Strange interaction between MS 4.62.2-3 & ClamAV 0.91 - more
info
Quentin Campbell
Q.G.Campbell at newcastle.ac.uk
Fri Jul 13 08:24:41 IST 2007
>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>bounces at lists.mailscanner.info] On Behalf Of Julian Field
>Sent: 12 July 2007 16:54
>To: MailScanner discussion
>Subject: Re: Strange interaction between MS 4.62.2-3 & ClamAV 0.91
>
>Check virus.scanners.conf and your $PATH to see what and where your
>version(s) of ClamAV are installed.
Julian
I am using ClamAVModule and have
Virus Scanners = clamavmodule mcafee
in /etc/MailScanner/MailScanner.conf. The 'clam' entries in
'virus.scanners.conf' are:
clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
clamd /bin/false /usr/local
clamavmodule /bin/false /tmp
Also in MailScanner.conf I have:
Monitors for ClamAV Updates = /usr/local/clamav/*.inc/*
/usr/local/clamav/*.cvd
and 'ls -l /usr/local/clamav' gives
total 9156
drwxr-xr-x 2 clamav clamav 4096 Jul 13 02:09 daily.inc
-rw-r--r-- 1 clamav clamav 9351789 Jul 12 15:41 main.cvd
Anything else I should have included?
ClamAV (and McAfee) are otherwise working OK:
Jul 13 08:12:09 cheviot1 MailScanner[4734]: INFECTED:: Worm.Mydoom.M::
./l6D7ALEo017921/transcript.zip
Jul 13 08:12:11 cheviot1 MailScanner[4734]:
/l6D7ALEo017921/transcript.zip Found the W32/Mydoom.o at MM!zip
virus !!!
Jul 13 08:12:11 cheviot1 MailScanner[4734]: Infected message
l6D7ALEo017921 came from 61.207.12.160
Quentin
>
>Quentin Campbell wrote:
>> When running MS in debug mode on a machine running MS 4.62.2-3 &
>ClamAV 0.91 it says:
>>
>> [root at cheviot1 tmp]# service MailScanner start
>> Starting MailScanner daemons:
>> incoming sendmail: [ OK ]
>> outgoing sendmail: [ OK ]
>> MailScanner: In Debugging mode, not forking...
>> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-
>Temp
>> Use of uninitialized value in concatenation (.) or string at
>/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1087.
>> Use of uninitialized value in concatenation (.) or string at
>/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1089.
>> LibClamAV Warning: **************************************************
>> LibClamAV Warning: *** The virus database is older than 7 days. ***
>> LibClamAV Warning: *** Please update it IMMEDIATELY! ***
>> LibClamAV Warning: **************************************************
>> Ignore errors about failing to find EOCD signature
>> Stopping now as you are debugging me.
>> [ OK ]
>> [root at cheviot1 tmp]#
>>
>> The ClamAV database is up to date. The same behaviour is seen on two
>similarly built machines.
>>
>> This does not happen on a third machine running MS 4.61.3-1 & ClamAV
>0.90.3.
>>
>>
>> Quentin
>> ---
>> PHONE: +44 191 222 8209 Information Systems and Services (ISS),
>> Newcastle University,
>> Newcastle upon Tyne,
>> FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
>>
----------------------------------------------------------------------
>--
>>
>>
>>
>>
>
>Jules
>
>--
>Julian Field MEng CITP
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>
>Need help customising MailScanner?
>Contact me!
>Need help fixing or optimising your systems?
>Contact me!
>Need help getting you started solving new requirements from your boss?
>Contact me!
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>For all your IT requirements visit www.transtec.co.uk
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list