Esets AV nor recognized by MailScanner

Julian Field MailScanner at ecs.soton.ac.uk
Fri Apr 18 09:17:58 IST 2008 


Julian Field wrote:
>
>
> Scott B. Anderson wrote:
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>>> bounces at lists.mailscanner.info] On Behalf Of Alex Broens
>>> Sent: Thursday, April 17, 2008 11:08 AM
>>> To: MailScanner discussion
>>> Subject: Re: Esets AV nor recognized by MailScanner
>>>
>>> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote:
>>>    
>>>>> Using latest MS release and Esets AV (ex Nod32) on a test box.
>>>>>
>>>>> "Virus Scanners =  auto" doesn't recognize
>>>>> "# esets     from www.eset.com"
>>>>>
>>>>> Setting "Virus Scanners =  esets" doesn't work either
>>>>>
>>>>> Can anyone reproduce?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Alex
>>>>>         
>>>> Alex, is virus.scanners.conf correct for its path ?
>>>>       
>>> Hi [ UxBoD ]
>>>
>>> After MS recognizes Eset, it doesn't catch an Eicar.zip, which
>>> clamavmodule does.
>>>
>>> In "esets_wrapper" you've chosen to use esets_scan which doesn't speak
>>> to the daemon but has to load the signatures every time its called and
>>> is extremely slow.
>>>
>>> Seems we're still missing something. What OS did you use to test the
>>> wrapper & co?
>>>
>>> thanks
>>>
>>> Alex
>>>
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>     
>>
>> This could probably be a new thread, but I had to manually change 
>> virus.scanners.conf also, so I was wondering if that possibly could 
>> be causing my issue using ESET.
>>
>> After updating my virus.scanners.conf to point to 
>> /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and 
>> finds the EICAR virus, but then this happens on a lot of mails:
>>
>> Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", 
>> name="./m3HH31Pw024758.header", virus="", action="", info="error - 
>> unknown compression method ", lines=0
>>   
> Please can you send me the exact queue files of one of these problem 
> messages. Attach them (zipped up) to a mail to 
> mailscanner at ecs.soton.ac.uk and I'll try to reproduce your problem.
> What it extracts as the ./*.header file would be useful too if you can 
> get one (that may be hard).
That log entry doesn't appear to actually cause any problems, but I have 
tweaked the code so you won't see it any more.

>> MailScanner -v
>>
>> Running on
>> Linux ns1.impromed.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 
>> EDT 2006 i686 i686 i386 GNU/Linux
>> This is Fedora release 8 (Werewolf)
>> This is Perl version 5.008008 (5.8.8)
>>
>> This is MailScanner version 4.68.8
>> Module versions are:
>> 1.00    AnyDBM_File
>> 1.16    Archive::Zip
>> 1.04    Carp
>> 1.42    Compress::Zlib
>> 1.119   Convert::BinHex
>> 2.27    Date::Parse
>> 1.00    DirHandle
>> 1.05    Fcntl
>> 2.74    File::Basename
>> 2.09    File::Copy
>> 2.01    FileHandle
>> 1.08    File::Path
>> 0.19    File::Temp
>> 0.78    Filesys::Df
>> 1.35    HTML::Entities
>> 3.56    HTML::Parser
>> 2.37    HTML::TokeParser
>> 1.23    IO
>> 1.14    IO::File
>> 1.13    IO::Pipe
>> 2.02    Mail::Header
>> 1.86    Math::BigInt
>> 3.05    MIME::Base64
>> 5.425   MIME::Decoder
>> 5.425   MIME::Decoder::UU
>> 5.425   MIME::Head
>> 5.425   MIME::Parser
>> 3.03    MIME::QuotedPrint
>> 5.425   MIME::Tools
>> 0.11    Net::CIDR
>> 1.09    POSIX
>> 1.18    Scalar::Util
>> 1.78    Socket
>> 1.4     Sys::Hostname::Long
>> 0.18    Sys::Syslog
>> 1.68    Time::HiRes
>> 1.02    Time::localtime
>>
>> Optional module versions are:
>> 1.30    Archive::Tar
>> 0.21    bignum
>> 1.82    Business::ISBN
>> 1.10    Business::ISBN::Data
>> 1.08    Data::Dump
>> 1.814   DB_File
>> 1.13    DBD::SQLite
>> 1.56    DBI
>> 1.10    Digest
>> 1.01    Digest::HMAC
>> 2.36    Digest::MD5
>> 2.10    Digest::SHA1
>> 1.00    Encode::Detect
>> 0.17008 Error
>> 0.18    ExtUtils::CBuilder
>> 2.18    ExtUtils::ParseXS
>> 2.36    Getopt::Long
>> 0.44    Inline
>> 1.08    IO::String
>> 1.04    IO::Zlib
>> 2.21    IP::Country
>> 0.21    Mail::ClamAV
>> 3.002004        Mail::SpamAssassin
>> v2.004  Mail::SPF
>> 1.999001        Mail::SPF::Query
>> 0.2808  Module::Build
>> 0.20    Net::CIDR::Lite
>> 0.63    Net::DNS
>> 0.002.2 Net::DNS::Resolver::Programmable
>> 0.33    Net::LDAP
>>  4.004  NetAddr::IP
>> 1.94    Parse::RecDescent
>> missing SAVI
>> 2.52    Test::Harness
>> 0.95    Test::Manifest
>> 1.98    Text::Balanced
>> 1.35    URI
>> 0.7203  version
>> 0.62    YAML
>>
>> I'm converting all HTML mail to text and running Clam, McAfee and 
>> ESET when this happens. If I remove ESET, MailScaner processes email 
>> normally. Not sure what I did wrong, or if ESET file security for 
>> linux rpm-based distributions is at fault.
>>
>> Scott Anderson
>>   
>
> Jules
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list