f-secure-linux-security-7.03 doesn't work with MailScanner-4.77.10-1
Felix Schäfer
felix.schaefer at web.de
Mon Jul 13 09:10:51 IST 2009
Hello,
I have a problem with most recent f-secure-linux-security-7.03 on my openSUSE 11.1 64-Bit Box with MailScanner-4.77.10-1.
Mailscanner doesn't recognise a virus (output vom f-secure f-sav). Only my installed clam-av detects the eicar test virus.
If nessecery I can send a licensed copy of f-secure-linux-security-7.03 for debugging. Or you can download it for test:
http://download.f-secure.com/webclub/f-secure-linux-security-7.03.81803.tgz
Since 2003 I use Mailscanner in my company and it is the best available Anti-Virus Scanner I ever seen.
Thank you for your hard work, Julian.
Please help me. Thank you.
Felix
More information:
gateway:/home/fs/install # whereis fsav
fsav: /usr/bin/fsav /usr/share/man/man1/fsav.1 /usr/share/man/man1/fsav.1.gz
f-secure-wrapper output
gateway:/usr/lib/MailScanner # /usr/lib/MailScanner/f-secure-wrapper /usr /home/fs/install/virus/
F-Secure Security Platform version 2.10 build 8171
Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved.
Scan started at Mon Jul 13 09:21:01 2009
Database version: 2009-07-13_02
/home/fs/install/virus/eicar.com: Infected: EICAR_Test_File [FSE]
/home/fs/install/virus/eicar.com: Infected: EICAR-Test-File [AVP]
[/home/fs/install/virus/Worm.Sober.zip] Word-Text_packedList.exe: Infected: Email-Worm.Win32.Sober.u [AVP]
Scan ended at Mon Jul 13 09:21:01 2009
2 files scanned
2 files infected
/var/log/mail
Jul 13 08:54:19 gateway update.virus.scanners: Found f-secure installed
Jul 13 08:54:19 gateway update.virus.scanners: Running autoupdate for f-secure
Jul 13 08:54:25 gateway update.virus.scanners: Found generic installed
Jul 13 08:54:25 gateway update.virus.scanners: Running autoupdate for generic
...
Jul 13 09:55:35 gateway postfix/smtpd[22156]: disconnect from web.heise.de[193.99.144.71]
Jul 13 09:55:36 gateway MailScanner[21958]: New Batch: Found 2 messages waiting
Jul 13 09:55:36 gateway MailScanner[21958]: New Batch: Scanning 1 messages, 2826 bytes
Jul 13 09:55:38 gateway MailScanner[21983]: Filename Checks: Windows/DOS Executable (33E9D8A07D.AF1DF eicar.com)
Jul 13 09:55:38 gateway MailScanner[21983]: Other Checks: Found 1 problems
Jul 13 09:55:38 gateway MailScanner[21983]: Virus and Content Scanning: Starting
Jul 13 09:55:38 gateway clamd[14414]: /var/spool/MailScanner/incoming/21983/33E9D8A07D.AF1DF.message: Eicar-Test-Signature FOUND
Jul 13 09:55:38 gateway clamd[14414]: /var/spool/MailScanner/incoming/21983/33E9D8A07D.AF1DF/neicar.com: Eicar-Test-Signature FOUND
Jul 13 09:55:38 gateway MailScanner[21983]: Clamd::INFECTED:: Eicar-Test-Signature :: ./33E9D8A07D.AF1DF/
Jul 13 09:55:38 gateway MailScanner[21983]: Clamd::INFECTED:: Eicar-Test-Signature :: ./33E9D8A07D.AF1DF/eicar.com
Jul 13 09:55:38 gateway MailScanner[21983]: Virus Scanning: Clamd found 2 infections
Jul 13 09:55:38 gateway MailScanner[21983]: Infected message 33E9D8A07D.AF1DF came from 193.99.144.71
Jul 13 09:55:38 gateway MailScanner[21983]: Virus Scanning: Found 2 viruses
Jul 13 09:55:38 gateway MailScanner[21983]: Requeue: 33E9D8A07D.AF1DF to 861D68A0B7
Jul 13 09:55:38 gateway postfix/qmgr[21937]: 861D68A0B7: from=<emailcheck-robot at ct.heise.de>, size=2152, nrcpt=1 (queue active)
Jul 13 09:55:38 gateway MailScanner[21983]: Cleaned: Delivered 1 cleaned messages
Jul 13 09:55:38 gateway postfix/smtp[22166]: certificate verification failed for exchangebs.firma.de[172.16.1.30]:25: untrusted is
suer /DC=de/DC=firma/CN=firmaCA
Jul 13 09:55:38 gateway MailScanner[21983]: Deleted 1 messages from processing-database
Jul 13 09:55:38 gateway MailScanner[21983]: Logging message 33E9D8A07D.AF1DF to SQL
Jul 13 09:55:38 gateway postfix/smtp[22166]: 861D68A0B7: to=<felix.schaefer at firma.biz>, relay=exchangebs.firma.de[172.16
.1.30]:25, delay=5.6, delays=5.4/0/0.07/0.16, dsn=2.6.0, status=sent (250 2.6.0 <E1MQGNo-0000Pb-Ub.octo11 at web.heise.de> Queued mail for del
ivery)
Report in Mailwatch Web Interface:
Report: Clamd: message was infected: Eicar-Test-Signature
Clamd: eicar.com was infected: Eicar-Test-Signature MailScanner: Executable DOS/Windows programs are dangerous in email (eicar.com)
No F-Secure Output?
More information about the MailScanner
mailing list