antivir

Erik Jakobsen eja at URBAKKEN.DK
Mon Feb 9 06:53:09 GMT 2004 

I have tested it looking into my maillog realtime.

But unfortunatley antivir is not present in the scanning ?:


Feb  9 07:49:31 gateway postfix/pipe[1676]: C3853C80F:
to=<peptalk at bigfoot.com>, relay=ccfilter, delay=2, status=sent (urbakken.dk)
Feb  9 06:49:31 gateway postfix/pickup[32464]: 888F3C812: uid=100
from=<eja at urbakken.dk>
Feb  9 06:49:31 gateway postfix/cleanup[1674]: 888F3C812:
message-id=<40272D9E.3040903 at urbakken.dk>
Feb  9 06:49:31 gateway postfix/nqmgr[31682]: 888F3C812:
from=<eja at urbakken.dk>, size=1662, nrcpt=1 (queue active)
Feb  9 06:49:31 gateway postfix/nqmgr[31682]: 888F3C812:
to=<peptalk at bigfoot.com>, relay=none, delay=0, status=deferred (deferred
transport)
Feb  9 07:49:32 gateway MailScanner[860]: New Batch: Scanning 1
messages, 1801 bytes
Feb  9 07:49:32 gateway MailScanner[860]: Virus and Content Scanning:
Starting
Feb  9 07:49:33 gateway MailScanner[860]:
/var/spool/MailScanner/incoming/860/888F3C812/eicar.com  Infection:
EICAR_Test_File
Feb  9 07:49:33 gateway MailScanner[860]: Virus Scanning: F-Prot found
virus EICAR_Test_File
Feb  9 07:49:33 gateway MailScanner[860]: Virus Scanning: F-Prot found 1
infections
Feb  9 07:49:35 gateway MailScanner[860]:
/var/spool/MailScanner/incoming/860/./888F3C812/eicar.com:
Eicar-Test-Signature FOUND
Feb  9 07:49:36 gateway MailScanner[860]: Virus Scanning: ClamAV found 1
infections
Feb  9 07:49:36 gateway MailScanner[860]: Infected message 888F3C812
came from 127.0.0.1
Feb  9 07:49:37 gateway MailScanner[860]: Filename Checks: Windows/DOS
Executable (eicar.com)
Feb  9 07:49:37 gateway MailScanner[860]: Other Checks: Found 1 problems
Feb  9 07:49:37 gateway MailScanner[860]: Saved infected "eicar.com" to
/var/spool/MailScanner/quarantine/20040209/888F3C812
Feb  9 01:49:37 gateway postfix/nqmgr[31729]: 7876323EE5:
from=<eja at urbakken.dk>, size=2905, nrcpt=1 (queue active)
Feb  9 07:49:37 gateway MailScanner[860]: Silent: Delivered 1 messages
containing silent viruses
Feb  9 01:49:37 gateway postfix/pickup[30831]: 5EB5423F00: uid=89
from=<postmaster>
Feb  9 01:49:37 gateway postfix/cleanup[1855]: 5EB5423F00:
message-id=<20040209064937.5EB5423F00 at gateway.urbakken.dk>
Feb  9 07:49:37 gateway MailScanner[860]: Notices: Warned about 1 messages


Julian Field wrote:
> Thanks for the server version. I installed my licence file into it (thanks
> to the AntiVir crew for that), and ran it on a message with a few copies of
> eicar in it. It detected all of them just fine.
>
> Here is an example report:
>
>> This is a message from the MailScanner E-Mail Virus Protection Service
>> ----------------------------------------------------------------------
>> The original e-mail attachment "eicar.zip"
>> was believed to be infected by a virus and has been replaced by this
>> warning
>> message.
>>
>> If you wish to receive a copy of the *infected* attachment, please
>> e-mail helpdesk and include the whole of this message
>> in your request. Alternatively, you can call them, with
>> the contents of this message to hand when you call.
>>
>> At Sun Feb  8 19:12:09 2004 the virus scanner said:
>>    AntiVir: ALERT: [Eicar-Test-Signatur virus] eicar.zip --> eicar.com
>> <<< =
>> Contains code of the Eicar-Test-Signatur virus
>
>
> I have now tested this on
>         AntiVir workstation 2.0.6
>         AntiVir workstation 2.1.0
>         AntiVir server 2.0.8
> and can confirm that they all work with MailScanner on my Linux systems.
>
> Please place a copy of eicar.com in a directory and run this command:
> /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir -allfiles -s -noboot
> -rs -z .
> The output should be this (except for the line about the Verlor.B virus)
>
> -----SNIP-----
> AntiVir / Linux Version 2.1.0-1
> Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
> All rights reserved.
>
> Loading /usr/lib/AntiVir/antivir.vdf ...
>
> VDF version: 6.23.0.60 created 06 Feb 2004
>
> For private, non-commercial use only.
> AntiVir license: 1001034888 for Julian Field, Southampton
>
> checking drive/path (list): .
> ALERT: [W97M/Verlor.B virus] ./barendsesaunastoom.doc <<< Contains code of
> the Word macro virus W97M/Verlor.B (removeable)
> ALERT: [Eicar-Test-Signatur virus] ./eicar.com <<< Contains code of the
> Eicar-Test-Signatur virus
>
>
> ----- scan results -----
>  directories:        1
>        files:        4
>       alerts:        2
>     repaired:        0
>      deleted:        0
>      renamed:        0
>    scan time: 00:00:01
> ------------------------
> Thank you for using AntiVir.
> -----SNIP-----
>
> Please let me know if your output matches this.
>
> At 18:38 08/02/2004, you wrote:
>
>> Julian Field wrote:
>>
>>> Can you try upgrading to 2.1.0 (on their website). My (licensed) copy is
>>> detecting viruses in emails just fine. Both inside and outside zip
>>> files.
>>> Everything just works, so I don't understand what problems other
>>> people are
>>> having.
>>
>>
>> Hi Julian.
>>
>> Just installe the 2.1.0. I think its working now, as I couldn't get a
>> message to mysef delivered cause of the eicar file. But I'll look at the
>> logfiles, and report to you.
>>
>>> At 15:33 08/02/2004, you wrote:
>>>
>>>> Julian Field wrote:
>>>>
>>>>> I have just tested against 2.1.0 (latest on their web site) and it
>>>>> works
>>>>> fine.
>>>>> Are you sure you have the licence key file installed into
>>>>> /usr/lib/AntiVir?
>>>>> It won't work without it.
>>>>
>>>>
>>>>
>>>> Yes I have:
>>>>
>>>> I have run the:
>>>>
>>>> /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir /tmp
>>>>
>>>> And the result is here:
>>>>
>>>> # /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir /tmp
>>>> AntiVir / Linux Version 2.0.9-16
>>>> Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
>>>> All rights reserved.
>>>>
>>>> Loading /usr/lib/AntiVir/antivir.vdf ...
>>>>
>>>> VDF version: 6.23.0.53 created 30 Jan 2004
>>>>
>>>> For private, non-commercial use only.
>>>> AntiVir license: 12345678 for Erik Jakobsen, Brovst
>>>>
>>>> checking drive/path (list): /tmp
>>>>
>>>> ----- scan results -----
>>>> directories: 1
>>>> files: 15
>>>> alerts: 0
>>>> scan time: 00:00:01
>>>> ------------------------
>>>> Thank you for using AntiVir.
>>>>
>>>>> At 14:08 08/02/2004, you wrote:
>>>>>
>>>>>> Hi.
>>>>>>
>>>>>> Is anybody here having success with antivir and MailScanner ?.
>>>>>> --
>>>>>> Erik
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Julian Field
>>>>> www.MailScanner.info
>>>>> Professional Support Services at www.MailScanner.biz
>>>>> MailScanner thanks transtec Computers for their support
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Erik
>>>
>>>
>>>
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> Professional Support Services at www.MailScanner.biz
>>> MailScanner thanks transtec Computers for their support
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>
>> --
>> Erik
>
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>

--
Med venlig hilsen - Best regards.
Erik Jakobsen - eja at urbakken.dk.
Licensed radioamateur with the callsign OZ4KK.
SuSE Linux 8.2 Proff.
Registered as user #319488 with the Linux Counter, http://counter.li.org.

More information about the MailScanner mailing list