vba32 problem with MailScanner --lint

Paul Hutchings paul.hutchings at mira.co.uk
Sun Aug 24 13:07:44 IST 2008

Just trialling a few virus scanners, bitdefender, clamd, avg and vba32
are installed.

Vba32 appears to be working if I test the wrapper:

/usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl /tmp/malware/29.exe
|          VirusBlokAda (Console scanner)           |
| Vba32 Linux / 2008.08.23 11:06 (Vba32.L) |
|        Copyright (c) 1993-2008 by VBA Ltd.        |
User: VBA32 Testlizenz
License #000000324 Valid till 31.10.2008
Command line options:
-af+ -ha+ -rw+
Ctrl-C will terminate program execution

/tmp/malware/29.exe : infected Trojan-GameThief.Win32.OnLineGames.shie

Directories       : 0       Files in archives:      Files on disks:
Archives:                   -  total      : 0       - total       : 1
- scanned         : 0       -  scanned    : 0       - scanned     : 1
- contain viruses : 0       -  infected   : 0       - infected    : 1
- deleted         : 0       -  suspicious : 0       - suspicious  : 0

Startup    : 13:05:01 24-08-2008
End        : 13:05:01 24-08-2008
Total time : 00:00:00

Yes when I run a lint with MailScanner it doesn't appear to output a
string that MailScanner can take as meaning an infection has been found:

MailScanner --lint
Trying to setlogsock(unix)
Read 850 hostnames from the phishing whitelist
Read 5259 hostnames from the phishing blacklist
Checking version numbers...
Version installed (4.70.7) does not match version stated in
MailScanner.conf file (4.70.6), you may want to run
to ensure your MailScanner.conf file contains all the latest settings.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is
SpamAssassin temp dir =
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Using locktype = posix
MailScanner.conf says "Virus Scanners = avg bitdefender clamd vba32"
Found these virus scanners installed: bitdefender, clamd, vba32, avg
Virus and Content Scanning: Starting
Avg: Virus identified EICAR_Test in eicar.com
Virus Scanning: Avg found 1 infections
1/eicar.com:infected: EICAR-Test-File (not a virus)
Virus Scanning: Bitdefender found 1 infections
ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
Virus Scanning: vba32 found 1 infections
Infected message 1 came from
Virus Scanning: Found 1 viruses
Virus Scanner test reports:
Avg said "Found virus EICAR_Test in file eicar.com"
Bitdefender said "Found virus EICAR-Test-File (not a virus) in file
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (bitdefender,clamd,vba32,avg)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its

Any suggestions please?


Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.

More information about the MailScanner mailing list