Anti-virus woes...

Ken Goods KGoods at AIAINSURANCE.COM
Wed Nov 30 01:01:15 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:
> Ken Goods spake the following on 11/29/2005 2:50 PM:
>> Greetings list...
>> 
snip...
>> 
> To test clamav you could try;
> clamscan -r /var/spool/MailScanner/quarantine/
> 
> I got the following ( after snipping the output);
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 41292
> Engine version: 0.87.1
> Scanned directories: 46
> Scanned files: 10556
> Infected files: 98
> Data scanned: 994.46 MB
> Time: 1017.698 sec (16 m 57 s)
> 

Thanks Scott,
Figured that out between this post and last. That seemed to work ok. So I
did a clamscan all the way to an individual file and that also seemed to
work. The I did one using the wrapper all the way to the same individual
file and it wasn't picked up.

Any ideas?

[root at gw-mail MailScanner]# clamscan
/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
fo.exe
/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
fo.exe: Worm.Sober.U FOUND

----------- SCAN SUMMARY -----------
Known viruses: 41292
Engine version: 0.87.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.18 MB
Time: 6.388 sec (0 m 6 s)
[root at gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr
/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
fo.exe
/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
fo.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 30684
Engine version: 0.87.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.24 MB
Time: 3.745 sec (0 m 3 s)
[root at gw-mail MailScanner]#


So it seems that clamscan works fine but the virus is not detected using the
wrapper.

Thanks for any clues,
Ken

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list