This is one of many examples of no virus warning - all zip files are
passed through without warning despite finding a virus as shown in the log
file entries :
Apr 25 06:41:21 kingsmere sendmail[2913]: i3PAeqN02913:
from=<[EMAIL PROTECTED]>, size=41090, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=host_cablevision_200_77_160_119 [200.77.160.119] (may be
forged)
Apr 25 06:41:39 kingsmere MailScanner[21387]:
/usr/share/spool/MailScanner/incoming/21387/./i3PAeqN02913/msg.zip:
Worm.SomeFool.P FOUND
Apr 25 06:41:39 kingsmere MailScanner[21387]: Virus Scanning: ClamAV found 1
infections
With the virus file detected, I would have expected a warning in the e-mail
but it was marked only for {Spam?} (see forwarded message below). �
I can't have this system passing e-mails saying they have been scanned and
are clean when they're not - especially since the scanner detected the virus.
Is the Mailscanner mis-configured?
Alex Vandenham
Avantel Systems
=============
---------- �Forwarded Message �----------
Subject: {Spam?} Re: Mail Server
Date: Sun, 25 Apr 2004 05:40:14 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
You have received an extended message. Please read the instructions.
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
-------------------------------------------------------
msg.zip (forwarded only to S Karthikeyan)
On April 25, 2004 09:39 am, S Karthikeyan wrote:
> Dear Alex,
>
> > After some more checking - let me revise my question. According to the
> > mail log files, Clamav and Kapersky are finding the virus files inside
> > the zip archive but the e-mail is passed to the destination without a
> > {Virus} warning - just the normal signature block saying the mail is
> > scanned & found to be clean and the zip file remains attached.
> >
> > Alex
> > ====
> > ==========previous message============
> >
> > Both ClamAV and Kaspersky are installed but zip files are not being
> > scanned - or if they are, the virus files contained in the archive are
> > not detected. I have confirmed that the zip files contain virus files by
> > extracting the file and sending it to myself and then the virus is
> > "detected". Although detection appears to be based more on the file type
> > rather than the content of the file - it's deleted for being a banned
> > filetype rather than for being an obvious virus file.
> >
> > Am I missing a setting somewhere or is my openprotect misconfigured or
> > what?
> >
> > Alex
> > ====
> >
> > On April 23, 2004 08:42 pm, S Karthikeyan wrote:
> >>Dear Alex @ Avantel,
> >>
> >>>Does openprotect (or the scan engines used) support the scanning of zip
> >>>files. If so, I can't find anything that tells me how to configure
> >>> that. TIA
> >>>
> >>>Alex
> >>>====
> >>
> >>If you have installed ClamAV or Kaspersky with OpenProtect, it will scan
> >>zip, arj, arc and other popular formats.
> >>
> >>cheers,
> >>Karthikeyan, S.
> >
> > -------------------------------------------------------
>
> Can you forward the virus file you're using, so that we can also test
> the file?
>
> cheers,
> Karthikeyan, S.
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
