f-secure-linux-security-7.03 doesn't work with
MailScanner-4.77.10-1
Benedict simon
simon at kmun.gov.kw
Mon Jul 13 15:58:06 IST 2009
> Hello,
>
> I have a problem with most recent f-secure-linux-security-7.03 on my
> openSUSE 11.1 64-Bit Box with MailScanner-4.77.10-1.
>
> Mailscanner doesn't recognise a virus (output vom f-secure f-sav). Only my
> installed clam-av detects the eicar test virus.
> If nessecery I can send a licensed copy of f-secure-linux-security-7.03
> for debugging. Or you can download it for test:
> http://download.f-secure.com/webclub/f-secure-linux-security-7.03.81803.tgz
>
> Since 2003 I use Mailscanner in my company and it is the best available
> Anti-Virus Scanner I ever seen.
> Thank you for your hard work, Julian.
You r absolutely right Mr Felix mailScanner is just a marvelous n the most
incredible piece of software i have ever come across..
its really a blessing to have guys like julian
we always gonna be n debt for this price less piece of software of urs
thnks a million
regards
simon
>
> Please help me. Thank you.
>
> Felix
>
> More information:
> gateway:/home/fs/install # whereis fsav
> fsav: /usr/bin/fsav /usr/share/man/man1/fsav.1
> /usr/share/man/man1/fsav.1.gz
>
> f-secure-wrapper output
> gateway:/usr/lib/MailScanner # /usr/lib/MailScanner/f-secure-wrapper /usr
> /home/fs/install/virus/
> F-Secure Security Platform version 2.10 build 8171
> Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved.
>
> Scan started at Mon Jul 13 09:21:01 2009
> Database version: 2009-07-13_02
>
> /home/fs/install/virus/eicar.com: Infected: EICAR_Test_File [FSE]
> /home/fs/install/virus/eicar.com: Infected: EICAR-Test-File [AVP]
> [/home/fs/install/virus/Worm.Sober.zip] Word-Text_packedList.exe:
> Infected: Email-Worm.Win32.Sober.u [AVP]
>
> Scan ended at Mon Jul 13 09:21:01 2009
> 2 files scanned
> 2 files infected
>
> /var/log/mail
> Jul 13 08:54:19 gateway update.virus.scanners: Found f-secure installed
> Jul 13 08:54:19 gateway update.virus.scanners: Running autoupdate for
> f-secure
> Jul 13 08:54:25 gateway update.virus.scanners: Found generic installed
> Jul 13 08:54:25 gateway update.virus.scanners: Running autoupdate for
> generic
> ...
> Jul 13 09:55:35 gateway postfix/smtpd[22156]: disconnect from
> web.heise.de[193.99.144.71]
> Jul 13 09:55:36 gateway MailScanner[21958]: New Batch: Found 2 messages
> waiting
> Jul 13 09:55:36 gateway MailScanner[21958]: New Batch: Scanning 1
> messages, 2826 bytes
> Jul 13 09:55:38 gateway MailScanner[21983]: Filename Checks: Windows/DOS
> Executable (33E9D8A07D.AF1DF eicar.com)
> Jul 13 09:55:38 gateway MailScanner[21983]: Other Checks: Found 1 problems
> Jul 13 09:55:38 gateway MailScanner[21983]: Virus and Content Scanning:
> Starting
> Jul 13 09:55:38 gateway clamd[14414]:
> /var/spool/MailScanner/incoming/21983/33E9D8A07D.AF1DF.message:
> Eicar-Test-Signature FOUND
> Jul 13 09:55:38 gateway clamd[14414]:
> /var/spool/MailScanner/incoming/21983/33E9D8A07D.AF1DF/neicar.com:
> Eicar-Test-Signature FOUND
> Jul 13 09:55:38 gateway MailScanner[21983]: Clamd::INFECTED::
> Eicar-Test-Signature :: ./33E9D8A07D.AF1DF/
> Jul 13 09:55:38 gateway MailScanner[21983]: Clamd::INFECTED::
> Eicar-Test-Signature :: ./33E9D8A07D.AF1DF/eicar.com
> Jul 13 09:55:38 gateway MailScanner[21983]: Virus Scanning: Clamd found 2
> infections
> Jul 13 09:55:38 gateway MailScanner[21983]: Infected message
> 33E9D8A07D.AF1DF came from 193.99.144.71
> Jul 13 09:55:38 gateway MailScanner[21983]: Virus Scanning: Found 2
> viruses
> Jul 13 09:55:38 gateway MailScanner[21983]: Requeue: 33E9D8A07D.AF1DF to
> 861D68A0B7
> Jul 13 09:55:38 gateway postfix/qmgr[21937]: 861D68A0B7:
> from=<emailcheck-robot at ct.heise.de>, size=2152, nrcpt=1 (queue active)
> Jul 13 09:55:38 gateway MailScanner[21983]: Cleaned: Delivered 1 cleaned
> messages
> Jul 13 09:55:38 gateway postfix/smtp[22166]: certificate verification
> failed for exchangebs.firma.de[172.16.1.30]:25: untrusted is
> suer /DC=de/DC=firma/CN=firmaCA
> Jul 13 09:55:38 gateway MailScanner[21983]: Deleted 1 messages from
> processing-database
> Jul 13 09:55:38 gateway MailScanner[21983]: Logging message
> 33E9D8A07D.AF1DF to SQL
> Jul 13 09:55:38 gateway postfix/smtp[22166]: 861D68A0B7:
> to=<felix.schaefer at firma.biz>, relay=exchangebs.firma.de[172.16
> .1.30]:25, delay=5.6, delays=5.4/0/0.07/0.16, dsn=2.6.0, status=sent (250
> 2.6.0 <E1MQGNo-0000Pb-Ub.octo11 at web.heise.de> Queued mail for del
> ivery)
>
> Report in Mailwatch Web Interface:
> Report: Clamd: message was infected: Eicar-Test-Signature
> Clamd: eicar.com was infected: Eicar-Test-Signature MailScanner:
> Executable DOS/Windows programs are dangerous in email (eicar.com)
>
> No F-Secure Output?
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
Network ADMIN
-------------
KUWAIT MUNICIPALITY:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list