ClamAV 0.94 on etch - SOLVED

Randal, Phil prandal at herefordshire.gov.uk
Tue Sep 9 17:21:48 IST 2008 

A few changes:

Monitors for ClamAV Updates = /var/lib/clamav/*.cld
/var/lib/clamav/*.cvd 

Or whatever path is appropriate. That shouldn't matter unless you're
using ClamAVModule, but I'm pedantic.

"ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-MailScanner-Envelope-From"

Check what they both are (the latter is in MailScanner.conf) and fix it
to be consistent - this affects SPF handling, if I recall correctly.

Cheers,

Phil
--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jose
Julian Buda
Sent: 09 September 2008 16:58
To: MailScanner discussion
Subject: Re: ClamAV 0.94 on etch - SOLVED


----- Original Message -----
From: "Jose Julian Buda" <jbuda at noticiasargentinas.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Tuesday, September 09, 2008 11:22 AM
Subject: Re: ClamAV 0.94


>
> ----- Original Message ----- 
> From: "Jim Barber" <jim.barber at ddihealth.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Monday, September 08, 2008 10:38 PM
> Subject: Re: ClamAV 0.94
>
>
>> Hugo van der Kooij wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Scott Silva wrote:
>>>
>>>>> Now, the clamd daemon is running, how do i tell the mailscanner to
use
>>>>> it?
>>>
>>>> You will need to upgrade your mailscanner version. Debian uses a 
>>>> version
>>>> that is probably 3 years old by now. In MailScanner time that is
like 
>>>> 30
>>>> generations.
>>>
>>> In spam terms that is about 15 generations ago.
>>>
>>> I would recommend that Jules defines a version policy about how many
>>> versions back something is considered too old to be even bothered
with
>>> and notification is send to the Debian team that their prehistoric
>>> version is too old to keep in there system.
>>>
>>> Keeping up was my greatest concern in regard to building a
repository
>>> for MailScanner.
>>>
>>> Hugo.
>>>
>>> PS: Did anyone bother to check the awstats statistics?
>>
>> The version of MailScanner in Debian's testing / lenny distribution
is 
>> 4.68.8.
>> That's also really old, but it does have the ability to use clamd
(I'm 
>> using it successfully).
>>
>> To use it I needed to add the Debian-exim user to the clamav group.
>> I also added the clamav user to the Debian-exim group, but you may be

>> able to avoid that by setting "Incoming Work Group = clamav" in the 
>> config below.
>>
>> Then you need set a few values in your
/etc/MailScanner/MailScanner.conf 
>> file:
>>
>> Incoming Work Permissions = 0660
>>
>> Virus Scanners = clamd
>>
>> Monitors for ClamAV Updates = /var/lib/clamav/*.inc/* 
>> /var/lib/clamav/*.cvd
>>
>> Regards,
>>
>> ----------
>> Jim Barber
>> DDI Health
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> __________ Informacin de NOD32, revisin 3428 (20080909) __________
>>
>> Este mensaje ha sido analizado con  NOD32 antivirus system
>> http://www.nod32.com
>>
>>
>
>
> Can i use a lenny version on a production server ?
> If i shouldn't, how can i make this version work?
> This problem, i do not saw it yesterday with the clamav 0.93.3.
> Is it really a MS problem?
> However, i see that the clamav 0.94 is ok , if a try directly the
wrapper 
> script:
>
> proxymails:~# /etc/MailScanner/wrapper/clamav-wrapper /usr
> /root/.rnd: OK
> /root/.bashrc: OK
> /root/papa.txt: Eicar-Test-Signature FOUND
> /root/.viminfo: OK
> /root/.bash_history: OK
> /root/.profile: OK
> /root/balanceo: OK
> /root/pepe.zip: Eicar-Test-Signature FOUND
> /root/ipt.txt: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 416286
> Engine version: 0.94
> Scanned directories: 1
> Scanned files: 16
> Infected files: 2
> Data scanned: 0.61 MB
> Time: 3.919 sec (0 m 3 s)
> proxymails:~#
>
>
> I dont want to install a testing version on a production server, if it
is 
> not necesary
> somebody does have tested this lenny version on etch?
>
> Thank you .
> Jose Julian Buda
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> __________ Informacin de NOD32, revisin 3428 (20080909) __________
>
> Este mensaje ha sido analizado con  NOD32 antivirus system
> http://www.nod32.com
>
>

Well i did the test.
I was recieving complains from users about message from antivirus on the

workstations's mail client...


wget 
http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4
.68.8-1_all.deb
dpkg -i mailscanner_4.68.8-1_all.deb
..
 mailscanner depends on libmailtools-perl (>= 2.02); however:
  Version of libmailtools-perl on system is 1.74-1.
.....

that`s it, no problem with that, i think so...

then as i saw on a 
forum(http://www.bluequartz.us/phpBB2/viewtopic.php?p=232823&sid=3b26f0c
29a1e0629cb27b3c5ba475852) 
,
"have a look at /opt/MailScanner/lib/MailScanner/SweepViruses.pm, I
comment out the
following lines:
if ($rarcmd && -x $rarcmd) {
$Scanners{clamav}->{CommonOptions} .= " --unrar=$rarcmd";
MailScanner::Log::InfoLog("ClamAV scanner using unrar command %s",
$rarcmd);
} "


so i did it..
now , in the maillog i saw that clamav 0.94 is triggered  ok...
and
proxymails:~# MailScanner --lint
Trying to setlogsock(unix)
Read 748 hostnames from the phishing whitelist
Could not read phishing blacklist file  at 
/usr/share/MailScanner//MailScanner/Config.pm line 919
Checking version numbers...
Version number in MailScanner.conf (4.68.8) is correct.

ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-MailScanner-Envelope-From

MailScanner setting GID to  (104)
MailScanner setting UID to  (100)

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is 
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid
for 
"pyzor_path", skipping: pyzor_path /usr/bin/pyzor
config: failed to parse line, skipping, in 
"/etc/MailScanner/spam.assassin.prefs.conf": dcc_path /usr/bin/dccproc
SpamAssassin reported an error.
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamav
========================================================================
===
Virus and Content Scanning: Starting
./1/eicar.com: Eicar-Test-Signature FOUND

Virus Scanning: ClamAV found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
Filename Checks:  (1 eicar.com)
Other Checks: Found 1 problems
========================================================================
===
Virus Scanner test reports:
ClamAV said "eicar.com contains Eicar-Test-Signature"

If any of your virus scanners (clamav)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its
virus.scanners.conf.
.......

There is some problems as i see in the report, but i think it is not big

deal, am i right?

Thank you all .
Jose Julian Buda


-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list