vba32 problem with MailScanner --lint

Julian Field MailScanner at ecs.soton.ac.uk
Mon Aug 25 20:43:10 IST 2008 

I don't think I've got a copy of drweb. Can you send me a full licensed 
copy off-list to mailscanner at ecs.soton.ac.uk please so that I can fix 
this problem for you?

Thanks,
Jules.

Paul Hutchings wrote:
> Yes Centos 5.2, it started off as 5.0 and a month or so back I did the
> "yum upgrade" to 5.2.
>
> Can I confirm something - if I have multiple engines, MailScanner runs
> all attachments through *all* engines even if it finds a virus with the
> first engine it uses?
>
> I ask as I want to test engines for a couple of weeks to find which
> deals best with a lot of the zero day stuff that we're seeing lately.
>
> Noticed a similar thing with drweb which also isn't working with
> MailScanner:
>
> MailScanner --lint
> Trying to setlogsock(unix)
> Read 850 hostnames from the phishing whitelist
> Read 5265 hostnames from the phishing blacklist
> Checking version numbers...
> Version installed (4.70.7) does not match version stated in
> MailScanner.conf file (4.70.6), you may want to run
> upgrade_MailScanner_conf
> to ensure your MailScanner.conf file contains all the latest settings.
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
> MailScanner setting GID to  (89)
> MailScanner setting UID to  (89)
>
> Checking for SpamAssassin errors (if you use it)...
> SpamAssassin temporary working directory is
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> SpamAssassin temp dir =
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> SpamAssassin reported no errors.
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = drweb"
> Found these virus scanners installed: bitdefender, clamd, drweb, avg,
> antivir
> ========================================================================
> ===
> Virus and Content Scanning: Starting
> ========================================================================
> ===
>
> If any of your virus scanners (bitdefender,clamd,drweb,avg,antivir)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
>
> /usr/lib/MailScanner/drweb-wrapper /opt/drweb .
> exec /opt/drweb/drweb -path=.
> Dr.Web (R) Scanner for Linux v4.44.0 (4.44.0.0710180)
> Copyright (c) Igor Daniloff, 1992-2007
> Doctor Web, Ltd., Moscow, Russia
> Support service: http://support.drweb.com
> To purchase: http://buy.drweb.com
> Shell version: 4.44.0.10180 <API:2.2>
> Engine version: 4.44.0.9170 <API:2.2>
> Loading /var/drweb/bases/drwtoday.vdb - skipped
> Loading /var/drweb/bases/drw44454.vdb - Ok, virus records: 1556
> Loading /var/drweb/bases/drw44453.vdb - Ok, virus records: 1885
> Loading /var/drweb/bases/drw44452.vdb - Ok, virus records: 2094
> Loading /var/drweb/bases/drw44451.vdb - Ok, virus records: 1696
> Loading /var/drweb/bases/drw44450.vdb - Ok, virus records: 3067
> Loading /var/drweb/bases/drw44449.vdb - Ok, virus records: 3544
> Loading /var/drweb/bases/drw44448.vdb - Ok, virus records: 1752
> Loading /var/drweb/bases/drw44447.vdb - Ok, virus records: 1310
> Loading /var/drweb/bases/drw44446.vdb - Ok, virus records: 4653
> Loading /var/drweb/bases/drw44445.vdb - Ok, virus records: 7112
> Loading /var/drweb/bases/drw44444.vdb - Ok, virus records: 2300
> Loading /var/drweb/bases/drw44443.vdb - Ok, virus records: 2532
> Loading /var/drweb/bases/drw44442.vdb - Ok, virus records: 2410
> Loading /var/drweb/bases/drw44441.vdb - Ok, virus records: 4202
> Loading /var/drweb/bases/drw44440.vdb - Ok, virus records: 5939
> Loading /var/drweb/bases/drw44439.vdb - Ok, virus records: 1088
> Loading /var/drweb/bases/drw44438.vdb - Ok, virus records: 1646
> Loading /var/drweb/bases/drw44437.vdb - Ok, virus records: 3563
> Loading /var/drweb/bases/drw44436.vdb - Ok, virus records: 5179
> Loading /var/drweb/bases/drw44435.vdb - Ok, virus records: 2885
> Loading /var/drweb/bases/drw44434.vdb - Ok, virus records: 5080
> Loading /var/drweb/bases/drw44433.vdb - Ok, virus records: 16365
> Loading /var/drweb/bases/drw44432.vdb - Ok, virus records: 13612
> Loading /var/drweb/bases/drw44431.vdb - Ok, virus records: 1725
> Loading /var/drweb/bases/drw44430.vdb - Ok, virus records: 4099
> Loading /var/drweb/bases/drw44429.vdb - Ok, virus records: 1319
> Loading /var/drweb/bases/drw44428.vdb - Ok, virus records: 3709
> Loading /var/drweb/bases/drw44427.vdb - Ok, virus records: 6097
> Loading /var/drweb/bases/drw44426.vdb - Ok, virus records: 1097
> Loading /var/drweb/bases/drw44425.vdb - Ok, virus records: 3605
> Loading /var/drweb/bases/drw44424.vdb - Ok, virus records: 7770
> Loading /var/drweb/bases/drw44423.vdb - Ok, virus records: 4210
> Loading /var/drweb/bases/drw44422.vdb - Ok, virus records: 1010
> Loading /var/drweb/bases/drw44421.vdb - Ok, virus records: 421
> Loading /var/drweb/bases/drw44420.vdb - Ok, virus records: 1306
> Loading /var/drweb/bases/drw44419.vdb - Ok, virus records: 1234
> Loading /var/drweb/bases/drw44418.vdb - Ok, virus records: 1238
> Loading /var/drweb/bases/drw44417.vdb - Ok, virus records: 4406
> Loading /var/drweb/bases/drw44416.vdb - Ok, virus records: 7847
> Loading /var/drweb/bases/drw44415.vdb - Ok, virus records: 6014
> Loading /var/drweb/bases/drw44414.vdb - Ok, virus records: 804
> Loading /var/drweb/bases/drw44413.vdb - Ok, virus records: 5020
> Loading /var/drweb/bases/drw44412.vdb - Ok, virus records: 1565
> Loading /var/drweb/bases/drw44411.vdb - Ok, virus records: 1582
> Loading /var/drweb/bases/drw44410.vdb - Ok, virus records: 1129
> Loading /var/drweb/bases/drw44409.vdb - Ok, virus records: 2302
> Loading /var/drweb/bases/drw44408.vdb - Ok, virus records: 3904
> Loading /var/drweb/bases/drw44407.vdb - Ok, virus records: 2456
> Loading /var/drweb/bases/drw44406.vdb - Ok, virus records: 4411
> Loading /var/drweb/bases/drw44405.vdb - Ok, virus records: 1311
> Loading /var/drweb/bases/drw44404.vdb - Ok, virus records: 2486
> Loading /var/drweb/bases/drw44403.vdb - Ok, virus records: 4462
> Loading /var/drweb/bases/drw44402.vdb - Ok, virus records: 94
> Loading /var/drweb/bases/drw44401.vdb - Ok, virus records: 557
> Loading /var/drweb/bases/drw44400.vdb - Ok, virus records: 945
> Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 209466
> Loading /var/drweb/bases/dwrtoday.vdb - Ok, virus records: 269
> Loading /var/drweb/bases/dwr44401.vdb - Ok, virus records: 679
> Loading /var/drweb/bases/dwntoday.vdb - Ok, virus records: 282
> Loading /var/drweb/bases/dwn44405.vdb - Ok, virus records: 718
> Loading /var/drweb/bases/dwn44404.vdb - Ok, virus records: 999
> Loading /var/drweb/bases/dwn44403.vdb - Ok, virus records: 1211
> Loading /var/drweb/bases/dwn44402.vdb - Ok, virus records: 814
> Loading /var/drweb/bases/dwn44401.vdb - Ok, virus records: 698
> Loading /var/drweb/bases/drwrisky.vdb - Ok, virus records: 2747
> Loading /var/drweb/bases/drwnasty.vdb - Ok, virus records: 13534
> Total virus records: 417022
> Key file: /opt/drweb/drweb32.key
> License key number: 0010365091
> License key activates: 2008-08-25
> License key expires: 2008-09-25
> /tmp/eicar/eicar.com infected with EICAR Test File (NOT a Virus!)
> Scan report for "/tmp/eicar":
>        Scanned: 1                   Cured: 0
>       Infected: 1                 Deleted: 0
>  Modifications: 0                 Renamed: 0
>     Suspicious: 0                   Moved: 0
>         Adware: 0                 Ignored: 0
>         Dialer: 0
>           Joke: 0               Scan time: 0:00:00
>       Riskware: 0              Scan speed: 1 Kb/s
>       Hacktool: 0              Scan speed: 1 Kb/s
>
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Hugo
> van der Kooij
> Sent: 24 August 2008 23:22
> To: MailScanner discussion
> Subject: Re: vba32 problem with MailScanner --lint
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Paul Hutchings wrote:
>   
>> Just trialling a few virus scanners, bitdefender, clamd, avg and vba32
>> are installed.
>>     
>
> Just out of curiosity. Are you running on top of Centos 5? I have been
> having some issues with vba on Centos 5 where it just generates a
> segfault and dies.
>
> Your findings so far seem to indicate there is something going on with
> how relative paths are handled. That might share some light on the
> matter.
>
> Hugo
>
> - --
> hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
> 	A: Yes.
> 	>Q: Are you sure?
> 	>>A: Because it reverses the logical flow of conversation.
> 	>>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIsd8NBvzDRVjxmYERAj6SAJ9x4IHZ254JfezUw8b2yqLQpNE8cQCdFhkO
> pKdbeAoMrRWpSqzAlWZwP/g=
> =BBpl
> -----END PGP SIGNATURE-----
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list