I am having some odd reports from Virusloganalyser lately. It no longer shows I have any viruses just Outlook Vulnerabilities.. Previously, I believe when I was running the 16 bit Fprot (now running 32 bit) it reported viruses.
Here is a snippet of my logs. I also do not understand the missing files? Any ideas what is going on with my logs? I posted my config after the log snippet. Thanks much Doug 06/23/2004 00:24:11 Q05e79da60042f798 Scanned: CONTAINS A VIRUS [MIME: 2 22581] 06/23/2004 00:24:11 Q05e79da60042f798 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 203.148.249.232] 06/23/2004 00:24:11 Q05e79da60042f798 Subject: Hi 06/23/2004 00:24:30 Q05eb2fe4011e08de Could not find report file C:\IMail\spool\D05eb2fe4011e08de.vir\report.txt. 06/23/2004 00:24:30 Q05eb2fe4011e08de File(s) are INFECTED [: 3] 06/23/2004 00:24:30 Q05eb2fe4011e08de Scanned: CONTAINS A VIRUS [MIME: 2 29807] 06/23/2004 00:24:30 Q05eb2fe4011e08de From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 172.195.102.75] 06/23/2004 00:24:30 Q05eb2fe4011e08de Subject: Illegal Website 06/23/2004 00:24:48 Q060c2fe8011e891a Outlook 'MIME Header' Vulnerability: type=audio/x-wav, name=message.pif. 06/23/2004 00:24:49 Q060c2fe8011e891a Could not find report file C:\IMail\spool\D060c2fe8011e891a.vir\report.txt. 06/23/2004 00:24:49 Q060c2fe8011e891a File(s) are INFECTED [[Outlook 'MIME Header' Vulnerability]: 3] 06/23/2004 00:24:49 Q060c2fe8011e891a Scanned: CONTAINS A VIRUS [MIME: 3 29141] 06/23/2004 00:24:49 Q060c2fe8011e891a From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [incoming from 203.157.253.196] 06/23/2004 00:24:49 Q060c2fe8011e891a Subject: Mail System ([EMAIL PROTECTED]) 06/23/2004 00:24:52 Q06119dae00429d6e Scanned: Virus Free [MIME: 1 1798] 06/23/2004 00:25:16 Q062b2fed011e0271 Scanned: Virus Free [MIME: 1 3621] 06/23/2004 00:25:24 Q06342ff1011e22bb Scanned: Virus Free [MIME: 1 7757] 06/23/2004 00:25:33 Q06399db400423921 Scanned: Virus Free [MIME: 1 306] 06/23/2004 00:25:57 Q06509db600429386 Could not find report file C:\IMail\spool\D06509db600429386.vir\report.txt. Config # The "####" in the LOGFILE option automatically gets replaced with the month/date LOGFILE spool\vir####.log LOGLEVEL MID # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE C:\Progra~1\FSI\F-Prot\Fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt) VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection: # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'spool\virus' (\IMail\spool\virus). VIRDIR spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. It is recommended NOT to have an # on-access scanner interfering, and to leave this at OFF. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments # with these file extensions will be quarantined, and if you have a BANnotify.EML file, # it will be sent out. This works in the Standard and Pro versions. # BANEXT ad BANEXT adp BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT cpl BANEXT crt BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT ins BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT mdb BANEXT mde BANEXT msc BANEXT msi BANEXT msp BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT sct BANEXT shb BANEXT shs BANEXT url BANEXT vb BANEXT vbe BANEXT vbs BANEXT vsd BANEXT vss BANEXT vst BANEXT vsw BANEXT ws BANEXT wsc BANEXT wsf BANEXT wsh BANEXT EZIP # # Declude Virus Pro can pre-scan HTML files. If no dangerous code is detected, the # virus scanner will not get called. This can significantly cut down on CPU usage. # PRESCAN OFF # # Declude Virus can block treat files using CLSID extensions as viruses. This type of # extension will force a certain type of program to be run, while making the file appear # to be a .TXT or other safe file. There is no known legitimate reason to send this # type of file through E-mail. BANPARTIAL ON bans the Partial Vulnerability. # BANCLSID ON BANPARTIAL ON # # The FOOTER lines will add a footer to the bottom of E-mails that are scanned. This may # not be visible if you send HTML or attachments with the E-mail. # FOOTER --- FOOTER [This E-mail scanned for viruses by Declude Virus] # # The DELETEVIRUSES option, when set to ON, will delete viruses, rather than quarantine them. # It is recommended to leave this at OFF. # DELETEVIRUSES OFF # # The DELIVERERRORS option, when set to ON, will treat errors from the virus scanner as if no # virus was found. When set to ON, this could cause viruses to get through in rare situations, # but will also prevent legitimate mail from being quarantined due to an error in the scanner. # It is recommend to leave this at ON. # DELIVERERRORS ON # # The BANCRVIRUSES option will automatically treat E-mail with malformed headers that could # contain a virus as if they did contain a virus. It is strongly recommended that you keep # this set to ON; otherwise, viruses could slip through. # BANCRVIRUSES ON # # The FORGINGVIRUS option is used to list viruses that forge the return address, so Declude # can replace the name of the sender with "[Forged]". # FORGINGVIRUS Vulnerability FORGINGVIRUS Yaha FORGINGVIRUS Braid FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Dumar FORGINGVIRUS Fizzer FORGINGVIRUS Ganda FORGINGVIRUS Holar FORGINGVIRUS Hybris FORGINGVIRUS Klez FORGINGVIRUS Lentin FORGINGVIRUS Magistr FORGINGVIRUS Mimail FORGINGVIRUS Mydoom FORGINGVIRUS Netsky FORGINGVIRUS Palyh FORGINGVIRUS Sober FORGINGVIRUS Sobig FORGINGVIRUS Tanx FORGINGVIRUS Torvil FORGINGVIRUS Trojan --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
