f-secure-linux-security-7.03 doesn't work with MailScanner-4.77.10-1

Jonas A. Larsen jonas at vrt.dk
Mon Jul 13 10:03:34 IST 2009


> More information:
> gateway:/home/fs/install # whereis fsav
> fsav: /usr/bin/fsav /usr/share/man/man1/fsav.1
> /usr/share/man/man1/fsav.1.gz
> 
> f-secure-wrapper output
> gateway:/usr/lib/MailScanner # /usr/lib/MailScanner/f-secure-wrapper
> /usr /home/fs/install/virus/
> F-Secure Security Platform version 2.10  build 8171
> Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved.
> 
> Scan started at Mon Jul 13 09:21:01 2009
> Database version: 2009-07-13_02
> 
> /home/fs/install/virus/eicar.com: Infected: EICAR_Test_File [FSE]
> /home/fs/install/virus/eicar.com: Infected: EICAR-Test-File [AVP]
> [/home/fs/install/virus/Worm.Sober.zip] Word-Text_packedList.exe:
> Infected: Email-Worm.Win32.Sober.u [AVP]
> 
> Scan ended at Mon Jul 13 09:21:01 2009
> 2 files scanned
> 2 files infected
> 
> /var/log/mail
> Jul 13 08:54:19 gateway update.virus.scanners: Found f-secure installed
> Jul 13 08:54:19 gateway update.virus.scanners: Running autoupdate for
> f-secure
> Jul 13 08:54:25 gateway update.virus.scanners: Found generic installed
> Jul 13 08:54:25 gateway update.virus.scanners: Running autoupdate for
> generic
> ...
> Jul 13 09:55:35 gateway postfix/smtpd[22156]: disconnect from
> web.heise.de[193.99.144.71]
> Jul 13 09:55:36 gateway MailScanner[21958]: New Batch: Found 2 messages
> waiting
> Jul 13 09:55:36 gateway MailScanner[21958]: New Batch: Scanning 1
> messages, 2826 bytes
> Jul 13 09:55:38 gateway MailScanner[21983]: Filename Checks:
> Windows/DOS Executable (33E9D8A07D.AF1DF eicar.com)
> Jul 13 09:55:38 gateway MailScanner[21983]: Other Checks: Found 1
> problems
> Jul 13 09:55:38 gateway MailScanner[21983]: Virus and Content Scanning:
> Starting
> Jul 13 09:55:38 gateway clamd[14414]:
> /var/spool/MailScanner/incoming/21983/33E9D8A07D.AF1DF.message: Eicar-
> Test-Signature FOUND
> Jul 13 09:55:38 gateway clamd[14414]:
> /var/spool/MailScanner/incoming/21983/33E9D8A07D.AF1DF/neicar.com:
> Eicar-Test-Signature FOUND
> Jul 13 09:55:38 gateway MailScanner[21983]: Clamd::INFECTED:: Eicar-
> Test-Signature :: ./33E9D8A07D.AF1DF/
> Jul 13 09:55:38 gateway MailScanner[21983]: Clamd::INFECTED:: Eicar-
> Test-Signature :: ./33E9D8A07D.AF1DF/eicar.com
> Jul 13 09:55:38 gateway MailScanner[21983]: Virus Scanning: Clamd found
> 2 infections
> Jul 13 09:55:38 gateway MailScanner[21983]: Infected message
> 33E9D8A07D.AF1DF came from 193.99.144.71
> Jul 13 09:55:38 gateway MailScanner[21983]: Virus Scanning: Found 2
> viruses
> Jul 13 09:55:38 gateway MailScanner[21983]: Requeue: 33E9D8A07D.AF1DF
> to 861D68A0B7
> Jul 13 09:55:38 gateway postfix/qmgr[21937]: 861D68A0B7:
> from=<emailcheck-robot at ct.heise.de>, size=2152, nrcpt=1 (queue active)
> Jul 13 09:55:38 gateway MailScanner[21983]: Cleaned: Delivered 1
> cleaned messages
> Jul 13 09:55:38 gateway postfix/smtp[22166]: certificate verification
> failed for exchangebs.firma.de[172.16.1.30]:25: untrusted is
> suer /DC=de/DC=firma/CN=firmaCA
> Jul 13 09:55:38 gateway MailScanner[21983]: Deleted 1 messages from
> processing-database
> Jul 13 09:55:38 gateway MailScanner[21983]: Logging message
> 33E9D8A07D.AF1DF to SQL
> Jul 13 09:55:38 gateway postfix/smtp[22166]: 861D68A0B7:
> to=<felix.schaefer at firma.biz>, relay=exchangebs.firma.de[172.16
> .1.30]:25, delay=5.6, delays=5.4/0/0.07/0.16, dsn=2.6.0, status=sent
> (250 2.6.0 <E1MQGNo-0000Pb-Ub.octo11 at web.heise.de> Queued mail for del
> ivery)

This is just a guess (it's quite hard to read the truncated log) but it does
not look like MailScanner runs f-secure?

I use the f-secure product myself (it combines f-secure and kaspersky's
signatures so I like it a lot since you get 2 products in 1) and it works
fine.

How did u enable f-secure in mailscanner.conf?



Med venlig hilsen / Best regards
 
Jonas Akrouh Larsen
 
TechBiz ApS
Laplandsgade 4, 2. sal
2300 København S
 
Office: 7020 0979
Direct: 3336 9974
Mobile: 5120 1096
Fax:    7020 0978
Web: www.techbiz.dk





More information about the MailScanner mailing list