over the f-prot.exe due to some errors encountered with using f-prot.exe.  Upon testing the f-prot.exe works great, reports in the log just fine, and sends out the notifications emails.  If I use the fpcmd file, the file gets seen, however nothing is done with it and the original email gets sent on its way.  I set the log to DEBUG for this test and below is my trace, any aid would be greatly appreciated.   This test used the eicar2.zip test file from www.eicar.com and sent locally using Outlook Express. 

12/20/2002 12:59:44 Q5a90002f0078444b Declude Virus Pro Registered
12/20/2002 12:59:44 Q5a90002f0078444b Starting locality check
12/20/2002 12:59:44 Q5a90002f0078444b CL Opening HKEY_LOCAL_MACHINE\software\Ipswitch\IMail\Domains
12/20/2002 12:59:44 Q5a90002f0078444b [EMAIL PROTECTED] [0] is local domain1
12/20/2002 12:59:44 Q5a90002f0078444b [EMAIL PROTECTED] [0] is local main domain
12/20/2002 12:59:44 Q5a90002f0078444b Local host = ntad.com
12/20/2002 12:59:44 Q5a90002f0078444b [EMAIL PROTECTED] Offset=9 Flags=1
12/20/2002 12:59:44 Q5a90002f0078444b Msgid: <000901c2a851$93ec27e0$[EMAIL PROTECTED]>
12/20/2002 12:59:44 Q5a90002f0078444b Subject: testing virus10
12/20/2002 12:59:44 Q5a90002f0078444b C:\IMail\spool\Q5a90002f0078444b.SMD
12/20/2002 12:59:44 Q5a90002f0078444b Starting virus scanning section...
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER=0
12/20/2002 12:59:44 Q5a90002f0078444b Exclude Default=1
12/20/2002 12:59:44 Q5a90002f0078444b Exclude Domain=0
12/20/2002 12:59:44 Q5a90002f0078444b Exclude peruser=-1
12/20/2002 12:59:44 Q5a90002f0078444b DoAv( C:\IMail\spool\D5a90002f0078444b.SMD );
12/20/2002 12:59:44 Q5a90002f0078444b avtempdir=C:\IMail\spool
12/20/2002 12:59:44 Q5a90002f0078444b Temp dir set to: C:\IMail\spool\D5a90002f0078444b.vir\
12/20/2002 12:59:44 Q5a90002f0078444b fp=444d40
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER++
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME START
12/20/2002 12:59:44 Q5a90002f0078444b CT: Content-Type: multipart/mixed;boundary="----=_NextPart_000_0
12/20/2002 12:59:44 Q5a90002f0078444b Got boundary; =------=_NextPart_000_0005_01C2A827.AB057E10.
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME end-of-headers
12/20/2002 12:59:44 Q5a90002f0078444b Not MIME header exploit: type=multipart/mixed NameEnd=面面 0 0
12/20/2002 12:59:44 Q5a90002f0078444b ISMULTI
12/20/2002 12:59:44 Q5a90002f0078444b Hit boundary... Recursing... 0 (3-0-).
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER++
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME START
12/20/2002 12:59:44 Q5a90002f0078444b CT: Content-Type: multipart/alternative;boundary="----=_NextPart
12/20/2002 12:59:44 Q5a90002f0078444b Got boundary; =------=_NextPart_001_0006_01C2A827.AB057E10.
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME end-of-headers
12/20/2002 12:59:44 Q5a90002f0078444b Not MIME header exploit: type=multipart/alternative NameEnd=面面 0 0
12/20/2002 12:59:44 Q5a90002f0078444b ISMULTI
12/20/2002 12:59:44 Q5a90002f0078444b Hit boundary... Recursing... 0 (3-0-).
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER++
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME START
12/20/2002 12:59:44 Q5a90002f0078444b CT: Content-Type: text/plain;charset="iso-8859-1"
12/20/2002 12:59:44 Q5a90002f0078444b Got Encoding quoted-printable.
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME end-of-headers
12/20/2002 12:59:44 Q5a90002f0078444b Not MIME header exploit: type=text/plain NameEnd=面面 0 0
12/20/2002 12:59:44 Q5a90002f0078444b !ISMULTI
12/20/2002 12:59:44 Q5a90002f0078444b Handling a MIME segment [Boundary=------=_NextPart_001_0006_01C2A827.AB057E10].
12/20/2002 12:59:44 Q5a90002f0078444b Encoding type: quoted-printable [1/]
12/20/2002 12:59:44 Q5a90002f0078444b Starting BASE64
12/20/2002 12:59:44 Q5a90002f0078444b Hit new boundary (fseek)
12/20/2002 12:59:44 Q5a90002f0078444b curpos=920
12/20/2002 12:59:44 Q5a90002f0078444b Deleting (1) plaintext segment C:\IMail\spool\D5a90002f0078444b.vir\0..
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER--
12/20/2002 12:59:44 Q5a90002f0078444b Done Recursing...
12/20/2002 12:59:44 Q5a90002f0078444b Hit boundary... Recursing... 1 (3-0-).
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER++
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME START
12/20/2002 12:59:44 Q5a90002f0078444b CT: Content-Type: text/html;charset="iso-8859-1"
12/20/2002 12:59:44 Q5a90002f0078444b Got Encoding quoted-printable.
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME end-of-headers
12/20/2002 12:59:44 Q5a90002f0078444b Not MIME header exploit: type=text/html NameEnd=面面 0 0
12/20/2002 12:59:44 Q5a90002f0078444b !ISMULTI
12/20/2002 12:59:44 Q5a90002f0078444b Handling a MIME segment [Boundary=------=_NextPart_001_0006_01C2A827.AB057E10].
12/20/2002 12:59:44 Q5a90002f0078444b Encoding type: quoted-printable [1/htm]
12/20/2002 12:59:44 Q5a90002f0078444b Starting BASE64
12/20/2002 12:59:44 Q5a90002f0078444b Hit new boundary (fseek)
12/20/2002 12:59:44 Q5a90002f0078444b curpos=1366
12/20/2002 12:59:44 Q5a90002f0078444b MIME file: [text/html][quoted-printable; Length=290 Checksum=23768]
12/20/2002 12:59:44 Q5a90002f0078444b Comparing |htm| to SKIPEXTs and BANEXTs
12/20/2002 12:59:44 Q5a90002f0078444b Checking HTML file htm.
12/20/2002 12:59:44 Q5a90002f0078444b i=290 fread-><!DOCTY.
12/20/2002 12:59:44 Q5a90002f0078444b i=0 fread-> .
12/20/2002 12:59:44 Q5a90002f0078444b Pre-scan OK
12/20/2002 12:59:44 Q5a90002f0078444b Skipping HTML prescanned file C:\IMail\spool\D5a90002f0078444b.vir\0..
12/20/2002 12:59:44 Q5a90002f0078444b NOT PLAINTEXT: text/html.
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER--
12/20/2002 12:59:44 Q5a90002f0078444b Done Recursing...
12/20/2002 12:59:44 Q5a90002f0078444b Hit end of layer
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER layer--
12/20/2002 12:59:44 Q5a90002f0078444b Done Recursing...
12/20/2002 12:59:44 Q5a90002f0078444b Hit boundary... Recursing... 2 (3-0-).
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER++
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME START
12/20/2002 12:59:44 Q5a90002f0078444b CT: Content-Type: application/x-zip-compressed;name="eicar2.zip"
12/20/2002 12:59:44 Q5a90002f0078444b Setting MimeName to eicar2.zip.
12/20/2002 12:59:44 Q5a90002f0078444b Got Encoding base64.
12/20/2002 12:59:44 Q5a90002f0078444b Got disp name=eicar2.zip [MimeName=eicar2.zip].
12/20/2002 12:59:44 Q5a90002f0078444b DOMIME end-of-headers
12/20/2002 12:59:44 Q5a90002f0078444b Not MIME header exploit: type=application/x-zip-compressed NameEnd=.zip 0 0
12/20/2002 12:59:44 Q5a90002f0078444b !ISMULTI
12/20/2002 12:59:44 Q5a90002f0078444b Handling a MIME segment [Boundary=------=_NextPart_000_0005_01C2A827.AB057E10].
12/20/2002 12:59:44 Q5a90002f0078444b Encoding type: base64 [1/zip]
12/20/2002 12:59:44 Q5a90002f0078444b Starting BASE64
12/20/2002 12:59:44 Q5a90002f0078444b Hit new boundary (fseek)
12/20/2002 12:59:44 Q5a90002f0078444b curpos=1968
12/20/2002 12:59:44 Q5a90002f0078444b Ending BASE64
12/20/2002 12:59:44 Q5a90002f0078444b MIME file: eicar2.zip [base64; Length=252 Checksum=27286]
12/20/2002 12:59:44 Q5a90002f0078444b Comparing |zip| to SKIPEXTs and BANEXTs
12/20/2002 12:59:44 Q5a90002f0078444b NOT PLAINTEXT: application/x-zip-compressed.
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER--
12/20/2002 12:59:44 Q5a90002f0078444b Done Recursing...
12/20/2002 12:59:44 Q5a90002f0078444b Hit end of layer
12/20/2002 12:59:44 Q5a90002f0078444b MIMELAYER layer--
12/20/2002 12:59:44 Q5a90002f0078444b 0 - eicar2.zip
12/20/2002 12:59:44 Q5a90002f0078444b Scanning files (1 scanners)
12/20/2002 12:59:44 Q5a90002f0078444b Starting scanner #1: C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt C:\IMail\spool\D5A900~1.VIR\
12/20/2002 12:59:44 Q5a90002f0078444b Scanner to start immediately, no need to wait for others to end.
12/20/2002 12:59:44 Q5a90002f0078444b Virus Scanner Started: C:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt C:\IMail\spool\D5A900~1.VIR\
12/20/2002 12:59:45 Q5a90002f0078444b Virus scanner 1 reports exit code of 0
12/20/2002 12:59:45 Q5a90002f0078444b 0: This
12/20/2002 12:59:45 Q5a90002f0078444b Starting EXT check .
12/20/2002 12:59:45 Q5a90002f0078444b 1: ----
12/20/2002 12:59:45 Q5a90002f0078444b Starting EXT check htm.
12/20/2002 12:59:45 Q5a90002f0078444b 2: eicar2.zip ----
12/20/2002 12:59:45 Q5a90002f0078444b Starting EXT check zip.
12/20/2002 12:59:45 Q5a90002f0078444b Found bogus file...
12/20/2002 12:59:45 Q5a90002f0078444b Found a bogus .zip file
12/20/2002 12:59:45 Q5a90002f0078444b C:\IMail\spool\D5a90002f0078444b.vir\*.*
12/20/2002 12:59:45 Q5a90002f0078444b 0.zip
12/20/2002 12:59:45 Q5a90002f0078444b Deleted C:\IMail\spool\D5a90002f0078444b.vir\0.zip.
12/20/2002 12:59:45 Q5a90002f0078444b han=134f98 b=False
12/20/2002 12:59:45 Q5a90002f0078444b 1 [1 of 2 not deleted] files were deleted. Use ONACCESS ON if you use an external ("on access") virus scanner.
12/20/2002 12:59:45 Q5a90002f0078444b Scanned: OK
12/20/2002 12:59:45 Q5a90002f0078444b High code=0.
12/20/2002 12:59:45 Q5a90002f0078444b AV returned 0
12/20/2002 12:59:45 Q5a90002f0078444b Scanned: Virus Free [Prescan OK][MIME: 3 778]
12/20/2002 12:59:45 Q5a90002f0078444b Set process priority back to 32.
12/20/2002 12:59:45 Q5a90002f0078444b feof=16, ferror=0
12/20/2002 12:59:45 Q5a90002f0078444b About to pass off E-mail; daisychain set to smtp32.exe.
12/20/2002 12:59:45 Q5a90002f0078444b Passing to SMTP3: C:\IMail\smtp32.exe "C:\IMail\spool\Q5a90002f0078444b.SMD".
12/20/2002 13:00:54 Console turned OFF


Reply via email to