difficulty with MS and drweb

Julian Field mailscanner at ecs.soton.ac.uk
Wed Mar 31 11:05:02 IST 2004


Okay, in which case please add a line
MailScanner::Log::InfoLog("**** %s ****", %line);
just after the "chomp $line;" right at the start of the function.

What happens when you scan a directory by hand, that contains eicar.com and
eicar.zip?
/usr/lib/MailScanner/drweb-wrapper /opt/drweb -ar -fm -ha- -fl- -ml -sd -up .
(all on 1 line, and don't forget the "." at the very end of the command)

At 10:18 31/03/2004, you wrote:
>I update SweepViruses.pm:
>MailScanner::Log::InfoLog("#### $BaseDir - $id - $part - ".join(",", at rest).
>",end");
>
>I sent eacar.zip
>
>/var/log/maillog:
>Mar 31 13:32:09 rmb1 MailScanner[12184]: RBL Checks: returned 0
>Mar 31 13:32:09 rmb1 MailScanner[12184]: Created attachment dirs for 1
>messages
>Mar 31 13:32:09 rmb1 MailScanner[12184]: Virus and Content Scanning:
>Starting
>Mar 31 13:32:09 rmb1 MailScanner[12184]: Commencing scanning by drweb...
>Mar 31 13:32:11 rmb1 MailScanner[12184]:
>/var/spool/MailScanner/incoming/12184/A00191000ABF/eicar.com infected with
>EICAR Test File (NOT a Virus!)
>Mar 31 13:32:11 rmb1 MailScanner[12184]: ####
>/var/spool/MailScanner/incoming/12184 - A00191000ABF - eicar.com - ,end
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Completed scanning by drweb
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Virus Scanning: DrWeb found 1
>infections
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Infected message A00191000ABF came
>from 192.168.10.114
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Virus Scanning: Found 1 viruses
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Filename Checks: Windows/DOS
>Executable (A00191000ABF eicar.com)
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Other Checks: Found 1 problems
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Saved infected "eicar.com" to
>/var/spool/MailScanner/quarantine/20040331/A00191000ABF
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Saved infected "eicar.zip" to
>/var/spool/MailScanner/quarantine/20040331/A00191000ABF
>Mar 31 13:32:11 rmb1 MailScanner[12184]: Requeue: A00191000ABF to 1CC20B9
>Mar 31 13:32:11 rmb1 MailScanner[12184]: About to deliver 1 messages
>
>for eacar.arj:
>Mar 31 13:34:06 rmb1 MailScanner[12213]: New Batch: Scanning 1 messages,
>1362 bytes
>Mar 31 13:34:06 rmb1 MailScanner[12213]: RBL Checks: returned 0
>Mar 31 13:34:06 rmb1 MailScanner[12213]: Created attachment dirs for 1
>messages
>Mar 31 13:34:06 rmb1 MailScanner[12213]: Virus and Content Scanning:
>Starting
>Mar 31 13:34:06 rmb1 MailScanner[12213]: Commencing scanning by drweb...
>Mar 31 13:34:08 rmb1 MailScanner[12213]: Completed scanning by drweb
>Mar 31 13:34:08 rmb1 MailScanner[12213]: Requeue: D5FA31000ABF to 8441CB3
>Mar 31 13:34:08 rmb1 MailScanner[12213]: About to deliver 1 messages
>Mar 31 13:34:08 rmb1 MailScanner[12213]: Uninfected: Delivered 1 messages
>
>
>-----Original Message-----
>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>Sent: Wednesday, March 31, 2004 12:32 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: difficulty with MS and drweb
>
>
>I don't think I wrote the DrWeb output handler, so I'm not taking
>responsibility for the bugs :-)
>
>In SweepViruses.pm, you will find a line saying
>sub ProcessDrwebOutput {
>
>Below that, there is a line in that function that currently says
>#MailScanner::Log::InfoLog("#### $BaseDir - $id - $part");
>
>Change that to
>
>MailScanner::Log::InfoLog("#### $BaseDir - $id - $part - " .
>join(",", at rest) . ",end");
>
>Please then run the tests you ran before, and mail me the output from the
>maillog.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list