eTrust 8.1 and MailScanner

Julian Field MailScanner at ecs.soton.ac.uk
Wed Dec 19 15:13:50 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please can you send me a full copy of the latest version of eTrust, 
together with any licence keys I'll need to make it work.

Jens Ahlin wrote:
>> On 19/12/2007, Jens Ahlin <mailing_lists+mailscanner at caleotech.com> wrote:
>>     
>>> Hi all,
>>>
>>> I have updated eTrust to version 8.1 (latest). Has anybody got this
>>> working with MailScanner ?
>>>
>>> I have run with my setup for several years without problem, MailScanner,
>>> sendmail, eTrust, clamavmodule, spamassassin ...
>>>
>>> After the update of eTrust only clamav reports infections. I have tested
>>> with eicar test file on command line and then both clamscan and inocmd32
>>> reports the file as infected. Looking in SweepViruses.pm i found that
>>> inocm32 is called with the following parameters:
>>> -nex -arc -mod reviewer -spm h -act cure -sca mf
>>>
>>> And then searches for the string "is infected by virus:" in
>>> ProcessInoculateOutput.
>>>
>>> Running
>>> inocmd32 -nex -arc -mod reviewer -spm h -act cure -sca mf
>>> /tmp/eicar_test_file
>>>
>>>       
>> Hm, normally you don't use the "disinfect" options unless explicitly
>> setting "Deliver Disinfected Files = yes"... Do you have that?
>> Unless you do, the relevant thing would be to test what output you get
>> from
>> inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file
>> ... might be that the defaults have changed?
>>
>>     
>
> Thanks for that pointer.
> I noticed this myself just before your post. So I tried :
> inocmd32 -nex -arc -mod reviewer -spm h /tmp/eicar_test_file
> File /tmp/eicar_test_file is infected by virus: the EICAR test string
>
> Total Files Scanned:             1
> Total Viruses Found:             1
> Total Infected Files Found:      1
> Scan Mode:                       Reviewer
>
> *** End Of Summary ***
>
> Still the same result :(
>
>   
>>> gives the following output:
>>> File /tmp/eicar_test_file cannot be cured of virus: the EICAR test
>>> string,
>>> and has been moved to
>>> /opt/etrust/ino/Move/b1a8c152-7b48-0001-cd13-6947522606ca.AVB
>>>
>>> Total Files Scanned:             1
>>> Total Viruses Found:             1
>>> Total Infected Files Found:      0
>>> Total Cured Files:               0
>>> Total Moved Files:               1
>>> Scan Mode:                       Reviewer
>>>
>>> *** End Of Summary ***
>>>
>>> If I change the -act parameter so that we don't try to cure the file but
>>> report I get the output:
>>> inocmd32 -nex -arc -mod reviewer -spm h -act report -sca mf
>>> /tmp/eicar_test_file
>>> File /tmp/eicar_test_file is infected by virus: the EICAR test string
>>>
>>> Total Files Scanned:             1
>>> Total Viruses Found:             1
>>> Total Infected Files Found:      1
>>> Scan Mode:                       Reviewer
>>>
>>> *** End Of Summary ***
>>>
>>> Now the output includes the magic string "is infected by virus:". I have
>>> tried to change the parameter in SweepViruses.pm to -act report instead
>>> of
>>> -act cure but MailScanner will not report that eTrust find the virus in
>>> the file anyway. I can see that MailScanner calls inocmd32 (running
>>> top).
>>>
>>> Any idea of what I'm doing wrong ?
>>>
>>> Also the etrust-autoupdate fails since InoDist isn't available in 8.1. I
>>> can live with that since I update agains local update server anyways...
>>>
>>> Any possibility for eTrust 8.1 support in MailScanner out of the box
>>> Jules
>>> ? Can I help in any way ?
>>>
>>> Sorry for the long post.
>>>
>>> Regards,
>>>
>>>       Jens
>>>
>>>       
>> Cheers
>> --
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>     
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 867)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFHaTUvEfZZRxQVtlQRAre/AJ9GLIomcWLsYdgVt+29MhGFeigDUQCgogtl
7quSfZdCP/WvRdzuPh3WvaE=
=ojSg
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list