[Avcheck] Problem (what else?)
Milan P. Stanic
mps@rns-nis.co.yu
Tue, 28 Aug 2001 00:49:17 +0200 (CEST)
On 27-Aug-2001 Michael Tokarev wrote:
[...]
>> Log is complete because I cleaned it before sending test message. And
>> these
>> lines are only relevant ones.
>
> No it is incomplete.
>
> You not provided an entry when 607E617BFD and 641C217B3B was received by
> postfix.
> You not provided an entry when smtpd[2319] was started SMTP session
> (connect from ...)
>
> I suspect that you first sent a test message, and *then* cleared log, but
> not before. This way, you can lose random pieces of logs. With complete
> log, things will be clearer even for you yourself.
You are right. I made a mistake :(
You helped me to think three (or more) times before claiming something.
It's not excuse but when you work hard you make mistakes, sooner or later :)
Sorry.
[...]
> Note the text in eicar.msg -- I created this file especially to be
> recognized by avpdaemon (with proper .com extension and content-type
> things). And it *is* recognized. And it will be recognized in zipped
> form as well, again, with proper mime/uuencode/... things.
^^^^^^^^^^^
That is it. If I send it as application/octet-stream it is detected, but
not if text/plain or as text in message body. Strange, but the source
of problem is found.
But, I must ask again: Is it worth using if it can detect virus only in
certain types of messages?
> One idea. Maybe this all is due to line endings problem of some
> sort? For example, extra CRs when you injected mail into postfix's
> smtp? Very unlikely, but still... In this case, last reason is
> true : your tests was inaccurate.
I'm using different method to test it. XFmail client with smtp, small
perl script which sends mail over smtp, telnet to port 25 (cut and paste
eicar.txt file). All gives same results.
> And please excuse me if you fell I was too strong here -- that was
> not to offend you, really.
I understand. You helped me, really.
Best Regards,
Milan