F-Prot use not appearing in log file
Mike - W0TMW
mikew at crucis.net
Thu Feb 28 21:55:55 GMT 2008
Julian Field wrote:
>
>
> Mike - W0TMW wrote:
>> I've installed MS 4.66 on a new box and thanks to others here gotten
>> it running. I have noticed something odd.
>>
>> I have clamav and f-prot installed for virus scanning. I have an
>> older version of MS running on another box also with clamav and
>> f-prot. On that older box, when an e-mail is being scanned, I see in
>> the log that clamav and f-prot are used. On the new box however, I
>> only see clamav mentioned. Both virus scanners are found when MS is
>> started.
>>
>> Is f-prot being used and just not logged?
> That shouldn't be possible.
> What does "MailScanner --lint" say?
> If you add "eicar" to Non-Forging Viruses list, then you should
> receive a notification when you send a copy of Eicar through it. That
> will tell you for definite which virus scanners are finding Eicar.
>
> Please let me know how you get on with this.
>
> Jules
>
I created an eicar test message and ran it. It was detected. This is
the section of maillog and it only shows clamav being activated.
[root at cygni ~]# tail -80 /var/log/maillog
Feb 28 15:44:11 cygni sendmail[23070]: m1SLiBoV023070: from=root,
size=364, class=0, nrcpts=1,
msgid=<20080228214411.GA23016 at cygni.crucis.net>, relay=root at localhost
Feb 28 15:44:11 cygni sendmail[23071]: m1SLiBxD023071:
from=<root at cygni.crucis.net>, size=507, class=0, nrcpts=1,
msgid=<20080228214411.GA23016 at cygni.crucis.net>, proto=ESMTP,
daemon=MTA, relay=localhost6.localdomain6 [127.0.0.1]
Feb 28 15:44:11 cygni sendmail[23070]: m1SLiBoV023070:
to=mikew at cygni.crucis.net, ctladdr=root (0/0), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30364, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (m1SLiBxD023071 Message accepted for delivery)
Feb 28 15:44:12 cygni MailScanner[22998]: New Batch: Scanning 1
messages, 988 bytes
Feb 28 15:44:12 cygni MailScanner[22998]: Spam Checks: Starting
Feb 28 15:44:24 cygni MailScanner[22998]: Message m1SLiBxD023071 from
127.0.0.1 (root at cygni.crucis.net) to crucis.net is not spam,
SpamAssassin (score=1.459, required 6, ALL_TRUSTED -1.44,
TVD_SPACE_RATIO 2.90)
Feb 28 15:44:24 cygni MailScanner[22998]: Spam Checks completed at 78
bytes per second
Feb 28 15:44:24 cygni MailScanner[22998]: Virus and Content Scanning:
Starting
Feb 28 15:44:28 cygni MailScanner[22998]:
/var/spool/MailScanner/incoming/22998/./m1SLiBxD023071/msg-22998-1.txt:
Eicar-Test-Signature FOUND
Feb 28 15:44:28 cygni MailScanner[22998]:
/var/spool/MailScanner/incoming/22998/./m1SLiBxD023071.message:
Eicar-Test-Signature FOUND
Feb 28 15:44:29 cygni MailScanner[22998]: Virus Scanning: ClamAV found 2
infections
Feb 28 15:44:29 cygni MailScanner[22998]: Infected message
m1SLiBxD023071.message came from
Feb 28 15:44:29 cygni MailScanner[22998]: Infected message
m1SLiBxD023071 came from 127.0.0.1
Feb 28 15:44:29 cygni MailScanner[22998]: Virus Scanning: Found 2 viruses
Feb 28 15:44:29 cygni MailScanner[22998]: Virus Scanning completed at
239 bytes per second
Feb 28 15:44:29 cygni MailScanner[22998]: Cleaned: Delivered 1 cleaned
messages
Feb 28 15:44:29 cygni sendmail[23089]: m1SLiTx9023089: from=postmaster,
size=1145, class=0, nrcpts=1,
msgid=<200802282144.m1SLiTx9023089 at cygni.crucis.net>, relay=root at localhost
Feb 28 15:44:29 cygni sendmail[23091]: m1SLiTfB023091:
from=<postmaster at cygni.crucis.net>, size=1404, class=0, nrcpts=1,
msgid=<200802282144.m1SLiTx9023089 at cygni.crucis.net>, proto=ESMTP,
daemon=MTA, relay=localhost6.localdomain6 [127.0.0.1]
Feb 28 15:44:29 cygni sendmail[23089]: m1SLiTx9023089: to=postmaster,
delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31145,
relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m1SLiTfB023091
Message accepted for delivery)
Feb 28 15:44:29 cygni sendmail[23090]: m1SLiBxD023071: forward
/home/mikew/.forward.cygni: World writable directory
Feb 28 15:44:29 cygni sendmail[23090]: m1SLiBxD023071: forward
/home/mikew/.forward: World writable directory
Feb 28 15:44:29 cygni sendmail[23090]: m1SLiBxD023071:
to=<mikew at crucis.net>, ctladdr=<root at cygni.crucis.net> (0/0),
delay=00:00:18, xdelay=00:00:00, mailer=local, pri=120507, dsn=2.0.0,
stat=Sent
Feb 28 15:44:29 cygni MailScanner[22998]: Notices: Warned about 1 messages
Feb 28 15:44:29 cygni MailScanner[22998]: Virus Processing completed at
3246 bytes per second
Feb 28 15:44:29 cygni MailScanner[22998]: Batch completed at 58 bytes
per second (988 / 16)
Feb 28 15:44:29 cygni MailScanner[22998]: Batch (1 message) processed in
16.95 seconds
Feb 28 15:44:29 cygni MailScanner[22998]: New Batch: Scanning 1
messages, 1896 bytes
Feb 28 15:44:29 cygni MailScanner[22998]: Spam Checks: Starting
Feb 28 15:44:44 cygni MailScanner[22998]: Message m1SLiTfB023091 from
127.0.0.1 (postmaster at cygni.crucis.net) to cygni.crucis.net is not spam,
SpamAssassin (not cached, score=-1.44, required 6, autolearn=not spam,
ALL_TRUSTED -1.44)
Feb 28 15:44:44 cygni MailScanner[22998]: Spam Checks completed at 127
bytes per second
Feb 28 15:44:44 cygni MailScanner[22998]: Virus and Content Scanning:
Starting
Feb 28 15:44:50 cygni MailScanner[22998]: Virus Scanning completed at
323 bytes per second
Feb 28 15:44:50 cygni MailScanner[22998]: Uninfected: Delivered 1 messages
Feb 28 15:44:50 cygni MailScanner[22998]: Virus Processing completed at
51281 bytes per second
Feb 28 15:44:50 cygni MailScanner[22998]: Batch completed at 91 bytes
per second (1896 / 20)
Feb 28 15:44:50 cygni MailScanner[22998]: Batch (1 message) processed in
20.83 seconds
Feb 28 15:44:50 cygni sendmail[23137]: m1SLiTfB023091: to=root,
delay=00:00:21, xdelay=00:00:00, mailer=local, pri=121404, dsn=2.0.0,
stat=Sent
Feb 28 15:45:47 cygni sendmail[23161]: m1SLjl3d023161:
Authentication-Warning: cygni.crucis.net: mikew set sender to
mikew at cygni.crucis.net using -f
Feb 28 15:45:47 cygni sendmail[23161]: m1SLjl3d023161:
from=mikew at cygni.crucis.net, size=1482, class=0, nrcpts=1,
msgid=<200802281545.12060.mikew at cygni.crucis.net>, relay=localhost
[[UNIX: localhost]]
[root at cygni ~]#
More information about the MailScanner
mailing list