Antivir and Clam patches

Marcel Blenkers marcel at IRC-ADDICTS.DE
Mon Aug 16 12:29:14 IST 2004 

Hi there,

this is my logfile :)

as you can see, it is able to start unrar (v3.0) and it does find the
eicar-test-file ;)


ok...the virus was not delivered :) but it was able to be found..

greetings

Marcel

Aug 16 13:24:53 marcel sendmail-in[5760]: i7GBOrV9005760:
from=<emailcheck-robot at ct.heise.de>, size=1927, class=0, nrcpts=1,
msgid=<E1Bwfbe-0001vF-00.octo13 at www.heise.de>, proto=ESMTP, daemon=MTA,
relay=www.heise.de [193.99.144.71]
Aug 16 13:24:58 marcel MailScanner[4290]: New Batch: Scanning 1 messages,
2405 bytes
Aug 16 13:25:03 marcel MailScanner[4290]: Virus and Content Scanning:
Starting
Aug 16 13:25:05 marcel MailScanner[4290]: UNRAR 3.00 freeware
Copyright (c) 1993-2002 Eugene Roshal
Aug 16 13:25:05 marcel MailScanner[4290]: ProcessClamAVOutput:
unrecognised line "UNRAR 3.00 freeware      Copyright (c) 1993-2002 Eugene
Roshal". Please contact the authors!
Aug 16 13:25:05 marcel MailScanner[4290]:
/tmp/clamav.5769/clamav-0b4a8acd6ce7803c/eicar.com: Eicar-Test-Signature
FOUND
Aug 16 13:25:05 marcel MailScanner[4290]:
/tmp/clamav.5769/clamav-97b9ca7490022e33/eicar.rar: Infected Archive FOUND
Aug 16 13:25:05 marcel MailScanner[4290]: (Real infected archive:
/var/spool/MailScanner/incoming/4290/./i7GBOrV9005760/eicar.rar)
Aug 16 13:25:05 marcel MailScanner[4290]: Virus Scanning: ClamAV found 3
infections
Aug 16 13:25:05 marcel MailScanner[4290]: Infected message i7GBOrV9005760
came from 193.99.144.71
Aug 16 13:25:05 marcel MailScanner[4290]: Saved infected "eicar.rar" to
/var/spool/MailScanner/quarantine/20040816/i7GBOrV9005760
Aug 16 13:25:06 marcel MailScanner[4290]: Silent: Delivered 1 messages
containing silent viruses
Aug 16 13:25:06 marcel sendmail[5791]: i7GBP6lc005791: from=postmaster,
size=1164, class=0, nrcpts=1,
msgid=<200408161125.i7GBP6lc005791 at marcel.netfinish.de>,
relay=root at localhost
Aug 16 13:25:06 marcel sendmail-in[5795]: i7GBP6V9005795:
from=<postmaster at marcel.netfinish.de>, size=1435, class=0, nrcpts=1,
msgid=<200408161125.i7GBP6lc005791 at marcel.netfinish.de>, proto=ESMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Aug 16 13:25:07 marcel sendmail[5791]: i7GBP6lc005791: to=postmaster,
delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30073,
relay=localhost.netfinish.de. [127.0.0.1], dsn=2.0.0, stat=Sent
(i7GBP6V9005795 Message accepted for delivery)
Aug 16 13:25:07 marcel MailScanner[4290]: Notices: Warned about 1 messages
Aug 16 13:25:07 marcel MailScanner[4290]: New Batch: Scanning 1 messages,
1908 bytes
Aug 16 13:25:13 marcel MailScanner[4290]: Virus and Content Scanning:
Starting
Aug 16 13:25:15 marcel MailScanner[4290]: Uninfected: Delivered 1 messages
Aug 16 13:25:17 marcel sendmail[5790]: i7GBOrV9005760:
to=<marcel at irc-addicts.de>, delay=00:00:24, xdelay=00:00:11, mailer=local,
pri=120515, dsn=2.0.0, stat=Sent
Aug 16 13:25:19 marcel sendmail[5822]: i7GBP6V9005795: to=root,
delay=00:00:13, xdelay=00:00:04, mailer=local, pri=120344, dsn=2.0.0,
stat=Sent



On Mon, 16 Aug 2004, Julian Field wrote:

> And did you have the permissions etc setup so that the clamav user could
> read the files when running the unrar program. And have you told it where
> to find the unrar program?
> What did your logs say when you scanned the eicar.rar--->eicar.com file?
>
> At 12:05 16/08/2004, you wrote:

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list