Virus scanning / Upgrade to version 4.45

Julian Field MailScanner at ecs.soton.ac.uk
Tue Sep 6 12:26:36 IST 2005


-----BEGIN PGP SIGNED MESSAGE-----

Check your Sophos entry in /opt/MailScanner/etc/virus.scanners.conf.
The last field on the line should be /usr/local/Sophos.
Check your Sophos installation is okay by installing it again with / 
opt/MailScanner/bin/Sophos.install. You must not install it using the  
Sophos installation program, you must do it using my Sophos.install  
or it won't work.

If you want to try it out, run this:
cd /tmp
/opt/MailScanner/lib/sophos-wrapper /usr/local/Sophos .
(don't forget the "." at the end!)

That should successfully scan /tmp.

On 6 Sep 2005, at 12:10, Ray Gardener wrote:

> Julian,
>
> thanks for your response and apologies for the delay in getting  
> back to you.
>
> I don't think that there is anything wrong with MailScanner in  
> detecting eicar; but I do think that I may have configured the  
> software wrongly and I want turn up the logging vevels to pinpoint  
> the problem.
>
>
> The logs say
>
> Sep  6 11:10:03 sequoia MailScanner[24097]: Spam Checks: Starting
> Sep  6 11:10:03 sequoia MailScanner[24097]: Virus and Content  
> Scanning: Starting
> Sep  6 11:10:03 sequoia MailScanner[24097]: Uninfected: Delivered 1  
> messages
> Sep  6 11:10:11 sequoia MailScanner[29384]: New Batch: Scanning 1  
> messages, 4656
>  bytes
>
>
> Note the pseudo-virus in the mail (eicar)  is detected by the  
> antivirus solution on the destination Exchange server.
>
>
> Regards,
>
> Ray Gardener,
> LITS,
> Sheffield Hallam University
> 0114 225 4926
> ______________________________________________________________________ 
> ___
>
>
>
>
> On Fri, 2 Sep 2005, Julian Field wrote:
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> Do the logs say it has been cleaned and delivered? Or do they say it
>> has been delivered as uninfected?
>>
>> I have just done a quick sanity test on a new box I have just built
>> with 4.54 on it and it works fine with Sophos, ClamAV and F-Prot on
>> it. All of them detect what I expect them to.
>>
>> On 2 Sep 2005, at 12:57, Ray Gardener wrote:
>>
>>
>>> Hi,
>>>
>>> This morning I upgraded to version 4.45 on a Solaris 9 machine. I
>>> tested the upgrade with a message carrying a eicar ladened
>>> attachment. The upgraded installation has not picked this test
>>> virus up. There is no urgent issue as this is just one of several
>>> hubs and the others are working. However I need to have this
>>> machine back in line, fairly soon.
>>>
>>> The mailscanner logs which are going to /var/log/syslog don't show
>>> a problem and claim that mail is being virus scanned; my scanner
>>> type is set to sophos. Is there a way that I can configure
>>> syslogging to show wht underlying processes are being called in
>>> more detail?
>>>
>>> I have not tested the anti-spam scanning and I have no alternative
>>> anti-virus engines on the machine to see whether this issue is
>>> specific to sophos. (Note that the scanning did work before the
>>> upgrade!).
>>>
>>
>> - --
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.2 (Build 2425)
>>
>> iQEVAwUBQxhNGvw32o+k+q+hAQHaXggAnCIGevNDF6+ld56oO9Bik0o7CvLyBTb3
>> J3MH1AjGQbEBdbd4b9ytHzrvfPgdO+gTLl1LJ1vm87D5DdWJdOuC8pvmjav1HDvY
>> 3Kfw8eoMc+0oM7Mejo+LYlOO/rx8d0CL9EVORgjuyuO7A7dwSwCHg/ARPEBe8vcq
>> bBhFPYrOtgoR904vK7tXksv48q+CYLx34HmoMUWUOvADhThm6jeutHcooaiH+g7m
>> hwLqGQKq6c+JyPLH/gezIDOjGQu/ti83gRWtF9CH9+g+DCTP2rLcLGH52OG4jx8T
>> z0RCOWus3X6u999sgkwvwZzj5Sf73OREtC1z5xU82tXXPc0w917IPA==
>> =/eYc
>> -----END PGP SIGNATURE-----
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQx187vw32o+k+q+hAQFM8ggAiEhVMYuw1fErvWumNiNA6/VUfbTRsDfN
JO6xLg2pG5hgwaq01JENGgWNp644RtwMRhLLiZXdSbbBG3CbagPWBAn8sjgdrMlc
YP+uJiAG4UwBkbDXAR6Aj3nMOyrLku7+DPEd0QnsMYu6zSHQPhPwtcy938FTGOUV
WsKKjnCe308rTxLxQbj27xtln71PWlu6qV2jdM0+2mkE6wBr12ZR8+S/P/iI/VdF
Ey7Bu9t5ja6z0kP3pkFM4ctjD8Gc+6HBigVQwTzcoQyCs+uNSLJljTbkLlnlg/D8
i08aPGNtg1r63KwtUwtCS9c13kb7rPcWEkCubAiZh91G3FS1BkjUWA==
=QUes
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list