ClamAV 0.94 on etch - SOLVED

Jose Julian Buda jbuda at noticiasargentinas.com
Tue Sep 9 16:58:16 IST 2008


----- Original Message ----- 
From: "Jose Julian Buda" <jbuda at noticiasargentinas.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Tuesday, September 09, 2008 11:22 AM
Subject: Re: ClamAV 0.94


>
> ----- Original Message ----- 
> From: "Jim Barber" <jim.barber at ddihealth.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Monday, September 08, 2008 10:38 PM
> Subject: Re: ClamAV 0.94
>
>
>> Hugo van der Kooij wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Scott Silva wrote:
>>>
>>>>> Now, the clamd daemon is running, how do i tell the mailscanner to use
>>>>> it?
>>>
>>>> You will need to upgrade your mailscanner version. Debian uses a 
>>>> version
>>>> that is probably 3 years old by now. In MailScanner time that is like 
>>>> 30
>>>> generations.
>>>
>>> In spam terms that is about 15 generations ago.
>>>
>>> I would recommend that Jules defines a version policy about how many
>>> versions back something is considered too old to be even bothered with
>>> and notification is send to the Debian team that their prehistoric
>>> version is too old to keep in there system.
>>>
>>> Keeping up was my greatest concern in regard to building a repository
>>> for MailScanner.
>>>
>>> Hugo.
>>>
>>> PS: Did anyone bother to check the awstats statistics?
>>
>> The version of MailScanner in Debian's testing / lenny distribution is 
>> 4.68.8.
>> That's also really old, but it does have the ability to use clamd (I'm 
>> using it successfully).
>>
>> To use it I needed to add the Debian-exim user to the clamav group.
>> I also added the clamav user to the Debian-exim group, but you may be 
>> able to avoid that by setting "Incoming Work Group = clamav" in the 
>> config below.
>>
>> Then you need set a few values in your /etc/MailScanner/MailScanner.conf 
>> file:
>>
>> Incoming Work Permissions = 0660
>>
>> Virus Scanners = clamd
>>
>> Monitors for ClamAV Updates = /var/lib/clamav/*.inc/* 
>> /var/lib/clamav/*.cvd
>>
>> Regards,
>>
>> ----------
>> Jim Barber
>> DDI Health
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> __________ Informacin de NOD32, revisin 3428 (20080909) __________
>>
>> Este mensaje ha sido analizado con  NOD32 antivirus system
>> http://www.nod32.com
>>
>>
>
>
> Can i use a lenny version on a production server ?
> If i shouldn't, how can i make this version work?
> This problem, i do not saw it yesterday with the clamav 0.93.3.
> Is it really a MS problem?
> However, i see that the clamav 0.94 is ok , if a try directly the wrapper 
> script:
>
> proxymails:~# /etc/MailScanner/wrapper/clamav-wrapper /usr
> /root/.rnd: OK
> /root/.bashrc: OK
> /root/papa.txt: Eicar-Test-Signature FOUND
> /root/.viminfo: OK
> /root/.bash_history: OK
> /root/.profile: OK
> /root/balanceo: OK
> /root/pepe.zip: Eicar-Test-Signature FOUND
> /root/ipt.txt: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 416286
> Engine version: 0.94
> Scanned directories: 1
> Scanned files: 16
> Infected files: 2
> Data scanned: 0.61 MB
> Time: 3.919 sec (0 m 3 s)
> proxymails:~#
>
>
> I dont want to install a testing version on a production server, if it is 
> not necesary
> somebody does have tested this lenny version on etch?
>
> Thank you .
> Jose Julian Buda
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> __________ Informacin de NOD32, revisin 3428 (20080909) __________
>
> Este mensaje ha sido analizado con  NOD32 antivirus system
> http://www.nod32.com
>
>

Well i did the test.
I was recieving complains from users about message from antivirus on the 
workstations's mail client...


wget 
http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4.68.8-1_all.deb
dpkg -i mailscanner_4.68.8-1_all.deb
..
 mailscanner depends on libmailtools-perl (>= 2.02); however:
  Version of libmailtools-perl on system is 1.74-1.
.....

that`s it, no problem with that, i think so...

then as i saw on a 
forum(http://www.bluequartz.us/phpBB2/viewtopic.php?p=232823&sid=3b26f0c29a1e0629cb27b3c5ba475852) 
,
"have a look at /opt/MailScanner/lib/MailScanner/SweepViruses.pm, I
comment out the
following lines:
if ($rarcmd && -x $rarcmd) {
$Scanners{clamav}->{CommonOptions} .= " --unrar=$rarcmd";
MailScanner::Log::InfoLog("ClamAV scanner using unrar command %s",
$rarcmd);
} "


so i did it..
now , in the maillog i saw that clamav 0.94 is triggered  ok...
and
proxymails:~# MailScanner --lint
Trying to setlogsock(unix)
Read 748 hostnames from the phishing whitelist
Could not read phishing blacklist file  at 
/usr/share/MailScanner//MailScanner/Config.pm line 919
Checking version numbers...
Version number in MailScanner.conf (4.68.8) is correct.

ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-MailScanner-Envelope-From

MailScanner setting GID to  (104)
MailScanner setting UID to  (100)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is 
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for 
"pyzor_path", skipping: pyzor_path /usr/bin/pyzor
config: failed to parse line, skipping, in 
"/etc/MailScanner/spam.assassin.prefs.conf": dcc_path /usr/bin/dccproc
SpamAssassin reported an error.
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamav
===========================================================================
Virus and Content Scanning: Starting
./1/eicar.com: Eicar-Test-Signature FOUND

Virus Scanning: ClamAV found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
Filename Checks:  (1 eicar.com)
Other Checks: Found 1 problems
===========================================================================
Virus Scanner test reports:
ClamAV said "eicar.com contains Eicar-Test-Signature"

If any of your virus scanners (clamav)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
.......

There is some problems as i see in the report, but i think it is not big 
deal, am i right?

Thank you all .
Jose Julian Buda




More information about the MailScanner mailing list