preliminary Trend Interscan/Filescan support

Mon Aug 12 20:54:28 IST 2002

At 20:21 12/08/2002, you wrote:
>Julian, Nick and other Mailscanner users,
>
>I've started to add support for Trend Micro Interscan /
>Filescan (both come with the command scanner /etc/iscan/vscan).
>The filescanner is free for personnal use and there is some
>evaluation version for Interscan Viruswall which can be
>downloaded at http://www.antivirus.com/download (versions exist
>for HP-UX, Linux, Solaris.
>
>Here's attached a diff of sweep.pl for MailScanner-3.22-11 and
>the wrapper script.
>
>It's not working completely yet : I'm getting some errors I
>don't understand while sending some viruses :

You need to remove all of the directory components from the filename
reported by Trend. Take a look at the McAfee parser, it removes all the
leading directory components for exactly the same reason. That will solve
most/all of your problems.

>in the syslog log I get :
>Aug 12 21:22:05 angel mailscanner[4648]: Going to scan 1 messages
>Aug 12 21:22:05 angel mailscanner[4648]: Commencing scanning by trend...
>Aug 12 21:22:06 angel mailscanner[4648]: *** Found virus WORM_FRETHEM.L in
>file /var/spool/MailScanner/incoming/g7CJLkJs004645/sample
>Aug 12 21:22:06 angel mailscanner[4648]: Completed scanning by trend
>Aug 12 21:22:06 angel mailscanner[4648]: Found 1 viruses in messages var
>Aug 12 21:22:06 angel mailscanner[4648]: Scanned 1 messages, 68245 bytes
>in 1 seconds
>Aug 12 21:22:06 angel mailscanner[4648]: Saved infections to
>/var/spool/MailScanner/quarantine/20020812/var
>Aug 12 21:22:06 angel mailscanner[4648]: About to deliver 1 messages
>Aug 12 21:22:06 angel mailscanner[4648]: Deleting unparsable message var
>from queue
>Aug 12 21:22:06 angel mailscanner[4648]: About to deliver 1 messages
>Aug 12 21:22:06 angel mailscanner[4648]: Notified postmaster about 1
>infections
>Aug 12 21:22:06 angel mailscanner[4648]: Looks like a problem... dumping
>status information
>Aug 12 21:22:06 angel mailscanner[4648]: Minimum acceptable stability = 4
>(supported)
>Aug 12 21:22:06 angel mailscanner[4648]: Using Scanner "trend"
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "antivir": scanning code
>status 1 - disinfect code status 1
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "f-secure": scanning code
>status 3 - disinfect code status 3
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "none": scanning code
>status 0 - disinfect code status 0
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "nod32": scanning code
>status 4 - disinfect code status 4
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "inoculate": scanning
>code status 4 - disinfect code status 4
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "inoculan": scanning code
>status 4 - disinfect code status 4
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "mcafee": scanning code
>status 4 - disinfect code status 4
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "panda": scanning code
>status 1 - disinfect code status 1
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "kaspersky": scanning
>code status 3 - disinfect code status 2
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "rav": scanning code
>status 1 - disinfect code status 1
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "sophos": scanning code
>status 4 - disinfect code status 4
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "trend": scanning code
>status 4 - disinfect code status 2
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "command": scanning code
>status 4 - disinfect code status 4
>Aug 12 21:22:06 angel mailscanner[4648]: Scanner "f-prot": scanning code
>status 4 - disinfect code status 4
>Aug 12 21:22:06 angel mailscanner[4648]: FATAL: Encountered code that does
>not meet configured acceptable stability
>Aug 12 21:22:06 angel mailscanner[4648]: FATAL: *Please go and READ*
>http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml
>
>=> I don't get it. Why "Deleting unparsable message var from queue" ?
>
>The mail I get back is :
>=============
>Date: Mon, 12 Aug 2002 21:22:06 +0200
>From: "MailScanner" <postmaster at angel.faithnomore.org>
>Subject: Warning: E-mail viruses detected
>To: postmaster at angel.faithnomore.org
>
>The following e-mail messages were found to have viruses in them:
>
>    Sender:
>Recipient:
>   Subject:
>MessageID: var
>    Report: *** Found virus WORM_FRETHEM.L in file
> /var/spool/MailScanner/incoming/g7CJLkJs004645/sample
>
>--
>MailScanner
>Email Virus Scanner
>=============
>
>
>
> >From time to time while restarting mailscanner (I've not launched it
> through some cron) I also get :
>( cd  /  ; /opt/mailscanner/bin/mailscanner  )
>In Debugging mode, not forking...
>/bin/cp: cannot stat `/var/spool/MailScanner/incoming/var/spool': No such
>file or directory
>FATAL: *Please go and READ*
>http://www.sng.ecs.soton.ac.uk/mailscanner/install/codestatus.shtml at
>/opt/mailscanner/bin/logger.pl line 64.
>
>regards,
>
>SL/
>---
>Stephane Lentz / Alcanet International - Internet Services
>

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ