kaspersky and MScanner

Israel Garcia igalvarez at gmail.com
Tue Jun 12 21:54:54 IST 2007 

Here I go:

[root at domain:/opt/kaspersky/kav4fs/bin]$ MailScanner --lint
Read 776 hostnames from the phishing whitelist
Checking version numbers...
Version number in MailScanner.conf (4.60.8) is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Using locktype = flock
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamavmodule, kaspersky-4.5

I sent the eicar.exe test and maillog says;

MailScanner[30462]: ClamAVModule::INFECTED:: Eicar-Test-Signature::
./3CA742B1A2.2FBE0/eicar.exe
Jun 12 16:43:05 picaso1 MailScanner[30462]: Filename Checks:
Windows/DOS Executable (3CA742B1A2.2FBE0 eicar.exe)
Jun 12 16:43:05 picaso1 MailScanner[30462]: Viruses marked as silent:
eicar.exe was infected: Eicar-Test-Signature

Only clamav detected the virus (test) file :-(

In /opt/kaspersky/kav4fs/bin I have:

[root at domain:/opt/kaspersky/kav4fs/bin]$ ll
total 3808
-rwxr-xr-x  1 root root 1322024 Mar 14 13:08 kav4fs-kavscanner
-rwxr-xr-x  1 root root 1548264 Mar 14 13:08 kav4fs-keepup2date
-rwxr-xr-x  1 root root 1015016 Mar 14 13:08 kav4fs-licensemanager
lrwxrwxrwx  1 root root      19 Jun 12 16:46 kavscanner -> ./kav4fs-kavscanner
lrwxrwxrwx  1 root root      18 Jun 12 16:30 keepup2date -> kav4ws-keepup2date

Is this version of maillscanner ready to work with this version of
kaspersky kav4fs-5.5-27.rpm?

thanks a lot!!

Israel

On 6/12/07, Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Please can you do
> MailScanner --lint
> and tell me if it finds kaspersky installed.
>
> If it does, then the parser needs updating for this new version, for
> which I will need a fully licensed copy of it to use for development
> purposes.
>
> Israel Garcia wrote:
> > Hi, I've upgrade kaspersky AV with this version: kav4fs-5.5-27.rpm in
> > my CentOS server using
> > mailscanner (MailScanner-4.60.8-1) and I think there's a problem
> > because, I dont see mailscanner
> > scanning for viruses with kaspersky, the new version of kaspersky
> > installed all files under /opt/kaspersky/kav4fs/ .. so I had ti edit
> > /etc/MailScanner/virus.scanners.conf with:
> >
> > kaspersky-4.5   /usr/lib/MailScanner/kaspersky-wrapper
> > /opt/kaspersky/kav4fs
> >
> > I also test the wrapper running:
> >
> > [root at domain:~]$ /usr/lib/MailScanner/kaspersky-wrapper
> > /opt/kaspersky/kav4fs  /tmp
> > [12/06/07 12:45:15 I] Kaspersky Anti-Virus On-Demand Scanner for
> > Linux. Version 5.5.27/RELEASE build #15, compiled Feb 28 2007,
> > 18:30:23
> > [12/06/07 12:45:15 I] Copyright (C) Kaspersky Lab, 1997-2007.
> > [12/06/07 12:45:15 I] Portions Copyright (C) Lan Crypto
> > [12/06/07 12:45:16 I] License "Kaspersky Anti-Virus BO Suite
> > International Edition. 3-3 FileServer 1 year Renewal Licence", expires
> > 05-06-2008 in 359 days
> > [12/06/07 12:45:16 I] License file 0179FADF.key, serial
> > 02B7-0003F5-0179FADF,  "Kaspersky Anti-Virus BO Suite International
> > Edition. 3-3 FileServer 1 year Renewal Licence", expires 05-06-2008
> > [12/06/07 12:45:19 I] There are 321455 records loaded, the latest
> > update 12-06-2007, using standard bases set
> > [12/06/07 12:45:19 I] The scan path: /tmp
> > [12/06/07 12:45:19 I] Silent mode is on
> > [12/06/07 12:45:19 A] /tmp/KasperskyBusy.lock   OK
> > [12/06/07 12:45:19 A] /tmp/mc-root/extfsyv6wxcCONTENTS.cpio     OK
> > [12/06/07 12:45:19 A] /tmp/mc-root/extfsEHhZxdCONTENTS.cpio     OK
> > [12/06/07 12:45:19 A] /tmp/mc-root/extfsHmhOldCONTENTS.cpio     OK
> >
> > But, I see no log of kaspersky nor kavscanner in maillog, or in a top
> > command, so I think mailscanner is not using kaspersky.
> > I also sent the eicar.test file and mailscanner/kaspersky  did not see
> > any virus...
> >
> > I debug mailscanner and it did not say error..
> >
> > Can you help me to see if mailscanner is using kerpersky or not when
> > scanning emais?
> >
> > regards
> > Israel
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
> Charset: ISO-8859-1
>
> wj8DBQFGbt8UEfZZRxQVtlQRAhQWAKC1GcyHo6V/5iuDXmx8/LSrwq08BgCdE+Bz
> gjuYaUGVaMaVhFtOGFFM+DA=
> =Pvd1
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
Regards;
Israel Garcia

More information about the MailScanner mailing list