Esets AV nor recognized by MailScanner

Julian Field MailScanner at ecs.soton.ac.uk
Fri Apr 18 14:01:27 IST 2008



Scott B. Anderson wrote:
>   
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Julian Field
>> Sent: Friday, April 18, 2008 3:18 AM
>> To: MailScanner discussion
>> Subject: Re: Esets AV nor recognized by MailScanner
>>
>>
>>
>> Julian Field wrote:
>>     
>>> Scott B. Anderson wrote:
>>>       
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>           
>> [mailto:mailscanner-
>>     
>>>>> bounces at lists.mailscanner.info] On Behalf Of Alex Broens
>>>>> Sent: Thursday, April 17, 2008 11:08 AM
>>>>> To: MailScanner discussion
>>>>> Subject: Re: Esets AV nor recognized by MailScanner
>>>>>
>>>>> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote:
>>>>>
>>>>>           
>>>>>>> Using latest MS release and Esets AV (ex Nod32) on a test box.
>>>>>>>
>>>>>>> "Virus Scanners =  auto" doesn't recognize
>>>>>>> "# esets     from www.eset.com"
>>>>>>>
>>>>>>> Setting "Virus Scanners =  esets" doesn't work either
>>>>>>>
>>>>>>> Can anyone reproduce?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Alex
>>>>>>>
>>>>>>>               
>>>>>> Alex, is virus.scanners.conf correct for its path ?
>>>>>>
>>>>>>             
>>>>> Hi [ UxBoD ]
>>>>>
>>>>> After MS recognizes Eset, it doesn't catch an Eicar.zip, which
>>>>> clamavmodule does.
>>>>>
>>>>> In "esets_wrapper" you've chosen to use esets_scan which doesn't
>>>>>           
>> speak
>>     
>>>>> to the daemon but has to load the signatures every time its called
>>>>>           
>> and
>>     
>>>>> is extremely slow.
>>>>>
>>>>> Seems we're still missing something. What OS did you use to test
>>>>>           
>> the
>>     
>>>>> wrapper & co?
>>>>>
>>>>> thanks
>>>>>
>>>>> Alex
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>           
>>>> This could probably be a new thread, but I had to manually change
>>>> virus.scanners.conf also, so I was wondering if that possibly could
>>>> be causing my issue using ESET.
>>>>
>>>> After updating my virus.scanners.conf to point to
>>>> /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and
>>>> finds the EICAR virus, but then this happens on a lot of mails:
>>>>
>>>> Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message",
>>>> name="./m3HH31Pw024758.header", virus="", action="", info="error -
>>>> unknown compression method ", lines=0
>>>>
>>>>         
>>> Please can you send me the exact queue files of one of these problem
>>> messages. Attach them (zipped up) to a mail to
>>> mailscanner at ecs.soton.ac.uk and I'll try to reproduce your problem.
>>> What it extracts as the ./*.header file would be useful too if you
>>> can get one (that may be hard).
>>>       
>> That log entry doesn't appear to actually cause any problems, but I
>> have
>> tweaked the code so you won't see it any more.
>>
>>     
> -- snip --
> Thanks for taking the time to look at it.  I forgot to mention (doh!) I'm running ESET 2.71.12
I'm running the same version. It appears to be an error caused by it 
recognising an email message from the presence of things that look like 
headers, but then being unable to read the body. It's a bug in their code.
>  and I can't figure out what was going on either.  I'll wait for the chatter on clamav .93 to calm down before doing my next upgrade, then test this again.
>
> Scott
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list