problem with the f-secure wrapper (resolved [quick+dirty])

Holger Gebhard holger at
Tue Jun 26 21:56:11 IST 2007

Hi Dirk,


what version of f-secure is running on your gateway?


I use the latest f-secure anti-virus for linux gateways in Version 4.65 with
no problems so far.

I believe to remember that f-secure for linux gateways is the only
legitimate version for emailscanning on gateway side.


Here is a sample output from scanner:


F-Secure Anti-Virus for Linux Gateways version 4.65  build 5446

Copyright (c) 1999-2004 F-Secure Corporation. All Rights Reserved.


Scan started at Tue Jun 26 22:37:34 2007

Database version: 2007-06-26_12



Best regards,




Von: mailscanner-bounces at
[mailto:mailscanner-bounces at] Im Auftrag von Julian
Gesendet: Dienstag, 26. Juni 2007 16:32
An: Dirk Clemens
Cc: MailScanner discussion
Betreff: Re: problem with the f-secure wrapper (resolved [quick+dirty])


Please can you send me (off-list) a fully licensed copy of the version of
F-Secure you are using, with all necessary licence key files. I can
guarantee you that it will be only used for development purposes, and that I
will not give it to anyone else.

Without it, I can't develop a proper fix.

Best regards,

Dirk Clemens wrote: 

* PGP Signed by an unknown key
I have resolved the problem:
The new f-secure scanner prints the following header:
# fsav --dumb --archive --action1=none /tmp/test
F-Secure Security Platform version 1.10  build 6192
Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.
MailScanner thinks, f-secure has the version 1.10 and uses
the old style report.
my quick and dirty workaround: the following patch:
---     (revision 585)
+++     (working copy)
@@ -207,7 +207,7 @@
     Lock               => 'FSecureBusy.lock',
     CommonOptions      => '--dumb --archive',
     DisinfectOptions   => '--auto --disinf',
-    ScanOptions                => '',
+    ScanOptions                => '--action1=none',
     InitParser         => \&InitFSecureParser,
     ProcessOutput      => \&ProcessFSecureOutput,
     SupportScanning    => $S_SUPPORTED,
@@ -1900,7 +1900,8 @@
   # If we are running the new version then there's a totally new parser
-  if ($fsecure_Version >= 4.50) {
+  #if ($fsecure_Version >= 4.50) {
+  if (1) {
     #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR_Test_File [F-Prot]
     #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR-Test-File [AVP]
I need also the changes I have described in the mail before:

When I insert the line line into the wrapper ...
# the new test line:
exec $Root/bin/fsav "$@"

Dirk Clemens
dc at     
FTB - Forschungsinstitut Technologie-Behindertenhilfe
Grundschötteler Strasse 40,              58300 Wetter
Telefon: 02335/9681-53         Telefax: 02335/9681-19
* Unknown Key
* 0xF91EA1AD(L)

Julian Field MEng CITP
Buy the MailScanner book at
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list