vba32 problem with MailScanner --lint
Julian Field
jkf at ecs.soton.ac.uk
Sun Aug 24 22:46:11 IST 2008
On 24 Aug 2008, at 22:30, Julian Field <MailScanner at ecs.soton.ac.uk>
wrote:
> Aha, thanks for that, it will help me diagnose the problem.
> It's really something I need to take a look at.
>
> Could you put a copy of eicar.com in /tmp and run something like this
> cd /tmp
> /usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl .
Don't forget the " ." on the end of that command!
>
>
> And show me the output both before and after the "vbacl --update"
> has changed the version of vba32 you have installed. I need to
> handle both the old and the new outputs.
>
> Thanks.
>
> Paul Hutchings wrote:
>> Hmm something I noticed:
>>
>> When I first install Vba32 and run "MailScanner --lint" it's happy -
>> "vba32 said "Found virus EICAR-Test-File in eicar.com", and that is
>> with
>> Vba32 Linux 3.12.6.1.
>>
>> After the first update via "vbacl --update" the issue starts with
>> MailScanner not picking up the output from vba32.
>>
>> At this point though, Vba32 has updated itself to Vba32 Linux
>> 3.12.8.4.
>>
>> I guess something has changed in the Vba32 output with the later
>> version
>> that MailScanner isn't aware of?
>>
>> Any ideas if this is something I can change or if it's something
>> Julian
>> needs to change in the mailscanner code?
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul
>> Hutchings
>> Sent: 24 August 2008 13:08
>> To: MailScanner discussion
>> Subject: vba32 problem with MailScanner --lint
>>
>> Just trialling a few virus scanners, bitdefender, clamd, avg and
>> vba32
>> are installed.
>>
>> Vba32 appears to be working if I test the wrapper:
>>
>> /usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl /tmp/malware/29.exe
>> +---------------------------------------------------+
>> | VirusBlokAda (Console scanner) |
>> | Vba32 Linux 3.12.8.4 / 2008.08.23 11:06 (Vba32.L) |
>> | Copyright (c) 1993-2008 by VBA Ltd. |
>> +---------------------------------------------------+
>> User: VBA32 Testlizenz
>> License #000000324 Valid till 31.10.2008
>> Command line options:
>> -af+ -ha+ -rw+
>> Ctrl-C will terminate program execution
>>
>> /tmp/malware/29.exe
>> /tmp/malware/29.exe : infected Trojan-
>> GameThief.Win32.OnLineGames.shie
>>
>> Directories : 0 Files in archives: Files on disks:
>> Archives: - total : 0 - total : 1
>> - scanned : 0 - scanned : 0 - scanned : 1
>> - contain viruses : 0 - infected : 0 - infected : 1
>> - deleted : 0 - suspicious : 0 - suspicious : 0
>>
>> Startup : 13:05:01 24-08-2008
>> End : 13:05:01 24-08-2008
>> Total time : 00:00:00
>>
>> Yes when I run a lint with MailScanner it doesn't appear to output a
>> string that MailScanner can take as meaning an infection has been
>> found:
>>
>> MailScanner --lint
>> Trying to setlogsock(unix)
>> Read 850 hostnames from the phishing whitelist
>> Read 5259 hostnames from the phishing blacklist
>> Checking version numbers...
>> Version installed (4.70.7) does not match version stated in
>> MailScanner.conf file (4.70.6), you may want to run
>> upgrade_MailScanner_conf
>> to ensure your MailScanner.conf file contains all the latest
>> settings.
>>
>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>> MailScanner setting GID to (89)
>> MailScanner setting UID to (89)
>>
>> Checking for SpamAssassin errors (if you use it)...
>> SpamAssassin temporary working directory is
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> SpamAssassin temp dir =
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database
>> SpamAssassin reported no errors.
>> Using locktype = posix
>> MailScanner.conf says "Virus Scanners = avg bitdefender clamd vba32"
>> Found these virus scanners installed: bitdefender, clamd, vba32, avg
>> ===
>> =====================================================================
>> ===
>> Virus and Content Scanning: Starting
>> Avg: Virus identified EICAR_Test in eicar.com
>> Virus Scanning: Avg found 1 infections
>> 1/eicar.com:infected: EICAR-Test-File (not a virus)
>> Virus Scanning: Bitdefender found 1 infections
>> ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
>> Virus Scanning: Clamd found 1 infections
>> Virus Scanning: vba32 found 1 infections
>> Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 1 viruses
>> ===
>> =====================================================================
>> ===
>> Virus Scanner test reports:
>> Avg said "Found virus EICAR_Test in file eicar.com"
>> Bitdefender said "Found virus EICAR-Test-File (not a virus) in file
>> eicar.com"
>> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>>
>> If any of your virus scanners (bitdefender,clamd,vba32,avg)
>> are not listed there, you should check that they are installed
>> correctly
>> and that MailScanner is finding them correctly via its
>> virus.scanners.conf.
>>
>> Any suggestions please?
>>
>>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list