SV: eTrust Inoculate

Anders Andersson, IT andersan at LTKALMAR.SE
Tue Jul 1 12:15:59 IST 2003 

> -----Ursprungligt meddelande-----
> Från: Tony Johansson [mailto:tony.johansson at SVENSKAKYRKAN.SE] 
> Skickat: den 11 juni 2003 16:26
> Till: MAILSCANNER at JISCMAIL.AC.UK
> Ämne: eTrust Inoculate
> 
> 
> I have problems getting eTrust inoculate to work with MailScanner.

Did you find any solution to this problem?

> 
> Details:
> 
> eTrust version: eTrust Antivirus for Linux (Build 1892) (from 
> the eTrust AntiVirus version 7 CD)
> Os: Red Hat 7.3 with default sendmail
> MailScanner: 4.21-9
> 
> Virus scanner in MailScanner.conf is set to f-prot and 
> inoculate. F-prot finds viruses, inoculate does not and 
> theres nothing in the maillog about inoculate.
> 
> incoulate-wrapper DOES work however, see following output:
> 
> "[root at localhost viruses]# 
> /usr/lib/MailScanner/inoculate-wrapper . File 
> /tmp/viruses/./BUG.0LL is infected by virus: 
> Win32/Bugbear.Worm File /tmp/viruses/./BUGBEAR.0OM is 
> infected by virus: Win32/Bugbear.Worm File 
> /tmp/viruses/./klez.0OM is infected by virus: 
> Win32/Klez.H.Worm File /tmp/viruses/./sircam.0OM is infected 
> by virus: Win32/SirCam.Worm
> 
> Total Files Scanned:             8
> Total Viruses Found:             4
> Total Infected Files Found:      4
> Scan Mode:                       Secure
> 
> *** End Of Summary *** "
> 
> 
> Version info and options of inocmd32:
> 
> [root at localhost MailScanner]# inocmd32
> 
> InoculateIT Engine version:                 23.61.00    2003/04/08
> InoculateIT Signature version:  virsig.da0  23.61.46    2003/06/10
> 
>    Usage:inocmd32 [ -options ] file|directory|drive ...
> -options:
>         : ENG <engine>
>               <engine>  can be one of: Ino or Vet
>         : MOD <mod>  Scan mode
>               <mod>  can be one of: Secure or Reviewer 
> (default Secure)
>         : ACT <action>  Infected file action
>               <action>  can be one of: Cure, Rename, Delete or Move
>         : EXE  Specified files
>                (based on the 'Specified' extension list)
>         : EXC  Exclude files
>                (based on the 'Exclude' extension list)
>         : ARC  Scan archive files
>         : NEX  Detect compressed files by content, not file extension
>         : NOS  No subdirectory traverse
>         : FIL:<pattern>  Only scan files that match <pattern> (shell
> wildcard)
>         : SCA <action>  Special Cure Action (ACT must be set to Cure)
>               <action> can be one of: CB (Copy Before), DT 
> (Delete Trojan),
>                 RF (Rename if cure fails) or MF (Move if cure fails)
>         : MCA <action>  Macro Cure Action
>               <action> can be either: RA (remove all) or RI (remove
> infected)
>         : SPM <mode>  Special Mode
>               <mode> can only be: H (heuristics)
>         : SFI  Stop at first infection in archive
>         : SRF  Skip regular file scanning of archives
>         : LIS:<file>  Create scan report file <file>
>         : APP:<file>  Append scan report to file <file>
>         : UNI  / is directory separator rather than switch introducer
>         : VER  Verbose mode
>         : COU:<n>  Message every <n> scanned files
>         : COU  Message every 1000 scanned files
>         : SIG  Display signature version numbers
>         : SIG:<dir>  Display signature version numbers of
>                      engine located in <dir>
>         : HEL or ?  Display this help
> file|directory|drive ...: Specify at least one file, 
> directory or drive 
> file|directory|to
> scan
> 
> 
> 
> regards, Tony
>

More information about the MailScanner mailing list