All of the sudden today I started getting whacked with .pif and .scr attachments today. I could tell from the senders [unknown], the context of the message and the frequency that it was obviously a virus attachment.
The strange thing is that I have [or had] NAV 8 running with VSCAND.exe to capture and filter/delete viruses via the MTA. Upon investigation, I found that when I last upgraded the system a few weeks ago, the NAV integration must have been defaulted back and stopped working.
OK so I go through setting the proper locations for vscand.exe and my temp directory [which are opted out of realtime file scanning], but I am still having problems.
Tests sent with the eicar test virus are picked up by the MTA and when I receive the email it is removed and has the standard norton message:
Norton AntiVirus removed the attachment: eicar.com.
The attachment was infected with the EICAR Test String virus.
But it does not have the custom message I wrote nor does it send an email to the sender or notify me as the postmaster that a virus infected email was sent.
VScan Log shows the scan, and removes the virus [eicar only, not the .pif or .scr's I got today], but does not show that as a result in the log
If I forward myself one of the infeceted emails I received today, MTA/NAV does not pick it up ...
Code: Select all
File server's name:
Login name : mtauser
Network address : [00000000] Node : [000000000000]
Physical station number : 0A05E421-8AE0B0FFE621.
Date : 08/19/2003 , Time : 14:14:19.
Using pattern file C:\VIRUS\VD15A406.VDB
Total files scanned: 1
Folders scanned: 1
Total Viruses found: 0
Viruses cleaned: 0
Viruses deleted: 0
Total Time used: 00:00:01
Code: Select all
08/19/03 14:14:58 LOG FILE CLOSED
08/19/03 14:15:20 LOG FILE STARTED
08/19/03 14:15:20 Loaded Plug-In Filter [MEAVNAV]
Code: Select all
"[AGENT]" "[FILENAME]" /D /AZ /Z /DZ=3 /NB /NM /L=E:software\virus\vscan.log
I've gone over all my settings, checked the reg entry and still no luck. Anyone have a similar problem or any clues?
Gene