eTrust 8.1 and MailScanner

Jens Ahlin mailing_lists+mailscanner at caleotech.com
Wed Dec 19 14:39:52 GMT 2007


> On 19/12/2007, Jens Ahlin <mailing_lists+mailscanner at caleotech.com> wrote:
>> Hi all,
>>
>> I have updated eTrust to version 8.1 (latest). Has anybody got this
>> working with MailScanner ?
>>
>> I have run with my setup for several years without problem, MailScanner,
>> sendmail, eTrust, clamavmodule, spamassassin ...
>>
>> After the update of eTrust only clamav reports infections. I have tested
>> with eicar test file on command line and then both clamscan and inocmd32
>> reports the file as infected. Looking in SweepViruses.pm i found that
>> inocm32 is called with the following parameters:
>> -nex -arc -mod reviewer -spm h -act cure -sca mf
>>
>> And then searches for the string "is infected by virus:" in
>> ProcessInoculateOutput.
>>
>> Running
>> inocmd32 -nex -arc -mod reviewer -spm h -act cure -sca mf
>> /tmp/eicar_test_file
>>
> Hm, normally you don't use the "disinfect" options unless explicitly
> setting "Deliver Disinfected Files = yes"... Do you have that?
> Unless you do, the relevant thing would be to test what output you get
> from
> inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file
> ... might be that the defaults have changed?
>

Thanks for that pointer.
I noticed this myself just before your post. So I tried :
inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file
File /tmp/eicar_test_file is infected by virus: the EICAR test string

Total Files Scanned:             1
Total Viruses Found:             1
Total Infected Files Found:      1
Scan Mode:                       Reviewer

*** End Of Summary ***

Still the same result :(

>> gives the following output:
>> File /tmp/eicar_test_file cannot be cured of virus: the EICAR test
>> string,
>> and has been moved to
>> /opt/etrust/ino/Move/b1a8c152-7b48-0001-cd13-6947522606ca.AVB
>>
>> Total Files Scanned:             1
>> Total Viruses Found:             1
>> Total Infected Files Found:      0
>> Total Cured Files:               0
>> Total Moved Files:               1
>> Scan Mode:                       Reviewer
>>
>> *** End Of Summary ***
>>
>> If I change the -act parameter so that we don't try to cure the file but
>> report I get the output:
>> inocmd32 -nex -arc -mod reviewer -spm h -act report -sca mf
>> /tmp/eicar_test_file
>> File /tmp/eicar_test_file is infected by virus: the EICAR test string
>>
>> Total Files Scanned:             1
>> Total Viruses Found:             1
>> Total Infected Files Found:      1
>> Scan Mode:                       Reviewer
>>
>> *** End Of Summary ***
>>
>> Now the output includes the magic string "is infected by virus:". I have
>> tried to change the parameter in SweepViruses.pm to -act report instead
>> of
>> -act cure but MailScanner will not report that eTrust find the virus in
>> the file anyway. I can see that MailScanner calls inocmd32 (running
>> top).
>>
>> Any idea of what I'm doing wrong ?
>>
>> Also the etrust-autoupdate fails since InoDist isn't available in 8.1. I
>> can live with that since I update agains local update server anyways...
>>
>> Any possibility for eTrust 8.1 support in MailScanner out of the box
>> Jules
>> ? Can I help in any way ?
>>
>> Sorry for the long post.
>>
>> Regards,
>>
>>       Jens
>>
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



More information about the MailScanner mailing list