Virus scanning / Upgrade to version 4.45
Ray Gardener
R.A.Gardener at SHU.AC.UK
Tue Sep 6 12:10:32 IST 2005
Julian,
thanks for your response and apologies for the delay in getting back to
you.
I don't think that there is anything wrong with MailScanner in detecting
eicar; but I do think
that I may have configured the software wrongly and I want turn up the
logging
vevels to pinpoint the problem.
The logs say
Sep 6 11:10:03 sequoia MailScanner[24097]: Spam Checks: Starting
Sep 6 11:10:03 sequoia MailScanner[24097]: Virus and Content Scanning:
Starting
Sep 6 11:10:03 sequoia MailScanner[24097]: Uninfected: Delivered 1
messages
Sep 6 11:10:11 sequoia MailScanner[29384]: New Batch: Scanning 1
messages, 4656
bytes
Note the pseudo-virus in the mail (eicar) is detected by the antivirus
solution on the
destination Exchange server.
Regards,
Ray Gardener,
LITS,
Sheffield Hallam University
0114 225 4926
_________________________________________________________________________
On Fri, 2 Sep 2005, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Do the logs say it has been cleaned and delivered? Or do they say it
> has been delivered as uninfected?
>
> I have just done a quick sanity test on a new box I have just built
> with 4.54 on it and it works fine with Sophos, ClamAV and F-Prot on
> it. All of them detect what I expect them to.
>
> On 2 Sep 2005, at 12:57, Ray Gardener wrote:
>
>> Hi,
>>
>> This morning I upgraded to version 4.45 on a Solaris 9 machine. I
>> tested the upgrade with a message carrying a eicar ladened
>> attachment. The upgraded installation has not picked this test
>> virus up. There is no urgent issue as this is just one of several
>> hubs and the others are working. However I need to have this
>> machine back in line, fairly soon.
>>
>> The mailscanner logs which are going to /var/log/syslog don't show
>> a problem and claim that mail is being virus scanned; my scanner
>> type is set to sophos. Is there a way that I can configure
>> syslogging to show wht underlying processes are being called in
>> more detail?
>>
>> I have not tested the anti-spam scanning and I have no alternative
>> anti-virus engines on the machine to see whether this issue is
>> specific to sophos. (Note that the scanning did work before the
>> upgrade!).
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2425)
>
> iQEVAwUBQxhNGvw32o+k+q+hAQHaXggAnCIGevNDF6+ld56oO9Bik0o7CvLyBTb3
> J3MH1AjGQbEBdbd4b9ytHzrvfPgdO+gTLl1LJ1vm87D5DdWJdOuC8pvmjav1HDvY
> 3Kfw8eoMc+0oM7Mejo+LYlOO/rx8d0CL9EVORgjuyuO7A7dwSwCHg/ARPEBe8vcq
> bBhFPYrOtgoR904vK7tXksv48q+CYLx34HmoMUWUOvADhThm6jeutHcooaiH+g7m
> hwLqGQKq6c+JyPLH/gezIDOjGQu/ti83gRWtF9CH9+g+DCTP2rLcLGH52OG4jx8T
> z0RCOWus3X6u999sgkwvwZzj5Sf73OREtC1z5xU82tXXPc0w917IPA==
> =/eYc
> -----END PGP SIGNATURE-----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list