F-Prot use not appearing in log file

Mike - W0TMW mikew at crucis.net
Thu Feb 28 21:35:10 GMT 2008 

Julian Field wrote:
>
>
> Mike - W0TMW wrote:
>> I've installed MS 4.66 on a new box and thanks to others here gotten 
>> it running.  I have noticed something odd.
>>
>> I have clamav and f-prot installed for virus scanning.  I have an 
>> older version of MS running on another box also with clamav and 
>> f-prot.  On that older box, when an e-mail is being scanned, I see in 
>> the log that clamav and f-prot are used.  On the new box however, I 
>> only see clamav mentioned.  Both virus scanners are found when MS is 
>> started.
>>
>> Is f-prot being used and just not logged?
> That shouldn't be possible.
> What does "MailScanner --lint" say?
> If you add "eicar" to Non-Forging Viruses list, then you should 
> receive a notification when you send a copy of Eicar through it. That 
> will tell you for definite which virus scanners are finding Eicar.
>
> Please let me know how you get on with this.
>
> Jules
>
Here's the dump from MailScanner --lint.

[root at cygni ~]# MailScanner --lint
Trying to setlogsock(unix)
Checking version numbers...
Version number in MailScanner.conf (4.66.5) is correct.

Your setting "Mail Header" contains illegal characters.
This is most likely caused by your "%org-name%" setting
which must not contain and "." or "_" characters as
these are known to cause problems with some mail systems.


ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-crucis.net-MailScanner-From

MikeW: Hmmm, I wonder if this could be the cause? Continuing...

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin reported no errors.
MailScanner.conf says "Virus Scanners = f-prot clamav"
Found these virus scanners installed: clamav, f-prot
===========================================================================
===========================================================================
Virus Scanner test reports:
F-Prot said "./1/eicar.com  Infection: EICAR_Test_File"
ClamAV said "eicar.com contains Eicar-Test-Signature"

If any of your virus scanners (clamav,f-prot)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
[root at cygni ~]#

Mike W: However, maillog only shows...

[root at cygni ~]# tail -50 /var/log/maillog
Feb 28 14:22:50 cygni MailScanner[21967]: Read 5752 hostnames from the 
phishing blacklist
Feb 28 14:22:50 cygni MailScanner[21967]: SpamAssassin temporary working 
directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Feb 28 14:22:50 cygni MailScanner[21967]: Using SpamAssassin results cache
Feb 28 14:22:50 cygni MailScanner[21967]: Connected to SpamAssassin 
cache database
Feb 28 14:22:50 cygni MailScanner[21967]: Enabling SpamAssassin 
auto-whitelist functionality...
Feb 28 14:22:52 cygni MailScanner[21967]: ClamAV scanner using unrar 
command /usr/bin/unrar
Feb 28 14:22:52 cygni MailScanner[21967]: Using locktype = posix
Feb 28 14:22:52 cygni MailScanner[21967]: Creating hardcoded 
struct_flock subroutine for linux (Linux-type)
Feb 28 14:22:55 cygni MailScanner[21968]: MailScanner E-Mail Virus 
Scanner version 4.66.5 starting...
Feb 28 14:22:55 cygni MailScanner[21968]: Read 814 hostnames from the 
phishing whitelist
Feb 28 14:22:55 cygni MailScanner[21968]: Read 5752 hostnames from the 
phishing blacklist
Feb 28 14:22:55 cygni MailScanner[21968]: SpamAssassin temporary working 
directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Feb 28 14:22:55 cygni MailScanner[21968]: Using SpamAssassin results cache
Feb 28 14:22:55 cygni MailScanner[21968]: Connected to SpamAssassin 
cache database
Feb 28 14:22:55 cygni MailScanner[21968]: Enabling SpamAssassin 
auto-whitelist functionality...
Feb 28 14:22:57 cygni MailScanner[21968]: ClamAV scanner using unrar 
command /usr/bin/unrar
Feb 28 14:22:57 cygni MailScanner[21968]: Using locktype = posix
Feb 28 14:22:57 cygni MailScanner[21968]: Creating hardcoded 
struct_flock subroutine for linux (Linux-type)
Feb 28 14:49:35 cygni sendmail[22232]: m1SKnYAV022232: 
from=<xxx-announce-bounces at crucis.net>, size=1444, class=0, nrcpts=1, 
msgid=<mailman.0.1204231773.22231.xxx-announce at crucis.net>, proto=ESMTP, 
daemon=MTA, relay=localhost6.localdomain6 [127.0.0.1]
Feb 28 14:49:35 cygni sendmail[22233]: m1SKnZWi022233: 
from=<xxx-announce-bounces at crucis.net>, size=1444, class=0, nrcpts=1, 
msgid=<mailman.1.1204231773.22231.xxx-announce at crucis.net>, proto=ESMTP, 
daemon=MTA, relay=localhost6.localdomain6 [127.0.0.1]
Feb 28 14:49:36 cygni MailScanner[21934]: New Batch: Scanning 2 
messages, 3854 bytes
Feb 28 14:49:36 cygni MailScanner[21934]: Spam Checks: Starting
Feb 28 14:49:47 cygni MailScanner[21934]: Message m1SKnZWi022233 from 
127.0.0.1 (xxx-announce-bounces at crucis.net) to crucis.net is not spam, 
SpamAssassin (not cached, score=-1.44, required 6, autolearn=not spam, 
ALL_TRUSTED -1.44)
Feb 28 14:49:56 cygni MailScanner[21934]: Message m1SKnYAV022232 from 
127.0.0.1 (xxx-announce-bounces at crucis.net) to crucis.net is not spam, 
SpamAssassin (not cached, score=-1.44, required 6, autolearn=not spam, 
ALL_TRUSTED -1.44)
Feb 28 14:49:56 cygni MailScanner[21934]: Spam Checks completed at 197 
bytes per second
Feb 28 14:49:56 cygni MailScanner[21934]: Virus and Content Scanning: 
Starting
Feb 28 14:50:00 cygni MailScanner[21934]: Virus Scanning completed at 
821 bytes per second
Feb 28 14:50:00 cygni MailScanner[21934]: Uninfected: Delivered 2 messages
Feb 28 14:50:00 cygni MailScanner[21934]: Virus Processing completed at 
75732 bytes per second
Feb 28 14:50:00 cygni MailScanner[21934]: Batch completed at 158 bytes 
per second (3854 / 24)
Feb 28 14:50:00 cygni MailScanner[21934]: Batch (2 messages) processed 
in 24.26 seconds
Feb 28 14:50:00 cygni sendmail[22257]: m1SKnZWi022233: forward 
/home/yyy/.forward.cygni: World writable directory
Feb 28 14:50:00 cygni sendmail[22257]: m1SKnZWi022233: forward 
/home/yyy/.forward: World writable directory
Feb 28 14:50:00 cygni sendmail[22257]: m1SKnZWi022233: 
to=<joyce at crucis.net>, delay=00:00:25, xdelay=00:00:00, mailer=local, 
pri=121444, dsn=2.0.0, stat=Sent
Feb 28 14:50:00 cygni sendmail[22257]: m1SKnYAV022232: forward 
/home/zzz/.forward.cygni: World writable directory
Feb 28 14:50:00 cygni sendmail[22257]: m1SKnYAV022232: forward 
/home/zzz/.forward: World writable directory
Feb 28 14:50:00 cygni sendmail[22257]: m1SKnYAV022232: 
to=<zzz at crucis.net>, delay=00:00:25, xdelay=00:00:00, mailer=local, 
pri=121444, dsn=2.0.0, stat=Sent
Feb 28 15:01:02 cygni update.bad.phishing.sites: Delaying cron job up to 
600 seconds
Feb 28 15:05:31 cygni update.bad.phishing.sites: Phishing bad sites list 
updated
Feb 28 15:05:31 cygni update.virus.scanners: Delaying cron job up to 600 
seconds
Feb 28 15:12:03 cygni update.virus.scanners: Found clamav installed
Feb 28 15:12:03 cygni update.virus.scanners: Running autoupdate for clamav
Feb 28 15:12:03 cygni ClamAV-autoupdate[22465]: ClamAV updater 
/usr/local/bin/freshclam cannot be run
Feb 28 15:12:03 cygni update.virus.scanners: Found f-prot installed
Feb 28 15:12:03 cygni update.virus.scanners: Running autoupdate for f-prot
Feb 28 15:12:04 cygni F-Prot autoupdate[22488]: F-Prot did not need 
updating.
Feb 28 15:12:04 cygni update.virus.scanners: Found generic installed
Feb 28 15:12:04 cygni update.virus.scanners: Running autoupdate for generic
Feb 28 15:22:20 cygni MailScanner[22620]: MailScanner E-Mail Virus 
Scanner version 4.66.5 starting...
Feb 28 15:23:33 cygni MailScanner[22713]: MailScanner E-Mail Virus 
Scanner version 4.66.5 starting...
[root at cygni ~]#

More information about the MailScanner mailing list