vba32 problem with MailScanner --lint

Paul Hutchings paul.hutchings at mira.co.uk
Mon Aug 25 10:31:20 IST 2008 

Yes Centos 5.2, it started off as 5.0 and a month or so back I did the
"yum upgrade" to 5.2.

Can I confirm something - if I have multiple engines, MailScanner runs
all attachments through *all* engines even if it finds a virus with the
first engine it uses?

I ask as I want to test engines for a couple of weeks to find which
deals best with a lot of the zero day stuff that we're seeing lately.

Noticed a similar thing with drweb which also isn't working with
MailScanner:

MailScanner --lint
Trying to setlogsock(unix)
Read 850 hostnames from the phishing whitelist
Read 5265 hostnames from the phishing blacklist
Checking version numbers...
Version installed (4.70.7) does not match version stated in
MailScanner.conf file (4.70.6), you may want to run
upgrade_MailScanner_conf
to ensure your MailScanner.conf file contains all the latest settings.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Using locktype = posix
MailScanner.conf says "Virus Scanners = drweb"
Found these virus scanners installed: bitdefender, clamd, drweb, avg,
antivir
========================================================================
===
Virus and Content Scanning: Starting
========================================================================
===

If any of your virus scanners (bitdefender,clamd,drweb,avg,antivir)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its
virus.scanners.conf.

/usr/lib/MailScanner/drweb-wrapper /opt/drweb .
exec /opt/drweb/drweb -path=.
Dr.Web (R) Scanner for Linux v4.44.0 (4.44.0.0710180)
Copyright (c) Igor Daniloff, 1992-2007
Doctor Web, Ltd., Moscow, Russia
Support service: http://support.drweb.com
To purchase: http://buy.drweb.com
Shell version: 4.44.0.10180 <API:2.2>
Engine version: 4.44.0.9170 <API:2.2>
Loading /var/drweb/bases/drwtoday.vdb - skipped
Loading /var/drweb/bases/drw44454.vdb - Ok, virus records: 1556
Loading /var/drweb/bases/drw44453.vdb - Ok, virus records: 1885
Loading /var/drweb/bases/drw44452.vdb - Ok, virus records: 2094
Loading /var/drweb/bases/drw44451.vdb - Ok, virus records: 1696
Loading /var/drweb/bases/drw44450.vdb - Ok, virus records: 3067
Loading /var/drweb/bases/drw44449.vdb - Ok, virus records: 3544
Loading /var/drweb/bases/drw44448.vdb - Ok, virus records: 1752
Loading /var/drweb/bases/drw44447.vdb - Ok, virus records: 1310
Loading /var/drweb/bases/drw44446.vdb - Ok, virus records: 4653
Loading /var/drweb/bases/drw44445.vdb - Ok, virus records: 7112
Loading /var/drweb/bases/drw44444.vdb - Ok, virus records: 2300
Loading /var/drweb/bases/drw44443.vdb - Ok, virus records: 2532
Loading /var/drweb/bases/drw44442.vdb - Ok, virus records: 2410
Loading /var/drweb/bases/drw44441.vdb - Ok, virus records: 4202
Loading /var/drweb/bases/drw44440.vdb - Ok, virus records: 5939
Loading /var/drweb/bases/drw44439.vdb - Ok, virus records: 1088
Loading /var/drweb/bases/drw44438.vdb - Ok, virus records: 1646
Loading /var/drweb/bases/drw44437.vdb - Ok, virus records: 3563
Loading /var/drweb/bases/drw44436.vdb - Ok, virus records: 5179
Loading /var/drweb/bases/drw44435.vdb - Ok, virus records: 2885
Loading /var/drweb/bases/drw44434.vdb - Ok, virus records: 5080
Loading /var/drweb/bases/drw44433.vdb - Ok, virus records: 16365
Loading /var/drweb/bases/drw44432.vdb - Ok, virus records: 13612
Loading /var/drweb/bases/drw44431.vdb - Ok, virus records: 1725
Loading /var/drweb/bases/drw44430.vdb - Ok, virus records: 4099
Loading /var/drweb/bases/drw44429.vdb - Ok, virus records: 1319
Loading /var/drweb/bases/drw44428.vdb - Ok, virus records: 3709
Loading /var/drweb/bases/drw44427.vdb - Ok, virus records: 6097
Loading /var/drweb/bases/drw44426.vdb - Ok, virus records: 1097
Loading /var/drweb/bases/drw44425.vdb - Ok, virus records: 3605
Loading /var/drweb/bases/drw44424.vdb - Ok, virus records: 7770
Loading /var/drweb/bases/drw44423.vdb - Ok, virus records: 4210
Loading /var/drweb/bases/drw44422.vdb - Ok, virus records: 1010
Loading /var/drweb/bases/drw44421.vdb - Ok, virus records: 421
Loading /var/drweb/bases/drw44420.vdb - Ok, virus records: 1306
Loading /var/drweb/bases/drw44419.vdb - Ok, virus records: 1234
Loading /var/drweb/bases/drw44418.vdb - Ok, virus records: 1238
Loading /var/drweb/bases/drw44417.vdb - Ok, virus records: 4406
Loading /var/drweb/bases/drw44416.vdb - Ok, virus records: 7847
Loading /var/drweb/bases/drw44415.vdb - Ok, virus records: 6014
Loading /var/drweb/bases/drw44414.vdb - Ok, virus records: 804
Loading /var/drweb/bases/drw44413.vdb - Ok, virus records: 5020
Loading /var/drweb/bases/drw44412.vdb - Ok, virus records: 1565
Loading /var/drweb/bases/drw44411.vdb - Ok, virus records: 1582
Loading /var/drweb/bases/drw44410.vdb - Ok, virus records: 1129
Loading /var/drweb/bases/drw44409.vdb - Ok, virus records: 2302
Loading /var/drweb/bases/drw44408.vdb - Ok, virus records: 3904
Loading /var/drweb/bases/drw44407.vdb - Ok, virus records: 2456
Loading /var/drweb/bases/drw44406.vdb - Ok, virus records: 4411
Loading /var/drweb/bases/drw44405.vdb - Ok, virus records: 1311
Loading /var/drweb/bases/drw44404.vdb - Ok, virus records: 2486
Loading /var/drweb/bases/drw44403.vdb - Ok, virus records: 4462
Loading /var/drweb/bases/drw44402.vdb - Ok, virus records: 94
Loading /var/drweb/bases/drw44401.vdb - Ok, virus records: 557
Loading /var/drweb/bases/drw44400.vdb - Ok, virus records: 945
Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 209466
Loading /var/drweb/bases/dwrtoday.vdb - Ok, virus records: 269
Loading /var/drweb/bases/dwr44401.vdb - Ok, virus records: 679
Loading /var/drweb/bases/dwntoday.vdb - Ok, virus records: 282
Loading /var/drweb/bases/dwn44405.vdb - Ok, virus records: 718
Loading /var/drweb/bases/dwn44404.vdb - Ok, virus records: 999
Loading /var/drweb/bases/dwn44403.vdb - Ok, virus records: 1211
Loading /var/drweb/bases/dwn44402.vdb - Ok, virus records: 814
Loading /var/drweb/bases/dwn44401.vdb - Ok, virus records: 698
Loading /var/drweb/bases/drwrisky.vdb - Ok, virus records: 2747
Loading /var/drweb/bases/drwnasty.vdb - Ok, virus records: 13534
Total virus records: 417022
Key file: /opt/drweb/drweb32.key
License key number: 0010365091
License key activates: 2008-08-25
License key expires: 2008-09-25
/tmp/eicar/eicar.com infected with EICAR Test File (NOT a Virus!)
Scan report for "/tmp/eicar":
       Scanned: 1                   Cured: 0
      Infected: 1                 Deleted: 0
 Modifications: 0                 Renamed: 0
    Suspicious: 0                   Moved: 0
        Adware: 0                 Ignored: 0
        Dialer: 0
          Joke: 0               Scan time: 0:00:00
      Riskware: 0              Scan speed: 1 Kb/s
      Hacktool: 0              Scan speed: 1 Kb/s



-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Hugo
van der Kooij
Sent: 24 August 2008 23:22
To: MailScanner discussion
Subject: Re: vba32 problem with MailScanner --lint

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Hutchings wrote:
> Just trialling a few virus scanners, bitdefender, clamd, avg and vba32
> are installed.

Just out of curiosity. Are you running on top of Centos 5? I have been
having some issues with vba on Centos 5 where it just generates a
segfault and dies.

Your findings so far seem to indicate there is something going on with
how relative paths are handled. That might share some light on the
matter.

Hugo

- --
hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIsd8NBvzDRVjxmYERAj6SAJ9x4IHZ254JfezUw8b2yqLQpNE8cQCdFhkO
pKdbeAoMrRWpSqzAlWZwP/g=
=BBpl
-----END PGP SIGNATURE-----
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.

More information about the MailScanner mailing list