[Esd-l] Trapped zip file logging

Smart,Dan SmartD at VMCMAIL.com
Thu Mar 4 07:03:27 PST 2004

John, Could you modify your logging for zip files?
In my log I see the following:

 Checking ZIP archive "Info.zip" for poisoning.
  Decoding to "/tmp/mailchk.JyuzAS"
  Checking zipped "xvpol.exe"
   Trapped "xvpol.exe".

Could the last line say something like "Trapped zipped executable "

I parse these messages for reporting purposes, and this would make for a
simpler grep, as 

 Trapped excessively long header in
 Trapped poisoned executable 

Also will come back from a "Trapped" grep
I guess an egrep 'Trapped \"' would get what I want, but just a


More information about the esd-l mailing list