How can I log whether MailScanner is running the Antivirus app?

Julian Field mailscanner at ecs.soton.ac.uk
Sat Feb 14 16:55:42 GMT 2004


Make sure your path to the Incoming Work Dir does not include any links.
Also make sure the installation path of mcafee in virus.scanners.conf does
not contain any links.

At 16:35 14/02/2004, you wrote:
>Oy! Such a week. I need more information to figure this out.
>
>Does MailScanner runs the Anti-virus app on the mail spool (complete
>with uuencoded application) or does it un-encode the attachment and run
>the scan on that?
>
>Is there a way to log the virus scanning portion of MailScanners
>activities?
>
>My anti-virus app is not catching any viruses in emails - so either some
>of my munging has caused MailScanner not to run my app or there is a
>problem with my virus scanner...
>
>  - I've captured a MyDoom example and my app finds it just fine with
>ordinary scanning.
>  - I've captured the incoming queue and scanned queued files with a
>MyDoom attachment - the app does NOT detect the virus in its transit
>encoded form.
>  - I've quarantined email using filename.rules.conf, and the anti-virus
>app DOES detect the virus in the attachment in the quarantine area.
>  - I've let the email pass through to the users spool and then scanned
>the spool, the anti-virus app DOES detect it.
>
>I stop most attachments but allow zip files using filename.rules.conf.
>I thought the infected zip files would be caught by my virus scanner,
>being run by MailScanner, but they are not.
>
>This is very frustrating.  I've googled, searched the archives and
>re-read the docs several times.  I've even hacked a bit into the
>SweepViruses.pm code to try and find how it's applying the virus
>scanner.
>
>I'm running mailscanner-4.23-11
>on Red Hat Linux 9
>and using mcafee (uvscan) as my virus scanner.
>
>Some pertinent info from MailScanner.conf
>   Virus Scanning = yes
>   Virus Scanners = mcafee
>
>======
>Some notes for the archives:
>
>In order to get uvscan to work properly on RH9 I had to modify the
>mcafee-wrapper program used by MailScanner. The commented out statement
>is the old one, and the one below it is the modified statement which
>works fine (but doesn't seem to catch the zipped versions of MyDoom).
>
># exec ${PackageDir}/$prog -d $datDIR "$@"
>exec LD_PRELOAD=/lib/libc.so.6 ${PackageDir}/$prog -d $datDIR "$@"
>
>===
>Further notes:
>
>UVScan will not ordinarily scan an archive file (.zip), but if you add
>the switch "--secure" it will.  Originally (last week), I thought this
>was the problem and so I modified the mcafee-wrapper again and added
>that switch:
>
># exec ${PackageDir}/$prog -d $datDIR "$@"
># exec LD_PRELOAD=/lib/libc.so.6 ${PackageDir}/$prog -d $datDIR "$@"
># added "--secure" to enable scanning of zipped files - JonC 2/11/2004
>exec LD_PRELOAD=/lib/libc.so.6 ${PackageDir}/$prog --secure -d $datDIR
>"$@"
>
>===
>Any help or insights would be appreciated
>
>Jon Carnes
>jonc at nc.rr.com

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list