eTrust 8.1 and MailScanner

Jens Ahlin mailing_lists+mailscanner at caleotech.com
Wed Dec 19 13:26:05 GMT 2007 

Hi all,

I have updated eTrust to version 8.1 (latest). Has anybody got this
working with MailScanner ?

I have run with my setup for several years without problem, MailScanner,
sendmail, eTrust, clamavmodule, spamassassin ...

After the update of eTrust only clamav reports infections. I have tested
with eicar test file on command line and then both clamscan and inocmd32
reports the file as infected. Looking in SweepViruses.pm i found that
inocm32 is called with the following parameters:
-nex -arc -mod reviewer -spm h -act cure -sca mf

And then searches for the string "is infected by virus:" in
ProcessInoculateOutput.

Running
inocmd32 -nex -arc -mod reviewer -spm h -act cure -sca mf
/tmp/eicar_test_file

gives the following output:
File /tmp/eicar_test_file cannot be cured of virus: the EICAR test string,
and has been moved to
/opt/etrust/ino/Move/b1a8c152-7b48-0001-cd13-6947522606ca.AVB

Total Files Scanned:             1
Total Viruses Found:             1
Total Infected Files Found:      0
Total Cured Files:               0
Total Moved Files:               1
Scan Mode:                       Reviewer

*** End Of Summary ***

If I change the -act parameter so that we don't try to cure the file but
report I get the output:
inocmd32 -nex -arc -mod reviewer -spm h -act report -sca mf
/tmp/eicar_test_file
File /tmp/eicar_test_file is infected by virus: the EICAR test string

Total Files Scanned:             1
Total Viruses Found:             1
Total Infected Files Found:      1
Scan Mode:                       Reviewer

*** End Of Summary ***

Now the output includes the magic string "is infected by virus:". I have
tried to change the parameter in SweepViruses.pm to -act report instead of
-act cure but MailScanner will not report that eTrust find the virus in
the file anyway. I can see that MailScanner calls inocmd32 (running top).

Any idea of what I'm doing wrong ?

Also the etrust-autoupdate fails since InoDist isn't available in 8.1. I
can live with that since I update agains local update server anyways...

Any possibility for eTrust 8.1 support in MailScanner out of the box Jules
? Can I help in any way ?

Sorry for the long post.

Regards,

      Jens

More information about the MailScanner mailing list