F-Prot Broken with new version

Julian Field MailScanner at ecs.soton.ac.uk
Sat Mar 8 22:38:20 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerry Doris wrote:
> Julian, here are the results of 4.86.2-2.   I have the following 
> version of f-prot installed.
>
> F-PROT Antivirus version 6.2.1
So you do have version 6 installed after all.

Please install the patched version 4.86.2-3 I just released for you. I 
omitted a $ sign in one line of code. Then set
Virus Scanners = f-protd-6
in MailScanner.conf and then
    MailScanner --lint
should work just fine, so long as you have got fpscand running.
Do a
    ps ax | grep fpscand
and kill anything you've got running.
Do
    service f-protd start
and then do the
    ps ax | grep fpscand
command again and make sure you have fpscand running. If the "service" 
command said it couldn't find the f-protd service then try
    chkconfig --add f-protd
then do the service command again. If it still can't find the f-protd 
service, then you need to
    cp /usr/local/f-prot/rc-scripts/fpscand.rc-redhat /etc/init.d/f-protd
    chkconfig --add f-protd
    service f-protd start
    MailScanner --lint
then edit /etc/MailScanner/virus.scanners.conf and make sure that the 
f-prot-6 and f-protd-6 lines both refer to /usr/local/f-prot,
and it should then work. That's assuming you installed f-prot version 6 
into /usr/local/f-prot.

The F-Prot 6 installer isn't perfect, not by a long shot :-(

> FRISK Software International (C) Copyright 1989-2007
>
> Engine version: 4.4.1.52
> Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4
>
>
> I set MailScanner.conf with and without f-prot-6 to see what 
> happened.  The following is MailScanner --lint with only f-prot listed.
>
> ***********************************************************
> [root at tiger MailScanner]# MailScanner --lint
> Trying to setlogsock(unix)
> Checking version numbers...
> Version number in MailScanner.conf (4.68.2) is correct.
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>
> Checking for SpamAssassin errors (if you use it)...
> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
> SpamAssassin reported no errors.
> MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender"
> ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: 
> ISITINSTALLED
> Found these virus scanners installed: bitdefender, clamavmodule, 
> f-prot, f-prot-6, clamd
> =========================================================================== 
>
> Invalid argument '-old'
> =========================================================================== 
>
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND"
> Bitdefender said "Found virus EICAR-Test-File (not a virus) in file 
> eicar.com"
>
> If any of your virus scanners 
> (bitdefender,clamavmodule,f-prot,f-prot-6,clamd)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its 
> virus.scanners.conf.
>
> ************************************************************
>
>
>
> This is the results with both f-prot and f-prot-6 set in 
> MailScanner.conf.
>
> ************************************************************
> [root at tiger MailScanner]# MailScanner --lint
> Trying to setlogsock(unix)
> Checking version numbers...
> Version number in MailScanner.conf (4.68.2) is correct.
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>
> Checking for SpamAssassin errors (if you use it)...
> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
> SpamAssassin reported no errors.
> MailScanner.conf says "Virus Scanners = clamd f-prot f-prot-6 
> bitdefender"
> ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: 
> ISITINSTALLED
> Found these virus scanners installed: bitdefender, clamavmodule, 
> f-prot, f-prot-6, clamd
> =========================================================================== 
>
> Invalid argument '-old'
> =========================================================================== 
>
> Virus Scanner test reports:
> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND"
> F-Prot6 said "[Found virus] <EICAR_Test_File (exact)> ./1/eicar.com"
> Bitdefender said "Found virus EICAR-Test-File (not a virus) in file 
> eicar.com"
>
> If any of your virus scanners 
> (bitdefender,clamavmodule,f-prot,f-prot-6,clamd)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its 
> virus.scanners.conf.
>
> ************************************************************
>
>
> I checked SweepVirus.pm and the change is there.  Code below...
>
> # Attempt to open the connection to fpscand
>  $sock = ConnectToFpscand($Port, $TimeOut);
>  return 'FPSCANDNOTRUNNING' if $lintonly && !sock;
>  print "ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING 
> DAEMON " .
>        ":: $dirname\n" unless $sock;
>  MailScanner::Log::WarnLog("ERROR:: COULD NOT CONNECT TO FPSCAND, ".
>                            "RECOMMEND RESTARTING DAEMON ") unless $sock;
>  return 1 unless $sock;
>
>  return 'FPSCANDOK' if $lintonly;
>
>
> Here's the result of running f-prot on its own.  I took the code 
> directly from virus.scanners.conf and ran it against /tmp.
>
> *************************************************************
> [root at tiger MailScanner]#  /usr/lib/MailScanner/f-prot-wrapper 
> /opt/f-prot  /tmp
>
> F-PROT Antivirus version 6.2.1
> FRISK Software International (C) Copyright 1989-2007
>
> Engine version: 4.4.1.52
> Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4
>                  (/opt/f-prot/antivir.def)
>
> [Not scanning] <Not a regular file or directory>        /tmp/clamd
> [Not scanning] <Not a regular file or directory>        
> /tmp/.font-unix/fs7100
> [Not scanning] <Not a regular file or directory>        /tmp/mapping-root
> [Not scanning] <Not a regular file or directory>        
> /tmp/mapping-gerry
> [Not scanning] <Not a regular file or directory>        
> /tmp/keyring-nQXhqv/socket
>
>
> Results:
>
> Files: 48
> Skipped files: 0
> MBR/boot sectors checked: 0
> Objects scanned: 96
> Infected objects: 0
> Files with errors: 0
> Disinfected: 0
>
> Running time: 00:18
> ****************************************************************
>
>
>
>
> Julian Field wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have just released 4.68.2-2 for you, which includes the fix I 
>> posted for you a few minutes ago.
>> I don't like leaving known-broken code out there, it generates more 
>> work for me explaining the workaround.
>>
>> Jules.
>>
>> P.S. Please let me know how you get on with 4.68.2-2.
>>
>>     

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.1 (Build 2523)
Comment: Use Thunderbird Enigmail to verify this message
Charset: ISO-8859-1

wj8DBQFH0xVeEfZZRxQVtlQRAnyQAKD+NMX+Zxyxur/oblwgP34U2O+WZACfeS6b
ijpGJwOCUazeWA/0MS/as/k=
=EOUk
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list