Anti-virus woes...
Scott Silva
ssilva at SGVWATER.COM
Wed Nov 30 19:41:28 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Scott Silva spake the following on 11/30/2005 10:37 AM:
> Ken Goods spake the following on 11/29/2005 5:01 PM:
>
>>Scott Silva wrote:
>>
>>
>>>Ken Goods spake the following on 11/29/2005 2:50 PM:
>>>
>>>
>>>>Greetings list...
>>>>
>>
>>snip...
>>
>>
>>>To test clamav you could try;
>>>clamscan -r /var/spool/MailScanner/quarantine/
>>>
>>>I got the following ( after snipping the output);
>>>
>>>----------- SCAN SUMMARY -----------
>>>Known viruses: 41292
>>>Engine version: 0.87.1
>>>Scanned directories: 46
>>>Scanned files: 10556
>>>Infected files: 98
>>>Data scanned: 994.46 MB
>>>Time: 1017.698 sec (16 m 57 s)
>>>
>>
>>
>>Thanks Scott,
>>Figured that out between this post and last. That seemed to work ok. So I
>>did a clamscan all the way to an individual file and that also seemed to
>>work. The I did one using the wrapper all the way to the same individual
>>file and it wasn't picked up.
>>
>>Any ideas?
>>
>>[root at gw-mail MailScanner]# clamscan
>>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
>>fo.exe
>>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
>>fo.exe: Worm.Sober.U FOUND
>>
>>----------- SCAN SUMMARY -----------
>>Known viruses: 41292
>>Engine version: 0.87.1
>>Scanned directories: 0
>>Scanned files: 1
>>Infected files: 1
>>Data scanned: 0.18 MB
>>Time: 6.388 sec (0 m 6 s)
>>[root at gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr
>>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
>>fo.exe
>>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn
>>fo.exe: OK
>>
>>----------- SCAN SUMMARY -----------
>>Known viruses: 30684
>>Engine version: 0.87.1
>>Scanned directories: 0
>>Scanned files: 1
>>Infected files: 0
>>Data scanned: 0.24 MB
>>Time: 3.745 sec (0 m 3 s)
>>[root at gw-mail MailScanner]#
>>
>>
>>So it seems that clamscan works fine but the virus is not detected using the
>>wrapper.
>>
>>Thanks for any clues,
>>Ken
>>
>>Ken Goods
>>Network Administrator
>>AIA/CropUSA Insurance, Inc.
>>
>
> My wrapper works fine, but using /usr/local for the clamav directory.
> Is this an RPM based system?
> Maybe a system update pulled in a rpm version of clamav and munged
> things... Just guessing at this point.
> You could try a " find / |grep clamscan "
> To see if there is more than one clam install, beyond that???
>
Sorry to be late. Posting thru GMANE takes an awful long time.
--
/-----------------------\ |~~\_____/~~\__ |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!| ~~~|/~~ |
\-----------------------/ ()
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list