Esets AV nor recognized by MailScanner

Julian Field MailScanner at ecs.soton.ac.uk
Thu Apr 17 19:58:57 IST 2008 


Scott B. Anderson wrote:
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Alex Broens
>> Sent: Thursday, April 17, 2008 11:08 AM
>> To: MailScanner discussion
>> Subject: Re: Esets AV nor recognized by MailScanner
>>
>> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote:
>>     
>>>> Using latest MS release and Esets AV (ex Nod32) on a test box.
>>>>
>>>> "Virus Scanners =  auto" doesn't recognize
>>>> "# esets     from www.eset.com"
>>>>
>>>> Setting "Virus Scanners =  esets" doesn't work either
>>>>
>>>> Can anyone reproduce?
>>>>
>>>> Thanks
>>>>
>>>> Alex
>>>>         
>>> Alex, is virus.scanners.conf correct for its path ?
>>>       
>> Hi [ UxBoD ]
>>
>> After MS recognizes Eset, it doesn't catch an Eicar.zip, which
>> clamavmodule does.
>>
>> In "esets_wrapper" you've chosen to use esets_scan which doesn't speak
>> to the daemon but has to load the signatures every time its called and
>> is extremely slow.
>>
>> Seems we're still missing something. What OS did you use to test the
>> wrapper & co?
>>
>> thanks
>>
>> Alex
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
> This could probably be a new thread, but I had to manually change virus.scanners.conf also, so I was wondering if that possibly could be causing my issue using ESET.
>
> After updating my virus.scanners.conf to point to /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and finds the EICAR virus, but then this happens on a lot of mails:
>
> Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", name="./m3HH31Pw024758.header", virus="", action="", info="error - unknown compression method ", lines=0
>   
Please can you send me the exact queue files of one of these problem 
messages. Attach them (zipped up) to a mail to 
mailscanner at ecs.soton.ac.uk and I'll try to reproduce your problem.
What it extracts as the ./*.header file would be useful too if you can 
get one (that may be hard).
> MailScanner -v
>
> Running on
> Linux ns1.impromed.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 EDT 2006 i686 i686 i386 GNU/Linux
> This is Fedora release 8 (Werewolf)
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.68.8
> Module versions are:
> 1.00    AnyDBM_File
> 1.16    Archive::Zip
> 1.04    Carp
> 1.42    Compress::Zlib
> 1.119   Convert::BinHex
> 2.27    Date::Parse
> 1.00    DirHandle
> 1.05    Fcntl
> 2.74    File::Basename
> 2.09    File::Copy
> 2.01    FileHandle
> 1.08    File::Path
> 0.19    File::Temp
> 0.78    Filesys::Df
> 1.35    HTML::Entities
> 3.56    HTML::Parser
> 2.37    HTML::TokeParser
> 1.23    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.02    Mail::Header
> 1.86    Math::BigInt
> 3.05    MIME::Base64
> 5.425   MIME::Decoder
> 5.425   MIME::Decoder::UU
> 5.425   MIME::Head
> 5.425   MIME::Parser
> 3.03    MIME::QuotedPrint
> 5.425   MIME::Tools
> 0.11    Net::CIDR
> 1.09    POSIX
> 1.18    Scalar::Util
> 1.78    Socket
> 1.4     Sys::Hostname::Long
> 0.18    Sys::Syslog
> 1.68    Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.30    Archive::Tar
> 0.21    bignum
> 1.82    Business::ISBN
> 1.10    Business::ISBN::Data
> 1.08    Data::Dump
> 1.814   DB_File
> 1.13    DBD::SQLite
> 1.56    DBI
> 1.10    Digest
> 1.01    Digest::HMAC
> 2.36    Digest::MD5
> 2.10    Digest::SHA1
> 1.00    Encode::Detect
> 0.17008 Error
> 0.18    ExtUtils::CBuilder
> 2.18    ExtUtils::ParseXS
> 2.36    Getopt::Long
> 0.44    Inline
> 1.08    IO::String
> 1.04    IO::Zlib
> 2.21    IP::Country
> 0.21    Mail::ClamAV
> 3.002004        Mail::SpamAssassin
> v2.004  Mail::SPF
> 1.999001        Mail::SPF::Query
> 0.2808  Module::Build
> 0.20    Net::CIDR::Lite
> 0.63    Net::DNS
> 0.002.2 Net::DNS::Resolver::Programmable
> 0.33    Net::LDAP
>  4.004  NetAddr::IP
> 1.94    Parse::RecDescent
> missing SAVI
> 2.52    Test::Harness
> 0.95    Test::Manifest
> 1.98    Text::Balanced
> 1.35    URI
> 0.7203  version
> 0.62    YAML
>
> I'm converting all HTML mail to text and running Clam, McAfee and ESET when this happens. If I remove ESET, MailScaner processes email normally. Not sure what I did wrong, or if ESET file security for linux rpm-based distributions is at fault.
>
> Scott Anderson
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list