MailScanner --lint doesn't check Eicar virus - OK here!

Quentin Campbell Q.G.Campbell at newcastle.ac.uk
Thu Nov 29 14:22:19 GMT 2007 

Phil

A 'cat /etc/redhat-release' gives "Red Hat Enterprise Linux AS release 4
(Nahant Update 6)".

The command 'perl -v' gives:

Summary of my perl5 (revision 5 version 8 subversion 5) configuration:
  Platform:
    osname=linux, osvers=2.6.9-22.18.bz155725.elsmp,
archname=i386-linux-thread-multi
    uname='linux hs20-bc1-4.build.redhat.com 2.6.9-22.18.bz155725.elsmp
#1 smp thu nov 17 15:34:08 est 2005 i686 i686 i386 gnulinux '
    config_args='-des -Doptimize=-O2 -g -pipe -m32 -march=i386
-mtune=pentium4 -Dversion=5.8.5 -Dmyhostname=localhost
-Dperladmin=root at localhost -Dcc=gcc -Dcf_by=Red Hat, Inc.
-Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux
-Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads
-Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db
-Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio
-Dinstallusrbinperl -Ubincompat5005 -Uversiononly -Dpager=/usr/bin/less
-isr -Dinc_version_list=5.8.4 5.8.3 5.8.2 5.8.1 5.8.0'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBUGGING
-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
    optimize='-O2 -g -pipe -m32 -march=i386 -mtune=pentium4',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBUGGING
-fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
    ccversion='', gccversion='3.4.6 20060404 (Red Hat 3.4.6-2)',
gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread
-lc
    perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=/lib/libc-2.3.4.so, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.3.4'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
-Wl,-rpath,/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'


Characteristics of this binary (from libperl): 
  Compile-time options: DEBUGGING MULTIPLICITY USE_ITHREADS
USE_LARGE_FILES PERL_IMPLICIT_CONTEXT
  Built under linux
  Compiled at Jul 24 2006 18:28:10
  @INC:
    /usr/lib/perl5/5.8.5/i386-linux-thread-multi
    /usr/lib/perl5/5.8.5
    /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
    /usr/lib/perl5/site_perl/5.8.5
    /usr/lib/perl5/site_perl/5.8.4
    /usr/lib/perl5/site_perl/5.8.3
    /usr/lib/perl5/site_perl/5.8.2
    /usr/lib/perl5/site_perl/5.8.1
    /usr/lib/perl5/site_perl/5.8.0
    /usr/lib/perl5/site_perl
    /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
    /usr/lib/perl5/vendor_perl/5.8.5
    /usr/lib/perl5/vendor_perl/5.8.4
    /usr/lib/perl5/vendor_perl/5.8.3
    /usr/lib/perl5/vendor_perl/5.8.2
    /usr/lib/perl5/vendor_perl/5.8.1
    /usr/lib/perl5/vendor_perl/5.8.0
    /usr/lib/perl5/vendor_perl
    .
Hope that info is of help.

Quentin

>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>bounces at lists.mailscanner.info] On Behalf Of Randal, Phil
>Sent: 29 November 2007 13:58
>To: MailScanner discussion
>Subject: RE: MailScanner --lint doesn't check Eicar virus - OK here!
>
>Michael,
>
>Which version of RedHat are you running?
>
>I see the problem on CentOS 5.0.
>
>It may a side effect of force-installing the perl update.
>
>It would be nice to know what's actually happening and what the fix is,
>though.  I'm not a perl guru so it's beyond me.
>
>Cheers,
>
>Phil
>--
>Phil Randal
>Network Engineer
>Herefordshire Council
>Hereford, UK
>
>
>
>________________________________
>
>	From: mailscanner-bounces at lists.mailscanner.info
>[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Michael
>Mansour
>	Sent: 29 November 2007 06:13
>	To: MailScanner discussion
>	Subject: RE: MailScanner --lint doesn't check Eicar virus - OK
>here!
>
>
>	Hi Quentin,
>
>	Quentin Campbell <Q.G.Campbell at newcastle.ac.uk> wrote:
>
>		Phil
>
>		It appears to work here. I get a different result to
you:
>
>
>	This is very strange then.
>
>	This begs the question, in what cases does this --lint fail with
>the Eicar virus check?
>
>	I'm pretty sure I saw the test pass with Eicar in there when I
>upgraded to MailScanner 4.65.3 (not certain but pretty sure), but only
>recently noticed that Eicar was no longer there. This may have happened
>after some perl errata upgrades on Linux recently released by Red Hat.
>
>	I'm just interested to know now that if this is the case, then
was
>would cause that symptom and is it causing other problems I can't see?
>
>	Michael.
>
>
>		[root at cheviot4 MailScanner]# MailScanner --lint
>		Checking version numbers...
>		Version number in MailScanner.conf (4.65.3) is correct.
>
>		Your envelope_sender_header in spam.assassin.prefs.conf
is
>correct.
>
>		Checking for SpamAssassin errors (if you use it)...
>		SpamAssassin temp dir =
>/var/spool/MailScanner/incoming/SpamAssassin-Temp
>		SpamAssassin reported no errors.
>		MailScanner.conf says "Virus Scanners = clamavmodule
mcafee"
>		Found these virus scanners installed: clamavmodule,
mcafee
>
>
==================================================================
>=========
>
>
==================================================================
>=========
>		Virus Scanner test reports:
>		ClamAVModule said "eicar.com was infected: Eicar-Test-
>Signature"
>		McAfee said "/1/eicar.com Found: EICAR test file NOT a
>virus."
>
>		If any of your virus scanners (clamavmodule,mcafee)
>		are not listed there, you should check that they are
>installed correctly
>		and that MailScanner is finding them correctly via its
>virus.scanners.conf.
>		[root at cheviot4 MailScanner]#
>
>		Quentin
>		---
>		PHONE: +44 191 222 8209    Information Systems and
Services
>(ISS),
>		                           Newcastle University,
>		                           Newcastle upon Tyne,
>		FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>
------------------------------------------------------------
>------------
>
>
>
>
>
>		>-----Original Message-----
>		>From: mailscanner-bounces at lists.mailscanner.info
>[mailto:mailscanner-
>		>bounces at lists.mailscanner.info] On Behalf Of Randal,
Phil
>		>Sent: 28 November 2007 14:10
>		>To: MailScanner discussion
>		>Subject: RE: MailScanner --lint doesn't check Eicar
virus
>		>
>		>Well spotted!
>		>
>		>Confirming that it is broken in 4.65.3
>		>
>		># MailScanner --lint
>		>Checking version numbers...
>		>Version number in MailScanner.conf (4.65.3) is correct.
>		>
>		>Your envelope_sender_header in spam.assassin.prefs.conf
is
>correct.
>		>
>		>Checking for SpamAssassin errors (if you use it)...
>		>SpamAssassin temp dir =
>/var/spool/MailScanner/incoming/SpamAssassin-
>		>Temp
>		>SpamAssassin reported no errors.
>		>MailScanner.conf says "Virus Scanners = clamavmodule
>mcafee"
>		>Found these virus scanners installed: clamavmodule,
mcafee
>
>
>=================================================================
>=======
>		>===
>
>
>=================================================================
>=======
>		>===
>		>
>		>If any of your virus scanners (clamavmodule,mcafee)
>		>are not listed there, you should check that they are
>installed correctly
>		>and that MailScanner is finding them correctly via its
>		>virus.scanners.conf.
>		>
>		>Cheers,
>		>
>		>Phil
>		>
>		>--
>		>Phil Randal
>		>Network Engineer
>		>Herefordshire Council
>		>Hereford, UK
>		>
>		>
>		>
>		>
>		>
>		>________________________________
>		>
>		> From: mailscanner-bounces at lists.mailscanner.info
>		>[mailto:mailscanner-bounces at lists.mailscanner.info] On
>Behalf Of Michael
>		>Mansour
>		> Sent: 28 November 2007 14:03
>		> To: MailScanner discussion
>		> Subject: MailScanner --lint doesn't check Eicar virus
>		>
>		>
>		> Hi,
>		>
>		> I used to be able to run:
>		>
>		> # MailScanner --lint
>		> Checking version numbers...
>		> Version number in MailScanner.conf (4.65.3) is
correct.
>		>
>		> Your envelope_sender_header in
spam.assassin.prefs.conf is
>		>correct.
>		>
>		> Checking for SpamAssassin errors (if you use it)...
>		> SpamAssassin temp dir = /tmp/SpamAssassin-Temp
>		> SpamAssassin reported no errors.
>		> MailScanner.conf says "Virus Scanners = clamavmodule"
>		> Found these virus scanners installed: clamavmodule
>		>
>==================================================================
>		>=========
>		>
>==================================================================
>		>=========
>		>
>		> If any of your virus scanners (clamavmodule)
>		> are not listed there, you should check that they are
>installed
>		>correctly
>		> and that MailScanner is finding them correctly via its
>		>virus.scanners.conf.
>		>
>		> and see MailScanner test the Eicar virus between the
"==="
>rows,
>		>but most recently I see this doesn't work anymore.
>		>
>		> Is there something I can check to see why?
>		>
>		> When I run the wrapper:
>		>
>		> /usr/lib/MailScanner/clamav-wrapper /usr /tmp
>		>
>		> it finds clamav and works scans /tmp fine.
>		>
>		> Thanks.
>		>
>		> Michael.
>		>
>		>
>		>
>		>
>		>________________________________
>		>
>		> Make the switch to the world's best email. Get the new
>Yahoo!7
>		>Mail now
>		>
>		>u.yahoo.com/worldsbestmail/spankey/> .
>
>		--
>		MailScanner mailing list
>		mailscanner at lists.mailscanner.info
>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>		Before posting, read
http://wiki.mailscanner.info/posting
>
>		Support MailScanner development - buy the book off the
>website!
>
>
>
>
>________________________________
>
>	Make the switch to the world's best email. Get the new Yahoo!7
>Mail now
><http://au.rd.yahoo.com/mail/taglines/default_all/mail/spankey/*http://
a
>u.yahoo.com/worldsbestmail/spankey/> .

More information about the MailScanner mailing list