Small problem after ClamAV upgrade

Randal, Phil prandal at herefordshire.gov.uk
Wed Mar 7 17:20:13 CET 2007


My bad.

I forgot to tell you to install the latest Mail::ClamAV too.

perl -MCPAN -e shell
install Mail::ClamAV
quit

service MailScanner reload

Cheers,

Phil

--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of Plant, Dean
> Sent: 07 March 2007 15:30
> To: MailScanner discussion
> Subject: Small problem after ClamAV upgrade
> 
> Firstly, quick thanks to Phil Randal for posting the changes 
> required to
> make a install-Clam-0.90.1-SA-3.1.8.tar.gz in Julian's absence.
> 
> Now my problem.
> 
> After upgrading to Mail-ClamAV-0.20 & ClamAV 0.90.1 I have a 
> small issue
> with attachments in a mail detected as broken executables. I 
> know I can
> report these to ClamAV but as I have never (knowingly) had this option
> turned on would like it turned off.
> 
> The original mail virus scanned without problem but was quarantined as
> we don't allow executables. When I try to release the mail from
> quarantine (Mailwatch) the mail is blocked as ClamAV detects it as a
> broken executable. It seems like I have the option "--detect-broken"
> turned on but I am not sure where. Any idea's?
> 
> In /etc/MailScannner/MailScanner.conf
> 
> Virus Scanners = clamavmodule
> 
> A clamscan is fine
> 
> # clamscan ./*
> ./backup.exe: OK
> ./decdisk.exe: OK
> ./dispefs.exe: OK
> ./message: OK
> ./PD 8_01_01.zip: OK
> 
> Setting --detect-broken shows ClamAV incorrectly detecting 
> the files as
> broken.
> 
> # clamscan --detect-broken ./*
> ./backup.exe: Broken.Executable FOUND
> ./decdisk.exe: Broken.Executable FOUND
> ./dispefs.exe: Broken.Executable FOUND
> ./message: Broken.Executable FOUND
> ./PD 8_01_01.zip: Broken.Executable FOUND
> 
> Using the MailScanner clamav-wrapper is ok
> 
> # /usr/lib/MailScanner/clamav-wrapper /usr/local/
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/message: OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/back
> up.exe: OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/decdisk.exe:
> OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/dispefs.exe:
> OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/PD
> 8_01_01.zip: OK
> 
> >From /var/log/maillog
> 
> Mar  7 08:19:16 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/dispefs.exe
> Mar  7 08:19:16 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/decdisk.exe
> Mar  7 08:19:16 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/backup.exe
> Mar  7 08:19:21 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/PD 8_01_01.zip
> 
> Dean
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 


More information about the MailScanner mailing list