Anti-virus woes...

Glenn Steen glenn.steen at GMAIL.COM
Wed Nov 30 14:25:23 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 29/11/05, Ken Goods <KGoods at aiainsurance.com> wrote:
> Greetings list...
>
> Since my last update I've noticed no viruses being flagged (I normally get
> postmaster notifications). I was running only ClamAV.
>
(snip)
> Then an unsuccessful test of the wrapper:
>
> [root at gw-mail bdc]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc
> /var/spool/MailScanner/quarantine/ (may wrap... there is a space between
> /opt/bdc and /var)
> cat: /tmp/log.bdc.29564: No such file or directory
> rm: cannot lstat `/tmp/log.bdc.29564': No such file or directory
>
> Perhaps a permissions problem??? I'm clueless...

Well, something is defuinitely up... The perinent part of the script looks like:
----------
umask 077
${PackageDir}/$prog --log=$LogFile "$@" >/dev/null 2>&1
cat $LogFile
rm  $LogFile
exit 0
----------
So if the bdc program ($prog) is unable to create the file $LogFile
(/tmp/log.bdc.$$ more or less), you will not see why because of the
">/dev/null 2>&1" construct (which will print any direct output to
STDOUT and STDERR to the bit-bucket). Try running
/opt/bdc/bdc --log=/tmp/anyfilename --all
/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataInfo.exe
.... and see what it carps about.

>
> So I thought I'd insure the BDC scanner was working ok from the command
> line:
>
>
> [root at gw-mail bdc]# bdc /var/spool/MailScanner//quarantine/
> BDC/Linux-Console v7.1 (build 2559) (i386) (Jul  6 2005 16:28:53)
> Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
>
> Warning: no scan option defined; using defaults

You need specify a scan option ... "--all" isn't a bad choice:-)

>
> A bunch of lines snipped here... all the files that MS had quarantined due
> to filetype/name rules... thanks Julian!
>
> Results:
> Folders           :228
> Files             :436
> Packed            :9
> Infected files    :208
> Suspect files     :0
> Warnings          :0
> Identified viruses:5
> I/O errors        :0
> Files/second      :18
> Scan time         :00:00:24
>
> Appears to be fine but I see no mentions of BDC in the maillog even after
> doing an update_virus_scanners (I do see "found ClamAV installed and that it
> doesn't need an update but no mention of BDC.)

Probably due to your initial troubles... Which we can hope are related
to permissions on /tmp.

(snip)
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list