Anti-virus woes...

Ugo Bellavance ugob at CAMO-ROUTE.COM
Wed Nov 30 05:13:24 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken Goods wrote:
> Scott Silva wrote:
>> Ken Goods spake the following on 11/29/2005 2:50 PM:
>>> Greetings list...
>>>
> snip...
>> To test clamav you could try;
>> clamscan -r /var/spool/MailScanner/quarantine/
>>
>> I got the following ( after snipping the output);
>>
>> ----------- SCAN SUMMARY -----------
>> Known viruses: 41292
>> Engine version: 0.87.1
>> Scanned directories: 46
>> Scanned files: 10556
>> Infected files: 98
>> Data scanned: 994.46 MB
>> Time: 1017.698 sec (16 m 57 s)
>>
> 
> Thanks Scott,
> Figured that out between this post and last. That seemed to work ok. So I
> did a clamscan all the way to an individual file and that also seemed to
> work. The I did one using the wrapper all the way to the same individual
> file and it wasn't picked up.
> 
> Any ideas?
> 
> [root at gw-mail MailScanner]# clamscan
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe: Worm.Sober.U FOUND
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 41292
> Engine version: 0.87.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.18 MB
> Time: 6.388 sec (0 m 6 s)
> [root at gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe: OK
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 30684
> Engine version: 0.87.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.24 MB
> Time: 3.745 sec (0 m 3 s)
> [root at gw-mail MailScanner]#
> 
> 
> So it seems that clamscan works fine but the virus is not detected using the
> wrapper.
> 
> Thanks for any clues,
> Ken
> 
> Ken Goods
> Network Administrator
> AIA/CropUSA Insurance, Inc.
> 

Is your /etc/MailScanner/virus.scanners.conf file configured correctly? 
  Is your AV updating correctly?

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list