F-PROT problem?

Vicente Guerrero M. vguerrero at minar.com
Thu Nov 7 22:10:50 GMT 2002


Hi all, I just wanted to tell you I finally solved the problem whit f-prot. Im happy right now, and Im getting ready to check some other features in MailScanner.



Thanks to Julian and the people that helped me to solve the "f-prot mistery" :)



vgm


  ----- Original Message ----- 
  From: Vicente Guerrero M. 
  To: MAILSCANNER at JISCMAIL.AC.UK 
  Sent: Thursday, November 07, 2002 8:40 AM
  Subject: Re: F-PROT problem?


  I've tried the command you told me and it seems to be working ok since I got a summary of files been scanned. I checked the script and it seems to be right too. Some other clue?


  Thanks
    ----- Original Message ----- 
    From: Julian Field 
    To: MAILSCANNER at JISCMAIL.AC.UK 
    Sent: Thursday, November 07, 2002 5:02 AM
    Subject: Re: F-PROT problem?


    Something is going wrong in how MailScanner is calling your copy of F-Prot.
    If you do these 2 commands, it should output some sort of summary showing how many files it scanned, at the very least.
            cd /tmp
            /usr/lib/MailScaner/f-prot-wrapper -old -archive -dumb .
    (don't forget the dot on the end)

    If you get some sort of "command not found" error, then you have installed your copy of F-Prot somewhere different than the standard location, and you will need to alter the f-prot-wrapper script so it calls it in the right place. That script is very simple, you'll soon work out what you need to change in it.

    Let us know how you get on.

    At 23:56 06/11/2002, you wrote:

      I have RedHat 7.1, Sendmail8.9.3, MailScanner 4.04-1 and f-prot 3.12b.
       
      Everything its seems to be working ok, but if I send a message from an external account (hotmail) with a virus attached, I have no warning about an infected message. I tried the EICAR_test file too, but nothing happened, I just get these lines in maillog:
       
      Nov  6 17:34:11 ns0 sendmail[5914]: RAA05914: from=<user at hotmail.com>, size=96715, class=0, pri=126715, nrcpts=1, msgid=<OE17Bt3J3JCj2fBUA510000094e at hotmail.com>, proto=ESMTP, relay=oe17.law7.hotmail.com [216.33.236.121]
      Nov  6 17:34:11 ns0 MailScanner[5190]: New Batch: Found 2 messages waiting 
      Nov  6 17:34:11 ns0 MailScanner[5190]: New Batch: Scanning 1 messages, 97125 bytes 
      Nov  6 17:34:12 ns0 MailScanner[5190]: Virus and Content Scanning: Starting 
      Nov  6 17:34:12 ns0 MailScanner[5190]: Uninfected: Delivered 1 messages 
      Nov  6 17:34:12 ns0 sendmail[5919]: RAA05914: to=<mail_user at minar.com>, delay=00:00:09, xdelay=00:00:00, mailer=local, stat=Sent
      I tested f-prot manually and it says the infection is there (EICAR_test and an infected file (Magistr). I really apreciate your help to solve this issue.
       
       
      BTW, I got warned about some infected messages, but they are the ones with IFrame tags in it. 
       
       
      Thanks in advance
       
       
      (Sorry about my poor English)
       
       
      vgm


    --
    Julian Field                Teaching Systems Manager
    jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
    Tel. 023 8059 2817          University of Southampton
                                Southampton SO17 1BJ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20021107/b91214e0/attachment.html


More information about the MailScanner mailing list