[Exim] F-Prot letting some slip through

Top Page
Delete this message
Reply to this message
Author: Darren Casey
Date:  
To: 'Exim-users'
Subject: [Exim] F-Prot letting some slip through
Using latest exim and exiscan + F-Prot scanner

Seems to be doing a pretty good job however I noticed that there are a few
zip files getting through with MyDoom in them

I took the zips and scanned them on the mail server and they all report
virus's
Virus scanning report - 29 January 2004 @ 15:31

F-PROT ANTIVIRUS
Program version: 4.3.2
Engine version: 3.14.7

VIRUS SIGNATURE FILES
SIGN.DEF created 28 January 2004
SIGN2.DEF created 28 January 2004
MACRO.DEF created 26 January 2004

Search: document.zip
Action: Report only
Files: Attempt to identify files
Switches: <none>

/home/document.zip->document.pif Infection: W32/Mydoom.A@mm

Results of virus scanning:

Files: 1
MBRs: 0
Boot sectors: 0
Objects scanned: 2
Infected: 1
Suspicious: 0
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 0:00

The exim scanner command I am using is :-
av_scanner = cmdline:/usr/local/f-prot/f-prot %s:Infection:Infection. (.+)$

And ACL
# Reject messages containing malware.
deny message = This message contains malware ($malware_name)
     demime = *
     malware = *


accept

Just can't make out why some are getting through although its stopping
others. Has anyone any ideas where to look?

Thanks
Darren