Re: [Declude.Virus] Multiple responses in the report.txt

[Matt]

You could essentially do that with just Declude and a bit of programming for stripping the attachments out of messages. Regardless, having one scanner is not going to do a good enough job if you rely on F-Prot based on results from the last year.  I would recommend McAfee over F-Prot as a single scanner since it appears that they are more stable, though it is clear that any single scanner can have issues from time to time. Matt Colbeck, Andrew wrote: Thanks, Matt. I only went for the Lite version because this is a gateway scanner. The internal mail servers are indeed protected by a different vendor's product. I'm setting up these two layers because my company prefers to quarantine all viral messages, and then substitute any other inbound executables with a text message in the original message. This way, our users don't receive unnecessary emails. The "other" log line I'm seeing is independent of the usage of the /ai switch. As for investigation of the /ai switch, this email is part of that due diligence! Andrew 8) -----Original Message----- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Friday, December 10, 2004 3:58 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Multiple responses in the report.txt Andrew, A separate instance is set up for each message's attachments that are scanned, there is no cause for any concern. MAXATONCE was designed for licensing reasons and shouldn't be used in most installations. If you set MAXATONCE below the number of processes that might be launched (this is a highly variable number), then it will cause overflow to occur or otherwise backup your system needlessly. Regarding your other question, I believe that you are seeing this because you are using the /ai switch. I don't use that switch, though I couldn't say why exactly. I have found however with many such things that their definitions of a non-virus that throw off such things might vary widely and include things such as encrypted zip files, something that Declude handles more flexibly. It's always a good idea to get as much information about new or alternative switches before using them. I have found info in KB's, release notes, and also by E-mailing the companies. These things aren't always as descriptive as you might want, so dig deep. I would also very strongly recommend a second scanner. Simply put, things will sometimes not function properly. There have been at least 4 occasions in about a year that F-Prot has messed up and would have caused significant virus leaking. Currently I would recommend McAfee, but I would recommend ClamAV after a period of stability emerges since the daemon is faster than anything but F-Prot. McAfee is of course a bit more responsible with their definitions, so if capacity isn't a problem, I would use that over ClamAV regardless. Matt Colbeck, Andrew wrote: I'm using the f-prot command line scanner, and the lines in the virus.cfg look like this: SCANFILE C:\F-Prot\fpcmd.exe /ai /type /silent /archive=5 /dumb /noboot /nomem /packed /report=report.txt VIRUSCODE 3 VIRUSCODE 6 REPORT Infection: That's working fine, but in my testing I'm only putting a few messages through at a time. I note that the /report variable is setting one specific filename. What happens when two or more declude processes are launched and both want to call the virus scanner at the same time? I realize that scanning is relatively quick, but I can see that collisions would result. If Declude doesn't handle this internally to set a different report name per instance, then I think paranoia would pushe me to set MAXATONCE 1 ... ? Andrew. _ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================