The exit status 8 is from f-secure and indicates a file is 'suspected'
instead of 'infected'. You can modify the f-secure script to check for 8 as
well as 3 or the word 'suspected' as well as 'infected'.
Rgds,
__
Greg Kelley, Technol
(website.doc.exe for example) are malformed and probably wouldn't launch if
run anyway, but I'm not going to test it to find out! Even Norton AV running
on the desktop isn't catching some of these where it's caught some others of
the same form today.
______
Greg Kelley,
because of extension till
1:45 then many more that got scanned and the .zip file was discovered with
f-secure. Will keep you posted on further developments.
______
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US Office:
Pease Int'l Tradeport
68 New Hamp
due to the way the attachment was embedded into the email
message. Message was not scanned by QS as it is PLAIN Text with attachment
at the end of the body. So, some of you may be getting 'false positives'
from Norton AV on attachments that are benign.
Rgds,
__
G
Doug,
Actually Norton DID quarantine an infected attachment named ofo.zip from the
email message that got thru as PLAIN text. I have the file and it is a true
infexted .zip file. So if someone did open it they would get infected.
Rgds,
__
Greg Kelley, Technology Director
Thanks for looking at this. However, the virus has been removed from the
message by Norton AV and it leaves the message:
"Norton AntiVirus removed the attachment: ofo.zip.
The attachment was infected with the [EMAIL PROTECTED] virus."
in it's place where the attachment originally was in the messa
+++
Perhaps someone can discover why this was not scanned. I have redundant
scanning on and I use f-secure which consistently finds the virus if it gets
a chance to scan it. Thanks.
Rgds,
__
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US Office:
Pease Int&#x
ntire message and the
quarantined .zip file.
Rgds,
__
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US Office:
Pease Int'l Tradeport
68 New Hampshire Ave.
Portsmouth, NH 03801
603.766.3005
http://www.britannicaviation.com
AOPA, EAA, SSA
CFII SEL, MEL; C
t;,
<mailto:[EMAIL PROTECTED]>
List-Id: Red Hat Network Users List
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/rhn-users>,
<mailto:[EMAIL PROTECTED]>
List-Archive: <https://www.redhat.com/archives/rhn-users/>
Content-Transfer-Encoding: base64
Rgds,
___
or
memory/resource/perms problem - exit status $fsecure_status");
}
}
$stop_fsecure_time=[gettimeofday];
$fsecure_time = tv_interval ($start_fsecure_time, $stop_fsecure_time);
&debug("fsecure: finished scan of dir \"$scandir/$file_id\" in
$fsecure_time secs")
I'm using 1.16 - policy here dictates we do not use Release Candidates in a
Production environment, so when fsav 4.51 came out with modifications, I
changed the code to handle Suspicious Files.
__
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US O
";
} else {
#This implies a corrupt set of DAT files or resource problems...
&tempfail("corrupt or unknown Fsecure scanner error or
memory/resource/perms problem - exit status $fsecure_status");
}
}
Rgds,
__
Greg Kelley, Technology
Debug shows that when a return code of 8 (Suspicious File) is generated,
there is no extra dialog output at all. Just shows Start Scan and Stop Scan,
then returns the 8. This will probably impact the way the sub-fsecure.pl
script is rewritten to handle this.
__
Greg Kelley
following priority order:
130, 7, 1, 3, 8, 6, 9, 0.
Rgds,
______
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US Office:
Pease Int'l Tradeport
68 New Hampshire Ave.
Portsmouth, NH 03801
603.766.3005
http://www.britannicaviation.com
AOPA,
Folks,
Unloaded the daemon, loaded it manually (exported the library location
variable) and now fsav can connect to the daemon just fine. Something
strange happened during/after the upgrade, so a complete unload and reload
seemed to fix it.
__
Greg Kelley, Technology
Nyone who has sucessfully run this upgrade to 4.51
recently with no probs please respond. Thanks.
Rgds,
__
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US Office:
Pease Int'l Tradeport
68 New Hampshire Ave.
Portsmouth, NH 03801
603.766.3005
http://www.
Folks,
Just upgraded to f-secure 4.51 from 4.50 and now the fsav client can't/won't
connect to the daemon! fsavd is running as qmailq. Anyone run into this?
What did the upgrade break?
Rgds,
__
Greg Kelley, Technology Director
Britannic Aviation, US and UK
et. I have
sobig in my silent-virus list, but it isn't getting processed (I think)
because it's getting picked up first by perlscan. Is there a way to get an
infected email with known attachment type to follow the silent-virus list?
Rgds,
______
Greg Kelley, Technolog
Should Fizzer.A be added to the silent list and if so, what form should it
be listed as? Thanks.
__
Greg Kelley, Technology Director
Britannic Aviation, US and UK
US Office:
Pease Int'l Tradeport
68 New Hampshire Ave.
Portsmouth, NH 03801
603.766.3005
aemon using the script
5. modify the command line in sub-fsecure.pl that runs fsav and
add --usedaemon before $scandir
6. re-run config and copy qmail-scanner-queue.pl to /var/qmail/bin
You should have three instances of fsavd running and email checking will go
much quicker.
Rgds,
v-505 --standalone
This kills the daemon because of the --standalone parameter. I can't see
anywhere in the code where this is getting called this way - any ideas? I'd
like the daemon to stay running to speed things up.
Thanks.
______
Greg Kelley, Technology Director
Britann
21 matches
Mail list logo
