Esets AV nor recognized by MailScanner

Thu Apr 17 18:55:28 IST 2008

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Alex Broens
> Sent: Thursday, April 17, 2008 11:08 AM
> To: MailScanner discussion
> Subject: Re: Esets AV nor recognized by MailScanner
>
> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote:
> >> Using latest MS release and Esets AV (ex Nod32) on a test box.
> >>
> >> "Virus Scanners =  auto" doesn't recognize
> >> "# esets     from www.eset.com"
> >>
> >> Setting "Virus Scanners =  esets" doesn't work either
> >>
> >> Can anyone reproduce?
> >>
> >> Thanks
> >>
> >> Alex
> >
> > Alex, is virus.scanners.conf correct for its path ?
>
> Hi [ UxBoD ]
>
> After MS recognizes Eset, it doesn't catch an Eicar.zip, which
> clamavmodule does.
>
> In "esets_wrapper" you've chosen to use esets_scan which doesn't speak
> to the daemon but has to load the signatures every time its called and
> is extremely slow.
>
> Seems we're still missing something. What OS did you use to test the
> wrapper & co?
>
> thanks
>
> Alex
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

This could probably be a new thread, but I had to manually change virus.scanners.conf also, so I was wondering if that possibly could be causing my issue using ESET.

After updating my virus.scanners.conf to point to /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and finds the EICAR virus, but then this happens on a lot of mails:

Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", name="./m3HH31Pw024758.header", virus="", action="", info="error - unknown compression method ", lines=0

MailScanner -v

Running on
Linux ns1.impromed.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 EDT 2006 i686 i686 i386 GNU/Linux
This is Fedora release 8 (Werewolf)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.68.8
Module versions are:
1.00    AnyDBM_File
1.16    Archive::Zip
1.04    Carp
1.42    Compress::Zlib
1.119   Convert::BinHex
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
1.08    File::Path
0.19    File::Temp
0.78    Filesys::Df
1.35    HTML::Entities
3.56    HTML::Parser
2.37    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.02    Mail::Header
1.86    Math::BigInt
3.05    MIME::Base64
5.425   MIME::Decoder
5.425   MIME::Decoder::UU
5.425   MIME::Head
5.425   MIME::Parser
3.03    MIME::QuotedPrint
5.425   MIME::Tools
0.11    Net::CIDR
1.09    POSIX
1.18    Scalar::Util
1.78    Socket
1.4     Sys::Hostname::Long
0.18    Sys::Syslog
1.68    Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.30    Archive::Tar
0.21    bignum
1.82    Business::ISBN
1.10    Business::ISBN::Data
1.08    Data::Dump
1.814   DB_File
1.13    DBD::SQLite
1.56    DBI
1.10    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.10    Digest::SHA1
1.00    Encode::Detect
0.17008 Error
0.18    ExtUtils::CBuilder
2.18    ExtUtils::ParseXS
2.36    Getopt::Long
0.44    Inline
1.08    IO::String
1.04    IO::Zlib
2.21    IP::Country
0.21    Mail::ClamAV
3.002004        Mail::SpamAssassin
v2.004  Mail::SPF
1.999001        Mail::SPF::Query
0.2808  Module::Build
0.20    Net::CIDR::Lite
0.63    Net::DNS
0.002.2 Net::DNS::Resolver::Programmable
0.33    Net::LDAP
 4.004  NetAddr::IP
1.94    Parse::RecDescent
missing SAVI
2.52    Test::Harness
0.95    Test::Manifest
1.98    Text::Balanced
1.35    URI
0.7203  version
0.62    YAML

I'm converting all HTML mail to text and running Clam, McAfee and ESET when this happens. If I remove ESET, MailScaner processes email normally. Not sure what I did wrong, or if ESET file security for linux rpm-based distributions is at fault.

Scott Anderson