MailScanner cant detect virus
David While
David.While at UCE.AC.UK
Wed Jun 22 14:17:30 IST 2005
Are you sure about the location of the wrapper script?
/etc/MailScanner/wrapper looks odd to me - mine is
/usr/lib/MailScanner/wrapper
--------------------------------------------
David While BSc CEng MBCS CITP
Department of Computing & Information
University of Central England
Tel: 0121 331 6211
--------------------------------------------
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Meshbah Uddin Ahmed
Sent: 22 June 2005 14:11
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MailScanner cant detect virus
yes, u right, my scanner doesnt detect virus. pls
advice me what can i do. here is my settings-
in my virus.scanners.conf file, it is-
clamav /etc/MailScanner/wrapper/clamav-wrapper /usr
I have install all pkg like this
apt-get install postfix mailscanner spamassassin
but download clamav manually. then install it.
my freshclam.conf is in- /usr/local/etc/
and *.cvd files are in- /var/lib/clamav/
in MailScanner.conf file-
Virus Scanning = yes
Virus Scanner = clamav
Here is log, where an attach file eicar.com.txt which
contains virus-
Jun 22 18:48:42 mailx-bk postfix/smtpd[10404]:
1ABB3D6BC4: client=unknown[192.168.200.70]
Jun 22 18:48:42 mailx-bk postfix/cleanup[10406]:
1ABB3D6BC4: message-id=<42B95C5F.7070908 at myserver.com>
Jun 22 18:48:42 mailx-bk postfix/qmgr[518]:
1ABB3D6BC4: from=<meshbah at myserver.com>, size=1037,
nrcpt=1 (queue active)
Jun 22 18:48:42 mailx-bk postfix/qmgr[518]:
1ABB3D6BC4: to=<meshbah at myserver.com>,
relay=none, delay=0, status=deferred (delivery
temporarily suspended: deferred transport)
Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename
Checks: Allowing 1ABB3D6BC4.D76FB msg-258-1.txt
Jun 22 18:48:48 mailx-bk MailScanner[258]: Filename
Checks: Allowing 1ABB3D6BC4.D76FB eicar.com.txt
Jun 22 18:48:48 mailx-bk MailScanner[258]: Requeue:
1ABB3D6BC4.D76FB to 5036F7F405
Please help me to resolve it.
Thanks
Meshbah
--- Glenn Steen <glenn.steen at GMAIL.COM> wrote:
> On 6/21/05, Meshbah Uddin Ahmed
> <meshbahuddin at yahoo.com> wrote:
> > In MailScannerc.onf, it was
> > Maximum Archive Depth = 2
> >
> > i set it 0. then zip files sent. But if i attach
> zip
> > file, which contains virus, it also sent, clamav
> didnt
> > chk it.
> >
> > where as if i set Maximum Archive Depth = 2,
> > MailScanner block all attach file which ext is
> .zip
> >
> > pls, advice.
> >
> >
> >
> >
> > --- Glenn Steen <glenn.steen at GMAIL.COM> wrote:
> >
> > > On 6/21/05, Meshbah Uddin Ahmed
> > > <meshbahuddin at yahoo.com> wrote:
> > > > Hi,
> > > >
> > > > I use Postfix + MailScanner + ClamAV +
> > > SpamAssassin in
> > > > Debian. All are works fine. I faced a problem,
> > > when i
> > > > want to send mail with zip attach included
> .exe,
> > > > mailscanner blocks it. But if i create that
> folder
> > > > with tgz extension then it successfully send.
> > > >
> > > > In my filenames.rules.conf file, both /.zip
> and
> > > > /.t?gz
> > > > are allowed.
> > > >
> > > > Plaese advice me, what should i do to recover
> it.
> > > >
> > > > Reagrds
> > > > Meshbah
> > > >
> > > Hm, shouldn't the tgz-ball have been stoped too?
> > > Anyway, if you read
> > > the comments just above
> > > Maximum Archive Depth =
> > > you'll see that you should perhaps set it to 0.
> > >
> > > --
> > > -- Glenn
> > > email: glenn < dot > steen < at > gmail < dot >
> com
> > > work: glenn < dot > steen < at > ap1 < dot > se
> > >
> Would clamscan find that virus *outside* of MS? As
> it says in the
> comments, this should have nothing to do with
> whether clamav can find
> a virus or not. Look at virus.scanners.conf, use
> the second and third
> column for clamav like this:
> /usr/lib/MailScanner/clamav-wrapper /usr/local -r
> --disable-summary
> --stdout /path/to/file.with.virus.zip
> (all on one line, in case that got wrapped:).
> Does that detect it?
>
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>
> ------------------------ MailScanner list
> ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with
> the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and
> the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off
> the website!
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list