4.62.9-1 & MailScanner --lint [FIXED - but why?]

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Thu Aug 2 08:37:34 IST 2007 

Phil

Thanks for the reply.

Where are your 'main.cvd' and 'daily.cvd' files kept?

A little more research and digging found the problem but I am unclear as
to how the situation came about. There is now a new maintenance problem
to be resolved and some worrying questions.

The " LibClamAV Warning: ***  The virus database is older than 7 days.
***" message arises because there was a second location containing very
old (July 26, 2005) copies of main.cvd and daily.cvd under
/usr/local/share/clamav. In my current installation I keep the '.cvd'
files under /usr/local/clamav.

If I remove the 'clamav' sub-directory from /usr/local/share or remove
the two files from under it then 'MailScanner --lint' complains. If I
copy my current two '.cvd' files from /usr/local/clamav to
/usr/local/share/clamav then MailScanner --lint works OK.

QUESTIONS:

1. When was the /usr/local/share/clamv sub-directory created and why?
2. Why is a /usr/local/share/clamav needed when my
/usr/local/etc/freshclam.conf file specifies /usr/local/clamav as the
'.cvd' files location?   
3. Has 'clamavmodule' been using these very old '.cvd' files for virus
detection?
4. There is the maintenance issue - how do I keep the
/usr/local/share/clamav/*.cvd files up to date? ANSWER: I suppose when
using 'clamavmodule' I should change /usr/local/etc/freshclam.conf and
replace

  DatabaseDirectory /usr/local/clamav

with

 DatabaseDirectory /usr/local/share/clamav

Alternately I can make /usr/local/share/clamav a link to
/usr/local/clamav (or vice versa). What is best?

Had I missed and important documented step when I swapped from using
'clamscan' to using 'clamavmodule'? If so I cannot find it!

Quentin

>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>bounces at lists.mailscanner.info] On Behalf Of Randal, Phil
>Sent: 01 August 2007 17:19
>To: MailScanner discussion
>Subject: RE: 4.62.9-1 & MailScanner --lint [MORE INFO]
>
>Works for me:
>
>MailScanner --lint
>Checking version numbers...
>Version number in MailScanner.conf (4.62.9) is correct.
>
>Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>
>Checking for SpamAssassin errors (if you use it)...
>SpamAssassin temp dir =
>/var/spool/MailScanner/incoming/SpamAssassin-Temp
>SpamAssassin reported no errors.
>MailScanner.conf says "Virus Scanners = clamavmodule mcafee"
>Found these virus scanners installed: clamavmodule, mcafee
>=======================================================================
=
>===
>Ignore errors about failing to find EOCD signature
>format error: can't find EOCD signature
> at /usr/sbin/MailScanner line 450
>=======================================================================
=
>===
>Virus Scanner test reports:
>ClamAV Module said "eicar.com was infected: Eicar-Test-Signature"
>McAfee said "/1/eicar.com        Found: EICAR test file NOT a virus."
>
>If any of your virus scanners (clamavmodule,mcafee)
>are not listed there, you should check that they are installed
correctly
>and that MailScanner is finding them correctly via its
>virus.scanners.conf.
>
>Cheers,
>
>Phil
>
>--
>Phil Randal
>Network Engineer
>Herefordshire Council
>Hereford, UK
>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>> Of Quentin Campbell
>> Sent: 01 August 2007 16:57
>> To: MailScanner discussion
>> Subject: FW: 4.62.9-1 & MailScanner --lint [MORE INFO]
>>
>> Julian
>>
>> The MailScanner --lint output I am getting is related to the
>> fact that I
>> have "Virus Scanners = clamavmodule mcafee". If I change that line in
>> MailScanner.conf to be "Virus Scanners = clamav mcafee" then I get
the
>> following (more sensible) output from MailScanner --lint but also
note
>> confusion in the output over clamav/clamavmodule being installed:
>>
>> ------------- cut here
>> [root at cheviot9 MailScanner]# MailScanner --lint
>> Checking version numbers...
>> Version number in MailScanner.conf (4.62.9) is correct.
>>
>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>
>> Checking for SpamAssassin errors (if you use it)...
>> SpamAssassin temp dir =
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> SpamAssassin reported no errors.
>> MailScanner.conf says "Virus Scanners = clamav mcafee"
>> Found these virus scanners installed: clamavmodule, mcafee
>> ==============================================================
>> ==========
>> ===
>> Ignore errors about failing to find EOCD signature
>> ==============================================================
>> ==========
>> ===
>> Virus Scanner test reports:
>> ClamAV said "eicar.com contains Eicar-Test-Signature"
>> McAfee said "/1/eicar.com        Found: EICAR test file NOT a virus."
>>
>> If any of your virus scanners (clamavmodule,mcafee)
>> are not listed there, you should check that they are
>> installed correctly
>> and that MailScanner is finding them correctly via its
>> virus.scanners.conf.
>> [root at cheviot9 MailScanner]#
>> ------------- cut here
>>
>> In addition I have just been using CPAN to install
>> Mail::ClamAV on some
>> other gateways and noted that when it does its post install tests it
>> also notices that the database is out of date:
>>
>> ------------- cut here
>> > install Mail::ClamAV
>> ...
>> ...
>> Manifying blib/man3/Mail::ClamAV.3pm
>>   /usr/bin/make  -- OK
>> Running make test
>> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
>> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
>> t/Mail-ClamAV....ok 2/10LibClamAV Warning:
>> **************************************************
>> LibClamAV Warning: ***  The virus database is older than 7 days.  ***
>> LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
>> LibClamAV Warning: **************************************************
>> t/Mail-ClamAV....ok
>>
>> All tests successful.
>> Files=1, Tests=10,  2 wallclock secs ( 1.56 cusr +  0.16 csys =  1.72
>> CPU)
>>   /usr/bin/make test -- OK
>> Running make install
>> Installing
>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Ma
>> il/ClamAV/
>> ClamAV.so
>> Installing
>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Ma
>> il/ClamAV/
>> ClamAV.bs
>> Files found in blib/arch: installing files in blib/lib into
>> architecture
>> dependent library tree
>> Installing
>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm
>> Installing /usr/share/man/man3/Mail::ClamAV.3pm
>> Writing
>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Ma
>> il/ClamAV/
>> .packlist
>> Appending installation info to
>> /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod
>>   /usr/bin/make install  -- OK
>>
>> cpan>
>> ------------- cut here
>>
>> Quentin
>>
>>
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>> Of Quentin
>> Campbell
>> Sent: 01 August 2007 15:36
>> To: MailScanner discussion
>> Subject: RE: 4.62.9-1 & MailScanner --lint
>>
>> >-----Original Message-----
>> >From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-
>> >bounces at lists.mailscanner.info] On Behalf Of Julian Field
>> >Sent: 01 August 2007 15:08
>> >To: MailScanner discussion
>> >Subject: Re: 4.62.9-1 & MailScanner --lint
>> >
>> >What does
>> >grep -i clam /etc/MailScanner/virus.scanners.conf
>> >say?
>> [snip]
>>
>> [root at cheviot4 log]# grep -i clam
/etc/MailScanner/virus.scanners.conf
>> clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
>> clamd           /bin/false                              /usr/local
>> clamavmodule    /bin/false                              /tmp
>> [root at cheviot4 log]#
>>
>> Before requesting help I changed /tmp for /usr/local for the
>> clamavmodule but that made no difference.
>>
>> Quentin
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list