MailScanner Internals

Clive Eisen clive at SERENDIPITA.COM
Fri Apr 16 14:51:07 IST 2004 

Steve Freegard wrote:

>Clive Eisen wrote:
>
>
>>Julian Field wrote:
>>
>>
>>
>>>At 11:50 16/04/2004, you wrote:
>>>
>>>
>>>
>>>>Julian - sorry to ask you directly but I suspect only you will know
>>>>the answer :-)
>>>>
>>>>In what combination of circumstances is $message->{virusinfected}
>>>>set?
>>>>
>>>>I have seen $message->{nameinfected} set and
>>>>$message->{othereinfected} set, but never $message->{virusinfected}
>>>>
>>>>I'm trying to write a custom function and am a bit puzzled.
>>>>
>>>>
>>>A quick grep of the code reveals that it is set in SweepViruses.pm
>>>when a virus report is merged into the list of all the reports for a
>>>batch. -- Julian Field
>>>www.MailScanner.info
>>>MailScanner thanks transtec Computers for their support
>>>
>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>Does that mean that it does not relate to an individual message?
>>
>>
>
>No - it is per message.
>
>
>
>>I have sent viruses and tried to check their value,
>>including, following
>>the recomendations in the other reply to this thread, in
>>Always Looked
>>Up Last and it's still not set
>>
>>
>
>Strange - I've only problems with the message object variables once before
>(yesterday in fact) on a new customers site, but the virusinfected value was
>set correctly, however $message->{allreports} only contained the report from
>one scanner (there should have been three reports) - I still haven't worked
>out what the problem is yet though.
>
>Which version of MailScanner are you running - and which virus scanners do
>you use?
>
>Try running this test code in CustomConfig.pm:
>
>sub InitVirusInfectedTest {
> ;
>}
>
>sub EndVirusInfectedTest {
> ;
>}
>
>sub VirusInfectedTest {
> my($message) = @_;
> my($id) = $message->{id};
> my($virusinfected) = $message->{virusinfected};
> MailScanner::Log::InfoLog("VirusInfectedTest saw: id=$id,
>virus=$virusinfected");
>}
>
>Then set:
>
>Always Looked Up Last = &VirusInfectedTest
>
>And watch /var/log/maillog for the message from this function as each
>message is processed and see what you get.
>
>
>
>>My point is - I cannot produce the circumstances when it is set or at
>>least, not during the processing of a given message at least.
>>
>>Ho Hum and thanks for your swift help.
>>
>>
>
>Kind regards,
>Steve.
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>
>
As you can see clamav sees the test virus - but it's not
reported........... thanks for the help

Apr 16 14:55:54 message1 MailScanner[23218]: MailScanner E-Mail Virus
Scanner version 4.30.1 starting...
Apr 16 14:55:54 message1 MailScanner[23218]: Config: calling custom init
function addenvfromheader
Apr 16 14:55:54 message1 MailScanner[23218]: Config: calling custom init
function VirusInfectedTest
Apr 16 14:55:54 message1 MailScanner[23218]: Config: calling custom init
function CM0Value
Apr 16 14:55:54 message1 MailScanner[23218]: Config: calling custom init
function spamscorenumberinsteadofstars
Apr 16 14:55:58 message1 MailScanner[23218]: lock.pl sees Config
LockType =  flock
Apr 16 14:55:58 message1 MailScanner[23218]: lock.pl sees have_module =  0
Apr 16 14:55:58 message1 MailScanner[23218]: Using locktype = flock
Apr 16 14:55:58 message1 MailScanner[23218]: New Batch: Scanning 1
messages, 1581 bytes
Apr 16 14:55:58 message1 MailScanner[23218]: MCP Checks completed at 0
bytes per second
Apr 16 14:55:58 message1 MailScanner[23218]: Spam Checks: Starting
Apr 16 14:55:58 message1 MailScanner[23218]: RBL Checks: returned 0
Apr 16 14:56:01 message1 MailScanner[23218]: SpamAssassin returned 0
Apr 16 14:56:01 message1 MailScanner[23218]: Message 25400 from
12.5.19.157 (tester at testvirus.org) to serendipita.com is not spam,
SpamAssassin (score=0, required 0, autolearn=not spam)
Apr 16 14:56:01 message1 MailScanner[23218]: Spam Checks completed at 0
bytes per second
Apr 16 14:56:01 message1 MailScanner[23218]: Created attachment dirs for
1 messages
Apr 16 14:56:01 message1 MailScanner[23218]: Virus and Content Scanning:
Starting
Apr 16 14:56:01 message1 MailScanner[23218]: Commencing scanning by
clamav...
Apr 16 14:56:01 message1 MailScanner[23218]:
/data/spool/MailScanner/incoming/23218/./25400/eicar.com:
Eicar-Test-Signature FOUND
Apr 16 14:56:01 message1 MailScanner[23218]: Completed scanning by clamav
Apr 16 14:56:01 message1 MailScanner[23218]: Virus Scanning: ClamAV
found 1 infections
Apr 16 14:56:01 message1 MailScanner[23218]: Virus Scanning: Found 1 viruses
Apr 16 14:56:01 message1 MailScanner[23218]: Filename Checks:
Windows/DOS Executable (25400 eicar.com)
Apr 16 14:56:01 message1 MailScanner[23218]: Filename Checks: Allowing
25400 msg-23218-1.txt
Apr 16 14:56:01 message1 MailScanner[23218]: Other Checks: Found 1 problems
Apr 16 14:56:01 message1 MailScanner[23218]: Virus Scanning completed at
0 bytes per second
Apr 16 14:56:01 message1 MailScanner[23218]: virusinfected:0
Apr 16 14:56:01 message1 MailScanner[23218]: nameinfected:1
Apr 16 14:56:01 message1 MailScanner[23218]: otherinfected:0
Apr 16 14:56:01 message1 MailScanner[23218]: About to deliver 1 messages
Apr 16 14:56:01 message1 MailScanner[23218]: Cleaned: Delivered 1
cleaned messages
Apr 16 14:56:01 message1 MailScanner[23218]: Notices: Warned about 1
messages
Apr 16 14:56:01 message1 MailScanner[23218]: Virus Processing completed
at 0 bytes per second
Apr 16 14:56:01 message1 MailScanner[23218]: Disinfection completed at 0
bytes per second
Apr 16 14:56:01 message1 MailScanner[23218]: Batch completed at 0 bytes
per second (0 / 3)
Apr 16 14:56:01 message1 MailScanner[23218]: VirusInfectedTest saw:
id=25400,
Apr 16 14:56:01 message1 MailScanner[23218]: virus=0
Apr 16 14:56:01 message1 MailScanner[23218]: Config: calling custom end
function addenvfromheader
Apr 16 14:56:01 message1 MailScanner[23218]: Config: calling custom end
function VirusInfectedTest
Apr 16 14:56:01 message1 MailScanner[23218]: Config: calling custom end
function CM0Value
Apr 16 14:56:01 message1 MailScanner[23218]: Config: calling custom end
function spamscorenumberinsteadofstars
Apr 16 14:56:01 message1 MailScanner[23218]: MailScanner child dying of
old age

More information about the MailScanner mailing list