Running Mailscanner in a correct configuration

Julian Field mailscanner at ecs.soton.ac.uk
Mon Sep 27 20:12:02 IST 2004 

<x-flowed>
MailScanner doesn't scan the raw df files, it extracts the attachments
first and then scans the attachments.

At 20:01 27/09/2004, you wrote:
>I can configure mailscanner with this option in the config file -
>
>Virus Scanners = antivir
>
>Can start mailscanner with no errors shown in /var/log/maillog
>
>I have hundreds of infected files from the vexira install at work.
>Scp these to the
>
>mailscanner/mailwatch system I'm trying to setup.  Mailscanner never
>picks up infected files.

What format were they in? If you are copying them into an incoming queue,
they need to be raw queue files.

>I can run antivir from the command line and it works fine.
>
>/tmp/tmp/df-63198-5B08CC27

What MTA are you using? That doesn't look like a valid sendmail queue
filename to me.

>  Date: 23.08.2004  Time: 09:52:45  Size: 24865
>  ALERT: [Worm/Netsky.D.Dam worm] /tmp/tmp/df-63198-5B08CC27 -->
>my_details.pif <<< Contains signature of the worm Worm/Netsky.D.Dam
>
>Here is the configuration  virus.scanners.conf -
>
>antivir         /usr/local/libexec/MailScanner/antivir-wrapper
>/usr/local/AntiVir
>
>I can run the wrapper script from the command line -
>
>/usr/local/libexec/MailScanner/antivir-wrapper /usr/local/AntiVir /tmp/tmp/*
>
>It does pick some up, but no where near when I run it something like this -
>
>/usr/local/AntiVir/antivir /tmp/tmp/*
>or
>/usr/local/AntiVir/antivir --scan-in-mbox /tmp/tmp/*
>
>Here is the directory that antivir is in -
>
>/usr/local/AntiVir/antivir

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list