MailScanner 4.68.8 and F-Secure 5.54 on Debian Etch

Nils Olav Brandstorp Bekken nils.o.bekken at
Fri Jun 20 12:20:56 IST 2008


I've been running MailScanner with F-Secure Antivirus 4.65 on Debian
Sarge for some time, and when I upgraded to Etch and installed F-Secure
Server Security 5.54 (command line only) I noticed that I needed
something newer than the MailScanner version in Etch to support it, so I
pulled down the version from Debian testing, but still have some problems.

MailScanner and the F-secure 4.65 version has kept the mailboxes here
free of viruses, but it seems like F-Secure 4.65 isn't even on the
product list with F-Secure anymore and even 5 is EOL May 2009 so I
thought it was time to move on instead of getting a nasty suprise one
Friday afternoon (when these things usually happen :-(

When I try sending an email it finds the virus, but the entire email is
still delivered including the virus/Eicar file.

I've search most (I think) of web/wiki pages without finding anything
about this

Any ideas?

Thanks in advance
Nils O. Bekken

maillogs, output from MailScanner --lint follows (Mailscanner in debug

MailScanner[7141]: MailScanner E-Mail Virus Scanner version 4.68.8
MailScanner[7141]: Read 817 hostnames from the phishing whitelist
MailScanner[7141]: Read 5141 hostnames from the phishing blacklist
MailScanner[7141]: SpamAssassin temporary working directory is
MailScanner[7141]: Using SpamAssassin results cache
MailScanner[7141]: Connected to SpamAssassin cache database
MailScanner[7141]: Enabling SpamAssassin auto-whitelist functionality...
MailScanner[7141]: sees Config  LockType =  posix
MailScanner[7141]: sees have_module =  0
MailScanner[7141]: Using locktype = posix
MailScanner[7141]: New Batch: Scanning 1 messages, 73835 bytes
MailScanner[7141]: Created attachment dirs for 1 messages
MailScanner[7141]: Spam Checks: Starting
MailScanner[7141]: SpamAssassin returned 0
MailScanner[7141]: Virus and Content Scanning: Starting
MailScanner[7141]: Commencing scanning by f-secure...
MailScanner[7141]: Found F-Secure version 1.12=1.12
MailScanner[7141]: Scan ended at Wed Jun 18 10:02:26 2008
MailScanner[7141]: 3 files scanned
MailScanner[7141]: 1 file infected
MailScanner[7141]: Completed scanning by f-secure
MailScanner[7141]: About to deliver 1 messages
MailScanner[7141]: Uninfected: Delivered 1 messages
MailScanner[7141]: MailScanner child dying of old age

starfury:~# fsav
F-Secure Security Platform version 1.12  build 7113
Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.

Scan started at Wed Jun 18 10:03:48 2008
Database version: 2008-06-18_03 Infected: Trojan.Win32.VB.dee [AVP] Disinfect? (Yes, No, yes to All)
Scan ended at Wed Jun 18 10:04:01 2008
1 file scanned
1 file infected

MailScanner --lint
Trying to setlogsock(unix)
Read 817 hostnames from the phishing whitelist
Read 5141 hostnames from the phishing blacklist
Checking version numbers...
Version number in MailScanner.conf (4.68.8) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (8)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Using locktype = posix
MailScanner.conf says "Virus Scanners = f-secure"
Found these virus scanners installed: f-secure
Virus and Content Scanning: Starting
Found F-Secure version 1.12=1.12

Scan ended at Wed Jun 18 11:06:46 2008
2 files scanned
1 file infected

If any of your virus scanners (f-secure)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

More information about the MailScanner mailing list