antivir

Erik Jakobsen eja at URBAKKEN.DK
Mon Feb 9 07:07:11 GMT 2004


I forgot to mention, that I don't use the avguard.

Erik Jakobsen wrote:
> I have tested it looking into my maillog realtime.
>
> But unfortunatley antivir is not present in the scanning ?:
>
>
> Feb  9 07:49:31 gateway postfix/pipe[1676]: C3853C80F:
> to=<peptalk at bigfoot.com>, relay=ccfilter, delay=2, status=sent
> (urbakken.dk)
> Feb  9 06:49:31 gateway postfix/pickup[32464]: 888F3C812: uid=100
> from=<eja at urbakken.dk>
> Feb  9 06:49:31 gateway postfix/cleanup[1674]: 888F3C812:
> message-id=<40272D9E.3040903 at urbakken.dk>
> Feb  9 06:49:31 gateway postfix/nqmgr[31682]: 888F3C812:
> from=<eja at urbakken.dk>, size=1662, nrcpt=1 (queue active)
> Feb  9 06:49:31 gateway postfix/nqmgr[31682]: 888F3C812:
> to=<peptalk at bigfoot.com>, relay=none, delay=0, status=deferred (deferred
> transport)
> Feb  9 07:49:32 gateway MailScanner[860]: New Batch: Scanning 1
> messages, 1801 bytes
> Feb  9 07:49:32 gateway MailScanner[860]: Virus and Content Scanning:
> Starting
> Feb  9 07:49:33 gateway MailScanner[860]:
> /var/spool/MailScanner/incoming/860/888F3C812/eicar.com  Infection:
> EICAR_Test_File
> Feb  9 07:49:33 gateway MailScanner[860]: Virus Scanning: F-Prot found
> virus EICAR_Test_File
> Feb  9 07:49:33 gateway MailScanner[860]: Virus Scanning: F-Prot found 1
> infections
> Feb  9 07:49:35 gateway MailScanner[860]:
> /var/spool/MailScanner/incoming/860/./888F3C812/eicar.com:
> Eicar-Test-Signature FOUND
> Feb  9 07:49:36 gateway MailScanner[860]: Virus Scanning: ClamAV found 1
> infections
> Feb  9 07:49:36 gateway MailScanner[860]: Infected message 888F3C812
> came from 127.0.0.1
> Feb  9 07:49:37 gateway MailScanner[860]: Filename Checks: Windows/DOS
> Executable (eicar.com)
> Feb  9 07:49:37 gateway MailScanner[860]: Other Checks: Found 1 problems
> Feb  9 07:49:37 gateway MailScanner[860]: Saved infected "eicar.com" to
> /var/spool/MailScanner/quarantine/20040209/888F3C812
> Feb  9 01:49:37 gateway postfix/nqmgr[31729]: 7876323EE5:
> from=<eja at urbakken.dk>, size=2905, nrcpt=1 (queue active)
> Feb  9 07:49:37 gateway MailScanner[860]: Silent: Delivered 1 messages
> containing silent viruses
> Feb  9 01:49:37 gateway postfix/pickup[30831]: 5EB5423F00: uid=89
> from=<postmaster>
> Feb  9 01:49:37 gateway postfix/cleanup[1855]: 5EB5423F00:
> message-id=<20040209064937.5EB5423F00 at gateway.urbakken.dk>
> Feb  9 07:49:37 gateway MailScanner[860]: Notices: Warned about 1 messages
>
>
> Julian Field wrote:
>
>> Thanks for the server version. I installed my licence file into it
>> (thanks
>> to the AntiVir crew for that), and ran it on a message with a few
>> copies of
>> eicar in it. It detected all of them just fine.
>>
>> Here is an example report:
>>
>>> This is a message from the MailScanner E-Mail Virus Protection Service
>>> ----------------------------------------------------------------------
>>> The original e-mail attachment "eicar.zip"
>>> was believed to be infected by a virus and has been replaced by this
>>> warning
>>> message.
>>>
>>> If you wish to receive a copy of the *infected* attachment, please
>>> e-mail helpdesk and include the whole of this message
>>> in your request. Alternatively, you can call them, with
>>> the contents of this message to hand when you call.
>>>
>>> At Sun Feb  8 19:12:09 2004 the virus scanner said:
>>>    AntiVir: ALERT: [Eicar-Test-Signatur virus] eicar.zip --> eicar.com
>>> <<< =
>>> Contains code of the Eicar-Test-Signatur virus
>>
>>
>>
>> I have now tested this on
>>         AntiVir workstation 2.0.6
>>         AntiVir workstation 2.1.0
>>         AntiVir server 2.0.8
>> and can confirm that they all work with MailScanner on my Linux systems.
>>
>> Please place a copy of eicar.com in a directory and run this command:
>> /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir -allfiles -s
>> -noboot
>> -rs -z .
>> The output should be this (except for the line about the Verlor.B virus)
>>
>> -----SNIP-----
>> AntiVir / Linux Version 2.1.0-1
>> Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
>> All rights reserved.
>>
>> Loading /usr/lib/AntiVir/antivir.vdf ...
>>
>> VDF version: 6.23.0.60 created 06 Feb 2004
>>
>> For private, non-commercial use only.
>> AntiVir license: 1001034888 for Julian Field, Southampton
>>
>> checking drive/path (list): .
>> ALERT: [W97M/Verlor.B virus] ./barendsesaunastoom.doc <<< Contains
>> code of
>> the Word macro virus W97M/Verlor.B (removeable)
>> ALERT: [Eicar-Test-Signatur virus] ./eicar.com <<< Contains code of the
>> Eicar-Test-Signatur virus
>>
>>
>> ----- scan results -----
>>  directories:        1
>>        files:        4
>>       alerts:        2
>>     repaired:        0
>>      deleted:        0
>>      renamed:        0
>>    scan time: 00:00:01
>> ------------------------
>> Thank you for using AntiVir.
>> -----SNIP-----
>>
>> Please let me know if your output matches this.
>>
>> At 18:38 08/02/2004, you wrote:
>>
>>> Julian Field wrote:
>>>
>>>> Can you try upgrading to 2.1.0 (on their website). My (licensed)
>>>> copy is
>>>> detecting viruses in emails just fine. Both inside and outside zip
>>>> files.
>>>> Everything just works, so I don't understand what problems other
>>>> people are
>>>> having.
>>>
>>>
>>>
>>> Hi Julian.
>>>
>>> Just installe the 2.1.0. I think its working now, as I couldn't get a
>>> message to mysef delivered cause of the eicar file. But I'll look at the
>>> logfiles, and report to you.
>>>
>>>> At 15:33 08/02/2004, you wrote:
>>>>
>>>>> Julian Field wrote:
>>>>>
>>>>>> I have just tested against 2.1.0 (latest on their web site) and it
>>>>>> works
>>>>>> fine.
>>>>>> Are you sure you have the licence key file installed into
>>>>>> /usr/lib/AntiVir?
>>>>>> It won't work without it.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Yes I have:
>>>>>
>>>>> I have run the:
>>>>>
>>>>> /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir /tmp
>>>>>
>>>>> And the result is here:
>>>>>
>>>>> # /usr/lib/MailScanner/antivir-wrapper /usr/lib/AntiVir /tmp
>>>>> AntiVir / Linux Version 2.0.9-16
>>>>> Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
>>>>> All rights reserved.
>>>>>
>>>>> Loading /usr/lib/AntiVir/antivir.vdf ...
>>>>>
>>>>> VDF version: 6.23.0.53 created 30 Jan 2004
>>>>>
>>>>> For private, non-commercial use only.
>>>>> AntiVir license: 12345678 for Erik Jakobsen, Brovst
>>>>>
>>>>> checking drive/path (list): /tmp
>>>>>
>>>>> ----- scan results -----
>>>>> directories: 1
>>>>> files: 15
>>>>> alerts: 0
>>>>> scan time: 00:00:01
>>>>> ------------------------
>>>>> Thank you for using AntiVir.
>>>>>
>>>>>> At 14:08 08/02/2004, you wrote:
>>>>>>
>>>>>>> Hi.
>>>>>>>
>>>>>>> Is anybody here having success with antivir and MailScanner ?.
>>>>>>> --
>>>>>>> Erik
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Julian Field
>>>>>> www.MailScanner.info
>>>>>> Professional Support Services at www.MailScanner.biz
>>>>>> MailScanner thanks transtec Computers for their support
>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Erik
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Julian Field
>>>> www.MailScanner.info
>>>> Professional Support Services at www.MailScanner.biz
>>>> MailScanner thanks transtec Computers for their support
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>>
>>>
>>> --
>>> Erik
>>
>>
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> Professional Support Services at www.MailScanner.biz
>> MailScanner thanks transtec Computers for their support
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>
> --
> Med venlig hilsen - Best regards.
> Erik Jakobsen - eja at urbakken.dk.
> Licensed radioamateur with the callsign OZ4KK.
> SuSE Linux 8.2 Proff.
> Registered as user #319488 with the Linux Counter, http://counter.li.org.
>
>

--
Med venlig hilsen - Best regards.
Erik Jakobsen - eja at urbakken.dk.
Licensed radioamateur with the callsign OZ4KK.
SuSE Linux 8.2 Proff.
Registered as user #319488 with the Linux Counter, http://counter.li.org.



More information about the MailScanner mailing list