F-Prot use not appearing in log file
mikew at crucis.net
Fri Feb 29 23:55:25 GMT 2008
Julian Field wrote:
> Mike - W0TMW wrote:
> > Trimmed to conserve space.
> > Julian Field wrote:
> >> Mike Watson wrote:
> >>> -----BEGIN PGP SIGNED MESSAGE-----
> >>> Hash: SHA1
> >>> Scott Silva wrote:
> >>> | on 2-28-2008 1:35 PM Mike - W0TMW spake the following:
> >>> |> Julian Field wrote:
> >>> |>>
> >>> |>>
> >>> |>> Mike - W0TMW wrote:
> >>> |>>> I've installed MS 4.66 on a new box and thanks to others here
> >>> gotten it running. I have noticed something odd.
> >>> |>>>
> >>> |>>> I have clamav and f-prot installed for virus scanning. I have
> >>> an older version of MS running on another box also with clamav and
> >>> f-prot. On that older box, when an e-mail is being scanned, I see
> >>> in the log that clamav and f-prot are used. On the new box however,
> >>> I only see clamav mentioned. Both virus scanners are found when MS
> >>> is started.
> > snipped...
> >>> | Change your %org-name% to crucis_net instead of crucis.net. That
> >>> error has caused many logging problems.
> >>> | And you might as well fix the other error so spamassassin ignores
> >>> your locally generated headers.
> > Done. No change.
> >> Have you checked your /etc/MailScanner.conf recently?
> >> A new version of F-Prot appeared with a totally new output format.
> >> There is now the "f-prot-6" scanner which you should have in your
> >> "Virus Scanners" setting. It's mentioned in the comments above.
> > My F-prot is version 4.6.8, engine 3.16.16. It was downloaded from
> > the F-Prot website last week. Would this version use "f-prot" or
> > "F-prot-6"? F-prot works/scans in manual mode.
> When you installed it, did it require a installation key number?
> On the
> website, when you download it, there is version 3 and version 6
> available. Once you have put in your customer number, you get taken to a
> page which lists the downloads and keys you can get for that number.
> That tells you the version number there. I would guess you are using
> version 6.
I'm using version 4.6.8, engine 3.16.16 I have MailScanner.conf set to
"auto". It finds f-prot during startup.
> Set Virus Scanners in MailScanner.conf to include "f-prot-6" and then do
> a MailScanner --lint and you'll see what it finds and whether it locates
> a virus report in the F-Prot 6 output.
> Note that after you unpack the F-Prot 6 (by default it appears to prefer
> /opt/f-prot) there is an installation script in there. You don't want
> any of the daemons or cron jobs or anything, but you will need to type
> in your installation key number (very long string with dashes in it) in
> order to be able to download the updates.
This is a personal mailserver. I'm not providing a commercial service.
I'm not using the commercial F-Prot virus scanner.
Here's the output of MailScanner --lint with anti-virus set to "auto."
[root at cygni ~]# MailScanner --lint
Trying to setlogsock(unix)
Checking version numbers...
Version number in MailScanner.conf (4.66.5) is correct.
Your setting "Mail Header" contains illegal characters.
This is most likely caused by your "%org-name%" setting
which must not contain and "." or "_" characters as
these are known to cause problems with some mail systems.
Your envelope_sender_header in spam.assassin.prefs.conf is correct.
Checking for SpamAssassin errors (if you use it)...
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin reported no errors.
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamav, f-prot
Virus Scanner test reports:
F-Prot said "./1/eicar.com Infection: EICAR_Test_File"
ClamAV said "eicar.com contains Eicar-Test-Signature"
If any of your virus scanners (clamav,f-prot)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
[root at cygni ~]#
I'll change the virus scanner to f-prot-6 later and pass the lint result
along to you.
This message has been scanned for viruses and
dangerous content by MailScanner at CYGNI, and is
believed to be clean.
More information about the MailScanner