F-Prot use not appearing in log file

Mike Watson mikew at crucis.net
Fri Feb 29 23:55:25 GMT 2008

See below.

Julian Field wrote:
> Mike - W0TMW wrote:
> > Trimmed to conserve space.
> > Julian Field wrote:
> >>
> >> Mike Watson wrote:
> >>> Hash: SHA1
> >>>
> >>> Scott Silva wrote:
> >>> | on 2-28-2008 1:35 PM Mike - W0TMW spake the following:
> >>> |> Julian Field wrote:
> >>> |>>
> >>> |>>
> >>> |>> Mike - W0TMW wrote:
> >>> |>>> I've installed MS 4.66 on a new box and thanks to others here
> >>> gotten it running.  I have noticed something odd.
> >>> |>>>
> >>> |>>> I have clamav and f-prot installed for virus scanning.  I have
> >>> an older version of MS running on another box also with clamav and
> >>> f-prot.  On that older box, when an e-mail is being scanned, I see
> >>> in the log that clamav and f-prot are used.  On the new box however,
> >>> I only see clamav mentioned.  Both virus scanners are found when MS
> >>> is started.
> > snipped...
> >>> | Change your %org-name% to crucis_net instead of crucis.net. That
> >>> error has caused many logging problems.
> >>> | And you might as well fix the other error so spamassassin ignores
> >>> your locally generated headers.
> >>>
> > Done. No change.
> >> Have you checked your /etc/MailScanner.conf recently?
> >> A new version of F-Prot appeared with a totally new output format.
> >> There is now the "f-prot-6" scanner which you should have in your
> >> "Virus Scanners" setting. It's mentioned in the comments above.
> > My F-prot is version 4.6.8, engine 3.16.16.  It was downloaded from
> > the F-Prot website last week.  Would this version use "f-prot" or
> > "F-prot-6"? F-prot works/scans in manual mode.
> When you installed it, did it require a installation key number? 
> On the
> website, when you download it, there is version 3 and version 6
> available. Once you have put in your customer number, you get taken to a
> page which lists the downloads and keys you can get for that number.
> That tells you the version number there. I would guess you are using
> version 6.
I'm using version 4.6.8, engine 3.16.16  I have MailScanner.conf set to 
"auto".  It finds f-prot during startup.
> Set Virus Scanners in MailScanner.conf to include "f-prot-6" and then do
> a MailScanner --lint and you'll see what it finds and whether it locates
> a virus report in the F-Prot 6 output.
> Note that after you unpack the F-Prot 6 (by default it appears to prefer
> /opt/f-prot) there is an installation script in there. You don't want
> any of the daemons or cron jobs or anything, but you will need to type
> in your installation key number (very long string with dashes in it) in
> order to be able to download the updates.
This is a personal mailserver. I'm not providing a commercial service. 
I'm not using the commercial F-Prot virus scanner.

Here's the output of MailScanner --lint with anti-virus set to "auto."

[root at cygni ~]# MailScanner --lint
Trying to setlogsock(unix)
Checking version numbers...
Version number in MailScanner.conf (4.66.5) is correct.

Your setting "Mail Header" contains illegal characters.
This is most likely caused by your "%org-name%" setting
which must not contain and "." or "_" characters as
these are known to cause problems with some mail systems.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin reported no errors.
MailScanner.conf says "Virus Scanners = auto"
Found these virus scanners installed: clamav, f-prot
Virus Scanner test reports:
F-Prot said "./1/eicar.com  Infection: EICAR_Test_File"
ClamAV said "eicar.com contains Eicar-Test-Signature"

If any of your virus scanners (clamav,f-prot)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
[root at cygni ~]#

I'll change the virus scanner to f-prot-6 later and pass the lint result 
along to you.

Mike W

> Jules

This message has been scanned for viruses and
dangerous content by MailScanner at CYGNI, and is
believed to be clean.

More information about the MailScanner mailing list