Antivir not being called

Drew Marshall drew at THEMARSHALLS.CO.UK
Wed Apr 14 00:56:40 IST 2004 

Sorry guys, your the last resort (In the nicest possible way!)  :-)

I have my mail gateway on a FreeBSD machine running Postfix and MS. MS
runs F-Prot, Clam and Antivir as well as SpamAssassin etc. All was going
well until I had to rebuild the machine following a hard drive failure.
I updated every thing to the latest releases and now for what ever
reason Antivir isn't called by MailScanner.

The MailScanner.conf shows all three scanners listed, no problem.
Antivir runs fine from shell and I have even managed to get it to scan
fine using the MailScanner wrapper script but when I pass the test virus
through MailScanner, it doesn't want to know.

Not much in the logs I'm afraid

 00:41:48 mail MailScanner[2031]: Password-protected archive (eicar.zip)
in EE3D79B430
 00:41:55 mail MailScanner[2031]: Virus and Content Scanning: Starting
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/EE3D79B430/eicarcom2.zip->eicar_c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/EE3D79B430/eicar_com.zip->eicar.c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/EE3D79B430/eicar.zip->eicar.com
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/73D839B42F/eicarcom2.zip->eicar_c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/73D839B42F/eicar_com.zip->eicar.c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/2F37E9B42D/eicarcom2.zip->eicar_c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/2F37E9B42D/eicar_com.zip->eicar.c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/75DC69B42E/eicarcom2.zip->eicar_c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/75DC69B42E/eicar_com.zip->eicar.c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/5A8CA9B424/eicarcom2.zip->eicar_c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]:
/tmp/MailScanner/incoming/2031/5A8CA9B424/eicar_com.zip->eicar.c
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found virus
EICAR_Test_File
 00:41:56 mail MailScanner[2031]: Virus Scanning: F-Prot found 11 infections
 00:41:56 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./EE3D79B430/eicarcom2.zip
 00:41:56 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./EE3D79B430/eicar_com.zip
 00:41:56 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./73D839B42F/eicarcom2.zip
 00:41:56 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./73D839B42F/eicar_com.zip
 00:41:56 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./2F37E9B42D/eicarcom2.zip
 00:41:57 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./2F37E9B42D/eicar_com.zip
 00:41:57 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./75DC69B42E/eicarcom2.zip
 00:41:57 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./75DC69B42E/eicar_com.zip
 00:41:57 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./5A8CA9B424/eicarcom2.zip
 00:41:57 mail MailScanner[2031]: INFECTED:: Eicar-Test-Signature::
./5A8CA9B424/eicar_com.zip
 00:41:58 mail MailScanner[2031]: Virus Scanning: ClamAV Module found 10
infections

The difference in totals between Clam & F-Prot is a password protected
zip file, which F-Prot has managed to 'guess' as a virus where as I have
turned that off in Clam to let MS block it.

Any ideas any one??

Drew

--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

More information about the MailScanner mailing list