vba32 problem with MailScanner --lint

Paul Hutchings paul.hutchings at mira.co.uk
Sun Aug 24 22:13:52 IST 2008 

Hmm something I noticed:

When I first install Vba32 and run "MailScanner --lint" it's happy -
"vba32 said "Found virus EICAR-Test-File in eicar.com", and that is with
Vba32 Linux 3.12.6.1.

After the first update via "vbacl --update" the issue starts with
MailScanner not picking up the output from vba32.

At this point though, Vba32 has updated itself to Vba32 Linux 3.12.8.4.

I guess something has changed in the Vba32 output with the later version
that MailScanner isn't aware of?

Any ideas if this is something I can change or if it's something Julian
needs to change in the mailscanner code?

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul
Hutchings
Sent: 24 August 2008 13:08
To: MailScanner discussion
Subject: vba32 problem with MailScanner --lint

Just trialling a few virus scanners, bitdefender, clamd, avg and vba32
are installed.

Vba32 appears to be working if I test the wrapper:

/usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl /tmp/malware/29.exe
+---------------------------------------------------+
|          VirusBlokAda (Console scanner)           |
| Vba32 Linux 3.12.8.4 / 2008.08.23 11:06 (Vba32.L) |
|        Copyright (c) 1993-2008 by VBA Ltd.        |
+---------------------------------------------------+
User: VBA32 Testlizenz
License #000000324 Valid till 31.10.2008
Command line options:
-af+ -ha+ -rw+
Ctrl-C will terminate program execution

/tmp/malware/29.exe
/tmp/malware/29.exe : infected Trojan-GameThief.Win32.OnLineGames.shie

Directories       : 0       Files in archives:      Files on disks:
Archives:                   -  total      : 0       - total       : 1
- scanned         : 0       -  scanned    : 0       - scanned     : 1
- contain viruses : 0       -  infected   : 0       - infected    : 1
- deleted         : 0       -  suspicious : 0       - suspicious  : 0

Startup    : 13:05:01 24-08-2008
End        : 13:05:01 24-08-2008
Total time : 00:00:00

Yes when I run a lint with MailScanner it doesn't appear to output a
string that MailScanner can take as meaning an infection has been found:

MailScanner --lint
Trying to setlogsock(unix)
Read 850 hostnames from the phishing whitelist
Read 5259 hostnames from the phishing blacklist
Checking version numbers...
Version installed (4.70.7) does not match version stated in
MailScanner.conf file (4.70.6), you may want to run
upgrade_MailScanner_conf
to ensure your MailScanner.conf file contains all the latest settings.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Using locktype = posix
MailScanner.conf says "Virus Scanners = avg bitdefender clamd vba32"
Found these virus scanners installed: bitdefender, clamd, vba32, avg
========================================================================
===
Virus and Content Scanning: Starting
Avg: Virus identified EICAR_Test in eicar.com
Virus Scanning: Avg found 1 infections
1/eicar.com:infected: EICAR-Test-File (not a virus)
Virus Scanning: Bitdefender found 1 infections
ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
Virus Scanning: vba32 found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
========================================================================
===
Virus Scanner test reports:
Avg said "Found virus EICAR_Test in file eicar.com"
Bitdefender said "Found virus EICAR-Test-File (not a virus) in file
eicar.com"
Clamd said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (bitdefender,clamd,vba32,avg)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its
virus.scanners.conf.

Any suggestions please?

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use
of the intended recipient.
If you receive this e-mail in error, please delete it and notify us
either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the
e-mail as this is prohibited.


-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.

More information about the MailScanner mailing list