Dear colleagues, I experienced strange problem with uvscan not detecting W32/[EMAIL PROTECTED] I would very much appreciate any hints!
My setup: SMTP gateway powered by FreeBSD 5.3-STABLE, qmail-scanner 1.25st with uvscan (BSD) and SA 3.0.2: uvscan --version Scan engine v4.4.00 for BSD. Virus data file v4473 created Apr 20 2005 Scanning for 123634 viruses, trojans and variants. SMTP gateway checks messages for virus/spam and forwards email to internal email server powered by MS Exchange with McAffee Group Shield installed (with same dat version: 4473). Now, uvscan didn't recognize infected message but McAffee Group Shield did. I don't understand why since both servers have the same dat version. Here is more information from qmail-queue.log: Thu, 21 Apr 2005 08:24:52 KGST:97126: +++ starting debugging for process 97126 (ppid=97125) by uid=82 Thu, 21 Apr 2005 08:24:56 KGST:97126: w_c: elapsed time from start 4.619099 secs Thu, 21 Apr 2005 08:24:56 KGST:97126: return-path='', recips='[EMAIL PROTECTED]' Thu, 21 Apr 2005 08:24:56 KGST:97126: from='Mail Delivery System <[EMAIL PROTECTED]>', subj='Mail delivery failed: returning message to sender', via SMTP from 217.22.128.37 Thu, 21 Apr 2005 08:24:58 KGST:97126: uvscan: finished scan in 2.23322 secs Thu, 21 Apr 2005 08:25:24 KGST:97126: SA: REPORT hits = -0.3/3.5 2.3 UNIQUE_WORDS BODY: Message body has many words used only once -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.0 UPPERCASE_25_50 message body is 25-50% uppercase Thu, 21 Apr 2005 08:25:24 KGST:97126: SA: required_hits 3.5 / sa_quarantine +2.1 / sa_delete +4.2 Thu, 21 Apr 2005 08:25:24 KGST:97126: SA: finished scan in 25.20014 secs - hits=-0.3 Thu, 21 Apr 2005 08:25:24 KGST:97126: p_s: finished scan in 0.05148 secs Thu, 21 Apr 2005 08:25:24 KGST:97126: ini_sc: finished scan of "/var/spool/qmailscan/tmp/mail.manas.kg111405029269497126"... Thu, 21 Apr 2005 08:25:24 KGST:97126: ------ Process 97126 finished. Total of 32.32356 secs When this message reached MS Exchange it was detected as W32/[EMAIL PROTECTED] virus. I checked list archives, both tnef and unzip are called by QS from proper place and other modern viruses are also successfully detected by uvscan/QS. Any hints? Thank you for your time. Roman ------------------------------------------------------- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
