MailScanner 4.33.3-1 & NOD32 2.04-1

Ignacio M. Sbampato listas at VIRUSATTACK.COM.AR
Tue Sep 14 10:32:34 IST 2004 

Any answer? :-\

----- Original Message -----
From: "Ignacio M. Sbampato" <listas at VIRUSATTACK.COM.AR>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, September 08, 2004 1:21 AM
Subject: MailScanner 4.33.3-1 & NOD32 2.04-1


> Guys,
>
> i'm having some troubles with latest version of NOD32 & MailScanner (fresh
> install). MailScanner is running and processing emails (according to logs
> and emails headers) and it's running NOD32 (according to nod32.log - i
> modified nod32-wrapper to write in the log with param --log) but the virus
> aren't detected (subjet isn't being modified with {VIRUS?}text) or deleted
> from messages.
>
> I'm using NOD32 2.04-1 (latest), so i configured MailScanner.conf to use
> nod32-1.99 as Virus Scanner. Virus Scanning is turned on.
>
> I noted some differences between current nod32.log and the one was
generated
> by previous versions of NOD32 (like the first 1.99). Now, NOD32 is
> generating log file as following:
>
> --------> cut <---------
>
> Signatures database module, version 1.864 (20040907).
> Archives support module, version 1.019 (20040823).
> Advanced heuristics module, version 1.010 (20040902).
>
> Command line: --log --arch --all
>
> Scanning started on 09-08-2004, 06:09:29
> object="file",
> name="/var/spool/MailScanner/incoming/2699/BB75C1B819A/your_letter.pif",
> virus="Win32/Netsky.D worm", action="", info="", lines=0
>
> Scanning finished at 06:09:29, total time: 0 sec (0:00:00)
> Total files:    3
> Infected files: 1
> Cleaned files:  0
>
> --------> cut <---------
>
> Could be this the problem?
>
> According to 'man nod32' command, the return codes of NOD32 on-demmand
> scanner (/usr/sbin/nod32) are the following:
>
> --------> cut <---------
>
>        0   - Everything ok, no viruses found.
>        1   - All viruses were cleaned.
>        10  - At least one virus was found.
>        100 - Internal error occurred, no scanning performed.
>        101 - Error occurred during archives unpacking, no scanning
> performed.
>
> --------> cut <---------
>
> Are those the return codes expected by MailScanner?
>
> The following is some information extracted from 'maillog' related to
> previous message NOD32 scanning result:
>
> --------> cut <---------
>
> Sep  8 06:09:28 melkart MailScanner[2699]: New Batch: Scanning 1 messages,
> 26347 bytes
> Sep  8 06:09:29 melkart MailScanner[2699]: Virus and Content Scanning:
> Starting
> Sep  8 06:09:29 melkart postfix/smtpd[4111]: connect from
> unknown[192.168.0.18]
> Sep  8 06:09:29 melkart MailScanner[2699]: Requeue: BB75C1B819A to
> D5A311B819D
> Sep  8 06:09:29 melkart postfix/qmgr[2648]: D5A311B819D:
> from=<email at domain.com>, size=25914, nrcpt=4 (queue active)
> Sep  8 06:09:29 melkart MailScanner[2699]: Uninfected: Delivered 1
messages
> Sep  8 06:09:29 melkart postfix/smtpd[4111]: 6C3411B819A:
> client=unknown[192.168.0.18]
> Sep  8 06:09:29 melkart postfix/local[4123]: D5A311B819D:
> to=<email at domain.com>, relay=local, delay=1, status=sent (delivered to
> command: /usr/local/bin/maildrop)
>
> --------> cut <---------
>
> If anyone can help, it'll great =)
>
> Regards,
>
> Ignacio
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list