MailScanner --lint doesn't check Eicar virus - OK here!
Randal, Phil
prandal at herefordshire.gov.uk
Fri Nov 30 10:06:41 GMT 2007
Unfortunately for me, it's working fine on my Centos 5 x86 test box, but
not on my CentOS 5 x64 production boxes.
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Quentin Campbell
> Sent: 29 November 2007 14:22
> To: MailScanner discussion
> Subject: RE: MailScanner --lint doesn't check Eicar virus - OK here!
>
> Phil
>
> A 'cat /etc/redhat-release' gives "Red Hat Enterprise Linux
> AS release 4
> (Nahant Update 6)".
>
> The command 'perl -v' gives:
>
> Summary of my perl5 (revision 5 version 8 subversion 5) configuration:
> Platform:
> osname=linux, osvers=2.6.9-22.18.bz155725.elsmp,
> archname=i386-linux-thread-multi
> uname='linux hs20-bc1-4.build.redhat.com
> 2.6.9-22.18.bz155725.elsmp
> #1 smp thu nov 17 15:34:08 est 2005 i686 i686 i386 gnulinux '
> config_args='-des -Doptimize=-O2 -g -pipe -m32 -march=i386
> -mtune=pentium4 -Dversion=5.8.5 -Dmyhostname=localhost
> -Dperladmin=root at localhost -Dcc=gcc -Dcf_by=Red Hat, Inc.
> -Dinstallprefix=/usr -Dprefix=/usr -Darchname=i386-linux
> -Dvendorprefix=/usr -Dsiteprefix=/usr -Duseshrplib -Dusethreads
> -Duseithreads -Duselargefiles -Dd_dosuid -Dd_semctl_semun -Di_db
> -Ui_ndbm -Di_gdbm -Di_shadow -Di_syslog -Dman3ext=3pm -Duseperlio
> -Dinstallusrbinperl -Ubincompat5005 -Uversiononly
> -Dpager=/usr/bin/less
> -isr -Dinc_version_list=5.8.4 5.8.3 5.8.2 5.8.1 5.8.0'
> hint=recommended, useposix=true, d_sigaction=define
> usethreads=define use5005threads=undef useithreads=define
> usemultiplicity=define
> useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
> use64bitint=undef use64bitall=undef uselongdouble=undef
> usemymalloc=n, bincompat5005=undef
> Compiler:
> cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBUGGING
> -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
> optimize='-O2 -g -pipe -m32 -march=i386 -mtune=pentium4',
> cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBUGGING
> -fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
> ccversion='', gccversion='3.4.6 20060404 (Red Hat 3.4.6-2)',
> gccosandvers=''
> intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
> d_longlong=define, longlongsize=8, d_longdbl=define,
> longdblsize=12
> ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
> lseeksize=8
> alignbytes=4, prototype=define
> Linker and Libraries:
> ld='gcc', ldflags =' -L/usr/local/lib'
> libpth=/usr/local/lib /lib /usr/lib
> libs=-lresolv -lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lpthread
> -lc
> perllibs=-lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
> libc=/lib/libc-2.3.4.so, so=so, useshrplib=true,
> libperl=libperl.so
> gnulibc_version='2.3.4'
> Dynamic Linking:
> dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E
> -Wl,-rpath,/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE'
> cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'
>
>
> Characteristics of this binary (from libperl):
> Compile-time options: DEBUGGING MULTIPLICITY USE_ITHREADS
> USE_LARGE_FILES PERL_IMPLICIT_CONTEXT
> Built under linux
> Compiled at Jul 24 2006 18:28:10
> @INC:
> /usr/lib/perl5/5.8.5/i386-linux-thread-multi
> /usr/lib/perl5/5.8.5
> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.5
> /usr/lib/perl5/site_perl/5.8.4
> /usr/lib/perl5/site_perl/5.8.3
> /usr/lib/perl5/site_perl/5.8.2
> /usr/lib/perl5/site_perl/5.8.1
> /usr/lib/perl5/site_perl/5.8.0
> /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.5
> /usr/lib/perl5/vendor_perl/5.8.4
> /usr/lib/perl5/vendor_perl/5.8.3
> /usr/lib/perl5/vendor_perl/5.8.2
> /usr/lib/perl5/vendor_perl/5.8.1
> /usr/lib/perl5/vendor_perl/5.8.0
> /usr/lib/perl5/vendor_perl
> .
> Hope that info is of help.
>
> Quentin
>
> >-----Original Message-----
> >From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> >bounces at lists.mailscanner.info] On Behalf Of Randal, Phil
> >Sent: 29 November 2007 13:58
> >To: MailScanner discussion
> >Subject: RE: MailScanner --lint doesn't check Eicar virus - OK here!
> >
> >Michael,
> >
> >Which version of RedHat are you running?
> >
> >I see the problem on CentOS 5.0.
> >
> >It may a side effect of force-installing the perl update.
> >
> >It would be nice to know what's actually happening and what
> the fix is,
> >though. I'm not a perl guru so it's beyond me.
> >
> >Cheers,
> >
> >Phil
> >--
> >Phil Randal
> >Network Engineer
> >Herefordshire Council
> >Hereford, UK
> >
> >
> >
> >________________________________
> >
> > From: mailscanner-bounces at lists.mailscanner.info
> >[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> Michael
> >Mansour
> > Sent: 29 November 2007 06:13
> > To: MailScanner discussion
> > Subject: RE: MailScanner --lint doesn't check Eicar virus - OK
> >here!
> >
> >
> > Hi Quentin,
> >
> > Quentin Campbell <Q.G.Campbell at newcastle.ac.uk> wrote:
> >
> > Phil
> >
> > It appears to work here. I get a different result to
> you:
> >
> >
> > This is very strange then.
> >
> > This begs the question, in what cases does this --lint fail with
> >the Eicar virus check?
> >
> > I'm pretty sure I saw the test pass with Eicar in there when I
> >upgraded to MailScanner 4.65.3 (not certain but pretty
> sure), but only
> >recently noticed that Eicar was no longer there. This may
> have happened
> >after some perl errata upgrades on Linux recently released
> by Red Hat.
> >
> > I'm just interested to know now that if this is the case, then
> was
> >would cause that symptom and is it causing other problems I
> can't see?
> >
> > Michael.
> >
> >
> > [root at cheviot4 MailScanner]# MailScanner --lint
> > Checking version numbers...
> > Version number in MailScanner.conf (4.65.3) is correct.
> >
> > Your envelope_sender_header in spam.assassin.prefs.conf
> is
> >correct.
> >
> > Checking for SpamAssassin errors (if you use it)...
> > SpamAssassin temp dir =
> >/var/spool/MailScanner/incoming/SpamAssassin-Temp
> > SpamAssassin reported no errors.
> > MailScanner.conf says "Virus Scanners = clamavmodule
> mcafee"
> > Found these virus scanners installed: clamavmodule,
> mcafee
> >
> >
> ==================================================================
> >=========
> >
> >
> ==================================================================
> >=========
> > Virus Scanner test reports:
> > ClamAVModule said "eicar.com was infected: Eicar-Test-
> >Signature"
> > McAfee said "/1/eicar.com Found: EICAR test file NOT a
> >virus."
> >
> > If any of your virus scanners (clamavmodule,mcafee)
> > are not listed there, you should check that they are
> >installed correctly
> > and that MailScanner is finding them correctly via its
> >virus.scanners.conf.
> > [root at cheviot4 MailScanner]#
> >
> > Quentin
> > ---
> > PHONE: +44 191 222 8209 Information Systems and
> Services
> >(ISS),
> > Newcastle University,
> > Newcastle upon Tyne,
> > FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
> >
> ------------------------------------------------------------
> >------------
> >
> >
> >
> >
> >
> > >-----Original Message-----
> > >From: mailscanner-bounces at lists.mailscanner.info
> >[mailto:mailscanner-
> > >bounces at lists.mailscanner.info] On Behalf Of Randal,
> Phil
> > >Sent: 28 November 2007 14:10
> > >To: MailScanner discussion
> > >Subject: RE: MailScanner --lint doesn't check Eicar
> virus
> > >
> > >Well spotted!
> > >
> > >Confirming that it is broken in 4.65.3
> > >
> > ># MailScanner --lint
> > >Checking version numbers...
> > >Version number in MailScanner.conf (4.65.3) is correct.
> > >
> > >Your envelope_sender_header in spam.assassin.prefs.conf
> is
> >correct.
> > >
> > >Checking for SpamAssassin errors (if you use it)...
> > >SpamAssassin temp dir =
> >/var/spool/MailScanner/incoming/SpamAssassin-
> > >Temp
> > >SpamAssassin reported no errors.
> > >MailScanner.conf says "Virus Scanners = clamavmodule
> >mcafee"
> > >Found these virus scanners installed: clamavmodule,
> mcafee
> >
> >
> >=================================================================
> >=======
> > >===
> >
> >
> >=================================================================
> >=======
> > >===
> > >
> > >If any of your virus scanners (clamavmodule,mcafee)
> > >are not listed there, you should check that they are
> >installed correctly
> > >and that MailScanner is finding them correctly via its
> > >virus.scanners.conf.
> > >
> > >Cheers,
> > >
> > >Phil
> > >
> > >--
> > >Phil Randal
> > >Network Engineer
> > >Herefordshire Council
> > >Hereford, UK
> > >
> > >
> > >
> > >
> > >
> > >________________________________
> > >
> > > From: mailscanner-bounces at lists.mailscanner.info
> > >[mailto:mailscanner-bounces at lists.mailscanner.info] On
> >Behalf Of Michael
> > >Mansour
> > > Sent: 28 November 2007 14:03
> > > To: MailScanner discussion
> > > Subject: MailScanner --lint doesn't check Eicar virus
> > >
> > >
> > > Hi,
> > >
> > > I used to be able to run:
> > >
> > > # MailScanner --lint
> > > Checking version numbers...
> > > Version number in MailScanner.conf (4.65.3) is
> correct.
> > >
> > > Your envelope_sender_header in
> spam.assassin.prefs.conf is
> > >correct.
> > >
> > > Checking for SpamAssassin errors (if you use it)...
> > > SpamAssassin temp dir = /tmp/SpamAssassin-Temp
> > > SpamAssassin reported no errors.
> > > MailScanner.conf says "Virus Scanners = clamavmodule"
> > > Found these virus scanners installed: clamavmodule
> > >
> >==================================================================
> > >=========
> > >
> >==================================================================
> > >=========
> > >
> > > If any of your virus scanners (clamavmodule)
> > > are not listed there, you should check that they are
> >installed
> > >correctly
> > > and that MailScanner is finding them correctly via its
> > >virus.scanners.conf.
> > >
> > > and see MailScanner test the Eicar virus between the
> "==="
> >rows,
> > >but most recently I see this doesn't work anymore.
> > >
> > > Is there something I can check to see why?
> > >
> > > When I run the wrapper:
> > >
> > > /usr/lib/MailScanner/clamav-wrapper /usr /tmp
> > >
> > > it finds clamav and works scans /tmp fine.
> > >
> > > Thanks.
> > >
> > > Michael.
> > >
> > >
> > >
> > >
> > >________________________________
> > >
> > > Make the switch to the world's best email. Get the new
> >Yahoo!7
> > >Mail now
> > >
> > >u.yahoo.com/worldsbestmail/spankey/> .
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> >
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read
> http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the
> >website!
> >
> >
> >
> >
> >________________________________
> >
> > Make the switch to the world's best email. Get the new Yahoo!7
> >Mail now
> ><http://au.rd.yahoo.com/mail/taglines/default_all/mail/spanke
> y/*http://
> a
> >u.yahoo.com/worldsbestmail/spankey/> .
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list