problem with the f-secure wrapper (resolved [quick+dirty])

Holger Gebhard holger at gebhardweb.de
Tue Jun 26 21:56:11 IST 2007 

Hi Dirk,

 

what version of f-secure is running on your gateway?

 

I use the latest f-secure anti-virus for linux gateways in Version 4.65 with
no problems so far.

I believe to remember that f-secure for linux gateways is the only
legitimate version for emailscanning on gateway side.

 

Here is a sample output from scanner:

 

F-Secure Anti-Virus for Linux Gateways version 4.65  build 5446

Copyright (c) 1999-2004 F-Secure Corporation. All Rights Reserved.

 

Scan started at Tue Jun 26 22:37:34 2007

Database version: 2007-06-26_12

 

 

Best regards,

 

Holger

 

Von: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] Im Auftrag von Julian
Field
Gesendet: Dienstag, 26. Juni 2007 16:32
An: Dirk Clemens
Cc: MailScanner discussion
Betreff: Re: problem with the f-secure wrapper (resolved [quick+dirty])

 

Please can you send me (off-list) a fully licensed copy of the version of
F-Secure you are using, with all necessary licence key files. I can
guarantee you that it will be only used for development purposes, and that I
will not give it to anyone else.

Without it, I can't develop a proper fix.

Best regards,
Jules.

Dirk Clemens wrote: 

* PGP Signed by an unknown key
 
I have resolved the problem:
 
The new f-secure scanner prints the following header:
 
==========
# fsav --dumb --archive --action1=none /tmp/test
F-Secure Security Platform version 1.10  build 6192
Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.
....
=========
 
MailScanner thinks, f-secure has the version 1.10 and uses
the old style report.
 
my quick and dirty workaround: the following patch:
 
===================================================================
--- SweepViruses.pm     (revision 585)
+++ SweepViruses.pm     (working copy)
@@ -207,7 +207,7 @@
     Lock               => 'FSecureBusy.lock',
     CommonOptions      => '--dumb --archive',
     DisinfectOptions   => '--auto --disinf',
-    ScanOptions                => '',
+    ScanOptions                => '--action1=none',
     InitParser         => \&InitFSecureParser,
     ProcessOutput      => \&ProcessFSecureOutput,
     SupportScanning    => $S_SUPPORTED,
@@ -1900,7 +1900,8 @@
   MailScanner::Log::InfoLog($logout);
 
   # If we are running the new version then there's a totally new parser
here
-  if ($fsecure_Version >= 4.50) {
+  #if ($fsecure_Version >= 4.50) {
+  if (1) {
 
     #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR_Test_File [F-Prot]
     #./g4UFLJR23090/Keld Jrn Simonsen: Infected: EICAR-Test-File [AVP]
 
 
 
I need also the changes I have described in the mail before:
  

3.)
When I insert the line line into the wrapper ...
 
=====
Root=$1
shift
# the new test line:
exec $Root/bin/fsav "$@"
=====
 
    

 
Dirk
 
--
Dirk Clemens
dc at ftb-volmarstein.de               http://ftb-net.de
FTB - Forschungsinstitut Technologie-Behindertenhilfe
Grundschötteler Strasse 40,              58300 Wetter
Telefon: 02335/9681-53         Telefax: 02335/9681-19
 
* Unknown Key
* 0xF91EA1AD(L)
  





Jules
 
-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
 
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
 
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070626/fe7046b4/attachment.html

More information about the MailScanner mailing list