Mailscanner Newbie Questions

Julian Field jkf at ecs.soton.ac.uk
Sat Sep 29 17:28:56 IST 2001 

At 16:24 29/09/2001, you wrote:
>1. I've installed sophos and mailscanner and they seem to be working. I
>can identify and disinfect files using sweep. However, I do not seem to be
>cleaning e-mailed files that contain Eicar. How do I test mailscanner? I'm
>not seeing anything show up in the logs when I send through a virus test
>pattern in E-mail.

If the correct sendmail processes are running (that is, the ones from
MailScanner's init.d script and not from sendmail's), then if you talk to
your mail server on port 25 and send it a message containing Eicar, it
should be disinfected. If you call the sendmail binary itself (which your
mail client may well do by default), on the mail server, then it won't be
scanned (there's no real way to avoid this unless you want to turn your
/usr/sbin/sendmail into a little wrapper script to add extra command-line
options onto the sendmail command). Make sure your mail client is
configured to talk SMTP to your mail server.

Also, if you are not seeing *anything* from MailScanner in your maillog,
check the Installation FAQ on the web site about changing the syslogd
command-line options to enable Perl's syslog functions properly.

>2. Do I need to be running sendmail as well as Mailscanner? I.E. when the
>system boots, should it be loading sendmail and mailscanner from
>/etc/rc.d/init.d?

A "chkconfig --list | grep sendmail" should list sendmail as being off in
*all* runlevels. MailScanner runs its own 2 copies of sendmail from its
init.d script. Installing the MailScanner RPM should have disabled the
sendmail init.d script for you.

>3. What RPMS should I have to extract/test attachements? I just determined
>that I needed to install zip/unzip RPMS for the sohphos update files.. Am
>i missing something else?

You will need lynx for the sophos autoupdate script as well. Though that is
probably installed by default.

>Thanks.. mailscanner looks like it will do a GREAT deal of positive things
>here! I am psyched!

Glad to hear it!

I am about to release the next version (2.50) hopefully in the next week or
so, which will contain features to prevent against Denial Of Service
attacks, among other things. The upgrade should be fairly painless.

One thing to note: MailScanner does not require any changes to your
/etc/sendmail.cf file. Make sure you (and MailScanner's RPM!) have not
changed your sendmail.cf file. This is something that will be corrected in
2.50 (I'm removing the sendmail.cf file I currently provide, it causes more
trouble than it is worth).
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list