Strange interaction between MS 4.62.2-3 & ClamAV 0.91 - more info

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Fri Jul 13 08:24:41 IST 2007


>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>bounces at lists.mailscanner.info] On Behalf Of Julian Field
>Sent: 12 July 2007 16:54
>To: MailScanner discussion
>Subject: Re: Strange interaction between MS 4.62.2-3 & ClamAV 0.91
>
>Check virus.scanners.conf and your $PATH to see what and where your
>version(s) of ClamAV are installed.

Julian

I am using ClamAVModule and have

  Virus Scanners = clamavmodule mcafee

in /etc/MailScanner/MailScanner.conf. The 'clam' entries in
'virus.scanners.conf' are:

clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
clamd           /bin/false                              /usr/local
clamavmodule    /bin/false                              /tmp

Also in MailScanner.conf I have:

  Monitors for ClamAV Updates = /usr/local/clamav/*.inc/*
/usr/local/clamav/*.cvd

and 'ls -l /usr/local/clamav' gives

total 9156
drwxr-xr-x  2 clamav clamav    4096 Jul 13 02:09 daily.inc
-rw-r--r--  1 clamav clamav 9351789 Jul 12 15:41 main.cvd

Anything else I should have included?

ClamAV (and McAfee) are otherwise working OK:

Jul 13 08:12:09 cheviot1 MailScanner[4734]: INFECTED:: Worm.Mydoom.M::
./l6D7ALEo017921/transcript.zip 
Jul 13 08:12:11 cheviot1 MailScanner[4734]:
/l6D7ALEo017921/transcript.zip        Found the W32/Mydoom.o at MM!zip
virus !!! 
Jul 13 08:12:11 cheviot1 MailScanner[4734]: Infected message
l6D7ALEo017921 came from 61.207.12.160

Quentin

>
>Quentin Campbell wrote:
>> When running MS in debug mode on a machine running MS 4.62.2-3 &
>ClamAV 0.91 it says:
>>
>> [root at cheviot1 tmp]# service MailScanner start
>> Starting MailScanner daemons:
>>          incoming sendmail:                                [  OK  ]
>>          outgoing sendmail:                                [  OK  ]
>>          MailScanner:       In Debugging mode, not forking...
>> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-
>Temp
>> Use of uninitialized value in concatenation (.) or string at
>/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1087.
>> Use of uninitialized value in concatenation (.) or string at
>/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1089.
>> LibClamAV Warning: **************************************************
>> LibClamAV Warning: ***  The virus database is older than 7 days.  ***
>> LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
>> LibClamAV Warning: **************************************************
>> Ignore errors about failing to find EOCD signature
>> Stopping now as you are debugging me.
>>                                                            [  OK  ]
>> [root at cheviot1 tmp]#
>>
>> The ClamAV database is up to date. The same behaviour is seen on two
>similarly built machines.
>>
>> This does not happen on a third machine running MS 4.61.3-1 & ClamAV
>0.90.3.
>>
>>
>> Quentin
>> ---
>> PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>>                            Newcastle University,
>>                            Newcastle upon Tyne,
>> FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>>
----------------------------------------------------------------------
>--
>>
>>
>>
>>
>
>Jules
>
>--
>Julian Field MEng CITP
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>
>Need help customising MailScanner?
>Contact me!
>Need help fixing or optimising your systems?
>Contact me!
>Need help getting you started solving new requirements from your boss?
>Contact me!
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>For all your IT requirements visit www.transtec.co.uk
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!


More information about the MailScanner mailing list