cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed /etc and /opt

Browse Source
This commit is contained in:
cutemeli
2025-12-22 10:48:14 +00:00
parent 5ce7ca2c5d
commit 10d1afbb17
32559 changed files with 0 additions and 6756692 deletions
Download Patch File Download Diff File Expand all files Collapse all files

204
opt/drweb/doc/daemon/ChangeLog
View File

@@ -1,204 +0,0 @@
Version 6.0.2
2011-03-21 Margarita Pavlichenko <m.pavlichenko@drweb.com>
Daemon:
NEW:
* Template of a notification about license expiration can be specified now
(new parameter MessagePatternFileName);
* Now a notification about a necessity of virus database renewal is output
to log and sent to the administrator when the time passed from the last
database renewal exceeds the threshold value specified in
MaxBasesObsolescencePeriod parameter;
* Logs for various types of clients are now kept separately
(new parameter of ini-file ClientsLogs);
* Socket parameter now supports the following address format: <prefix>:<address>
(see 0045938);
* Output of the statistics for a processes pool is added (FR 0046007);
* New command line parameter --run-without-key (FR 0033851);
* Parsing of parameter values in Daemon ini-file is improved (FR 0048419);
* Fixed breaking interaction with clients after restarting Daemon (FR 51094);
* Added new Daemon return codes: DERR_PASSWORD_ARCHIVE,
DERR_UNPACK_ERROR (FR 49105);
* Added option to get the dates of the last virus databases updates (FR 12854);
* Added option to specify multiple addresses in Socket configuration
parameter (FR 45938);
* Only new or modified virus databases are now reloaded after restarting
Daemon (FR 35168);
* Ability of scanning and treatment of MBR using DRWEBD_SCAN_BOOT protocol option.
Version 6.0.1
2010-01-06 Margarita Pavlichenko <m.pavlichenko@drweb.com>
Daemon:
NEW:
* The following parameters became obsolete and were removed: UserID,
GroupID, Interfaces, SocketMode, SocketFile, SocketAccess, DaemonPort,
FilterRule, TrafficEqualPerHour, TrafficPerHour, PreFork, MaxChildren;
* Notifications about obsolence of command line parameter LANG and
configuration file parameter LngFileName are added;
* New parameter ProcessesPool for dynamic process pool support was added
(FR 0043410 except for 'stat' option);
* New command line parameters -a and --only-key (FR 43738);
* New parameters in ini-file: ControlAgent and OnlyKey (FR 44109);
* New command line parameter --check-only;
* Parameter ListeningQueue is removed.
Version 6.0.0
2010-28-05 Alexander Korkov <a.korkov@drweb.com>
NEW:
* Command line parameter --without-dazuko is removed.
Version 5.0.0
2008-25-12 Alexander Korkov <a.korkov@drweb.com>
Daemon:
NEW:
* New command line parameter --foreground=<yes|no>;
* New configuration file;
* Daemon upholds the connection with a Client after execution of a single
command, so several commands can be sent by the Client and executed
during a single session
(BugID #19664);
* A command initializing update.pl script is added.
Version 4.44.2
Daemon:
NEW:
* New parameter NotifyType={Once|Everyday|Ever}
(BugID #20666);
FIX:
* Aberrant behavior during SIGHUP is fixed
(BugID #22069);
Version 4.44.1
2008-04-11 Alexander Korkov <a.korkov@drweb.com>
Daemon:
NEW:
* Daemon continues execution when problems with license key file are found
but returns DERR_LICENSE_ERROR error code when trying to scan files
(BugID #14550);
* Additional information in notification e-mail (BugID #12226);
* Ability to turn off logging for files not being checked: new parameter
FilesTypesWarnings = { Yes | No } in configuration file (BugID #11058);
* Dr.Web Engine version output (BugID #11284);
* Output of license key file opening errors (BugID #8013);
* Timeout limitations in configuration file (BugID #8888);
* Obsolete /var/drweb/run/*.bsy.* files removal (BugID #7639).
FIX:
* Infinite waiting for e-mail notification dispatch (BugID #6205);
* SIGHUP handling (BugID #14977);
* MaxCompressionRatio parameter value parsing (BugID #7680);
* Archives encoded in base64 check (BugID #9396);
* Minor bugs and improvements (BugIDs: ##6639, 7228, 16359, 12862, 12863,
16106, 6105).
Version 4.44.0
2008-04-11 Dmitry Tupitsyn <dimon@drweb.com>
Daemon:
NEW:
* Troubleshooting when connecting to Agent in ControlAgent mode
(BugID #15384);
* Multiple notifications (BugID #18449).
FIX:
* Abnormal behaviour when NotifyPeriod parameter value is set to 0
(BugID #14174);
* Interaction with Agent using inet-socket (BugID #14530);
* Changes and fixes in /etc/init.d/drwebd script and configuration file
(BugIDs: #14527, #14621, #14632);
* Addresses parsing (BugID #15403);
* Incorrect startup when working with Monitor (BugID #14907);
* Incorrect build version output (BugID #15467);
* Incorrect startup on FreeBSD 6.0 (BugID #15466).
Version 4.33
2006-03-30 Andrey Chernyy <andreyc@drweb.com>
Daemon:
* removed ScanFiles = ByFormat and CheckPackedFiles parameters
(BugID #9080).
2005-09-26 Sergey Akhapkin <asv@drweb.com>
* New Updater, key features:
- logging into file with different levels of details logging;
- per version updating;
- new section [Updater] in configuration file drweb32.ini;
- automatically updated list of update servers;
- detailed information about update by e-mail;
Engine:
* New types of malware definitions bases:
drwnasty.vdb - for detecting AdWare and Dialers,
drwrisky.vdb - for detecting RiskWare, Hacktools and Jokes;
* New heuristic analyzer for following types of viruses:
DLOADER (Trojan.DownLoader.xxx), MULDROP (Trojan.MulDrop.xxx),
STPAGE (Trojan.StartPage), BACKDOOR (BackDoor.xxx),
PWS (Trojan.PWS.xxx),WORM and MAIL.WORM (e-mail worms).
Possible combinations:
(DLOADER|MULDROP|STPAGE)(.IRC)(.PWS).Trojan
BACKDOOR(.IRC)(.PWS).Trojan
WIN.(.IRC)(.PWS)(.MAIL).WORM.Virus;
* Added extracting files from BZIP (1.0.3) and CHM archives;
* Added support for ULTRAPROTECT packer;
* Added support for new versions of ASPACK, PECRYPT, UPX, MORPHINE,
PECOMPACT, NFO, EXPRESSOR, SQR, EXE32PACK, WWPACK32, ARM, NEOLITE, SVKP,
PESPIN, MOLEBOX, SOFTDEFENDER, MEW, TELOCK, CEXE, PEDIMINISHER, FSG,
KCUF, NSPACK, ELKA, FAKENEO, YODA, UPACK;
Daemon:
* Support of Engine update without updating binaries;
* Now Daemon and Scanner have separated localization files;
* Virus bases loading algorithm is improved;
* License key file integrity check is implemented.
Daemon:
* Supports loading more than one license key file. Multiple definitions of
Key parameter should be used (BugID #4663);
* Protocol for Daemon and clients (filters) interaction changed to improve
support for new types of malware;
* Notification about license expiration by e-mail (BugID #4105);
* Pure "per day" traffic license no longer requires "per hour" splitting.
Obsolete parameters: TrafficEqualPerHour, TrafficPerHour (BugID #4550).
Packages:
* New distribution layout for Linux. Product is separated into 5 packages:
- Engine (base);
- Updater;
- Daemon;
- Scanner;
- Scanner GUI.
Reasons: more flexible to update, dependencies are better managed;
* Integration with logrotate;
* FedoraCore4, RedHat Enterprise Linux 4, FreeBSD 5.4 support;
* Packages for OpenBSD and Solaris.
FIX:
Engine:
* Bugs in RAR, BZIP, GZIP and CAB extracting (corrupted archives);
* Bugs with some packers: MEW, MOLEBOX, PEDIMINISHER, PEPACK, ASPACK,
WWPACK32, EXE32PACK, PKLITE, WINKRIPT, MORPHINE.
Daemon:
* Bug with /dev/null as log filename when used in -log option
(BugID #3618);
* Bug with processing fifos, sockets and other irregular files
(BugIDs ##3876, 4198);
* Errors detailed output if Action for infected archive fails
(BugIDs ##3973, 4060).
Daemon:
* Bug with creating PID file (BugIDs ##5103, 5508);
* Skipping ScanFiles parameter for non-archives (BugID #5499);
* Skipping ExcludePaths parameter (BugID #5523);
* Bug with reload in PreFork mode (BugIDs ##4123, 5992, 5993);
* Bug with recurring reload in non-PreFork mode (BugID #4232);
* Bug with RejectCondition parameter value parsing (BugID #4457);
* Bugs with malware detection in broken encapsulated multipart messages
(encapsulated multipart, base64, text/html, QP) (BugID #4006);
* More flexible RFC2822 compliance;
* Bugs with reporting cured/deleted messages (BugID #4165);
* Bugs with zero-length files in non-local mode (BugID #5985).
Packages:
* Minor fixes and improvements (BugIDs ##4782, 4879, 4903, 4904, 4919,
4921, 5021, 5291, 4919, 5205, 5328, 3476, 4082, 4224, 4492, 4493, 4522,
4642, 4597, 4609, 4616).

205
opt/drweb/doc/daemon/ChangeLog.rus
View File

@@ -1,205 +0,0 @@
Version 6.0.2
2011-03-21 Margarita Pavlichenko <m.pavlichenko@drweb.com>
<20><><EFBFBD><EFBFBD><EFBFBD>:
NEW:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(<28><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ini-<2D><><EFBFBD><EFBFBD><EFBFBD> ClientsLogs);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(<28><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MessagePatternFileName);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD> <20> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
MaxBasesObsolescencePeriod);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Socket <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <prefix>:<address>(<28><>. 0045938);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (FR 46007);
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> --run-without-key (FR 0033851);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> ini-<2D><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (FR 0048419);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (FR 51094);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DERR_PASSWORD_ARCHIVE <20> DERR_UNPACK_ERROR (FR 49105);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> (FR 12854);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Socket <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (FR 45938);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (FR 35168);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MBR <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DRWEBD_SCAN_BOOT.
Version 6.0.1
2010-01-06 Margarita Pavlichenko <m.pavlichenko@drweb.com>
<20><><EFBFBD><EFBFBD><EFBFBD>:
NEW:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>: UserID, GroupID,
Interfaces, SocketMode, SocketFile, SocketAccess, DaemonPort, FilterRule,
TrafficEqualPerHour, TrafficPerHour, PreFork, MaxChildren;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
LngFileName <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> LNG <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ProcessesPool <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (FR 0043410 <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> 'stat');
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> -a <20> --only-key (FR 43738);
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> OnlyKey <20> ControlAgent (FR 44109);
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> --check-only;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ListeningQueue <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
Version 5.0.0
2008-25-12 Alexander Korkov <a.korkov@drweb.com>
<20><><EFBFBD><EFBFBD><EFBFBD>:
NEW:
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> --foreground=<yes|no>;
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(BugID #19664);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> update.pl.
Version 4.44.2
<20><><EFBFBD><EFBFBD><EFBFBD>:
NEW:
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NotifyType={Once|Everyday|Ever}
(BugID #20666);
FIX:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> SIGHUP
(BugID #22069);
Version 4.44.1
2008-04-11 Alexander Korkov <a.korkov@drweb.com>
<20><><EFBFBD><EFBFBD><EFBFBD>:
NEW:
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DERR_LICENSE_ERROR (BugID #14550);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #12226);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
<20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> FilesTypesWarnings = { Yes | No }
(BugID #11058);
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> Dr.Web (BugID #11284);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (BugID #8013);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
(BugID #8888);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> /var/drweb/run/*.bsy (BugID #7639).
FIX:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> (BugID #6205);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SIGHUP (BugID #14977);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MaxCompressionRatio (BugID #7680);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> base64 (BugID #9396);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ##6639, 7228, 16359, 12862, 12863, 16106, 6105.
Version 4.44.0
2008-04-11 Dmitry Tupitsyn <dimon@drweb.com>
<20><><EFBFBD><EFBFBD><EFBFBD>:
NEW:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ControlAgent
(BugID #15384);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #18449).
FIX:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 0 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NotifyPeriod
(BugID #14174);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
inet-<2D><><EFBFBD><EFBFBD><EFBFBD> (BugID #14530);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> /etc/init.d/drwebd, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
(BugIDs ##14527, 14621, 14632);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #15403);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>-<2D><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #14907);
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #15467);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> FreeBSD 6.0 (BugID #15466).
Version 4.33
2006-03-30 Andrey Chernyy <andreyc@drweb.com>
<20><><EFBFBD><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (ScanFiles = ByFormat) <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
CheckPackedFiles (BugID #9080).
2005-09-26 Sergey Akhapkin <asv@drweb.com>
NEW:
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
- <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [Updater] <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> drweb32.ini;
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>:
drwnasty.vdb - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
drwrisky.vdb - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>,
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>:
DLOADER (Trojan.DownLoader.xxx), MULDROP (Trojan.MulDrop.xxx),
STPAGE (Trojan.StartPage), BACKDOOR (BackDoor.xxx),
PWS (Trojan.PWS.xxx), WORM and MAIL.WORM (e-mail worms).
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
(DLOADER|MULDROP|STPAGE)(.IRC)(.PWS).Trojan
BACKDOOR(.IRC)(.PWS).Trojan
WIN.(.IRC)(.PWS)(.MAIL).WORM.Virus;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: BZIP (1.0.3), CHM;
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ULTRAPROTECT;
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ASPACK, PECRYPT, UPX, UPACK, MORPHINE,
PECOMPACT, NFO, EXPRESSOR, SQR, EXE32PACK, WWPACK32, ARM, NEOLITE, SVKP,
PESPIN, MOLEBOX, SOFTDEFENDER, MEW, TELOCK, CEXE, PEDIMINISHER, FSG,
KCUF, NSPACK, ELKA, FAKENEO, YODA.
<20><><EFBFBD><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<20><><EFBFBD><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Key <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>), <20><><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #4663);
* <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #4105);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: TrafficEqualPerHour, TrafficPerHour (BugID #4550).
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> Linux. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 5 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>);
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
- <20><><EFBFBD><EFBFBD><EFBFBD>;
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> logrotate;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FedoraCore4, RedHat Enterprise Linux 4, FreeBSD 5.4;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> OpenBSD <20> Solaris.
FIX:
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> RAR, BZIP, GZIP <20> CAB <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: MEW, MOLEBOX, PEDIMINISHER, PEPACK,
ASPACK, WWPACK32, EXE32PACK, PKLITE, WINKRIPT, MORPHINE.
<20><><EFBFBD><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (/dev/null), <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
-log (BugID #3618);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> fifos, sockets <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(BugIDs ##3876, 4198);
* <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugIDs ##3973,
4060).
<20><><EFBFBD><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PID-<2D><><EFBFBD><EFBFBD><EFBFBD> (BugIDs ##5103,
5508);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ScanFiles <20><><EFBFBD> <20><>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(BugID #5499);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ExcludePaths (BugID #5523);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (reload) <20> PreFork <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugIDs ##4123,
5992, 5993);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (reload) <20> <20><>-PreFork <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(BugID #4232);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> RejectCondition (BugID #4457);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (encapsulated multipart, base64,
text/html, QP) (BugIDs ##4006, 4796, 4873, 5982);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> RFC2822 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugID #4165);
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (BugIDs ##4782, 4879,
4903, 4904, 4919, 4921, 5021, 5291, 4919, 5205, 5328, 3476, 4082, 4224,
4492, 4493, 4522, 4642, 4597, 4609, 4616).

205
opt/drweb/doc/daemon/ChangeLog.rus.utf8
View File

@@ -1,205 +0,0 @@
Version 6.0.2
2011-03-21 Margarita Pavlichenko <m.pavlichenko@drweb.com>
Демон:
NEW:
* Добавлено разделение логов для различных типов клиентов
(новый параметер ini-файла ClientsLogs);
* Добавлена возможность задания шаблона сообщения об истечении срока действия лицензиии
(новый параметр MessagePatternFileName);
* Добавлено сообщение в лог и на почту администратору о необходимости обновления баз
при превышении порогового времени обновления вирусных баз (новый параметр
MaxBasesObsolescencePeriod);
* Параметр Socket теперь поддерживает следующий формат адреса <prefix>:<address>(см. 0045938);
* Добавлен вывод статистики для пула процессов (FR 46007);
* Новый параметр командной строки --run-without-key (FR 0033851);
* Улучшен разбор параметров в ini-файле демона (FR 0048419);
* Устранен обрыв взаимодействия с клиентами при перезагрузке демона (FR 51094);
* Добавлены новые коды возврата демона DERR_PASSWORD_ARCHIVE и DERR_UNPACK_ERROR (FR 49105);
* Добавлена возможность получения дат обновления вирусных баз (FR 12854);
* Добавлена возможность перечислять в параметре Socket несколько адресов (FR 45938);
* Добавлена перезагрузка только измененных или новых баз при перезагрузке демона (FR 35168);
* Добавлена возможность проверки и лечения MBR с помощью опции протокола DRWEBD_SCAN_BOOT.
Version 6.0.1
2010-01-06 Margarita Pavlichenko <m.pavlichenko@drweb.com>
Демон:
NEW:
* Удалены устаревшие параметры конфигурационного файла: UserID, GroupID,
Interfaces, SocketMode, SocketFile, SocketAccess, DaemonPort, FilterRule,
TrafficEqualPerHour, TrafficPerHour, PreFork, MaxChildren;
* Добавлены сообщения о том, что параметр конфигурационного файла
LngFileName и параметр командной строки LNG устарели;
* Добавлен параметр ProcessesPool для использования динамического пула
процессов (FR 0043410 кроме опции 'stat');
* Новые опции командной строки -a и --only-key (FR 43738);
* Новые параметры конфигурационного файла OnlyKey и ControlAgent (FR 44109);
* Новая опция командной строки --check-only;
* Параметр ListeningQueue удален.
Version 5.0.0
2008-25-12 Alexander Korkov <a.korkov@drweb.com>
Демон:
NEW:
* Новая опция командной строки --foreground=<yes|no>;
* Новый конфигурационный файл;
* Поддержка выполнения нескольких команд на одно соединение
(BugID #19664);
* Добавлена команда запуска скрипта обновления update.pl.
Version 4.44.2
Демон:
NEW:
* Новый параметр NotifyType={Once|Everyday|Ever}
(BugID #20666);
FIX:
* Исправлено некорректное поведение при SIGHUP
(BugID #22069);
Version 4.44.1
2008-04-11 Alexander Korkov <a.korkov@drweb.com>
Демон:
NEW:
* Демон продолжает работать при ошибке лицензии, возвращая при проверке
файлов код ответа DERR_LICENSE_ERROR (BugID #14550);
* Дополнительная информация в письме уведомления (BugID #12226);
* Возможность отключить запись в лог строк о непроверенных файлах:
новый параметр в конфигурационном файле FilesTypesWarnings = { Yes | No }
(BugID #11058);
* Вывод версии антивирусного ядра Dr.Web (BugID #11284);
* Информация о причине ошибки открытия ключа (BugID #8013);
* Ограничение на максимально допустимые тайм-ауты в конфигурационном файле
(BugID #8888);
* Удаление неактуальных файлов /var/drweb/run/*.bsy (BugID #7639).
FIX:
* Исправлено бесконечное ожидание процессом Демона процесса отправки
уведомления по почте (BugID #6205);
* Исправлены ошибки при обработке SIGHUP (BugID #14977);
* Исправлен парсинг значения параметра MaxCompressionRatio (BugID #7680);
* Исправлены ошибки проверки архивов в base64 (BugID #9396);
* Исправлены ошибки ##6639, 7228, 16359, 12862, 12863, 16106, 6105.
Version 4.44.0
2008-04-11 Dmitry Tupitsyn <dimon@drweb.com>
Демон:
NEW:
* Диагностика ошибок подключения к Агенту в режиме ControlAgent
(BugID #15384);
* Многократные уведомления (BugID #18449).
FIX:
* Исправлено неправильное поведение при значении 0 параметра NotifyPeriod
(BugID #14174);
* Исправлены ошибки подключения Демона при взаимодействии с Агентом через
inet-сокет (BugID #14530);
* Исправлен скрипт /etc/init.d/drwebd, ошибки в конфигурационном файле
(BugIDs ##14527, 14621, 14632);
* Исправлены ошибки парсинга адресов (BugID #15403);
* Исправлена ошибка старта из-под Монитора (BugID #14907);
* Вывод корректной версии сборки (BugID #15467);
* Исправлена ошибка старта на FreeBSD 6.0 (BugID #15466).
Version 4.33
2006-03-30 Andrey Chernyy <andreyc@drweb.com>
Демон:
* Удалена поддержка проверки по формату (ScanFiles = ByFormat) и параметр
CheckPackedFiles (BugID #9080).
2005-09-26 Sergey Akhapkin <asv@drweb.com>
NEW:
* Новый модуль обновления, его ключевые особенности:
- ведение лога обновлений различной степени детализации;
- обновление антивирусного ядра свежими версиями при соблюдении
совместимости;
- новая секция [Updater] в конфигурационном файле drweb32.ini;
- поддержка автоматического обновления списка серверов обновлений;
- посылка отчета об обновлении почтой.
Антивирусное ядро:
* Расширенные базы для распознавания новых типов вредоносного ПО:
drwnasty.vdb - для распознавания рекламного ПО и программ автодозвона,
drwrisky.vdb - для распознавания потенциально опасного ПО,
программ-шуток и программ, используемых для взлома;
* Новый эвристический анализатор, который позволяет обнаруживать новые
модификации вирусов следующих типов:
DLOADER (Trojan.DownLoader.xxx), MULDROP (Trojan.MulDrop.xxx),
STPAGE (Trojan.StartPage), BACKDOOR (BackDoor.xxx),
PWS (Trojan.PWS.xxx), WORM and MAIL.WORM (e-mail worms).
Возможные комбинации:
(DLOADER|MULDROP|STPAGE)(.IRC)(.PWS).Trojan
BACKDOOR(.IRC)(.PWS).Trojan
WIN.(.IRC)(.PWS)(.MAIL).WORM.Virus;
* Распаковка архивов: BZIP (1.0.3), CHM;
* Новые упаковщики: ULTRAPROTECT;
* Новые версии упаковщиков: ASPACK, PECRYPT, UPX, UPACK, MORPHINE,
PECOMPACT, NFO, EXPRESSOR, SQR, EXE32PACK, WWPACK32, ARM, NEOLITE, SVKP,
PESPIN, MOLEBOX, SOFTDEFENDER, MEW, TELOCK, CEXE, PEDIMINISHER, FSG,
KCUF, NSPACK, ELKA, FAKENEO, YODA.
Демон:
* Поддержка обновления антивирусного ядра без смены версии программы;
* Разделены файлы локализации;
* Улучшен алгоритм загрузки вирусных баз;
* Улучшена проверка целостности ключевых файлов.
Демон:
* Поддержка загрузки более одного ключевого файла (надо использовать
несколько определений параметра Key в конфигурационном файле), что
позволяет раздельно оперировать разными типами лицензий (BugID #4663);
* Для поддержки новых типов вредоносного ПО изменен протокол
взаимодействия между Демоном и клиентами (фильтрами);
* Поддержка уведомлений об истечении срока действия лицензии (BugID #4105);
* Трафиковая лицензия более не требует почасовой разбивки. Устаревшие
параметры: TrafficEqualPerHour, TrafficPerHour (BugID #4550).
Пакеты:
* Новая компоновка пакетов под Linux. Продукты разделены на 5 пакетов:
- базовый (антивирусное ядро и вирусные базы);
- модуль обновлений;
- Демон;
- Сканер;
- графическая оболочка Сканера.
Причины: удобство обновления пакетов, разделение зависимостей;
* Добавлена интеграция с logrotate;
* Поддержка FedoraCore4, RedHat Enterprise Linux 4, FreeBSD 5.4;
* Доступны пакеты для OpenBSD и Solaris.
FIX:
Антивирусное ядро:
* Исправлены ошибки при распаковке RAR, BZIP, GZIP и CAB архивов (в
основном поврежденных);
* Исправлены ошибки в упаковщиках: MEW, MOLEBOX, PEDIMINISHER, PEPACK,
ASPACK, WWPACK32, EXE32PACK, PKLITE, WINKRIPT, MORPHINE.
Демон:
* Перезапись нерегулярных файлов (/dev/null), если они заданы через опцию
-log (BugID #3618);
* Исправлены ошибки обработки fifos, sockets и прочих нерегулярных файлов
(BugIDs ##3876, 4198);
* Более детальный вывод ошибок для инфицированных архивов (BugIDs ##3973,
4060).
Демон:
* Исправлена проблема, связанная с созданием PID-файла (BugIDs ##5103,
5508);
* Исправлено игнорирование параметра ScanFiles для не-архивов
(BugID #5499);
* Исправлено игнорирование параметра ExcludePaths (BugID #5523);
* Исправлены ошибки перезагрузки (reload) в PreFork режиме (BugIDs ##4123,
5992, 5993);
* Исправлена ошибка с повторной перезагрузкой (reload) в не-PreFork режиме
(BugID #4232);
* Исправлена ошибка в обработке параметра RejectCondition (BugID #4457);
* Исправлены ошибки, связанные с обнаружением вредоносного ПО в
поврежденных частях почтовых сообщений (encapsulated multipart, base64,
text/html, QP) (BugIDs ##4006, 4796, 4873, 5982);
* Смягчены требования к формату RFC2822 почтовых сообщений;
* Исправлена обработка ошибок лечения/удаления (BugID #4165);
* Исправлена обработка файлов нулевой длины в удаленном режиме.
Пакеты:
* Исправлены многочисленные незначительные ошибки (BugIDs ##4782, 4879,
4903, 4904, 4919, 4921, 5021, 5291, 4919, 5205, 5328, 3476, 4082, 4224,
4492, 4493, 4522, 4642, 4597, 4609, 4616).

837
opt/drweb/doc/daemon/FAQ
View File

@@ -1,837 +0,0 @@
Contents:
~~~~~~~~~
0) Why should I upgrade my drwebd version? The old version works perfectly.
1) The <20> virus is not detected. Why?
2) I experience the following problem: if update.pl is launched from the command line everything is updated,
and nothing gets updated if it is launched from the cron, though the logs show the cron completes its tasks
without fault...
3) What is in the UpdatePath?
4) Version prior to 4.30. The log shows
Jul 3 13:50:18 mail drweb-smf: dwlib: scan: message sent by <alex@gamma> is passed
Jul 3 13:50:18 mail drweb-smf: [g639oGJI030655]: processing message from <alex@gamma> completed (exit code 3)
What does (exit code 3) mean?
5) One of my clients (and only one!) experiences the following -
mail is not sent no matter how many times
he presses the "Wait" button in Outlook.
The following is written to the maillog by sendmail:
drweb-smf: message from <address@domain> is aborted
Please explain if something goes wrong with sendmail or Dr.Web?
6) I have installed drweb with qmail. All works well, but the sender of a virus receives two messages: the one
reads that there is a virus in the message, the other - that the message can not be delivered: Remote host
said: 554
mail server permanently rejected message (#5.3.0)
Can I somehow disable sending of such messages as users may think there is an error on the server..
7) What do the question marks in drweb-smf.log mean?
Nov 26 14:36:13 proba drweb-smf: [???]: ...
8) What do the Expires= and the SubscriptionExpires= fields
in the key file (for example drwebd.key) mean?
9) Can I use virus bases of version 4.30 with version 4.31?
10) drweb.tmp.60gkxo/$ARCHIVE_NAME/$FILE_IN_ARCHIVE - compression ratio is too high (2770944 :
35154)
...
Dr.Web scanning statistics:
Evaluation key used !
Archive restriction : 21
...
What does it mean and what should I do in this situation?
11) I tried to bundle Dr.Web and Postfix. The mail does not go through at all.
When I have checked the logs one line seemed suspicious
Jul 17 12:55:01 mailhub sendmail[29437]: h6H9t0sh029437: Authentication-Warning: host.domain.tld: drweb
set sender
or:
Apr 20 17:32:31 mailhub sendmail[33617]: h3KDWVlV033617: from=name@example.com, size=38592,
class=0, nrcpts=1, msgid=<msg-id4358035@example.com>, relay=drweb@localhost
What can be the reason of the problem?
12) I have drweb-sendmail-4.30 installed. From time to time the following error message is displayed:
Nov 9 22:55:49 mail drweb-smf: drweb_smf.c(667) - FATAL ERROR: cannot extract private data from
context
Please, explain!
13) When a message with a file attached is sent, the daemon checks all correctly, here goes an extract of
the log:
Nov 5 14:59:27 relay sendmail[22756]: hA5CxRIm022756: from=<foo@example.com>, size=15600,
class=0, nrcpts=1, msgid=<msg-id#@example.com>, proto=ESMTP, daemon=MTA, relay=domain.tld
[10.0.0.1]
But, when the same message is sent and NAV scans all outgoing messages (the clinet from which I sent
the message from) the following is reported:
Nov 5 14:58:48 relay sendmail[22751]: hA5CwlIm022751:from=<foo@example.com>, size=0, class=0,
nrcpts=1,proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.2]
Nov 5 14:58:48 relay drweb-smf: [hA5CwlIm022751]: message from foo@example.com is aborted
s
14) I have drweb-4.29.5 installed. A strange thing happened: I received a mail with Gibe.2:
Wed Nov 12 08:56:20 2003 [1459] /var/spool/filter/drweb.tmp.HM5dmX/[text:html] - Ok
Wed Nov 12 08:56:20 2003 [1459] >>/var/spool/filter/drweb.tmp.HM5dmX/cgmgf.exe - Ok
At the same time, the on-line check (http://online.drweb.com):
...
cgmgf.exe packed by UPX
>cgmgf.exe infected with Win32.HLLM.Gibe.2
15) I have Dr.Web daemon + Dr.Web for CGP installed; the headings filtering is enabled (RuleFilter = on +
RuleFitlerAlert = reject),
but for some blocked messages notifications are not received by the sender and the administrator receives
two messages:
16) I have Dr.Web for Sendmail (version prior to 4.30.1 or compiled from the supplied source code) installed.
Sometimes the filter terminates without any visible reasons. What can it be?
17) I have the Dr.Web mail filter installed. For infected objects the discard action (Infected = discard) is set,
but notifications are still received. Why? I don't want them to be sent.
18) I have installed your mail filter and sent a message with a virus (a friend of mine has given it to me). The
virus was detected, but only the administrator has received a notification, though I have enabled notifications
for all. Why is that?
19) I have Dr.Web Daemon & Dr.Web for Sendmail installed. The mail messages are not checked for
viruses and the mail log has the following entries:
...
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: milter_read(drweb-filter): cmd read returned
4, expecting 5
20) I have received an interesting file called "something.jpg .exe". The on-line check reports it is clean.
Where can I check it?
21) I have installed a mail filter, but notifications are received by the administrator only, though in
drweb_{mta}.conf:
...
[VirusNotification]
SenderNotify = yes
RcptsNotify = yes
AdminNotify = yes
...
the masks are specified and available. What is the reason of the problem?
22 It is difficult to understand your licensing policy. Which programs and licenses are suitable for what?
23) FreeBSD 4.x (x =< 7) system. I have installed version 4.31 and receive:
/usr/libexec/ld-elf.so.1: Undefined symbol "__stdoutp"
referenced from COPY relocation in /usr/local/drweb/drweb-smf
24) I have installed Dr.Web for Sendmail, but it does not check the mail. The daemon log reads:
===
Daemon is loaded, active interfaces: 127.0.0.1:3000
Unknown command received: 13
===
or
===
Daemon is installed, active interfaces: 127.0.0.1:3000
Unknown command received: 13!
===
What should I do ?
25) The FreeBSD system. The rules filter (RejectCondition) in daemon does not work if the Russian
language is used in rules? What should I do?
26) I decided to check the Dr.Web filter at http://www.testvirus.org, but in 25 tests made Dr.Web have
missed some variants. How can you comment this?
27) After installing some virus database update version 4.29.2 (4.29.5) has got trapped at a large amount of
messages. Why?
28) I have installed Dr.Web Daemon and Dr.Web Filter for Sendmail. It seems to be configured
properly but filter doesn't run and I see folling messages in /var/log/messages:
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port 3000@localhost: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn 3000@localhost
or
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port local:/var/drweb/run/.daemon: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn local:/var/drweb/run/.daemon
29) I have installed Dr.Web daemon and mail filter. Sometimes I receive alerts about
unchecked messages with reason:
===
The filter cannot connect to the DrWEB daemon
===
What can I do to avoid this problem ?
30) I have installed 4.32.x Dr.Web daemon and mail filter. I think I have discovered a bug:
a user sends a partial message, the message is delivered but user receives a notification.
Action for "skipped" objects is "pass".
Contents:
~~~~~~~~~
0) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: Why should I upgrade? The old version works perfectly.
A: It will work for the some time only. There are several reasons for an upgrade:
- the new virus search module (drweb32.dll) is used in new versions; some new features can be added: new
packers (for example, in version 4.30 the FSG packer), new archivers (example: 4.30 - LHA), new curing
procedures of viruses (it is more important for Windows versions, though), and the old version may not
detect much of new viruses (example: 4.29 does not detect Win32.HLLM.Dumaru, as it is packed with FSG).
- though the updates within the main version (4.29 and 4.30 have a common main version 4.xx) are
compatible, the efficiency and ability to detect viruses by old versions with new updates are not tested.
1) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: The <20> virus is not detected. Why?
A: Firstly, try to scan the virus at our on-line virus check on http://online.drweb.com. If the virus is not
detected, then send it to our virus analyzers. If the virus is detected, then make sure that:
1) all bases are enabled (the most common mistake with the main base drwebase.vdb).
---
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drwebd.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
2) a valid key is loaded (it can also be a trial key)
Note: starting from version 4.30 the daemon will not be loaded if a valid key is not found.
Examples when the key is not loaded:
--- there is no key at all, for example, the wrong path is set
Fri Feb 1 14:43:33 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:43:33 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:43:33 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:43:34 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
--- the key is incorrect (for example, the misprint in drweb32.ini)
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drweb.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:43:33 2002 Registration key mismatches application!
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 27860
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
When the daemon is loaded with the correct key it looks as follows:
---
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drwebd.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 27860
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
2) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I experience the problem: if update.pl is launched from the command line everything is updated, and
nothing gets updated if it is launched from the cron, though the logs show the cron works well
A: The environment variables of the cron are different, you should define the full path to wget,
for example /usr/bin/wget
3) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: What is in UpdatePath?
A: The path to the catalogue the new components will be stored in, which can be substituted automatically,
or if the location for them is unknown (for example, new files of the Documentation).
4) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: version prior to 4.30. Log messages
Jul 3 13:50:18 mail drweb-smf: dwlib: scan: message sent by <alex@gamma> is passed
Jul 3 13:50:18 mail drweb-smf: [g639oGJI030655]: processing message from <alex@gamma> completed
(exit code 3)
What does (exit code 3) mean?
A: Exit code 3 means the filter's answer to sendmail, that the message must be passed (PASS). The code is
internal; it will be soon removed from the message.
5) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: One of the clients (only one) experience the following -
the mail is not sent no matter how many times he
presses the "Wait" button in Outlook.
The following is written to the maillog by sendmail:
drweb-smf: message from <address@domain> is aborted
Please, explain, is something goes wrong with sendmail, Dr.Web or the user?
A: The filter has definitely nothing to do with this situation. This message means the sendmail said the filter
that all the data associated with this mail can be released - and the mail processing is interrupted. The filter
cannot determine what caused the interruption of processing (the client or the sendmail).
{sendmail}/libmilter/docs/xxfi_abort.html
...
xxfi_abort is only called if the message is aborted OUTSIDE the
filter's control and the filter has not completed its
message-oriented processing. ...
Hint: It is most likely, that Norton Personal Firewall
or Norton Information Security (NIS) are installed; they begin every mail session with an empty message,
such messages are not accepted by sendmail.
Q: Yesterday evening I have disabled, just for test purposes, drweb on MTA.
The result is depressing: no "aborted" up till present!
A: No wonder - the filter performs such diagnostics.
"Is aborted" is written by the filter when Sendmail "said" the filter to suspend the processing (for example,
due to the break in connection).
Check the logs before "is aborted" and, most likely, you will see the reason yourself.
6) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have installed drweb with qmail. But the sender of a virus receives two messages: the one reads that
there is a virus in the message, the other - that the message can not be delivered: Remote host said: 554
mail server permanently rejected message (#5.3.0)
Can I somehow disable sending of such message as the user may think there is an error on the server
A: This is a problem (or maybe not a problem) with all filters. And there is a strong reason to do it as it is
done now: the mail message MUST NOT disappear. If to enable the discard option (that is what you
propose, i.e. to accept the virus, not to move it somewhere, write a notification and say that everything is
<EFBFBD><EFBFBD>), then the message will disappear.
7) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: What do the question marks in drweb-smf.log mean?
Nov 26 14:36:13 proba drweb-smf: [???]: ...
A: This means, that the filter could not define the message-id (this is an internal ID for sendmail) of this
message. In version 8.11 of sendmail this could not be avoided, in sendmail-8.12, to enable the filter to write
sendmail's message-id to the log you have to add the following line should be included to sendmail.cf:
------------------- cut ---------------------
O Milter.macros.envfrom=i, ...
------------------- cut ---------------------
(the dots mean other parameters, their values are not important).
8) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: What does the Expires= and the SubscriptionExpires= fields
in the key file (for example drwebd.key) mean?
A: 1. The key will work with all versions issued before the SubscriptionExpires date, and during this term
there is a possibility to update from the commercial updates area (for more details contact the distributor).
2. The key becomes null and void after the Expires date, starting from version 4.30 the daemon will not be
loaded at all, the prior versions shifted to the "without key" mode (when the mail was not checked).
9) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: Do databases of version 4.31 match the bases of version 4.30?
A: It is best to upgrade. Why? Read the answer to question #0 of this FAQ.
Only adds-on are compatible, the main bases are NOT compatible; thus the set of the loaded bases for
version 4.30 is as follows:
+ drwebase.vdb v.4.30
+ all adds-on v.4.30 (drw430xx.vdb xx=01..26)
+ all adds-on v.4.31,(drw430yy.vdb yy=02..current)
!Important drw43101.vdb is not necessary in v.4.30
+ drwtoday.vdb
The standard updating script update.pl creates this very configuration of bases...
10) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Definitions in question:
$MTA - the name of the mail system (CGP, Sendmail, Postfix and so on)
$ARCHIVE_NAME - the name of the archive in the message (for example docs.zip, demo.ppt and so on)
$FILE_IN_ARCHIVE - the name o the file inside the archive (for example otchet.doc, Storage0 and so on)
Q: I have an $MTA and mail filter installed on the server.
Today I receive a message which reads as follows:
--- cut ---
This message was not delivered as an object breaking the restrictions set for archives has been found.
Sender = sender@domain.com
Recipients = receiver@domain.com
Subject = Subject
Identificator = msg-id-NNNN@domain.com
--- Dr.Web report ---
Detailed Dr.Web report:
...
drweb.tmp.60gkxo/$ARCHIVE_NAME/$FILE_IN_ARCHIVE - compression ratio is too high (2770944 :
35154)
...
Dr.Web Scanning statistics:
Evaluation key used !
Archive restriction : 21
--- cut ---
What does it mean and what should I do in this situation?
A:
This means, that in drweb_$MTA.conf:
[Actions]
ArchiveRestriction = reject or quarantine
And in drweb32.ini:
[Daemon]
...
The MaxCompressionRatio is less than 78 (divide 2770944 by 35154)
Below goes what you should do:
There are two solutions of the problem:
<EFBFBD>) Expand the MaxCompressionRatio (say, to 200-500) and restart the daemon. You can also comment the
parameter (which means it should be infinite). But mind, that in this case an attack at your mail system with
the aim to temporary disable it becomes possible; when a malefactor will send the so-called "mail bombs",
their check will take a substantial time and a huge portion (or even all) disk space.
<EFBFBD>) Set ArchiveRestriction = pass
In this case, the virus can be sent inside the archive, if it can be compressed more than the
MaxCompressionRatio (a script virus, for example).
11) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I tried to bundle Dr.Web with Postfix. The mail does not goes through at all.
When I have checked the logs one line seemed suspicious
Jul 17 12:55:01 mailhub sendmail[29437]: h6H9t0sh029437: Authentication-Warning: host.domain.tld: drweb
set sender
or:
Apr 20 17:32:31 mailhub sendmail[33617]: h3KDWVlV033617: from=name@example.com, size=38592,
class=0, nrcpts=1, msgid=<msg-id4358035@example.com>, relay=drweb@localhost
What can be the reason of the problem?
A: The reason lies in incorrect mail system setting:
sendmail[....]: .... - this log belongs to sendmail (www.sendmail.org), but not to the postfix substitutor of
sendmail (it is supplied with postfix).
That is why in drweb_postfix.conf:
[Mailer]
Sendmail = ...
Set the path to the postfix substitutor of sendmail.
For example, if installed using the source code it is located somewhere in /usr/libexec/postfix/sendmail
PS: By the way, it is quite strange that you have postfix, but in /usr/sbin the real sendmail is located.
12) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have drweb-sendmail-4.30 installed. From time to time the following error message is displayed:
Nov 9 22:55:49 mail drweb-smf: drweb_smf.c(667) - FATAL ERROR: cannot extract private data from
context
Please, explain!
A: This is an error. To remove it, you can either
1. set drweb_smf.conf:
HeloInReceived = no
2. or upgrade the version.
13) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: When a message with a file attached is sent, the daemon checks all correctly, here goes an extract of the
log:
Nov 5 14:59:27 relay sendmail[22756]: hA5CxRIm022756: from=<foo@example.com>, size=15600,
class=0, nrcpts=1, msgid=<msg-id#@example.com>, proto=ESMTP, daemon=MTA, relay=domain.tld
[10.0.0.1]
But, when the same message is sent, NAV checks out-going messages (the clinet from which I sent the
message from) and the following is reported:
Nov 5 14:58:48 relay sendmail[22751]: hA5CwlIm022751:from=<foo@example.com>, size=0, class=0,
nrcpts=1,proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.2]
Nov 5 14:58:48 relay drweb-smf: [hA5CwlIm022751]: message from foo@example.com is aborted
A: NAV is trying, for some reason, (I don't know why) to send an empty message, i.e. it is completely empty
and does not have any heading. Sendmail does not like it and it terminates the receipt of this message and
notifies a filter about it. The filter simply ascertains the fact. See also the question #5
14) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have drweb-4.29.5 installed. A strange thing happened: I received a mail with Gibe.2:
Wed Nov 12 08:56:20 2003 [1459] /var/spool/filter/drweb.tmp.HM5dmX/[text:html] - Ok
Wed Nov 12 08:56:20 2003 [1459] >>/var/spool/filter/drweb.tmp.HM5dmX/cgmgf.exe - Ok
At the same time, on-line check (http://online.drweb.com):
...
cgmgf.exe packed by UPX
>cgmgf.exe infected with Win32.HLLM.Gibe.2
Scan report for "cgmgf.exe":
Scanned : 1 Cured : 0
Infected : 1 Deleted : 0
...
Here goes the daemon load log:
Wed Nov 12 04:02:07 2003 SIGHUP received, reloading...
Wed Nov 12 04:02:07 2003 Dr.Web (R) daemon for Linux, version 4.29.5 (January 6, 2003)
...
Wed Nov 12 04:02:08 2003 Key file: /opt/drweb/drwebd.key
Wed Nov 12 04:02:08 2003 Registration info:
Wed Nov 12 04:02:08 2003 0100000003
Wed Nov 12 04:02:08 2003 Evaluation key ID Anti-virus Lab St.Petersburg
Wed Nov 12 04:02:08 2003 Your registration key has expired!
...
Wed Nov 12 04:02:08 2003 This is an EVALUATION version with limited
...
A: The demo-keys are issued:
<EFBFBD>) for a particular version, i.e. the key for another version will not be valid
b) they are valid for a limited period of time (on 01.02.2004 this term equals to 1 year),
after its expiration the key becomes void.
The cited error message says that the daemon will operate without the key, it will detect only the unpacked
viruses. By the way, starting from version 4.30 the daemon will not be loaded if the valid key is not available.
And here is an explanation why the viruses are not detected. The first level MIME is unpacked without the
key (this is an error of version 4.29.<2E>), but all other checks follow the key permissions, accordingly, all
archives (RAR, ZIP, etc.), and packers UPX, DIET, etc.) and attached MIMEs are not checked.
15) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have Dr.Web daemon + Dr.Web for CommuniGate Pro installed; the headings filtering is enabled
(RuleFilter = on + RuleFitlerAlert = reject), but for some blocked messages notifications are not received
by a sender, but the administrator receives two messages:
Subject: Rule rejected message
Date: Thu, 13 Nov 2003 17:18:02 +0300
From: DrWeb-DAEMON <DrWEB-DAEMON@example.com>
To: System Administrator <postmaster@example.com>
Sender = <> (may be forged)
Recipients = postmaster@example.com
...
A: This happens, if, among the rules, there are rules regulating the
Subject: header. As CommuniGate Pro in the notification to a sender (and the administrator) uses the old header,
the notifications have been also blocked by the filter.
16) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have Dr.Web for Sendmail (version prior to 4.30.1 or compiled from the source code) installed.
Sometimes the filter terminates without any visible reasons. What can it be?
A: Yes, this may happen. The reason lies in the libmilter (written by the sendmail authors). It usually
happens when the server is overloaded, then system logs may have the messages as follows:
Nov 20 19:54:09 name drweb-smf: Dr.WEB Sendmail filter VER: malloc(ctx) failed (12), abort
<EFBFBD><EFBFBD><EFBFBD>
Nov 20 19:54:09 name drweb-smf: Dr.WEB Sendmail filter VER: thread_create() failed: 11, abort
Starting from version 4.30.1 we use the modified version of the libmilter. We also issued a patch for the
original version of sendmail-8.12.9. There is no other way of solution of the problem so far.
Write to us if you believe this is not the reason of the filter termination, we shall examine the case.
17) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have the Dr.Web mail filter installed. For the infected objects the discard action (Infected = discard) is
set, but notifications are still received. Why? I don't want them to be sent.
A: The actions set in the [Actions] section and the notifications set in the [...Notifications] sections work
independently: the action is needed for the filter to know what to answer your mail server; the notifications
may be sent not depending upon the action set (Exception: the pass action -
notifications are not sent). Thus, if you do not want to receive notifications you should disable them in the
correspondent section. For your particular case:
[VirusNotifications]
SenderNotify = no
AdminNotify = no
RcptsNotify = no
...
18) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have installed your mail filter and sent a message with a virus (a friend of mine has given it to me). The
virus was detected, but only the administrator has received a notification, though I have enabled notifications
for all. Why is that?
A: Most likely, the notification policy for the virus you have sent, is changed in the configuration file
/etc/drweb/viruses.conf (more precisely, with the help of the configuration file defined in the
UnnotificableVirusesList parameter in the main configuration file).
19) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have Dr.Web Daemon & Dr.Web for Sendmail installed. The mail messages are not checked for viruses
and the mail log has the following entries:
...
Nov 24 19:11:20 vulture sendmail[873]: /etc/mail/aliases: 37 aliases, longest 12 bytes, 423 bytes total
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: milter_read(drweb-filter): cmd read returned 4,
expecting 5
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): to error state
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): init failed to open
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): to error state
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: from=<adm@test.ru>, size=803, class=0,
nrcpts=1, msgid=<60270330044.20031124191101@100h.ru>, proto=ESMTP, daemon=MTA,
relay=[192.168.*.**]
Nov 24 19:11:48 vulture sendmail[880]: hAO9Bmvr000878: to=<shest@test.ru>, ctladdr=<adm@test.ru>
(1012/6), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31026, relay=local, dsn=2.0.0, stat=Sent
A:
You have connected the filter incorrectly. In sendmail.cf (.mc) you have defined the address of the daemon
(drwebd), but you should define the address where the filter (drweb-smf) will wait for requests from sendmail
- the same address is listed in the MilterAddress parameter in the [Mailer] section of file drweb_smf.conf.
The daemon address is shown in drweb32.ini in the Socket parameter and in the Address parameter of the
[DaemonCommunication] section of drweb_smf.conf.
Besides, to generate the correct additions to sendmail.cf (.mc)
And the script for the automatic filter startup you can use the {drweb}/doc/sendmail/configure utility.
20) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have received an interesting file called "something.jpg .exe". The on-line check reports it is clean.
Where can I check it?
A: There is an address for suspicious files and attachments:
newvirus@drweb.com. It is best to pack the suspicious file in the password-protected archive.
Please include the password and the brief information on your suspicions in the accompanying message.
21) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have installed a mail filter, but notifications are received by the administrator only, though in
drweb_{mta}.conf:
...
[VirusNotification]
SenderNotify = yes
RcptsNotify = yes
AdminNotify = yes
...
the masks are specified and available. What is the reason of the problem?
A: The reason is that most viruses received through the mail are the so-called "worms", the notifications
policy for such viruses is changed in viruses.conf (or in the file defined in drweb_{mta}.conf -> [Actions]
-> UnnotificableVirusesList) (the entry Win32.HLLM). The reason is that the "worms" usually spoof the
sender's addresses and the recipient's address is randomly chosen (from the victim's address book, as a
rule). That's why the notification to a sender is considered as a "spam".
22) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: It is difficult to understand what kind of program and license you offer is needed for?
A: At present, there are three types of programs available:
- scanner (drweb)
- daemon (drwebd)
- mail filters (drweb-smf, drweb-postfix, ...)
and file filters(smb_spider, drweb-icapd)
The scanner checks files on the drive. The list of files to be checked is either specified in the parameters, or
is read from a standard input stream. You need a separate license for the scanner.
Filters do not check themselves, they can only "intercept" the mail (CommuniGate, Sendmail, ... ) and files
(Samba, Squid) from correspondent programs.
There is no need in separate license for them. And more, the source codes for some of them are available at
our site. Thus, without active daemon the filters are useless.
The Daemon checks the files on the drive and the data received through the network connections from filters
or other programs on a special protocol. There are two types of licenses for the daemon - the "mail license"
(it checks addresses and traffic) and the "file license". You need the "mail license" if the daemon will be
bundled with mail filters.
You need the "file license" if the daemon will be bundled with file filters (Samba, Squid).
PS: If the "file license" is purchased the daemon will NOT check the mail, and visa versa. You can buy both
licenses with one key.
23) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: The FreeBSD 4.x (x =< 7) system. I have installed version 4.31 and receive:
/usr/local/drweb > ./drweb-smf.sh start
/usr/libexec/ld-elf.so.1: Undefined symbol "__stdoutp"
referenced from COPY relocation in /usr/local/drweb/drweb-smf
What should I do?
A: Use drweb-smf.static, the same goes with other filters.
24) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have installed Dr.Web Sendmail, but it does not check the mail. The daemon log reads:
===
Daemon is installed, active interfaces: 127.0.0.1:3000
Unknown command received: 13!
===
(asv: or, if the use of russian.dwl is enabled)
===
Daemon is loaded, active interfaces: 127.0.0.1:3000
Unknown command received: 13
===
What should I do?
A: Read the answer to question #19, your experience the same problem.
25) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: The FreeBSD system. The rules filter (RejectCondition) in daemon does not work if the Russian language
is used in rules? What should I do?
A: Firstly, the rules should be set in the KOI8-R encoding.
Secondly, understand, that if the header you want to filter (for example, Subject:) is 8bit encoded (which
means it breaks the standard for mail, as it must be encoded =?koi8-r?B?..?= or =?cp1251?Q?..?=, i.e. you
have to specify the encoding),
it will be compared without taking into account the encoding. Such messages (8bit encoded) can also be
blocked by the filter:
RejectCondition Subject = "8bit"
And finally, the locale should be correctly set to KOI8-R for the user with whose rights the daemon is
launched:
1. Add to file /etc/login.conf (though it is usually present):
#
# Russian Users Accounts. Setup proper environment variables.
#
russian:Russian Users Accounts:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:\
:tc=default:
For updating /etc/login.conf.db:
# cap_mkdb /etc/login.conf
2. Now, the drweb user should indicate that it belongs to class russian:
# pw usermod drweb -L russian
3. Sometimes it is necessary, in the daemon launching script, to add before the line "case "$1" in"
LC_ALL=ru_RU.KOI8-R
export LC_ALL
4. Restart the daemon...
26) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I decided to check the Dr.Web filter at http://www.testvirus.org, but in 25 tests made Dr.Web have missed
some variants. What can you say to that?
A: As on May 19, 2004, as the site could have changed, and the tests as well, we have missed the following
tests:
Test #12: Eicar virus within a password protected ZIP file
Test #24: Test for the "Partial (Fragmented) Vulnerability". This does not include Eicar virus,
but your mail server still must block this since it can break a virus into multiple
emails and reassemble it in your inbox.
- It may be blocked, if the SkipObject option is switched from pass to any other action
Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat)
- The TNEF format is not parsed at present.
Test #25: Attachment with a CLSID extension, which may hide the real file extension. This does not
include the Eicar virus, but your mail server still must block this since it can hide the true extension of
a file
- The message does not contain a viral code.
Test #16: Eicar string in HTML, to ensure that your mail server scans HTML segments
Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability"
Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability"
Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"
- Being such, the virus is not dangerous and will not proliferate, it can simply be called a garbage.
By the way, in samples #16 and #21 the scanner does detect the virus, but the daemon parses the mail
more quickly and simply.
27) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: After the usual update the version 4.29.2 (or 4.29.5) has become unstable under high load (large number
of messages) Why?
A: The problem does not lie in bases, (this can easily be checked if to launch the daemon from the main
base only and the "problem" update); this is an error of version 4.29 (particularly, of drweb32.dll of version
4.29). Thus, the upgrade is the only possible solution, as we do not issue fixes for old versions. The reason
is explained in question #0.
28) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I've installed Dr.Web Daemon and Dr.Web Filter for Sendmail. It seems to be configured
properly but filter doesn't run and I see folling messages in /var/log/messages:
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port 3000@localhost: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn 3000@localhost
or
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port local:/var/drweb/run/.daemon: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn local:/var/drweb/run/.daemon
A: You have speficied Dr.Web Daemons connections definition in option MilterAddress (section
[Mailer] of drweb_smf.conf) instead definition of connection is used for communication
between filter and sendmail (this definition also is specified in sendmail.cf). So you
should have something like this:
in drweb32.ini
Socket = 3000 localhost
in drweb_smf.conf:
[DaemonCommunication]
Address = inet:3000@localhost
...
[Mailer]
...
MilterAddress = inet:3001@localhost
and in sendmail.cf:
Xdrweb-filter, S=inet:3001@localhost, F=T, T=C:1m;S:5m;R:5m;E:1h
29) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I have installed Dr.Web daemon and mail filter. Sometimes I receive alerts about
unchecked messages with reason:
===
The filter cannot connect to the DrWEB daemon
===
What can I do to avoid this problem ?
A: We have known two general reason for this problem:
a) Daemons incoming queue overflows if load has sharply increased.
b) Daemon is not ready for some reasons.
So you have two ways to avoid these problems. Second way more general and reliable.
i) Use two or more sockets for communication between daemon and filter.
Configurations example:
drweb32.ini:
Socket = /var/drweb/run/.drwebd
Socket = 3000 localhost
drweb_{mta}.conf: ({mta} = smf, cgp, postfix, exim, qmail, zmailer, courier or mio)
[DaemonCommunication]
Address = local:/var/drweb/run/.drwebd, inet:3000@localhost
ii) Use reserved daemon (on same host or on another host that more reliable) would
smooth load burstness or works while first daemon is not ready.
Configurations example:
drweb_{mta}.conf: ({mta} = smf, cgp, postfix, exim, qmail, zmailer, courier or mio)
[DaemonCommunication]
Address = local:/var/drweb/run/.drwebd, inet:3000@another.myhost.example.com
NOTE: LocalScan mode is not available for second socket in filter even if socket
is used by daemon is installed on same host.
See daemon and filter documentation for details.
30) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Q: I've installed the 4.32 version of Dr.Web for mail servers. I has received
strange notification:
Dear User,
the message with following attributes has not been delivered,
because contains an object which cannot be checked by antivirus filter.
Relaying such messages is blocked by administrator.
Sender = $SENDER$
Recipients = $RCPTS$
Subject = $SUBJECT$
Message-ID = $MSGID$
Antivirus filter report:
--- Dr.Web report ---
Dr.Web detailed report:
drweb.tmp.rQ8gYw - partial message, skipped
--- Dr.Web report ---
Please contact <postmaster>
but I know that message has been delivered, and I've following settings:
[Scanning]
SkipObject = pass
[SkipNotifications]
SenderNotify = yes
AdminNotify = no
RcptsNotify = no
SenderTemplate = /etc/drweb/templates/en-ru/sendmail/skip-sender.msg
AdminTemplate =
RcptsTemplate =
Is this a bug ?
A: No. Since 4.32, a notification is written independently from a taken action
for a message. Now only one control mechanism - [SkipNotifications] section in
the drweb_{mta}.conf, in previous versions, there are no notifications if
action was 'pass'. Of course, default templates were written for actions
reject\discard.
I believe You'd received this message as administrator not as
sender\recipient. You can check the last part in this notification for
headers of the original message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author: Sergey Akhapkin <asv@drweb.com>
$Revision: 1.3 $
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

824
opt/drweb/doc/daemon/FAQ.rus
View File

@@ -1,824 +0,0 @@
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
~~~~~~~~~~~
0) <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
1) <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>. <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
2) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> update.pl <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> cron - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> cron <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
3) <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> UpdatePath?
4) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> 4.30. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD>:
Jul 3 13:50:18 mail drweb-smf: dwlib: scan: message sent by <alex@gamma> is passed
Jul 3 13:50:18 mail drweb-smf: [g639oGJI030655]: processing message from <alex@gamma> completed (exit code 3)
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (exit code 3)?
5) <20> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><> <20> Outlook
"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" - <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<20> maillog <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
drweb-smf: message from <<3C><><EFBFBD><EFBFBD><EFBFBD>@<40><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> is aborted
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD>, "<22><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>?
6) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drweb <20> qmail. <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>,
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: Remote host said: 554
mail server permanently rejected message (#5.3.0).
<20><><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>-<2D><> <20><><EFBFBD> <20><>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>..
7) <20><><EFBFBD> <20> drweb-smf.log <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
Nov 26 14:36:13 proba drweb-smf: [???]: ...
8) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> Expires= <20> SubscriptionExpires=
<20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drwebd.key)?
9) <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.31 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30?
10) drweb.tmp.60gkxo/$ARCHIVE_NAME/$FILE_IN_ARCHIVE - compression ratio is too high (2770944 : 35154)
...
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web:
Evaluation key used !
Archive restriction : 21
...
<20><><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
11) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web + Postfix. <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Jul 17 12:55:01 mailhub sendmail[29437]: h6H9t0sh029437: Authentication-Warning: host.domain.tld: drweb set sender
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>:
Apr 20 17:32:31 mailhub sendmail[33617]: h3KDWVlV033617: from=name@example.com, size=38592, class=0, nrcpts=1, msgid=<msg-id4358035@example.com>, relay=drweb@localhost
<20><><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>?
12) <20><><EFBFBD><EFBFBD><EFBFBD> drweb-sendmail-4.30, <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Nov 9 22:55:49 mail drweb-smf: drweb_smf.c(667) - FATAL ERROR: cannot extract private data from context
13) <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>:
Nov 5 14:59:27 relay sendmail[22756]: hA5CxRIm022756: from=<foo@example.com>, size=15600, class=0, nrcpts=1, msgid=<msg-id#@example.com>, proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.1]
<20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
NAV-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Nov 5 14:58:48 relay sendmail[22751]: hA5CwlIm022751:from=<foo@example.com>, size=0, class=0, nrcpts=1,proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.2]
Nov 5 14:58:48 relay drweb-smf: [hA5CwlIm022751]: message from foo@example.com is aborted
14) <20><><EFBFBD><EFBFBD><EFBFBD> drweb-4.29.5. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Gibe.2:
Wed Nov 12 08:56:20 2003 [1459] /var/spool/filter/drweb.tmp.HM5dmX/[text:html] - Ok
Wed Nov 12 08:56:20 2003 [1459] >>/var/spool/filter/drweb.tmp.HM5dmX/cgmgf.exe - Ok
<20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (http://online.drweb.com):
...
cgmgf.exe packed by UPX
>cgmgf.exe infected with Win32.HLLM.Gibe.2
15) <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web daemon + Dr.Web for 1, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (RuleFilter = on + RuleFitlerAlert = reject),
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
16) <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web for Sendmail (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> 4.30.1 <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>), <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>?
17) <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web, <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> discard (Infected = discard), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
18) <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD>
<20> <20><><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20>.<2E>.), <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
19) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web Daemon & Dr.Web for Sendmail, <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
...
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: milter_read(drweb-filter): cmd read returned 4, expecting 5
20) <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
...
<20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>?
21) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
...
<20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>?
22) <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>?
23) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FreeBSD 4.x (x =< 7). <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.31. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: /usr/libexec/ld-elf.so.1: Undefined symbol "__stdoutp"
referenced from COPY relocation in /usr/local/drweb/drweb-smf.
24) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web Sendmail, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
===
<20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 127.0.0.1:3000
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 13
===
<20><><EFBFBD><EFBFBD>
===
Daemon is installed, active interfaces: 127.0.0.1:3000
Unknown command received: 13!
===
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
25) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FreeBSD. <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (RejectCondition) <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>
<20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
26) <20><> <20><><EFBFBD><EFBFBD><EFBFBD> http://www.testvirus.org <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web, <20><>
<20><> 25 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
27) <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.29.2 (<28><><EFBFBD> 4.29.5) <20><><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
28) <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web Daemon & Dr.Web Filter for Sendmail, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20> /var/log/messages <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port 3000@localhost: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn 3000@localhost
<20><><EFBFBD>
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port local:/var/drweb/run/.daemon: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn local:/var/drweb/run/.daemon
29) <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> Dr.Web <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
The filter cannot connect to the DrWEB daemon
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ?
30) <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 4.32 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> pass, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
~~~~~~~~~~~
0) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
- <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (drweb32.dll), <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 4.30 - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FSG), <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 4.30 - LHA), <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD> Windows <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>), <20><>-<2D><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 4.29 <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Win32.HLLM.Dumaru, <20>.<2E>. <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FSG).
- <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (4.29 <20> 4.30 <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
4.<2E><>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
1) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>. <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> online-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
http://online.drweb.com
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>:
<EFBFBD>) <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> drwebase.vdb).
---
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drwebd.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
<EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30 <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
--- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
Fri Feb 1 14:43:33 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:43:33 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:43:33 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:43:34 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
--- <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> drweb32.ini)
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drweb.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:43:33 2002 Registration key mismatches application!
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 27860
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>:
---
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drwebd.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 27860
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
2) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> update.pl <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> cron - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> cron <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> wget,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, /usr/bin/wget
3) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> UpdatePath?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>).
4) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> 4.30. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD>:
Jul 3 13:50:18 mail drweb-smf: dwlib: scan: message sent by <alex@gamma> is passed
Jul 3 13:50:18 mail drweb-smf: [g639oGJI030655]: processing message from <alex@gamma> completed (exit code 3)
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (exit code 3)?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: exit code 3 - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmail-<2D>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (PASS) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
5) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:-
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><> <20> Outlook
"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" - <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<20> maillog <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
drweb-smf: message from <<3C><><EFBFBD><EFBFBD><EFBFBD>@<40><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> is aborted
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD>, "<22><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD>) - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD> sendmail <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmail - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
{sendmail}/libmilter/docs/xxfi_abort.html
...
xxfi_abort is only called if the message is aborted OUTSIDE the
filter's control and the filter has not completed its
message-oriented processing. ...
Hint: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Norton Personal Firewall
<EFBFBD><EFBFBD><EFBFBD> Norton Information Security (NIS), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmail-<2D><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drweb <20><> MTA.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "aborted" <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>!
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>.<2E>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
is aborted <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> Sendmail "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>).
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> is aborted <20>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
6) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drweb <20> qmail. <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>,
<20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: Remote host said: 554
mail server permanently rejected message (#5.3.0).
<20><><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>-<2D><> <20><><EFBFBD> <20><>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>..
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>) <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> discard (<28><>, <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20>.<2E>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><>), <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
7) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20> drweb-smf.log <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
Nov 26 14:36:13 proba drweb-smf: [???]: ...
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> message-id (<28><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ID
<EFBFBD><EFBFBD><EFBFBD> sendmail) <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmail-8.11 <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>
<EFBFBD> sendmail-8.12 <20><><EFBFBD> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmails message-id, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20> sendmail.cf <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
------------------- cut ---------------------
O Milter.macros.envfrom=i, ...
------------------- cut ---------------------
(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>).
8) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> Expires= <20> SubscriptionExpires=
<20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drwebd.key)?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 1. <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> SubscriptionExpires,
<EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>).
2. <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> Expires, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30 <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>" (<28>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>).
9) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.31 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> #0 <20><><EFBFBD><EFBFBD><EFBFBD> FAQ.
C<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>:
+ drwebase.vdb <20><> 4.30
+ <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 4.30 (drw430xx.vdb xx=01..26)
+ <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 4.31,(drw430yy.vdb yy=02..<2E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
!<21><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drw43101.vdb <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30
+ drwtoday.vdb
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> update.pl <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
10) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
$MTA - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (1, Sendmail, Postfix <20> <20>.<2E>.)
$ARCHIVE_NAME - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, docs.zip, demo.ppt <20> <20>.<2E>.)
$FILE_IN_ARCHIVE - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, otchet.doc, Storage0 <20> <20>.<2E>.)
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> $MTA <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
--- cut ---
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> = sender@domain.com
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> = receiver@domain.com
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> = Subject
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> = msg-id-NNNN@domain.com
--- Dr.Web report ---
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> Dr.Web:
...
drweb.tmp.60gkxo/$ARCHIVE_NAME/$FILE_IN_ARCHIVE - compression ratio is too high (2770944 : 35154)
...
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web:
Evaluation key used !
Archive restriction : 21
--- cut ---
<EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20> drweb_$MTA.conf:
[Actions]
ArchiveRestriction = reject <20><><EFBFBD> quarantine
<EFBFBD> <20> drweb32.ini:
[Daemon]
...
MaxCompressionRatio <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> 78 (2770944 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 35154)
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> 2 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> MaxCompressionRatio (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 200-500)
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>). <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD>? - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ArchiveRestriction = pass
<EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MaxCompressionRatio (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>).
11) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web + Postfix. <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Jul 17 12:55:01 mailhub sendmail[29437]: h6H9t0sh029437: Authentication-Warning: host.domain.tld: drweb set sender
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>:
Apr 20 17:32:31 mailhub sendmail[33617]: h3KDWVlV033617: from=name@example.com, size=38592, class=0, nrcpts=1, msgid=<msg-id4358035@example.com>, relay=drweb@localhost
<EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
sendmail[....]: .... - <20><><EFBFBD> <20><><EFBFBD> sendmail (www.sendmail.org), <20> <20><> postfix-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmail (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> postfix).
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> drweb_postfix.conf:
[Mailer]
Sendmail = ...
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> postfix-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmail.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>-<2D><> <20>
/usr/libexec/postfix/sendmail
PS: <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD> postfix, <20> <20> /usr/sbin <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
sendmail.
12) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> drweb-sendmail-4.30, <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Nov 9 22:55:49 mail drweb-smf: drweb_smf.c(667) - FATAL ERROR: cannot extract private data from context
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD>:
1) <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> drweb_smf.conf:
HeloInReceived = no
2) <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
13) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>:
Nov 5 14:59:27 relay sendmail[22756]: hA5CxRIm022756: from=<foo@example.com>, size=15600, class=0, nrcpts=1, msgid=<msg-id#@example.com>, proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.1]
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
NAV-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Nov 5 14:58:48 relay sendmail[22751]: hA5CwlIm022751:from=<foo@example.com>, size=0, class=0, nrcpts=1,proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.2]
Nov 5 14:58:48 relay drweb-smf: [hA5CwlIm022751]: message from foo@example.com is aborted
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: NAV <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>-<2D><> (<28><> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>.<2E>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>. Sendmail-<2D> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>. <20><>. <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> #5
14) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> drweb-4.29.5: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Gibe.2:
Wed Nov 12 08:56:20 2003 [1459] /var/spool/filter/drweb.tmp.HM5dmX/[text:html] - Ok
Wed Nov 12 08:56:20 2003 [1459] >>/var/spool/filter/drweb.tmp.HM5dmX/cgmgf.exe - Ok
<EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (http://online.drweb.com):
...
cgmgf.exe packed by UPX
>cgmgf.exe infected with Win32.HLLM.Gibe.2
Scan report for "cgmgf.exe":
Scanned : 1 Cured : 0
Infected : 1 Deleted : 0
...
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Wed Nov 12 04:02:07 2003 SIGHUP received, reloading...
Wed Nov 12 04:02:07 2003 Dr.Web (R) daemon for Linux, version 4.29.5 (January 6, 2003)
...
Wed Nov 12 04:02:08 2003 Key file: /opt/drweb/drwebd.key
Wed Nov 12 04:02:08 2003 Registration info:
Wed Nov 12 04:02:08 2003 0100000003
Wed Nov 12 04:02:08 2003 Evaluation key ID Anti-virus Lab St.Petersburg
Wed Nov 12 04:02:08 2003 Your registration key has expired!
...
Wed Nov 12 04:02:08 2003 This is an EVALUATION version with limited
...
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
<EFBFBD>) <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>.<2E>. <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
<EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><> 01.02.2004 <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD>),
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD>.<2E>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30 <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MIME
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> 4.29.<2E>), <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (RAR, ZIP etc), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (UPX, DIET etc) <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MIME <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
15) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web daemon + Dr.Web for CommuniGate Pro, <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (RuleFilter = on + RuleFitlerAlert = reject),
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Subject: Rule rejected message
Date: Thu, 13 Nov 2003 17:18:02 +0300
From: DrWeb-DAEMON <DrWEB-DAEMON@example.com>
To: System Administrator <postmaster@example.com>
Sender = <> (may be forged)
Recipients = postmaster@example.com
...
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Subject:, <20>. <20>. CommuniGate Pro <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
16) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web for Sendmail (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> 4.30.1 <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>), <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> libmilter (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
sendmail). <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>:
Nov 20 19:54:09 name drweb-smf: Dr.WEB Sendmail filter VER: malloc(ctx) failed (12), abort
<EFBFBD><EFBFBD><EFBFBD>
Nov 20 19:54:09 name drweb-smf: Dr.WEB Sendmail filter VER: thread_create() failed: 11, abort
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.30.1 <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> libmilter, <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> sendmail-8.12.9. <20><>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> -
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
17) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web, <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> discard (Infected = discard), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>? <20> <20><> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [Actions], <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
[...Notifications], <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> pass -
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>). <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
[VirusNotifications]
SenderNotify = no
AdminNotify = no
RcptsNotify = no
...
18) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD>
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20>.<2E>.), <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> /etc/drweb/viruses.conf (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> UnnotificableVirusesList
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>).
19) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web Daemon & Dr.Web for Sendmail, <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
...
Nov 24 19:11:20 vulture sendmail[873]: /etc/mail/aliases: 37 aliases, longest 12 bytes, 423 bytes total
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: milter_read(drweb-filter): cmd read returned 4, expecting 5
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): to error state
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): init failed to open
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): to error state
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: from=<adm@test.ru>, size=803, class=0, nrcpts=1, msgid=<60270330044.20031124191101@100h.ru>, proto=ESMTP, daemon=MTA, relay=[192.168.*.**]
Nov 24 19:11:48 vulture sendmail[880]: hAO9Bmvr000878: to=<shest@test.ru>, ctladdr=<adm@test.ru> (1012/6), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31026, relay=local, dsn=2.0.0, stat=Sent
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20> sendmail.cf (.mc) <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(drwebd), <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (drweb-smf) <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> sendmail - <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MilterAddress <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [Mailer] <20><><EFBFBD><EFBFBD><EFBFBD> drweb_smf.conf. <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> drweb32.ini
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Socket <20> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Address <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [DaemonCommunication]
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drweb_smf.conf.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sendmail.cf (.mc)
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
{drweb}/doc/sendmail/configure.
20) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "something.jpg.exe",
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
newvirus@drweb.com
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
21) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> drweb_{mta}.conf:
...
[VirusNotification]
SenderNotify = yes
RcptsNotify = yes
AdminNotify = yes
...
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD>", <20> <20><><EFBFBD><EFBFBD><EFBFBD> viruses.conf (<28><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>
drweb_{mta}.conf->[Actions]->UnnotificableVirusesList) <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Win32.HLLM). <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20> <20><><EFBFBD>, <20><><EFBFBD>
"<22><><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>".
22) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> 3 <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (drweb)
- <20><><EFBFBD><EFBFBD><EFBFBD> (drwebd)
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (drweb-smf, drweb-postfix, ...)
<20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (smb_spider, drweb-icapd)
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD>
(CommuniGate, Sendmail, ... ) <20> <20><><EFBFBD><EFBFBD><EFBFBD> (Samba, Squid) <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)" <20> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>".
"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (Samba, Squid).
PS: <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>.
23) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FreeBSD 4.x (x =< 7). <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.31. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
/usr/local/drweb > ./drweb-smf.sh start
/usr/libexec/ld-elf.so.1: Undefined symbol "__stdoutp"
referenced from COPY relocation in /usr/local/drweb/drweb-smf
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drweb-smf.static, <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
24) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web Sendmail, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
===
Daemon is installed, active interfaces: 127.0.0.1:3000
Unknown command received: 13!
===
(asv: <20><><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> russian.dwl)
===
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 127.0.0.1:3000
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 13
===
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> #19, <20> <20><><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
25) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FreeBSD. <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (RejectCondition) <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD>
<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>? <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> KOI8-R.
<EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Subject:), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20> 8bit (<28>.<2E>. <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20>.<2E>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> =?koi8-r?B?..?= <20><><EFBFBD> =?cp1251?Q?..?=, <20>.<2E>. <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>),
<EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> 8bit) <20><><EFBFBD> <20><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
RejectCondition Subject = "8bit"
<EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> KOI8-R:
1. <20> <20><><EFBFBD><EFBFBD> /etc/login.conf <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>):
#
# Russian Users Accounts. Setup proper environment variables.
#
russian:Russian Users Accounts:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:\
:tc=default:
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> /etc/login.conf.db:
# cap_mkdb /etc/login.conf
2. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> drweb <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> russian:
# pw usermod drweb -L russian
3. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "case "$1" in"
LC_ALL=ru_RU.KOI8-R
export LC_ALL
4. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ...
26) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><> <20><><EFBFBD><EFBFBD><EFBFBD> http://www.testvirus.org <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web, <20><>
<EFBFBD><EFBFBD> 25 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> 19 <20><><EFBFBD> 2004 <20><><EFBFBD><EFBFBD>, <20>.<2E>. <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>,
<EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>:
Test #12: Eicar virus within a password protected ZIP file
Test #24: Test for the "Partial (Fragmented) Vulnerability". This does not include Eicar virus,
but your mail server still must block this since it can break a virus into multiple
emails and reassemble it in your inbox.
- <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> SkipObject <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> pass <20><>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat)
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> TNEF <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
Test #25: Attachment with a CLSID extension which may hide the real file extension. This does not
include Eicar virus, but your mail server still must block this since it can hide the
true extension of a file
- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>.
Test #16: Eicar string in HTML, to ensure that your mail server scans HTML segments
Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability"
Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability"
Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"
- <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> #16 <20> #21, <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>.
27) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.29.2 (<28><><EFBFBD> 4.29.5) <20><><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>
"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>) - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> 4.29 (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> drweb32.dll <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 4.29). <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>.<2E>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> #0.
28) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Dr.Web Daemon & Dr.Web Filter for Sendmail, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20> /var/log/messages <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port 3000@localhost: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn 3000@localhost
<EFBFBD><EFBFBD><EFBFBD>
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port local:/var/drweb/run/.daemon: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn local:/var/drweb/run/.daemon
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> MilterAddress <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [Mailer] <20><><EFBFBD><EFBFBD><EFBFBD> drweb_smf.conf <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>
sendmail, <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> sendmail.cf. <20>.<2E>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD>:
<EFBFBD> drweb32.ini
Socket = 3000 localhost
<EFBFBD> drweb_smf.conf:
[DaemonCommunication]
Address = inet:3000@localhost
...
[Mailer]
...
MilterAddress = inet:3001@localhost
<EFBFBD> <20> sendmail.cf:
Xdrweb-filter, S=inet:3001@localhost, F=T, T=C:1m;S:5m;R:5m;E:1h
29) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> Dr.Web <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
The filter cannot connect to the DrWEB daemon
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ?
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD>) <20><><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>).
i) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
drweb32.ini:
Socket = /var/drweb/run/.drwebd
Socket = 3000 localhost
drweb_{mta}.conf: ({mta} = smf, cgp, postfix, exim, qmail, zmailer, courier or mio)
[DaemonCommunication]
Address = local:/var/drweb/run/.drwebd, inet:3000@localhost
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>),
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
ii) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
(<28><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>), <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
drweb_{mta}.conf: ({mta} = smf, cgp, postfix, exim, qmail, zmailer, courier or mio)
[DaemonCommunication]
Address = local:/var/drweb/run/.drwebd, inet:3000@another.myhost.example.com
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (LocalScan = yes) <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>.
30) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 4.32 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD> drweb_{mta}.conf <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
SkipObject = pass
[SkipNotifications]
SenderNotify = yes
AdminNotify = yes
RcptsNotify = no
SenderTemplate = /usr/local/etc/drweb/templates/en-ru/sendmail/skip-sender.msg
AdminTemplate = /usr/local/etc/drweb/templates/en-ru/sendmail/skip-admin.msg
RcptsTemplate =
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> 4.32 - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> pass, <20>.<2E>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>\<5C><> <20><><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> [SkipNotifications]. <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> reject\discard.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <asv@drweb.com>
$Revision: 1.8 $
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

824
opt/drweb/doc/daemon/FAQ.rus.utf8
View File

@@ -1,824 +0,0 @@
Оглавление:
~~~~~~~~~~~
0) Зачем надо переходить на новую версию? У меня и старая прекрасно работает.
1) Не ловится вирус Х. В чем проблема?
2) Проблема - при запуске update.pl из командной строки все обновляется,
при запуске же из cron - ничего, хотя cron по логам отрабатывает
свои задания нормально...
3) Что кладется в UpdatePath?
4) Версия ниже 4.30. Сообщение в логе:
Jul 3 13:50:18 mail drweb-smf: dwlib: scan: message sent by <alex@gamma> is passed
Jul 3 13:50:18 mail drweb-smf: [g639oGJI030655]: processing message from <alex@gamma> completed (exit code 3)
Что означает (exit code 3)?
5) С одним (только одним) клиентом происходит следующее:
стопорится отправка почты и сколько ни жмет он в Outlook
"Подождать" - не продолжается.
В maillog сендмыл при этом пишет следующее:
drweb-smf: message from <адрес@клиента> is aborted
Подскажите, плз, "кто виноват" - сендмейл, доктор или руки?
6) Поставил drweb к qmail. Все бы хорошо, но посылатель вируса
получает два письма - одно о вирусе в сообщении, а другое о том,
что сообщение не может быть доставлено: Remote host said: 554
mail server permanently rejected message (#5.3.0).
Как-нибудь можно сделать, чтобы это сообщение не приходило? А то
пользователь будет вводиться в заблуждение, что какая-то там на
сервере ошибка..
7) Что в drweb-smf.log означают знаки вопроса?
Nov 26 14:36:13 proba drweb-smf: [???]: ...
8) Скажите, что означают поля Expires= и SubscriptionExpires=
в файле ключа (например drwebd.key)?
9) Базы от версии 4.31 подходят к версии 4.30?
10) drweb.tmp.60gkxo/$ARCHIVE_NAME/$FILE_IN_ARCHIVE - compression ratio is too high (2770944 : 35154)
...
Статистика сканирования Dr.Web:
Evaluation key used !
Archive restriction : 21
...
Что бы это значило? И как с этим можно бороться?
11) Попытался настроить связку Dr.Web + Postfix. Почта перестала ходить вообще.
Посмотрел логи, меня насторожила строка:
Jul 17 12:55:01 mailhub sendmail[29437]: h6H9t0sh029437: Authentication-Warning: host.domain.tld: drweb set sender
или такая:
Apr 20 17:32:31 mailhub sendmail[33617]: h3KDWVlV033617: from=name@example.com, size=38592, class=0, nrcpts=1, msgid=<msg-id4358035@example.com>, relay=drweb@localhost
Что бы это могло быть?
12) Стоит drweb-sendmail-4.30, время от времени выскакивает такая ошибка:
Nov 9 22:55:49 mail drweb-smf: drweb_smf.c(667) - FATAL ERROR: cannot extract private data from context
13) Когда отправляю письмо с приаттаченным файлом, демон проверят все
нормально, кусочек лога:
Nov 5 14:59:27 relay sendmail[22756]: hA5CxRIm022756: from=<foo@example.com>, size=15600, class=0, nrcpts=1, msgid=<msg-id#@example.com>, proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.1]
Но когда отправляю то же самое письмо, и включена проверка почты
NAV-ом исходящих сообщений (на клиенте, откуда посылаю письмо), получаем следующее:
Nov 5 14:58:48 relay sendmail[22751]: hA5CwlIm022751:from=<foo@example.com>, size=0, class=0, nrcpts=1,proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.2]
Nov 5 14:58:48 relay drweb-smf: [hA5CwlIm022751]: message from foo@example.com is aborted
14) Стоит drweb-4.29.5. Странная вещь творится: вдруг ко мне пришло письмо
с вирусом Gibe.2:
Wed Nov 12 08:56:20 2003 [1459] /var/spool/filter/drweb.tmp.HM5dmX/[text:html] - Ok
Wed Nov 12 08:56:20 2003 [1459] >>/var/spool/filter/drweb.tmp.HM5dmX/cgmgf.exe - Ok
В тоже время на онлайновой проверке (http://online.drweb.com):
...
cgmgf.exe packed by UPX
>cgmgf.exe infected with Win32.HLLM.Gibe.2
15) У меня работает связка Dr.Web daemon + Dr.Web for 1, и включена
фильтрация по заговолкам (RuleFilter = on + RuleFitlerAlert = reject),
однако для некоторых заблокированных таким образом писем уведомление
отправителю не приходит, зато приходят два письма администратору.
16) У меня установлен Dr.Web for Sendmail (версия ниже 4.30.1 или собран
из поставляемых исходных текстов), и иногда фильтр прекращает свою работу
без каких-либо видимых причин. Что это может быть?
17) У меня установлен почтовый фильтр Dr.Web, и для инфицированных объектов
выставлено действие discard (Infected = discard), однако уведомления все
равно продолжают приходить. Почему? Я не хочу, чтобы они отправлялись.
18) Я установил ваш почтовый фильтр и отправил письмо с вирусом (вирус я взял
у друга, с инфицированной и т.п.), вирус был найден, однако уведомление
получил только администратор, хотя у меня включены уведомления для всех.
Почему?
19) Установил Dr.Web Daemon & Dr.Web for Sendmail, но не работает проверка писем
на вирусы, в почтовом логе такие записи:
...
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: milter_read(drweb-filter): cmd read returned 4, expecting 5
20) Вот такой интересный файлик прислали
...
Может кинуть его кому?
21) Поставил фильтр на почту, а уведомления приходят только администратору.
...
В чем дело?
22) Я запутался в программах и лицензиях, которые вы предлагаете. Что для чего нужно?
23) Система FreeBSD 4.x (x =< 7). Поставил версию 4.31. При попытке запустить фильтр
выдается сообщение: /usr/libexec/ld-elf.so.1: Undefined symbol "__stdoutp"
referenced from COPY relocation in /usr/local/drweb/drweb-smf.
24) Установил Dr.Web Sendmail, но проверка почты не работает. В логе демона:
===
Демон загружен, активные интерфейсы: 127.0.0.1:3000
Получена неизвестная команда: 13
===
либо
===
Daemon is installed, active interfaces: 127.0.0.1:3000
Unknown command received: 13!
===
Что делать?
25) Система FreeBSD. Не работает фильтр правил (RejectCondition) в демоне, если
в правилах используется русский язык. Что делать?
26) На сайте http://www.testvirus.org решил проверить работу фильтра Dr.Web, но
из 25 тестов Dr.Web пропустил некоторые варианты. Как вы это прокомментируете?
27) После очередного обновления версия 4.29.2 (или 4.29.5) стала "падать" на большом
кол-ве сообщений. Как объясните?
28) Я установил Dr.Web Daemon & Dr.Web Filter for Sendmail, вроде все настроил правильно
однако фильтр не стартует, а в /var/log/messages следующие сообщения:
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port 3000@localhost: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn 3000@localhost
или
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port local:/var/drweb/run/.daemon: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn local:/var/drweb/run/.daemon
29) У меня установлен демон Dr.Web и почтовый фильтр, иногда я получаю на адрес администратора
сообщения, что какое-то сообщение не было проверно по причине:
The filter cannot connect to the DrWEB daemon
Как этого можно избежать в дальнейшем ?
30) После апгрейда на 4.32 появилась ошибка с отправкой многотомных архивов: несмотря на
действие pass, уведомления все равно приходят, хотя и письмо доставляется.
Содержание:
~~~~~~~~~~~
0) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Зачем надо переходить на новую версию? У меня и старая прекрасно работает.
Ответ: Это до поры до времени. Причин перехода несколько:
- в новых версиях используется новый поисковый модуль (drweb32.dll), в котором
могут быть добавлены: новые упаковщики (пример: 4.30 - упаковщик FSG), новые
архиваторы (пример: 4.30 - LHA), новые процедуры лечения вирусов (более актуально
для Windows версий), из-за чего старая версия уже может не обнаруживать новые
вирусы (пример: 4.29 не обнаруживает Win32.HLLM.Dumaru, т.к. он упакован FSG).
- хотя дополнения внутри главной версии (4.29 и 4.30 имеют общую главную версию
4.хх) совместимы, однако проверка работоспособности и способности к обнаружению
вирусов для старых версий с новыми обновлениями не производится.
1) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Не ловится вирус Х. В чем проблема?
Ответ: Первое, что можно сделать: воспользоваться online-проверкой по адресу
http://online.drweb.com
Если вирус не обнаруживается, то отослать разработчикам.
Если вирус обнаруживается, то убедиться что:
а) у вас подключены все базы (наиболее часто ошибаются с
основой базой drwebase.vdb).
---
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drwebd.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
б) загружен правильный ключ (хотя бы демо-ключ из дистрибутива)
Замечание: начиная с версии 4.30 демон не будет загружаться, если не найдет
правильный ключ.
Примеры, когда ключ не загружен:
--- вообще нет ключа, например, указан неверный путь
Fri Feb 1 14:43:33 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:43:33 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:43:33 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:43:34 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
--- ключ неправильный (например, опечатка в drweb32.ini)
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drweb.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:43:33 2002 Registration key mismatches application!
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 27860
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
Загрузка демона с правильным ключом выглядит так:
---
Fri Feb 1 14:45:26 2002 Key file: /etc/drweb/drwebd.key
Fri Feb 1 14:45:26 2002 Registration info:
Fri Feb 1 14:45:26 2002 0100000002
Fri Feb 1 14:45:26 2002 Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
Fri Feb 1 14:45:26 2002 This is an EVALUATION version with limited functionality!
Fri Feb 1 14:45:26 2002 To get your registration key, call regional dealer.
Fri Feb 1 14:45:26 2002 Loading /var/drweb/bases/drwtoday.vdb - Ok, virus records: 56
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42702.vdb - Ok, virus records: 116
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drw42701.vdb - Ok, virus records: 90
Fri Feb 1 14:45:27 2002 Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 27860
Fri Feb 1 14:45:28 2002 Daemon is installed, TCP socket created on port 3000
2) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Проблема - при запуске update.pl из командной строки все обновляется,
при запуске же из cron - ничего, хотя cron по логам отрабатывает
свои задания нормально...
Ответ: Переменные окружения у крона иные, указывайте полностью путь к wget,
например, /usr/bin/wget
3) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Что кладется в UpdatePath?
Ответ: То, куда будут складываться новые компоненты, которые нельзя заменить
автоматически, или расположение для них неизвестно (например, новые файлы
документации).
4) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Версия ниже 4.30. Сообщение в логе:
Jul 3 13:50:18 mail drweb-smf: dwlib: scan: message sent by <alex@gamma> is passed
Jul 3 13:50:18 mail drweb-smf: [g639oGJI030655]: processing message from <alex@gamma> completed (exit code 3)
Что означает (exit code 3)?
Ответ: exit code 3 - обозначает ответ фильтра sendmail-у, что письмо должно быть
пропущено (PASS) дальше. Код внутренний, скоро будет убран из сообщения.
5) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: С одним (только одним) клиентом происходит следующее:-
стопорится отправка почты и сколько ни жмет он в Outlook
"Подождать" - не продолжается.
В maillog сендмыл при этом пишет следующее:
drweb-smf: message from <адрес@клиента> is aborted
Подскажите, плз, "кто виноват" - сендмейл, доктор или руки?
Ответ: Могу точно сказать, что не фильтр (сам по себе) - это сообщение означает,
что sendmail сказал фильтру, что все данные, ассоциированные с этим письмом,
могут быть освобождены - обработка письма прервана. Кем - клиентом ли или
самим sendmail - фильтру неизвестно.
{sendmail}/libmilter/docs/xxfi_abort.html
...
xxfi_abort is only called if the message is aborted OUTSIDE the
filter's control and the filter has not completed its
message-oriented processing. ...
Hint: Также очень вероятно, что у клиента установлен Norton Personal Firewall
или Norton Information Security (NIS), который каждую почтовую сессию
начинает с пустого сообщения, которые sendmail-ом не принимаются.
Вопрос: Вчера вечером, ради эксперемента, отключил drweb на MTA.
Результат неутешительный, ни одного "aborted" нет по настоящее время!
Естественно, т.к. эта диагностика находится в фильтре. Еще раз объясняю,
is aborted фильтр пишет, когда Sendmail "сказал" фильтру прервать обработку
(например, из-за разрыва соединения).
Посмотрите логи непосредственно перед is aborted и, скорее всего, вы сами
увидите истинную причину.
6) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Поставил drweb к qmail. Все бы хорошо, но посылатель вируса
получает два письма - одно о вирусе в сообщении, а другое о том,
что сообщение не может быть доставлено: Remote host said: 554
mail server permanently rejected message (#5.3.0).
Как-нибудь можно сделать, чтобы это сообщение не приходило? А то
пользователь будет вводиться в заблуждение, что какая-то там на
сервере ошибка..
Ответ: Это проблема (или не проблема) для всех фильтров. Так, как сейчас,
сделано по одной причине - письмо НЕ ДОЛЖНО бесследно пропасть. Если
же сделать discard (то, что вы предлагаете - т.е. принять вирус, никуда
его не класть, написать уведомление и сказать все ОК), то письмо пропадает.
7) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Что в drweb-smf.log означают знаки вопроса?
Nov 26 14:36:13 proba drweb-smf: [???]: ...
Ответ: Это означает, что фильтр не смог определить message-id (это внутренний ID
для sendmail) этого сообщения. В версиях sendmail-8.11 этого не избежать, а
в sendmail-8.12 для того, чтобы фильтр мог в логе при выводе сообщений
указывать sendmails message-id, необходимо, чтобы в sendmail.cf присутствовала
следующая строка:
------------------- cut ---------------------
O Milter.macros.envfrom=i, ...
------------------- cut ---------------------
(многоточие означает другие параметры - их значение не важно).
8) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Скажите, что означают поля Expires= и SubscriptionExpires=
в файле ключа (например drwebd.key)?
Ответ: 1. Ключ будет работать со всеми версиями, вышедшими до даты SubscriptionExpires,
и в течение этого времени есть возможность обновляться с коммерческой области
обновлений (подробности выясните у дистрибьютора).
2. Ключ перестанет работать после даты Expires, начиная с версии 4.30 демон
просто не загрузится, а более ранние версии переходили в режим "без ключа" (в
котором почта не проверялась).
9) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Базы от версии 4.31 подходят к версии 4.30?
Ответ: Лучше всего обновить версию, почему это лучше - вопрос #0 этого FAQ.
Cовместимы только дополнения, основные базы НЕ совместимы,
таким образом, набор загружаемых баз для версии 4.30 должен быть такой:
+ drwebase.vdb от 4.30
+ все дополнения от 4.30 (drw430xx.vdb xx=01..26)
+ все дополнения от 4.31,(drw430yy.vdb yy=02..текущее)
!внимание drw43101.vdb не нужно в версии 4.30
+ drwtoday.vdb
Стандартный скрипт обновления update.pl именно такую
конфигурацию баз и создает...
10) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Обозначение в вопросе:
$MTA - название почтовой системы (1, Sendmail, Postfix и т.д.)
$ARCHIVE_NAME - название архива в письме (например, docs.zip, demo.ppt и т.д.)
$FILE_IN_ARCHIVE - название файла в архиве (например, otchet.doc, Storage0 и т.д.)
Вопрос: У меня на сервере стоит $MTA и фильтр почты.
Сегодня получаю письмо следующего содержания:
--- cut ---
Следующее сообщение не доставлено, потому что найден объект,
который нарушает ограничения, установленые для архивов.
Оправитель = sender@domain.com
Получатели = receiver@domain.com
Тема = Subject
Идентификатор = msg-id-NNNN@domain.com
--- Dr.Web report ---
Детализированный отчет Dr.Web:
...
drweb.tmp.60gkxo/$ARCHIVE_NAME/$FILE_IN_ARCHIVE - compression ratio is too high (2770944 : 35154)
...
Статистика сканирования Dr.Web:
Evaluation key used !
Archive restriction : 21
--- cut ---
Что бы это значило? И как с этим можно бороться?
Ответ:
Это значит, что в drweb_$MTA.conf:
[Actions]
ArchiveRestriction = reject или quarantine
и в drweb32.ini:
[Daemon]
...
MaxCompressionRatio меньше, чем 78 (2770944 поделить на 35154)
Теперь, как с этим бороться.
Есть 2 варианта.
а) Увеличить этот самый MaxCompressionRatio (скажем до 200-500)
и перезапустить демона. Либо вообще закомментировать параметр (что
означает, выставить его в бесконечность). Но надо понимать, что в
таком случае возможна атака на вашу почтовую систему с целью временно
вывести ее из нормального режима, когда злоумылшеник будет слать
так называемые "почтовые" бомбы, проверка которых займет много времени
и много - все? - дисковое пространство.
б) Поставить ArchiveRestriction = pass
В этом случае возможна пересылка вируса в архиве, если его удастся сжать
более MaxCompressionRatio (например, скриптовый вирус).
11) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Попытался настроить связку Dr.Web + Postfix. Почта перестала ходить вообще.
Посмотрел логи, меня насторожила строка:
Jul 17 12:55:01 mailhub sendmail[29437]: h6H9t0sh029437: Authentication-Warning: host.domain.tld: drweb set sender
или такая:
Apr 20 17:32:31 mailhub sendmail[33617]: h3KDWVlV033617: from=name@example.com, size=38592, class=0, nrcpts=1, msgid=<msg-id4358035@example.com>, relay=drweb@localhost
Что бы это могло быть?
Ответ: Это означает неправильную настройку почтовой системы:
sendmail[....]: .... - это лог sendmail (www.sendmail.org), а не postfix-сового
заменителя sendmail (поставляется в составе postfix).
Поэтому в drweb_postfix.conf:
[Mailer]
Sendmail = ...
Укажите путь до postfix-сового заменителя sendmail.
Например, при установке из исходников он находится где-то в
/usr/libexec/postfix/sendmail
PS: И вообще странно, почему у вас postfix, а в /usr/sbin лежит настоящий
sendmail.
12) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Стоит drweb-sendmail-4.30, время от времени выскакивает такая ошибка:
Nov 9 22:55:49 mail drweb-smf: drweb_smf.c(667) - FATAL ERROR: cannot extract private data from context
Разъясните!
Ответ: Это ошибка. Что бы ее устранить, можно:
1) либо поставить в drweb_smf.conf:
HeloInReceived = no
2) либо взять более свежую версию.
13) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Когда отправляю письмо с приаттаченным файлом, демон проверяет все
нормально, кусочек лога:
Nov 5 14:59:27 relay sendmail[22756]: hA5CxRIm022756: from=<foo@example.com>, size=15600, class=0, nrcpts=1, msgid=<msg-id#@example.com>, proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.1]
Но когда отправляю то же самое письмо, и включена проверка почты
NAV-ом исходящих сообщений (на клиенте, откуда посылаю письмо), получаем следующее:
Nov 5 14:58:48 relay sendmail[22751]: hA5CwlIm022751:from=<foo@example.com>, size=0, class=0, nrcpts=1,proto=ESMTP, daemon=MTA, relay=domain.tld [10.0.0.2]
Nov 5 14:58:48 relay drweb-smf: [hA5CwlIm022751]: message from foo@example.com is aborted
Ответ: NAV пытается зачем-то (не знаю, правда, зачем это нужно) отправить пустое
письмо, т.е. совсем пустое, даже заголовков нет. Sendmail-у это не нравится,
и он обрывает прием этого письма, о чем сообщает фильтру. Фильтр просто
констатирует этот факт. См. так же вопрос #5
14) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Стоит drweb-4.29.5: Странная вещь творится: вдруг ко мне пришло письмо
с вирусом Gibe.2:
Wed Nov 12 08:56:20 2003 [1459] /var/spool/filter/drweb.tmp.HM5dmX/[text:html] - Ok
Wed Nov 12 08:56:20 2003 [1459] >>/var/spool/filter/drweb.tmp.HM5dmX/cgmgf.exe - Ok
В тоже время на онлайновой проверке (http://online.drweb.com):
...
cgmgf.exe packed by UPX
>cgmgf.exe infected with Win32.HLLM.Gibe.2
Scan report for "cgmgf.exe":
Scanned : 1 Cured : 0
Infected : 1 Deleted : 0
...
Вот лог загрузки демона:
Wed Nov 12 04:02:07 2003 SIGHUP received, reloading...
Wed Nov 12 04:02:07 2003 Dr.Web (R) daemon for Linux, version 4.29.5 (January 6, 2003)
...
Wed Nov 12 04:02:08 2003 Key file: /opt/drweb/drwebd.key
Wed Nov 12 04:02:08 2003 Registration info:
Wed Nov 12 04:02:08 2003 0100000003
Wed Nov 12 04:02:08 2003 Evaluation key ID Anti-virus Lab St.Petersburg
Wed Nov 12 04:02:08 2003 Your registration key has expired!
...
Wed Nov 12 04:02:08 2003 This is an EVALUATION version with limited
...
Ответ: Демо-ключи выпускаются:
а) для конкретной версии, т.е. ключ от другой версии не будет валидным;
б) действуют ограниченный период (на 01.02.2004 это срок составляет 1 год),
после чего ключ также перестает быть валидным.
Указанное сообщение об ошибке и говорит, что демон будет работать без ключа,
т.е. находятся только те вирусы, которые ничем не упакованы.
Кстати, с версии 4.30 демон не будет загружаться, если действующий ключ не
загружен.
Объясняю, почему ловятся некоторые вирусы - первый уровень MIME
распаковывается без ключа (это ошибка в 4.29.х), но все остальные проверки идут
по ключу, соответствено все архивы (RAR, ZIP etc), упаковщики (UPX, DIET etc) и
вложенные MIME не проверяются.
15) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: У меня работает связка Dr.Web daemon + Dr.Web for CommuniGate Pro, и
включена фильтрация по заговолкам (RuleFilter = on + RuleFitlerAlert = reject),
однако, для некоторых заблокированных таким образом писем уведомление
отправителю не приходит, зато приходят два письма администратору:
Subject: Rule rejected message
Date: Thu, 13 Nov 2003 17:18:02 +0300
From: DrWeb-DAEMON <DrWEB-DAEMON@example.com>
To: System Administrator <postmaster@example.com>
Sender = <> (may be forged)
Recipients = postmaster@example.com
...
Ответ: Это происходит, если у вас среди правил есть правила, касающиеся заголовка
Subject:, т. к. CommuniGate Pro в уведомлении отправителю (и администратору) использует
старый заголовок, то уведомления тоже были заблокированы фильтром.
16) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: У меня установлен Dr.Web for Sendmail (версия ниже 4.30.1 или собран
из поставляемых исходных текстов), и иногда фильтр прекращает свою работу без
каких-либо видимых причин. Что это может быть?
Ответ: Да, такое может быть. Причина может быть в libmilter (написанной авторами
sendmail). Обычно это происходит в момент, когда сервер начинает испытывать
нагрузки, тогда в системных логах могут появляться сообщения вида:
Nov 20 19:54:09 name drweb-smf: Dr.WEB Sendmail filter VER: malloc(ctx) failed (12), abort
или
Nov 20 19:54:09 name drweb-smf: Dr.WEB Sendmail filter VER: thread_create() failed: 11, abort
Начиная с версии 4.30.1 мы используем модифицированную версию libmilter, а
также поставляем патч для оригинальной версии sendmail-8.12.9. По-другому
эту проблему, к сожалению, решить никак нельзя.
Если вы считаете, что "падения" фильтра не связаны с этой причиной, то пишите -
будем выяснять.
17) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: У меня установлен почтовый фильтр Dr.Web, и для инфицированных объектов
выставлено действие discard (Infected = discard), однако, уведомления все равно
продолжают приходить. Почему? Я не хочу, чтобы они отправлялись.
Ответ: Действия, задаваемые в секции [Actions], и уведомления, задаваемые в секции
[...Notifications], действуют независимо: действие нужно для того, чтобы фильтр
знал, что надо ответить вашему почтовому серверу, а уведомления могут быть
отосланы вне зависимости от указанного действия. (Исключение: действие pass -
уведомления не высылаются). Таким образом, если вы не хотите получать
уведомлений, то в соответствующей секции отключите их. Для вашего случая:
[VirusNotifications]
SenderNotify = no
AdminNotify = no
RcptsNotify = no
...
18) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Я установил ваш почтовый фильтр и отправил письмо с вирусом (вирус я взял
у друга, с инфицированной и т.п.), вирус был найден, однако уведомление получил
только администратор, хотя у меня включены уведомления для всех. Почему?
Ответ: Скорее всего, для вируса, который вы послали, политика отсылки уведомлений
изменена с помощью конфигурационного файла /etc/drweb/viruses.conf (точнее, с
помощью конфигурационного файла, указаного в параметре UnnotificableVirusesList
в основном конфигурационном файле).
19) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Установил Dr.Web Daemon & Dr.Web for Sendmail, но не работает проверка писем
на вирусы, в почтовом логе такие записи:
...
Nov 24 19:11:20 vulture sendmail[873]: /etc/mail/aliases: 37 aliases, longest 12 bytes, 423 bytes total
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: milter_read(drweb-filter): cmd read returned 4, expecting 5
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): to error state
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): init failed to open
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: Milter (drweb-filter): to error state
Nov 24 19:11:48 vulture sendmail[878]: hAO9Bmvr000878: from=<adm@test.ru>, size=803, class=0, nrcpts=1, msgid=<60270330044.20031124191101@100h.ru>, proto=ESMTP, daemon=MTA, relay=[192.168.*.**]
Nov 24 19:11:48 vulture sendmail[880]: hAO9Bmvr000878: to=<shest@test.ru>, ctladdr=<adm@test.ru> (1012/6), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31026, relay=local, dsn=2.0.0, stat=Sent
Ответ:
Вы неправильно подключили фильтр. В sendmail.cf (.mc) вы указали адрес демона
(drwebd), а надо прописать адрес, на котором фильтр (drweb-smf) будет ожидать
запросов от sendmail - этот же адрес указывается в параметре MilterAddress в
секции [Mailer] файла drweb_smf.conf. Адрес демона указывается в drweb32.ini
в параметре Socket и в параметре Address в секции [DaemonCommunication]
файла drweb_smf.conf.
Кроме всего прочего, для генерации правильного добавления в sendmail.cf (.mc)
и скрипта для автоматического старта фильтра можно воспользоваться утилитой
{drweb}/doc/sendmail/configure.
20) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Вот такой интересный файлик прислали "something.jpg.exe",
и онлайновая проверка говорит что чистый. Может кинуть его кому?
Ответ: Есть специальный адрес для подозрительных файлов, вложений:
newvirus@drweb.com
Подозрительный файл лучше всего упаковать в архив с паролем.
В письме сообщить пароль и дать краткую информацию о ваших подозрениях.
21) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Поставил фильтр на почту, а уведомления приходят только администратору,
хотя в drweb_{mta}.conf:
...
[VirusNotification]
SenderNotify = yes
RcptsNotify = yes
AdminNotify = yes
...
шаблоны указаны и доступны. В чем дело?
Ответ: Дело скорее всего в том, что большинство вирусов, приходящих по почте, это
так называемые "черви", в файле viruses.conf (или в файле, указанном в
drweb_{mta}.conf->[Actions]->UnnotificableVirusesList) для таких вирусов
изменена политика уведомлений (запись Win32.HLLM). Связано это с тем, что
"черви" обычно подделывают адреса отправителя, и адрес получателя выбирается
случайным образом (обычно из адресной книги жертвы), поэтому уведомление
отправителю в этом случае можно считать "спамом".
22) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Я запутался в программах и лицензиях, которые вы предлагаете. Что для чего нужно?
Ответ: На данный момент у нас есть 3 типа программ:
- сканер (drweb)
- демон (drwebd)
- фильтры почтовые (drweb-smf, drweb-postfix, ...)
и файловые (smb_spider, drweb-icapd)
Сканер нужен для проверки файлов на диске, список проверяемых файлов либо задается в
параметрах, либо читается со стандартного потока ввода. Для сканера нужна отдельная
лицензия.
Фильтры ничего не проверяют сами, только "умеют перехватывать" почту
(CommuniGate, Sendmail, ... ) и файлы (Samba, Squid) из соответствующих программ.
Для них лицензия не нужна, и даже исходные тексты некоторых из них доступны на сайте.
Таким образом, без работающего демона фильтры совершенно бесполезны.
Демон - это проверка файлов на диске и данных полученных им через сетевые соединения
от фильтров или других программ по специальному протоколу. Для демона существует два
вида лицензий, "почтовая (по адресам, по трафику)" и "файловая".
"Почтовая" лицензия нужна, если демон будет использоваться в паре с почтовыми
фильтрами.
"Файловая" лицензия нужна, если демон будет работать в паре с файловыми
фильтрами (Samba, Squid).
PS: Если куплена "файловая" лицензия, то демон НЕ будет проверять почту,
и наоборот. Можно купить обе лицензии сразу в одном ключе.
23) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Система FreeBSD 4.x (x =< 7). Поставил версию 4.31. Получаю:
/usr/local/drweb > ./drweb-smf.sh start
/usr/libexec/ld-elf.so.1: Undefined symbol "__stdoutp"
referenced from COPY relocation in /usr/local/drweb/drweb-smf
Что делать?
Ответ: Использовать drweb-smf.static, этот же совет касается всех остальных
фильтров.
24) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Установил Dr.Web Sendmail, но проверка почты не работает. В логе демона:
===
Daemon is installed, active interfaces: 127.0.0.1:3000
Unknown command received: 13!
===
(asv: либо, если включено использование russian.dwl)
===
Демон загружен, активные интерфейсы: 127.0.0.1:3000
Получена неизвестная команда: 13
===
Что делать?
Ответ: Прочитайте ответ на вопрос #19, у вас та же самая проблема.
25) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Система FreeBSD. Не работает фильтр правил (RejectCondition) в демоне, если
в правилах используется русский язык? Что делать?
Ответ: Во-первых, правила надо задавать только в кодировке KOI8-R.
Во-вторых, следует понимать, что если заголовок (например Subject:), который вы
хотите фильтровать, идет в 8bit (т.е. в нарушение стандарта на почту, т.к. должен
быть закодированы =?koi8-r?B?..?= или =?cp1251?Q?..?=, т.е. с указанием кодировки),
то он будет сравниваться без учета кодировки. Такие сообщения (идущие в 8bit) так же
могут быть заблокированы фильтром:
RejectCondition Subject = "8bit"
Ну и наконец, для пользователя, с правами которого работает демон, должна быть правильно
настроена локаль на KOI8-R:
1. В файл /etc/login.conf добавить (хотя обычно уже есть):
#
# Russian Users Accounts. Setup proper environment variables.
#
russian:Russian Users Accounts:\
:charset=KOI8-R:\
:lang=ru_RU.KOI8-R:\
:tc=default:
Для обновления /etc/login.conf.db:
# cap_mkdb /etc/login.conf
2. Теперь пользователю drweb надо указать, что он относится к классу russian:
# pw usermod drweb -L russian
3. Иногда надо в скрипте запуска демона добавить перед строкой "case "$1" in"
LC_ALL=ru_RU.KOI8-R
export LC_ALL
4. Перезапустить демона ...
26) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: На сайте http://www.testvirus.org решил проверить работу фильтра Dr.Web, но
из 25 тестов Dr.Web пропустил некоторые варианты. Как вы это прокомментируете?
Ответ: Ответ по состоянию сайта на 19 мая 2004 года, т.к. сайт мог измениться и тесты тоже,
у нас были пропущены следующие тесты:
Test #12: Eicar virus within a password protected ZIP file
Test #24: Test for the "Partial (Fragmented) Vulnerability". This does not include Eicar virus,
but your mail server still must block this since it can break a virus into multiple
emails and reassemble it in your inbox.
- Может быть заблокировано, если опцию SkipObject переключить с pass на
любое другое действие.
Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat)
- Формат TNEF на данный момент не разбирается.
Test #25: Attachment with a CLSID extension which may hide the real file extension. This does not
include Eicar virus, but your mail server still must block this since it can hide the
true extension of a file
- Сообщение не содержит вредоносного кода.
Test #16: Eicar string in HTML, to ensure that your mail server scans HTML segments
Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability"
Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability"
Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"
- В таком виде вирус не опасен и распространяться не будет, можно сказать, что просто мусор.
Кстати, сканер таки определяет вирус в #16 и #21, но в демоне более быстрый и простой разбор почты.
27) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: После очередного обновления версия 4.29.2 (или 4.29.5) стала "падать" на большом
кол-ве сообщений. Как объясните?
Ответ: Проблема не в базах (это легко проверить, если загрузить демона только с основной базой и
"проблемным" обновлением) - это ошибка в 4.29 (точнее в drweb32.dll версии 4.29). Таким образом,
единственным решением может быть обновление на более свежую версию, т.к. фиксов для старых версий
мы не выпускаем. Почему мы так делаем, читайте ответ на вопрос #0.
28) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: Я установил Dr.Web Daemon & Dr.Web Filter for Sendmail, вроде все настроил правильно
однако фильтр не стартует, а в /var/log/messages следующие сообщения:
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port 3000@localhost: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn 3000@localhost
или
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to bind to port local:/var/drweb/run/.daemon: Address already in use
Jun 10 13:24:04 host drweb-smf: Dr.Web (R) Filter for sendmail ver.4.32: Unable to create listening socket on conn local:/var/drweb/run/.daemon
Ответ: Вы указали в параметре MilterAddress секции [Mailer] файла drweb_smf.conf параметры
соединения с демоном, тогда как должно быть указано соединения для взаимодействия с
sendmail, это же соединение описывается в sendmail.cf. Т.е. должно быть так:
в drweb32.ini
Socket = 3000 localhost
в drweb_smf.conf:
[DaemonCommunication]
Address = inet:3000@localhost
...
[Mailer]
...
MilterAddress = inet:3001@localhost
и в sendmail.cf:
Xdrweb-filter, S=inet:3001@localhost, F=T, T=C:1m;S:5m;R:5m;E:1h
29) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: У меня установлен демон Dr.Web и почтовый фильтр, иногда я получаю на адрес администратора
сообщения, что какое-то сообщение не было проверно по причине:
The filter cannot connect to the DrWEB daemon
Как этого можно избежать в дальнейшем ?
Ответ: Есть две причины, по которым это могло произойти.
а) Резко скакнула нагрузка и просто переполнилась очередь соединений к демону.
б) Демон, по каким-то причинам был не доступен.
Есть два способа избежать этих проблем. Второй способ наиболее универсален (подойдет для обоих случаев).
i) Использовать несколько сокетов между демоном и фильтром. Пример конфигурации:
drweb32.ini:
Socket = /var/drweb/run/.drwebd
Socket = 3000 localhost
drweb_{mta}.conf: ({mta} = smf, cgp, postfix, exim, qmail, zmailer, courier or mio)
[DaemonCommunication]
Address = local:/var/drweb/run/.drwebd, inet:3000@localhost
Тем самым мы получим такой эффект: если к первому сокету коннект не прошел (там очередь переполнена),
то фильтр будет пытаться присоединиться ко второму.
ii) Намного более надежный и универсальный способ - использовать второго запущеного демона
(можно на этом же хосте, но лучше на другом), который и будет сглаживать пики нагрузки или недоступность
основного демона. Пример
drweb_{mta}.conf: ({mta} = smf, cgp, postfix, exim, qmail, zmailer, courier or mio)
[DaemonCommunication]
Address = local:/var/drweb/run/.drwebd, inet:3000@another.myhost.example.com
Замечание: Режим локального сканирования (LocalScan = yes) не будет работать в
фильтре для второго сокета даже если этот сокет обслуживается демоном установленным
на этом же хосте.
30) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Вопрос: После апгрейда на 4.32 появилась ошибка с отправкой многотомных архивов.
В drweb_{mta}.conf прописано:
SkipObject = pass
[SkipNotifications]
SenderNotify = yes
AdminNotify = yes
RcptsNotify = no
SenderTemplate = /usr/local/etc/drweb/templates/en-ru/sendmail/skip-sender.msg
AdminTemplate = /usr/local/etc/drweb/templates/en-ru/sendmail/skip-admin.msg
RcptsTemplate =
При этом само письмо доставляется, но одновременно идет и письмо с руганью,
которое я прицепил в аттаче.
Ответ: Это не ошибка - это нововведение в 4.32 - уведомления отсылаются даже если
для условия выставлено действие pass, т.е. единственным критерием слать\не слать
является секция [SkipNotifications]. Текст дефолтных уведомлений рассчитан,
естественно на случай reject\discard.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Автор: Сергей Ахапкин <asv@drweb.com>
$Revision: 1.8 $
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

16
opt/drweb/doc/daemon/daemon.mmc
View File

@@ -1,16 +0,0 @@
# Dr.Web (R) Components Monitor meta config file.
# Meta config file describes how a drweb-monitor program
# run applications
Application "DAEMON"
FullName "Dr.Web (R) Daemon"
Path "/opt/drweb/"
Depends "AGENT"
Components
# name args maxStartTime maxStopTime NotifyType UserGroup
drwebd "-a=local:/var/drweb/ipc/.agent --foreground=yes" 60 10 MAIL drweb:drweb
EndComponents
EndApplication

6
opt/drweb/doc/daemon/msg.tmpl
View File

@@ -1,6 +0,0 @@
Dear Administrator,
Your Dr.Web license key file $KEYFILENAME expires in $EXPIRATIONDAYS days
Dr.Web Daemon stops working after license key expiration.
License key number: $KEYNUMBER
License key activates: $KEYACTIVATES
License key expires: $KEYEXPIRES

1041
opt/drweb/doc/daemon/readme.daemon
View File

File diff suppressed because it is too large Load Diff

1071
opt/drweb/doc/daemon/readme.daemon.rus
View File

File diff suppressed because it is too large Load Diff

1071
opt/drweb/doc/daemon/readme.daemon.rus.utf8
View File

File diff suppressed because it is too large Load Diff