Anti-virus woes...

Ken Goods KGoods at AIAINSURANCE.COM
Tue Nov 29 22:50:48 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Greetings list...

Since my last update I've noticed no viruses being flagged (I normally get
postmaster notifications). I was running only ClamAV.

So today I thought I'd add the command line bitdefender (BDC) scanner and
then take my time to figure out why ClamAV was not working as usual.
(Luckily MailScanner's filename and filetype rules are hitting and
quarantining the viruses).

Installed BDC successfully. Then edited virus.scanners.conf to reflect this:
(pertinent lines only shown)
bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc
clamav          /usr/lib/MailScanner/clamav-wrapper     /usr

Then an unsuccessful test of the wrapper:

[root at gw-mail bdc]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc
/var/spool/MailScanner/quarantine/ (may wrap... there is a space between
/opt/bdc and /var)
cat: /tmp/log.bdc.29564: No such file or directory
rm: cannot lstat `/tmp/log.bdc.29564': No such file or directory

Perhaps a permissions problem??? I'm clueless...

So I thought I'd insure the BDC scanner was working ok from the command
line:


[root at gw-mail bdc]# bdc /var/spool/MailScanner//quarantine/ 
BDC/Linux-Console v7.1 (build 2559) (i386) (Jul  6 2005 16:28:53)
Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.

Warning: no scan option defined; using defaults

A bunch of lines snipped here... all the files that MS had quarantined due
to filetype/name rules... thanks Julian!

Results:
Folders           :228
Files             :436
Packed            :9
Infected files    :208
Suspect files     :0
Warnings          :0
Identified viruses:5
I/O errors        :0
Files/second      :18
Scan time         :00:00:24

Appears to be fine but I see no mentions of BDC in the maillog even after
doing an update_virus_scanners (I do see "found ClamAV installed and that it
doesn't need an update but no mention of BDC.) 

So then I thought I'd try the ClamAV wrapper...

[root at gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr
/var/spool/MailScanner/quarantine/

----------- SCAN SUMMARY -----------
Known viruses: 30684
Engine version: 0.87.1
Scanned directories: 1
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 3.543 sec (0 m 3 s)
[root at gw-mail MailScanner]#
I/O errors        :1
Files/second      :20
Scan time         :00:00:37

Seems to work but doesn't catch anything and the quarantine directory is
full of viruses....

Not sure how to test clamav from the command line. Maybe clamdscan? But
wasn't sure if that was how MailScanner called it so I thought I'd stick
with the wrapper for now.

Can anyone tell me where to start? It seems that neither virus scanner is
working and I've fallen and I can't get up.

BTW... I have modified MailScanner.conf to insure clamav and bitdefender
were added (space between) to the virus scanners :

Virus Scanners = clamav bitdefender

TIA!
Ken

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list