vba32 problem with MailScanner --lint

Paul Hutchings paul.hutchings at mira.co.uk
Sun Aug 24 13:07:44 IST 2008 

Just trialling a few virus scanners, bitdefender, clamd, avg and vba32
are installed.

Vba32 appears to be working if I test the wrapper:

/usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl /tmp/malware/29.exe
+---------------------------------------------------+
|          VirusBlokAda (Console scanner)           |
| Vba32 Linux 3.12.8.4 / 2008.08.23 11:06 (Vba32.L) |
|        Copyright (c) 1993-2008 by VBA Ltd.        |
+---------------------------------------------------+
User: VBA32 Testlizenz
License #000000324 Valid till 31.10.2008
Command line options:
-af+ -ha+ -rw+
Ctrl-C will terminate program execution

/tmp/malware/29.exe
/tmp/malware/29.exe : infected Trojan-GameThief.Win32.OnLineGames.shie

Directories       : 0       Files in archives:      Files on disks:
Archives:                   -  total      : 0       - total       : 1
- scanned         : 0       -  scanned    : 0       - scanned     : 1
- contain viruses : 0       -  infected   : 0       - infected    : 1
- deleted         : 0       -  suspicious : 0       - suspicious  : 0

Startup    : 13:05:01 24-08-2008
End        : 13:05:01 24-08-2008
Total time : 00:00:00

Yes when I run a lint with MailScanner it doesn't appear to output a
string that MailScanner can take as meaning an infection has been found:

MailScanner --lint
Trying to setlogsock(unix)
Read 850 hostnames from the phishing whitelist
Read 5259 hostnames from the phishing blacklist
Checking version numbers...
Version installed (4.70.7) does not match version stated in
MailScanner.conf file (4.70.6), you may want to run
upgrade_MailScanner_conf
to ensure your MailScanner.conf file contains all the latest settings.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Using locktype = posix
MailScanner.conf says "Virus Scanners = avg bitdefender clamd vba32"
Found these virus scanners installed: bitdefender, clamd, vba32, avg
========================================================================
===
Virus and Content Scanning: Starting
Avg: Virus identified EICAR_Test in eicar.com
Virus Scanning: Avg found 1 infections
1/eicar.com:infected: EICAR-Test-File (not a virus)
Virus Scanning: Bitdefender found 1 infections
ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
Virus Scanning: vba32 found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
========================================================================
===
Virus Scanner test reports:
Avg said "Found virus EICAR_Test in file eicar.com"
Bitdefender said "Found virus EICAR-Test-File (not a virus) in file
eicar.com"
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (bitdefender,clamd,vba32,avg)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its
virus.scanners.conf.

Any suggestions please?

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.

More information about the MailScanner mailing list