[Mimedefang] Repeated $VirusScannerMessages?

Ashley M. Kirchner ashley at pcraft.com
Sat Feb 16 12:05:22 EST 2002 

Martin Bene wrote:

> I've had this problem as well: it's caused by first calling the virus scanner on the whole message (message_contains_virus_xxxx) and then again on each of the attachments.

 I just realized that I messed up in my message.  I was testing the openantivirus scanner at first, only to find out it doesn't catch some types of viri (namely the W32/Magistr-B below was passing through like water through a fishnet), so I switched to sophos.  However, both scanners were showing the same behaviours (repeating scanner messages).

    Now, I understand what you're saying above, the scanner scans each individual piece, both on the whole message and then the attachments, however when I look at the output, I see (and I'm sorry for re-quoting this whole piece again folks)

---------------------
The attachment 'eicar.com' was deleted.  It contains a known virus.
Here is the output from the virus scanner:
>>> Virus 'EICAR-AV-Test' found in file ./Work/msg-31261-2.com
>>> Virus 'W32/Magistr-B' found in file ./Work/msg-31261-3.exe
>>> Virus 'EICAR-AV-Test' found in file Work/msg-31261-2.com

The attachment 'kSELECT.exe' was deleted.  It contains a known virus.
Here is the output from the virus scanner:
>>> Virus 'EICAR-AV-Test' found in file ./Work/msg-31261-2.com
>>> Virus 'W32/Magistr-B' found in file ./Work/msg-31261-3.exe
>>> Virus 'EICAR-AV-Test' found in file Work/msg-31261-2.com
>>> Virus 'W32/Magistr-B' found in file Work/msg-31261-3.exe
---------------------

  "./Work/msg-31261-2.com" is repeated twice, once for each attachment
  "./Work/msg-31261-3.exe" is repeated twice, ......
  "Work/msg-31261-2.com" is repeated twice, ......
  "Work/msg-31261-3.exe" is only repeated once.

    If the above assumption is true, shouldn't the last attachment also have shown up twice?  Maybe David can explain the process in which these messages are tacked onto the message, dunno.  I'd also like to know why it's distinguishing "./Work/msg-*" and "Work/msg-*" as if they're two different things.

--
H | "Life is the art of drawing without an eraser." - John Gardner
  +--------------------------------------------------------------------
  Ashley M. Kirchner <mailto:ashley at pcraft.com>   .   303.442.6410 x130
  Director of Internet Operations / SysAdmin    .     800.441.3873 x130
  Photo Craft Laboratories, Inc.            .     3550 Arapahoe Ave, #6
  http://www.pcraft.com ..... .  .    .       Boulder, CO 80303, U.S.A.

More information about the MIMEDefang mailing list