F-Prot Broken with new version

Gerry Doris gdoris at rogers.com
Sat Mar 8 22:16:51 GMT 2008 

Julian, here are the results of 4.86.2-2.   I have the following version 
of f-prot installed.

F-PROT Antivirus version 6.2.1
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.4.1.52
Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4


I set MailScanner.conf with and without f-prot-6 to see what happened.  
The following is MailScanner --lint with only f-prot listed.

***********************************************************
[root at tiger MailScanner]# MailScanner --lint
Trying to setlogsock(unix)
Checking version numbers...
Version number in MailScanner.conf (4.68.2) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin reported no errors.
MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender"
ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: 
ISITINSTALLED
Found these virus scanners installed: bitdefender, clamavmodule, f-prot, 
f-prot-6, clamd
===========================================================================
Invalid argument '-old'
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND"
Bitdefender said "Found virus EICAR-Test-File (not a virus) in file 
eicar.com"

If any of your virus scanners 
(bitdefender,clamavmodule,f-prot,f-prot-6,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

************************************************************



This is the results with both f-prot and f-prot-6 set in MailScanner.conf.

************************************************************
[root at tiger MailScanner]# MailScanner --lint
Trying to setlogsock(unix)
Checking version numbers...
Version number in MailScanner.conf (4.68.2) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin reported no errors.
MailScanner.conf says "Virus Scanners = clamd f-prot f-prot-6 bitdefender"
ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: 
ISITINSTALLED
Found these virus scanners installed: bitdefender, clamavmodule, f-prot, 
f-prot-6, clamd
===========================================================================
Invalid argument '-old'
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND"
F-Prot6 said "[Found virus] <EICAR_Test_File (exact)> ./1/eicar.com"
Bitdefender said "Found virus EICAR-Test-File (not a virus) in file 
eicar.com"

If any of your virus scanners 
(bitdefender,clamavmodule,f-prot,f-prot-6,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

************************************************************


I checked SweepVirus.pm and the change is there.  Code below...

 # Attempt to open the connection to fpscand
  $sock = ConnectToFpscand($Port, $TimeOut);
  return 'FPSCANDNOTRUNNING' if $lintonly && !sock;
  print "ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING 
DAEMON " .
        ":: $dirname\n" unless $sock;
  MailScanner::Log::WarnLog("ERROR:: COULD NOT CONNECT TO FPSCAND, ".
                            "RECOMMEND RESTARTING DAEMON ") unless $sock;
  return 1 unless $sock;

  return 'FPSCANDOK' if $lintonly;


Here's the result of running f-prot on its own.  I took the code 
directly from virus.scanners.conf and ran it against /tmp.

*************************************************************
[root at tiger MailScanner]#  /usr/lib/MailScanner/f-prot-wrapper 
/opt/f-prot  /tmp

F-PROT Antivirus version 6.2.1
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.4.1.52
Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4
                  (/opt/f-prot/antivir.def)

[Not scanning] <Not a regular file or directory>        /tmp/clamd
[Not scanning] <Not a regular file or directory>        
/tmp/.font-unix/fs7100
[Not scanning] <Not a regular file or directory>        /tmp/mapping-root
[Not scanning] <Not a regular file or directory>        /tmp/mapping-gerry
[Not scanning] <Not a regular file or directory>        
/tmp/keyring-nQXhqv/socket


Results:

Files: 48
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 96
Infected objects: 0
Files with errors: 0
Disinfected: 0

Running time: 00:18
****************************************************************




Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have just released 4.68.2-2 for you, which includes the fix I posted 
> for you a few minutes ago.
> I don't like leaving known-broken code out there, it generates more work 
> for me explaining the workaround.
>
> Jules.
>
> P.S. Please let me know how you get on with 4.68.2-2.
>
>   
>

More information about the MailScanner mailing list