F-PROT problem?
Vicente Guerrero M.
vguerrero at minar.com
Thu Nov 7 22:10:50 GMT 2002
Hi all, I just wanted to tell you I finally solved the problem whit f-prot. Im happy right now, and Im getting ready to check some other features in MailScanner.
Thanks to Julian and the people that helped me to solve the "f-prot mistery" :)
vgm
----- Original Message -----
From: Vicente Guerrero M.
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thursday, November 07, 2002 8:40 AM
Subject: Re: F-PROT problem?
I've tried the command you told me and it seems to be working ok since I got a summary of files been scanned. I checked the script and it seems to be right too. Some other clue?
Thanks
----- Original Message -----
From: Julian Field
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Thursday, November 07, 2002 5:02 AM
Subject: Re: F-PROT problem?
Something is going wrong in how MailScanner is calling your copy of F-Prot.
If you do these 2 commands, it should output some sort of summary showing how many files it scanned, at the very least.
cd /tmp
/usr/lib/MailScaner/f-prot-wrapper -old -archive -dumb .
(don't forget the dot on the end)
If you get some sort of "command not found" error, then you have installed your copy of F-Prot somewhere different than the standard location, and you will need to alter the f-prot-wrapper script so it calls it in the right place. That script is very simple, you'll soon work out what you need to change in it.
Let us know how you get on.
At 23:56 06/11/2002, you wrote:
I have RedHat 7.1, Sendmail8.9.3, MailScanner 4.04-1 and f-prot 3.12b.
Everything its seems to be working ok, but if I send a message from an external account (hotmail) with a virus attached, I have no warning about an infected message. I tried the EICAR_test file too, but nothing happened, I just get these lines in maillog:
Nov 6 17:34:11 ns0 sendmail[5914]: RAA05914: from=<user at hotmail.com>, size=96715, class=0, pri=126715, nrcpts=1, msgid=<OE17Bt3J3JCj2fBUA510000094e at hotmail.com>, proto=ESMTP, relay=oe17.law7.hotmail.com [216.33.236.121]
Nov 6 17:34:11 ns0 MailScanner[5190]: New Batch: Found 2 messages waiting
Nov 6 17:34:11 ns0 MailScanner[5190]: New Batch: Scanning 1 messages, 97125 bytes
Nov 6 17:34:12 ns0 MailScanner[5190]: Virus and Content Scanning: Starting
Nov 6 17:34:12 ns0 MailScanner[5190]: Uninfected: Delivered 1 messages
Nov 6 17:34:12 ns0 sendmail[5919]: RAA05914: to=<mail_user at minar.com>, delay=00:00:09, xdelay=00:00:00, mailer=local, stat=Sent
I tested f-prot manually and it says the infection is there (EICAR_test and an infected file (Magistr). I really apreciate your help to solve this issue.
BTW, I got warned about some infected messages, but they are the ones with IFrame tags in it.
Thanks in advance
(Sorry about my poor English)
vgm
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20021107/b91214e0/attachment.html
More information about the MailScanner
mailing list