[Avcheck] Scan only incomming msg
RaBL
blaha@underworld.blansko.cz
Sun, 13 Jan 2002 19:56:19 +0100
From outside to inside: (OK)
-----------------------------
Jan 13 20:44:23 underworld postfix/smtpd[4924]: connect from
mail2.centrum.cz[195.47.108.142]
Jan 13 20:44:23 underworld postfix/smtpd[4924]: EB94643ED0:
client=mail2.centrum.cz[195.47.108.142]
Jan 13 20:44:24 underworld postfix/cleanup[4925]: EB94643ED0:
message-id=<20020113183252Z327702-7479+62@mail.centrum.cz>
Jan 13 20:44:24 underworld postfix/qmgr[3738]: EB94643ED0:
from=<rabl@centrum.cz>, size=1107, nrcpt=1 (queue active)
Jan 13 20:44:24 underworld avcheck[4928]: infected:
from=rabl@centrum.cz, to=aaa@underworld.blansko.cz, msg=infected:
EICAR-Test-File
From inside to inside:
-----------------------------
Jan 13 20:46:41 underworld postfix/smtpd[4968]: connect from
unknown[172.29.0.1]
Jan 13 20:46:41 underworld postfix/smtpd[4968]: 34F1F43ED0:
client=unknown[172.29.0.1]
Jan 13 20:46:41 underworld postfix/cleanup[4969]: 34F1F43ED0:
message-id=<3C41D3D1.7080808@underworld.blansko.cz>
Jan 13 20:46:41 underworld postfix/qmgr[3738]: 34F1F43ED0:
from=<blaha@underworld.blansko.cz>, size=1093, nrcpt=1 (queue active)
Jan 13 20:46:41 underworld postfix/smtpd[4974]: connect from
underworld[127.0.0.1]
Jan 13 20:46:41 underworld postfix/smtpd[4974]: 5469343ED4:
client=underworld[127.0.0.1]
Jan 13 20:46:41 underworld postfix/cleanup[4969]: 5469343ED4:
message-id=<3C41D3D1.7080808@underworld.blansko.cz>
Jan 13 20:46:41 underworld postfix/qmgr[3738]: 5469343ED4:
from=<blaha@underworld.blansko.cz>, size=1278, nrcpt=1 (queue active)
Jan 13 20:46:41 underworld postfix/pipe[4970]: 34F1F43ED0:
to=<aaa@underworld.blansko.cz>, relay=avcheck, delay=0, status=sent
(underworld.blansko.cz)
Jan 13 20:46:41 underworld postfix/smtpd[4974]: disconnect from
underworld[127.0.0.1]
Jan 13 20:46:41 underworld postfix/local[4975]: 5469343ED4:
to=<aaa@underworld.blansko.cz>, relay=local, delay=0, status=sent (maildir)
Msg. source:
-----------------------------
>From - Sun Jan 13 19:37:18 2002
X-UIDL: 1010951201.4975_0.underworld.blansko.cz
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <blaha@underworld.blansko.cz>
Delivered-To: aaa@underworld.blansko.cz
Received: from localhost (underworld [127.0.0.1])
by underworld.blansko.cz (Postfix) with SMTP id 5469343ED4
for <aaa@underworld.blansko.cz>; Sun, 13 Jan 2002 20:46:41 +0100 (CET)
Received: from underworld.blansko.cz (unknown [172.29.0.1])
by underworld.blansko.cz (Postfix) with ESMTP id 34F1F43ED0
for <aaa@underworld.blansko.cz>; Sun, 13 Jan 2002 20:46:41 +0100 (CET)
Message-ID: <3C41D3D1.7080808@underworld.blansko.cz>
Date: Sun, 13 Jan 2002 19:37:05 +0100
From: RaBL <blaha@underworld.blansko.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.7)
Gecko/20011221
X-Accept-Language: cs, en-us
MIME-Version: 1.0
To: aaa <aaa@underworld.blansko.cz>
Subject: FROM Eicar inside
Content-Type: multipart/mixed;
boundary="------------020809080209010509030007"
This is a multi-part message in MIME format.
--------------020809080209010509030007
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit
body
--------------020809080209010509030007
Content-Type: text/plain;
name="eicar.com"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="eicar.com"
## EICAR STRING : REMOVED :)) ##
--------------020809080209010509030007--