HELP - Viruses are not detected

Julian Field mailscanner at ecs.soton.ac.uk
Sat Mar 8 18:19:33 GMT 2003 

At 14:44 08/03/2003, you wrote:
>Hi,
>
>I just noticed something very strange: the filename.rules.conf is not
>obeyed and no viruses are caught (tested with EICAR). This is incoming
>and outgoing... I first noticed this with 4.13-3. Could this be a bug?
>
>My config should be ok.
>
>Virus Scanning = yes
>Virus Scanners = mcafee f-prot
>Filename Rules = /usr/local/MailScanner/etc/filename.rules.conf
>Virus Scanner Definitions =
>/usr/local/MailScanner/etc/virus.scanners.conf

By default these files are in /opt/MailScanner, not /usr/local/MailScanner.
If you are really using /usr/local/MailScanner/etc for these, where have
you put the -wrapper scripts? Does the location of your -wrapper scripts
match with the contents of you virus.scanners.conf file?
If you are using a mixture of /opt and /usr/local, that could cause you all
sorts of problems with settings not matching up with the right locations.

It looks like you have got the 2 directories confused a bit.

In the conf file you mailed me, you hadn't set the "Run as user" or "run as
group" options, which are normally used for Exim setups.


>This is the virus.scanners.conf:
>
># This is a list of the names of the virus scanning engines, along with
>the
># filename of the command or script to run to invoke each one.
>sophos          /opt/MailScanner/lib/sophos-wrapper
>f-prot          /usr/local/MailScanner/lib/f-prot-wrapper
>mcafee          /usr/local/MailScanner/lib/mcafee-wrapper
>rav             /opt/MailScanner/lib/rav-wrapper
>kaspersky       /opt/MailScanner/lib/kaspersky-wrapper
>panda           /opt/MailScanner/lib/panda-wrapper
>f-secure        /opt/MailScanner/lib/f-secure-wrapper
>clamav          /opt/MailScanner/lib/clamav-wrapper
>trend           /opt/MailScanner/lib/trend-wrapper
>antivir         /usr/lib/Antivir/antivir
>none            /bin/false
>
>I checked this and running /usr/local/MailScanner/lib/mcafee-wrapper on
>the eicar test file works and reports this as a virus.
>
>What am I missing here? I switched from sendmail to exim, could this
>have to do anything with it?
>
>Help please,
>   Jan-Peter

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list