After testing with AVG off it appears that the error about the missing file
only occurs when AVG is on. With AVG disabled I get no error messages.
Here is the relevant log info.
I have confirmed this is an AVG issue. With AVG on I get the error with AVG
off I do not get the error.
Darrell
WITHOUT AVG ON
F:\Logs\Virus>grep -i q4ae100a500006d71.smd vir0713.log
07/13/2006 09:30:16.468 q4ae100a500006d71.smd Vulnerability flags = 0
07/13/2006 09:30:16.468 q4ae100a500006d71.smd MIME file: [text/html][7bit;
Length=126 Checksum=10064]
07/13/2006 09:30:16.468 q4ae100a500006d71.smd MIME file: tyjguozxgx.gif
[base64; Length=1137 Checksum=127847]
07/13/2006 09:30:16.484 q4ae100a500006d71.smd MIME file: Dorothy.zip
[base64; Length=84731 Checksum=10789144]
07/13/2006 09:30:16.484 q4ae100a500006d71.smd Found encrypted .ZIP file
07/13/2006 09:30:16.484 q4ae100a500006d71.smd Banning .ZIP file with
encrypted exe extension.
07/13/2006 09:30:16.703 q4ae100a500006d71.smd Virus scanner 1 reports exit
code of 8
07/13/2006 09:30:16.703 q4ae100a500006d71.smd Could not find parse string
Infection: in report.txt
07/13/2006 09:30:16.703 q4ae100a500006d71.smd File(s) are INFECTED [: 8]
07/13/2006 09:30:16.703 q4ae100a500006d71.smd Scanned: CONTAINS A VIRUS
[Prescan OK][MIME: 3 86092]
WITH AVG ON:
F:\Logs\Virus>grep -i q11e2008d00001156.smd vir0713.log
07/13/2006 05:27:06.312 q11e2008d00001156.smd Vulnerability flags = 0
07/13/2006 05:27:06.312 q11e2008d00001156.smd MIME file: [text/html][7bit;
Length=414 Checksum=37647]
07/13/2006 05:27:06.312 q11e2008d00001156.smd MIME file: account-details.zip
[base64; Length=108316 Checksum=1
3182509]
07/13/2006 05:27:06.828 q11e2008d00001156.smd AVG Reports VIRUS:
IRC/BackDoor.SdBot.PMS
07/13/2006 05:27:06.828 q11e2008d00001156.smd File(s) are INFECTED
[IRC/BackDoor.SdBot.PMS: 7]
07/13/2006 05:27:06.859 q11e2008d00001156.smd 1 [1 of 2 not deleted] files
were deleted. You should not use a
n on-access virus scanner that scans the \IMail directory or
sub-directories.
07/13/2006 05:27:06.859 q11e2008d00001156.smd Scanned: CONTAINS A VIRUS
[Prescan OK][MIME: 2 108872]
Darrell
Darrell ([EMAIL PROTECTED]) writes:
Andy,
Besides AVG I have 3 scanners: listed in order (F-Prot, Clam AV, McAfee).
I do think its an AVG issue like you suggested. I am trying to find a way
to disable the built in AVG virus scanner to see if this message goes
away.
Darrell
Andy Schmidt writes:
Do you have a second/external scanner defined.
May be the internal scanner (AVG) deletes an attachment and then Declude
complains that its gone when it tries to launch the secondary?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Darrell
([EMAIL PROTECTED])
Sent: Wednesday, July 12, 2006 05:46 PM
To: declude.virus@declude.com
Cc: [EMAIL PROTECTED]
Subject: [Declude.Virus] 4.2.20 Error in Log
Since upgrading to 4.2.20 I started seeing the following error:
07/12/2006 00:34:41.812 q7bca020f00006715.smd 1 [1 of 2 not deleted]
files were deleted. You should not use an on-access virus scanner that
scans the \IMail directory or sub-directories.07/12/2006 00:34:41.328
This only happens when AVG catches a virus. It did not get logged under
3.x
version. Nor do I have an On Access Virus Scanner. Anyone else seeing
this?
Darrell
See the log snippet below.
07/12/2006 00:34:41.328 q7bca020f00006715.smd Vulnerability flags = 0
07/12/2006 00:34:41.328 q7bca020f00006715.smd MIME file:
[text/html][7bit; Length=733 Checksum=67160]
07/12/2006 00:34:41.328 q7bca020f00006715.smd MIME file:
email-details.zip [base64; Length=108312 Checksum=13182423]
07/12/2006 00:34:41.781 q7bca020f00006715.smd AVG Reports VIRUS:
IRC/BackDoor.SdBot.PMS
07/12/2006 00:34:41.781 q7bca020f00006715.smd File(s) are INFECTED
[IRC/BackDoor.SdBot.PMS: 7]
07/12/2006 00:34:41.812 q7bca020f00006715.smd 1 [1 of 2 not deleted]
files were deleted. You should not use an on-access virus scanner that
scans the \IMail directory or sub-directories.07/12/2006 00:34:41.328
q7bca020f00006715.smd Vulnerability flags = 0
07/12/2006 00:34:41.328 q7bca020f00006715.smd MIME file:
[text/html][7bit; Length=733 Checksum=67160]
07/12/2006 00:34:41.328 q7bca020f00006715.smd MIME file:
email-details.zip [base64; Length=108312 Checksum=13182423]
07/12/2006 00:34:41.781 q7bca020f00006715.smd AVG Reports VIRUS:
IRC/BackDoor.SdBot.PMS
07/12/2006 00:34:41.781 q7bca020f00006715.smd File(s) are INFECTED
[IRC/BackDoor.SdBot.PMS: 7]
07/12/2006 00:34:41.812 q7bca020f00006715.smd 1 [1 of 2 not deleted]
files were deleted. You should not use an on-access virus scanner that
scans the \IMail directory or sub-directories.
Darrell
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
---
This E-mail came from the Declude.Virus mailing list. To unsubscribe,
just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
