My declude and f-prot are catching the sircam virus
Thanks, andyb
[EMAIL PROTECTED]
Tuesday, August 28, 2001, 4:50:30 PM, you wrote:
>>I am using F-Prot with Imail. It seems that the sircam virus is still
>>getting in. I have found at least 200 instances of the virus sitting in
>>users mail boxes.
RSP> Then something isn't working properly.
RSP> Are you catching the eicar.com test file (you can check at
RSP> http://www.declude.com/tools using our "Test Mail Sender")? If not, you've
RSP> got a setup problem. If you are catching the eicar.com file, then do you
RSP> have the most recent F-Prot virus definitions?
>> I have the following command inside of my Virus.cfg :
>>
>>SCANFILE C:\Progra~1\FSI\F-Prot\F-Prot.exe /TYPE /APPEND /AUTO /DISINF
>>/RENAME /DELETE /NOMEM /ARCHIVE /NOFLOPPY /NOBOOT /DUMB
RSP> That could be the problem. The "/DELETE" tells F-Prot to delete the
RSP> file. Since the file is deleted, F-Prot may well report that there is no
RSP> virus (since there isn't one anymore, as far as it knows). Since F-Prot is
RSP> reporting no virus, Declude goes ahead and sends the E-mail, since it has
RSP> been told that it is virus-free.
RSP> It would probably be best to stick with the configuration options that we
RSP> recommend, and not use /DISINF, /RENAME, /APPEND, /AUTO or
RSP> /DELETE. Several of these can potentially cause problems.
>>When I look in the log, the following is shown:
>>08/27/2001 00:10:33 Qd60c26a MIME file: June 20 Work Hospital
>>Letter.doc.pif [base64]
>>08/27/2001 00:10:34 Qd60c26a MIME file: June 20 Work Hospital
>>Letter.doc.pif [7bit]
>>08/27/2001 00:10:34 Qd60c26a Warning: EOF in middle of MIME segment [June
>>20 Work Hospital Letter.doc.pif]
>>[------5F3DE5B2_Outlook_Express_message_boundary]
RSP> The warning is because of the corrupt MIME headers that Sircam uses
RSP> (instead of ending with a "This is the end of all the MIME segments" tag,
RSP> it ends with a "There's another MIME segment coming up" tag at the end of
RSP> the E-mail). However, Declude will still scan the file.
RSP> -Scott
RSP> ---
RSP> Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
RSP> IMail. http://www.declude.com
RSP> Please visit http://www.ipswitch.com/support/mailing-lists.html
RSP> to be removed from this list.
RSP> An Archive of this list is available at:
RSP> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
