vba32 problem with MailScanner --lint
Paul Hutchings
paul.hutchings at mira.co.uk
Sun Aug 24 23:04:51 IST 2008
Sure, the output *looks* the same though. FWIW it can be downloaded and
run without a trial license key from the vba32 forum.
Before:
/usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl /tmp/eicar.com
+---------------------------------------------------+
| VirusBlokAda (Console scanner) |
| Vba32 Linux 3.12.6.1 / 2008.02.15 12:56 (Vba32.L) |
| Copyright (c) 1993-2008 by VBA Ltd. |
+---------------------------------------------------+
Key file not found
Demo mode
Command line options:
-af+ -ha+ -rw+
Ctrl-C will terminate program execution
/tmp/eicar.com
/tmp/eicar.com : infected EICAR-Test-File
Directories : 0 Files in archives: Files on disks:
Archives: - total : 0 - total : 1
- scanned : 0 - scanned : 0 - scanned : 1
- contain viruses : 0 - infected : 0 - infected : 1
- deleted : 0 - suspicious : 0 - suspicious : 0
Startup : 22:59:41 24-08-2008
End : 22:59:41 24-08-2008
Total time : 00:00:00
And after:
/usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl /tmp/eicar.com
+---------------------------------------------------+
| VirusBlokAda (Console scanner) |
| Vba32 Linux 3.12.8.4 / 2008.08.23 11:06 (Vba32.L) |
| Copyright (c) 1993-2008 by VBA Ltd. |
+---------------------------------------------------+
Key file not found
Demo mode
Command line options:
-af+ -ha+ -rw+
Ctrl-C will terminate program execution
/tmp/eicar.com
/tmp/eicar.com : infected EICAR-Test-File
Directories : 0 Files in archives: Files on disks:
Archives: - total : 0 - total : 1
- scanned : 0 - scanned : 0 - scanned : 1
- contain viruses : 0 - infected : 0 - infected : 1
- deleted : 0 - suspicious : 0 - suspicious : 0
Startup : 23:01:35 24-08-2008
End : 23:01:36 24-08-2008
Total time : 00:00:01
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian
Field
Sent: 24 August 2008 22:30
To: MailScanner discussion
Subject: Re: vba32 problem with MailScanner --lint
Aha, thanks for that, it will help me diagnose the problem.
It's really something I need to take a look at.
Could you put a copy of eicar.com in /tmp and run something like this
cd /tmp
/usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl .
And show me the output both before and after the "vbacl --update" has
changed the version of vba32 you have installed. I need to handle both
the old and the new outputs.
Thanks.
Paul Hutchings wrote:
> Hmm something I noticed:
>
> When I first install Vba32 and run "MailScanner --lint" it's happy -
> "vba32 said "Found virus EICAR-Test-File in eicar.com", and that is
with
> Vba32 Linux 3.12.6.1.
>
> After the first update via "vbacl --update" the issue starts with
> MailScanner not picking up the output from vba32.
>
> At this point though, Vba32 has updated itself to Vba32 Linux
3.12.8.4.
>
> I guess something has changed in the Vba32 output with the later
version
> that MailScanner isn't aware of?
>
> Any ideas if this is something I can change or if it's something
Julian
> needs to change in the mailscanner code?
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul
> Hutchings
> Sent: 24 August 2008 13:08
> To: MailScanner discussion
> Subject: vba32 problem with MailScanner --lint
>
> Just trialling a few virus scanners, bitdefender, clamd, avg and vba32
> are installed.
>
> Vba32 appears to be working if I test the wrapper:
>
> /usr/lib/MailScanner/vba32-wrapper /opt/vba/vbacl /tmp/malware/29.exe
> +---------------------------------------------------+
> | VirusBlokAda (Console scanner) |
> | Vba32 Linux 3.12.8.4 / 2008.08.23 11:06 (Vba32.L) |
> | Copyright (c) 1993-2008 by VBA Ltd. |
> +---------------------------------------------------+
> User: VBA32 Testlizenz
> License #000000324 Valid till 31.10.2008
> Command line options:
> -af+ -ha+ -rw+
> Ctrl-C will terminate program execution
>
> /tmp/malware/29.exe
> /tmp/malware/29.exe : infected Trojan-GameThief.Win32.OnLineGames.shie
>
> Directories : 0 Files in archives: Files on disks:
> Archives: - total : 0 - total : 1
> - scanned : 0 - scanned : 0 - scanned : 1
> - contain viruses : 0 - infected : 0 - infected : 1
> - deleted : 0 - suspicious : 0 - suspicious : 0
>
> Startup : 13:05:01 24-08-2008
> End : 13:05:01 24-08-2008
> Total time : 00:00:00
>
> Yes when I run a lint with MailScanner it doesn't appear to output a
> string that MailScanner can take as meaning an infection has been
found:
>
> MailScanner --lint
> Trying to setlogsock(unix)
> Read 850 hostnames from the phishing whitelist
> Read 5259 hostnames from the phishing blacklist
> Checking version numbers...
> Version installed (4.70.7) does not match version stated in
> MailScanner.conf file (4.70.6), you may want to run
> upgrade_MailScanner_conf
> to ensure your MailScanner.conf file contains all the latest settings.
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
> MailScanner setting GID to (89)
> MailScanner setting UID to (89)
>
> Checking for SpamAssassin errors (if you use it)...
> SpamAssassin temporary working directory is
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> SpamAssassin temp dir =
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> SpamAssassin reported no errors.
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = avg bitdefender clamd vba32"
> Found these virus scanners installed: bitdefender, clamd, vba32, avg
>
========================================================================
> ===
> Virus and Content Scanning: Starting
> Avg: Virus identified EICAR_Test in eicar.com
> Virus Scanning: Avg found 1 infections
> 1/eicar.com:infected: EICAR-Test-File (not a virus)
> Virus Scanning: Bitdefender found 1 infections
> ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> Virus Scanning: Clamd found 1 infections
> Virus Scanning: vba32 found 1 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 1 viruses
>
========================================================================
> ===
> Virus Scanner test reports:
> Avg said "Found virus EICAR_Test in file eicar.com"
> Bitdefender said "Found virus EICAR-Test-File (not a virus) in file
> eicar.com"
> Clamd said "eicar.com was infected: Eicar-Test-Signature"
>
> If any of your virus scanners (bitdefender,clamd,vba32,avg)
> are not listed there, you should check that they are installed
correctly
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
>
> Any suggestions please?
>
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MIRA Ltd
Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.
Registered in England and Wales No. 402570
VAT Registration GB 114 5409 96
The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.
More information about the MailScanner
mailing list