Anti-virus woes...

Scott Silva ssilva at SGVWATER.COM
Wed Nov 30 00:01:39 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken Goods spake the following on 11/29/2005 2:50 PM:
> Greetings list...
> 
> Since my last update I've noticed no viruses being flagged (I normally get
> postmaster notifications). I was running only ClamAV.
> 
> So today I thought I'd add the command line bitdefender (BDC) scanner and
> then take my time to figure out why ClamAV was not working as usual.
> (Luckily MailScanner's filename and filetype rules are hitting and
> quarantining the viruses).
> 
> Installed BDC successfully. Then edited virus.scanners.conf to reflect this:
> (pertinent lines only shown)
> bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc
> clamav          /usr/lib/MailScanner/clamav-wrapper     /usr
> 
> Then an unsuccessful test of the wrapper:
> 
> [root at gw-mail bdc]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc
> /var/spool/MailScanner/quarantine/ (may wrap... there is a space between
> /opt/bdc and /var)
> cat: /tmp/log.bdc.29564: No such file or directory
> rm: cannot lstat `/tmp/log.bdc.29564': No such file or directory
> 
> Perhaps a permissions problem??? I'm clueless...
> 
> So I thought I'd insure the BDC scanner was working ok from the command
> line:
> 
> 
> [root at gw-mail bdc]# bdc /var/spool/MailScanner//quarantine/ 
> BDC/Linux-Console v7.1 (build 2559) (i386) (Jul  6 2005 16:28:53)
> Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
> 
> Warning: no scan option defined; using defaults
> 
> A bunch of lines snipped here... all the files that MS had quarantined due
> to filetype/name rules... thanks Julian!
> 
> Results:
> Folders           :228
> Files             :436
> Packed            :9
> Infected files    :208
> Suspect files     :0
> Warnings          :0
> Identified viruses:5
> I/O errors        :0
> Files/second      :18
> Scan time         :00:00:24
> 
> Appears to be fine but I see no mentions of BDC in the maillog even after
> doing an update_virus_scanners (I do see "found ClamAV installed and that it
> doesn't need an update but no mention of BDC.) 
> 
> So then I thought I'd try the ClamAV wrapper...
> 
> [root at gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr
> /var/spool/MailScanner/quarantine/
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 30684
> Engine version: 0.87.1
> Scanned directories: 1
> Scanned files: 0
> Infected files: 0
> Data scanned: 0.00 MB
> Time: 3.543 sec (0 m 3 s)
> [root at gw-mail MailScanner]#
> I/O errors        :1
> Files/second      :20
> Scan time         :00:00:37
> 
> Seems to work but doesn't catch anything and the quarantine directory is
> full of viruses....
> 
> Not sure how to test clamav from the command line. Maybe clamdscan? But
> wasn't sure if that was how MailScanner called it so I thought I'd stick
> with the wrapper for now.
> 
> Can anyone tell me where to start? It seems that neither virus scanner is
> working and I've fallen and I can't get up.
> 
> BTW... I have modified MailScanner.conf to insure clamav and bitdefender
> were added (space between) to the virus scanners :
> 
> Virus Scanners = clamav bitdefender
> 
To test clamav you could try;
clamscan -r /var/spool/MailScanner/quarantine/

I got the following ( after snipping the output);

----------- SCAN SUMMARY -----------
Known viruses: 41292
Engine version: 0.87.1
Scanned directories: 46
Scanned files: 10556
Infected files: 98
Data scanned: 994.46 MB
Time: 1017.698 sec (16 m 57 s)


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list