Anti-virus woes...

Scott Silva ssilva at SGVWATER.COM
Wed Nov 30 18:37:29 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken Goods spake the following on 11/29/2005 5:01 PM:
> Scott Silva wrote:
> 
>>Ken Goods spake the following on 11/29/2005 2:50 PM:
>>
>>>Greetings list...
>>>
> 
> snip...
> 
>>To test clamav you could try;
>>clamscan -r /var/spool/MailScanner/quarantine/
>>
>>I got the following ( after snipping the output);
>>
>>----------- SCAN SUMMARY -----------
>>Known viruses: 41292
>>Engine version: 0.87.1
>>Scanned directories: 46
>>Scanned files: 10556
>>Infected files: 98
>>Data scanned: 994.46 MB
>>Time: 1017.698 sec (16 m 57 s)
>>
> 
> 
> Thanks Scott,
> Figured that out between this post and last. That seemed to work ok. So I
> did a clamscan all the way to an individual file and that also seemed to
> work. The I did one using the wrapper all the way to the same individual
> file and it wasn't picked up.
> 
> Any ideas?
> 
> [root at gw-mail MailScanner]# clamscan
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe: Worm.Sober.U FOUND
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 41292
> Engine version: 0.87.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.18 MB
> Time: 6.388 sec (0 m 6 s)
> [root at gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe
> /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
> fo.exe: OK
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 30684
> Engine version: 0.87.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.24 MB
> Time: 3.745 sec (0 m 3 s)
> [root at gw-mail MailScanner]#
> 
> 
> So it seems that clamscan works fine but the virus is not detected using the
> wrapper.
> 
> Thanks for any clues,
> Ken
> 
> Ken Goods
> Network Administrator
> AIA/CropUSA Insurance, Inc.
> 
My wrapper works fine, but using /usr/local for the clamav directory.
Is this an RPM based system?
Maybe a system update pulled in a rpm version of clamav and munged
things... Just guessing at this point.
You could try a " find / |grep clamscan "
To see if there is more than one clam install, beyond that???

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list