New beta release (F-Prot and Sophos/SAVI)

Raymond Dijkxhoorn raymond at PROLOCATION.NET
Sat Mar 29 19:50:12 GMT 2003 

Hi Julian,

> 1. Support for F-Prot 3.13 with its slightly different output format.
>
> 2. Support for the Perl SAVI module which uses Sophos Anti-Virus without
> any of the problems we have recently been having with "sweep" or
> "sophos-wrapper" taking ages to start. Step-by-step Installation
> instructions for the perl module are in the "Installation Guides" part of
> the docs.

Mar 29 20:36:50 master MailScanner[8187]: MailScanner E-Mail Virus Scanner
version 4.14-8 starting...
Mar 29 20:36:50 master MailScanner[8187]: Error in configuration file line
264, directory /usr/local/Sophos/ide for sophoside does not exist (or is
not readable)
Mar 29 20:37:00 master MailScanner[8209]: MailScanner E-Mail Virus Scanner
version 4.14-8 starting...
Mar 29 20:37:00 master MailScanner[8209]: Error in configuration file line
264, directory /usr/local/Sophos/ide for sophoside does not exist (or is
not readable)

I dont use Sophos at all, but it seems it still parses the config values
for that.

I commented out those one and it was running just fine, i would expect
however it would be ignored... Since thats what the config told me :)

I also noticed when i use the new setting:

Include Scanner Name In Reports = yes

It only reported one virus in the log, but i sended a test zip with 6. :)

Mar 29 20:43:29 master MailScanner[8749]: Virus Scanning: F-Prot found virus W32/Klez.H at mm
Mar 29 20:43:29 master MailScanner[8749]: Virus Scanning: f-prot found 6 infections
Mar 29 20:43:29 master MailScanner[8749]: Virus Scanning: Found 6 viruses

In the report file its okay:

    Report:

            F-Prot:
/var/spool/MailScanner/incoming/8749/h2TJhO209027/scanner.zip->MSO-Patch-0071.exe
Infection:W32/Lirva.D at mm
            F-Prot:
/var/spool/MailScanner/incoming/8749/h2TJhO209027/scanner.zip->name.exe
Infection: W32/Klez.H at mm
            F-Prot:
/var/spool/MailScanner/incoming/8749/h2TJhO209027/scanner.zip->setup.exe
Infection: W32/Klez.H at mm
            F-Prot:
/var/spool/MailScanner/incoming/8749/h2TJhO209027/scanner.zip->SQL_4_Free.scr
Infection: W32/Lentin.H at mm
            F-Prot:
/var/spool/MailScanner/incoming/8749/h2TJhO209027/scanner.zip->width.pif
Infection: W32/Klez.H at mm
            F-Prot:
/var/spool/MailScanner/incoming/8749/h2TJhO209027/scanner.zip->you.exe
Infection: W32/Klez.H at mm

But i guess the others also should be added in the logfile ? And not only
reporting it found one Klez, in fact it found 4 x Klez, 1 x Lentin and 1 x
Lirva...

Besides that its running ok it seems :)

To keep all the same i would also suggest to convert the one lowercase:

Virus Scanning: f-prot found 6 infections

Into

Virus Scanning: F-prot found 6 infections

  =)

Bye,
Raymond.

More information about the MailScanner mailing list