Virus scanning / Upgrade to version 4.45

Ray Gardener R.A.Gardener at SHU.AC.UK
Tue Sep 6 14:20:33 IST 2005 

Many thanks for this,

running

/opt/MailScanner/lib/sophos-wrapper /usr/local/Sophos .

revealed that /usr/local/Sophos/bin/sweep (the virus scanner) didn't 
exist.

A slight concern was Mailscanner continued to process the incoming mail 
dir even though the configured virus 
scanner didn't exist. At a future release is it possible to have such a 
situation logged in the syslog?

Regards,

Ray Gardener
LITS
Sheffield Hallam University
0114 225 4926
____________________________________________________________________________
On Tue, 6 Sep 2005, Julian Field wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> Check your Sophos entry in /opt/MailScanner/etc/virus.scanners.conf.
> The last field on the line should be /usr/local/Sophos.
> Check your Sophos installation is okay by installing it again with /
> opt/MailScanner/bin/Sophos.install. You must not install it using the
> Sophos installation program, you must do it using my Sophos.install
> or it won't work.
>
> If you want to try it out, run this:
> cd /tmp
> /opt/MailScanner/lib/sophos-wrapper /usr/local/Sophos .
> (don't forget the "." at the end!)
>
> That should successfully scan /tmp.
>
> On 6 Sep 2005, at 12:10, Ray Gardener wrote:
>
>> Julian,
>>
>> thanks for your response and apologies for the delay in getting
>> back to you.
>>
>> I don't think that there is anything wrong with MailScanner in
>> detecting eicar; but I do think that I may have configured the
>> software wrongly and I want turn up the logging vevels to pinpoint
>> the problem.
>>
>>
>> The logs say
>>
>> Sep  6 11:10:03 sequoia MailScanner[24097]: Spam Checks: Starting
>> Sep  6 11:10:03 sequoia MailScanner[24097]: Virus and Content
>> Scanning: Starting
>> Sep  6 11:10:03 sequoia MailScanner[24097]: Uninfected: Delivered 1
>> messages
>> Sep  6 11:10:11 sequoia MailScanner[29384]: New Batch: Scanning 1
>> messages, 4656
>>  bytes
>>
>>
>> Note the pseudo-virus in the mail (eicar)  is detected by the
>> antivirus solution on the destination Exchange server.
>>
>>
>> Regards,
>>
>> Ray Gardener,
>> LITS,
>> Sheffield Hallam University
>> 0114 225 4926
>> ______________________________________________________________________
>> ___
>>
>>
>>
>>
>> On Fri, 2 Sep 2005, Julian Field wrote:
>>
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>
>>> Do the logs say it has been cleaned and delivered? Or do they say it
>>> has been delivered as uninfected?
>>>
>>> I have just done a quick sanity test on a new box I have just built
>>> with 4.54 on it and it works fine with Sophos, ClamAV and F-Prot on
>>> it. All of them detect what I expect them to.
>>>
>>> On 2 Sep 2005, at 12:57, Ray Gardener wrote:
>>>
>>>
>>>> Hi,
>>>>
>>>> This morning I upgraded to version 4.45 on a Solaris 9 machine. I
>>>> tested the upgrade with a message carrying a eicar ladened
>>>> attachment. The upgraded installation has not picked this test
>>>> virus up. There is no urgent issue as this is just one of several
>>>> hubs and the others are working. However I need to have this
>>>> machine back in line, fairly soon.
>>>>
>>>> The mailscanner logs which are going to /var/log/syslog don't show
>>>> a problem and claim that mail is being virus scanned; my scanner
>>>> type is set to sophos. Is there a way that I can configure
>>>> syslogging to show wht underlying processes are being called in
>>>> more detail?
>>>>
>>>> I have not tested the anti-spam scanning and I have no alternative
>>>> anti-virus engines on the machine to see whether this issue is
>>>> specific to sophos. (Note that the scanning did work before the
>>>> upgrade!).
>>>>
>>>
>>> - --
>>> Julian Field
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: PGP Desktop 9.0.2 (Build 2425)
>>>
>>> iQEVAwUBQxhNGvw32o+k+q+hAQHaXggAnCIGevNDF6+ld56oO9Bik0o7CvLyBTb3
>>> J3MH1AjGQbEBdbd4b9ytHzrvfPgdO+gTLl1LJ1vm87D5DdWJdOuC8pvmjav1HDvY
>>> 3Kfw8eoMc+0oM7Mejo+LYlOO/rx8d0CL9EVORgjuyuO7A7dwSwCHg/ARPEBe8vcq
>>> bBhFPYrOtgoR904vK7tXksv48q+CYLx34HmoMUWUOvADhThm6jeutHcooaiH+g7m
>>> hwLqGQKq6c+JyPLH/gezIDOjGQu/ti83gRWtF9CH9+g+DCTP2rLcLGH52OG4jx8T
>>> z0RCOWus3X6u999sgkwvwZzj5Sf73OREtC1z5xU82tXXPc0w917IPA==
>>> =/eYc
>>> -----END PGP SIGNATURE-----
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2425)
>
> iQEVAwUBQx187vw32o+k+q+hAQFM8ggAiEhVMYuw1fErvWumNiNA6/VUfbTRsDfN
> JO6xLg2pG5hgwaq01JENGgWNp644RtwMRhLLiZXdSbbBG3CbagPWBAn8sjgdrMlc
> YP+uJiAG4UwBkbDXAR6Aj3nMOyrLku7+DPEd0QnsMYu6zSHQPhPwtcy938FTGOUV
> WsKKjnCe308rTxLxQbj27xtln71PWlu6qV2jdM0+2mkE6wBr12ZR8+S/P/iI/VdF
> Ey7Bu9t5ja6z0kP3pkFM4ctjD8Gc+6HBigVQwTzcoQyCs+uNSLJljTbkLlnlg/D8
> i08aPGNtg1r63KwtUwtCS9c13kb7rPcWEkCubAiZh91G3FS1BkjUWA==
> =QUes
> -----END PGP SIGNATURE-----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list