[thelist] McAfee AV 4.51 Download/Active Scan killing Eudora spooling.... work around
John C Bullas
jcbullas at nildram.co.uk
Sat Jan 31 04:00:41 CST 2004
Basically with McAfee active scan and download scan working the
interception of
virii during download from the mail server hangs the spooling process
resulting in possible loss of emails as spooling falls over if you stop the
process or quit eudora in mid download
I think I have found a work around
============================
#1 Email / Download scan: Disabled ... Internet Scan stays running
To allow the files in to allow the Eudora spooling process to complete
successfully
============================
#2 Active Scanning as files are opened
Explicitly ONLY Exclude the Eudora Spooling Directory, the true location of
which will be
identifiable when the unmodified active scanning picks up the attachments
as they
are spooled and quarantined, when Eudora thenn falls over in mid spool
For systems where you have the potential for different logins look for
D:\Documents and Settings\<user name>\Local Settings\Temp\EuSpool
or something of the like...... EuSpool (with one sub directory for each
personality?)
HOWEVER Active scan WILL pick up the file when it is relocated elsewhere by
the
Eudora filtering/processing to the folder:
F:\DATAFILES\eudoramailfolder\attach
or whatever you call your Eudora folder that keeps your messages in....
==============================================
#3 Scan My computer
Basically allow your regular scanning set to include all files and
heuristics etc
etc to proceed as usual.. this will pick up and deal with any remnant files
inthe spooling
directory (set to run hourly)
======== VULNERABILITIES =============
You could click on a file in the eudora spooler folder
and infect your computer as active scan ignores that folder
but the files in there don't exist for long :)
===== DOWNSIDE ======
Scan My Computer hits on a file while in the process of spooling
===== TESTING =======
I have just let a MyDoom one in without killing Eudoras download and McAfee
flagged it up
as soon as it got transferred by Eudora from the spooler directory to the
attach directory!!!!
AND There is no evidence of any active file remnants left in the spooling
directory
Any more likely downsides?
FB
More information about the thelist
mailing list