Small problem after ClamAV upgrade
Randal, Phil
prandal at herefordshire.gov.uk
Wed Mar 7 17:20:13 CET 2007
My bad.
I forgot to tell you to install the latest Mail::ClamAV too.
perl -MCPAN -e shell
install Mail::ClamAV
quit
service MailScanner reload
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Plant, Dean
> Sent: 07 March 2007 15:30
> To: MailScanner discussion
> Subject: Small problem after ClamAV upgrade
>
> Firstly, quick thanks to Phil Randal for posting the changes
> required to
> make a install-Clam-0.90.1-SA-3.1.8.tar.gz in Julian's absence.
>
> Now my problem.
>
> After upgrading to Mail-ClamAV-0.20 & ClamAV 0.90.1 I have a
> small issue
> with attachments in a mail detected as broken executables. I
> know I can
> report these to ClamAV but as I have never (knowingly) had this option
> turned on would like it turned off.
>
> The original mail virus scanned without problem but was quarantined as
> we don't allow executables. When I try to release the mail from
> quarantine (Mailwatch) the mail is blocked as ClamAV detects it as a
> broken executable. It seems like I have the option "--detect-broken"
> turned on but I am not sure where. Any idea's?
>
> In /etc/MailScannner/MailScanner.conf
>
> Virus Scanners = clamavmodule
>
> A clamscan is fine
>
> # clamscan ./*
> ./backup.exe: OK
> ./decdisk.exe: OK
> ./dispefs.exe: OK
> ./message: OK
> ./PD 8_01_01.zip: OK
>
> Setting --detect-broken shows ClamAV incorrectly detecting
> the files as
> broken.
>
> # clamscan --detect-broken ./*
> ./backup.exe: Broken.Executable FOUND
> ./decdisk.exe: Broken.Executable FOUND
> ./dispefs.exe: Broken.Executable FOUND
> ./message: Broken.Executable FOUND
> ./PD 8_01_01.zip: Broken.Executable FOUND
>
> Using the MailScanner clamav-wrapper is ok
>
> # /usr/lib/MailScanner/clamav-wrapper /usr/local/
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/message: OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/back
> up.exe: OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/decdisk.exe:
> OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/dispefs.exe:
> OK
> /var/spool/MailScanner/quarantine/20070307/l278IMl1006594/PD
> 8_01_01.zip: OK
>
> >From /var/log/maillog
>
> Mar 7 08:19:16 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/dispefs.exe
> Mar 7 08:19:16 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/decdisk.exe
> Mar 7 08:19:16 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/backup.exe
> Mar 7 08:19:21 rsys002x MailScanner[11252]: ClamAVModule::INFECTED::
> Broken.Executable:: ./l278IMl1006594/PD 8_01_01.zip
>
> Dean
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list