MailScanner and inoculan configuration

Tommaso Pecorella pecos at LENST.DET.UNIFI.IT
Wed Jun 18 00:02:57 IST 2003 

On Martedì, giu 17, 2003, at 21:34 Europe/Rome, Julian Field wrote:

> At 19:29 17/06/2003, you wrote:
>
>
>> On Martedì, giu 17, 2003, at 19:02 Europe/Rome, Julian Field wrote:
>>
>>> At 14:04 17/06/2003, you wrote:
>>>> Hi, I just installedMailScanner and inoculan (the freeware CAI 
>>>> antivirus),
>>>> but I have some problems.
>>>> Everything seems ok, but all e-mails are marked as "Unscanned".
>>>> How can I track down the problem ?
>>>> Note that MailScanner seems to work fine, and inocucmd is working 
>>>> too.
>>>> Thank you, Tommaso.
>>>> PS: a little system infos: I have a "plain" RedHat 8.0 and I have
>>>> installed all with root permissions.
>>>
>>> Do you have "Virus Scanning = yes" set, and "Virus Scanners = 
>>> inoculan" set
>>> in MailScanner.conf?
>>
>> Of course.
>>
>> I tried to put some debug code (actually a simple log message) in the 
>> inoculan wrapper, but it's not shown when MailScanner claims to be 
>> calling the antivirus.
>>
>> Any hint to go further in the debug ?
>
> For it to label them unscanned, the virus scanners will never be 
> called. Just to confirm, you are getting
> X-MailScanner: Unscanned
> headers in your mail?
>
> I haven't ever seen this before, and am at a bit of a loss to know why.
>
> Can you check that the inoculan wrapper works?
>         cd /tmp
>         /usr/lib/MailScanner/inoculan-wrapper -nex -rev .
> (don't forget the "." on the end of that).

I did a little debug session.
The header (strnge one indeed) is:
X-Mailscanner: Found to be clean, Found to be clean, Not scanned: 
please contact your Internet E-Mail Service Provider for details
It's from a recent e-mail from the MAILSCANNER list. Please, let me 
know what it means.

BTW, I found a little bug. It's a bug in inocucmd itself, however it 
seems to be a nasty one.
If you launch inocucmd from the command line, you MUST launch it from 
the inocucmd directory, otherwise it does not find the virus data file.

example:

---- begin right directory -----
[root at lenst tmp]# cd /usr/local/inoculan/
[root at lenst inoculan]# ./inocucmd

    Usage: ./inocucmd [ -options ] file|directory ...
           (Choose zero or one of FST, SEC or REV)

-options: FST  Fast scan (default)
[...]
file|directory ...: Specify at least one file or directory to scan

Engine version: 43.00 2003/04/08
   Data version: 43.48 2003/06/12
---- end right directory -----

---- begin WRONG directory -----
[root at lenst tmp]# /usr/local/inoculan/inocucmd

    Usage: /usr/local/inoculan/inocucmd [ -options ] file|directory ...
           (Choose zero or one of FST, SEC or REV)

-options: FST  Fast scan (default)
[...]
file|directory ...: Specify at least one file or directory to scan

Error loading data
Engine version: 43.00 2003/04/08
   Data version: 02.67 1984/00/17
---- end WRONG directory -----

Note that when you launch inocucmd from the /tmp directory (as an 
example), it claims that there is an error in loading data _and_ that 
the data version is 1984.

Another example:
[root at lenst pecos]# /usr/local/inoculan/inocucmd Decreto.gz
----------./Decreto.gz
Failed to extract ./Decreto.gz:Decreto.rtf.scr
Reason:10

Total Files Scanned:        1
Total Bytes Scanned:        70374
Total Viruses Found:        0
Total Infected Files Found: 0
Scan Type:                  Fast

*** End Of Summary ***

while

[root at lenst inoculan]# ./inocucmd /home/pecos/Decreto.gz
----------/home/pecos/Decreto.gz
[/home/pecos/Decreto.gz:Decreto.rtf.scr] was infected by virus 
[Win32/BugBear.B.Dropped.Worm]

Total Files Scanned:        1
Total Bytes Scanned:        72192
Total Viruses Found:        1
Total Infected Files Found: 1
Scan Type:                  Fast

*** End Of Summary ***

Pretty nasty, isn't it ?

Unfortunately I don't know exactly how and when the wrapper is called, 
so I can't provide a workaround right now, but I think that the 
solution is pretty strightforward.

Thank you for your assistance, I hope to be able (with your help) to 
have MailScanner fully working as soon as possible.

Best regards, Tommaso ;-{))



---
Tommaso Pecorella - Ph.D.

CNIT Research Scientist
Università di Firenze Unit

email: tommaso.pecorella at cnit.it
       pecos at lenst.det.unifi.it

phone1: +39-0574-440708
phone2: +39-055-4796485
mobile: +39-348-0176826
fax:    +39-055-4796485

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 4434 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030618/0d35f662/attachment.bin

More information about the MailScanner mailing list