MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10)

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 12 16:30:33 GMT 2010


In which case I would suspect permissions. Are you using clamav or 
clamd? If clamav, make sure the "Run As User" can read the files in the 
/var/spool/MailScanner/incoming directory. If clamd, ensure the group 
and perms are set as described in the MailScanner.conf file (look for 
clamd and you'll find the settings it tells you about).

Jules.

On 12/01/2010 16:19, Sunny Forro wrote:
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: Tuesday, January 12, 2010 11:02 AM
> To: MailScanner discussion
> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked
> tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10)
>
> Check your virus.scanners.conf file to ensure it is pointing at the
> correct place for clamav.
> If "which clamscan" reports /usr/local/bin/clamscan then the clamav line
>
> in virus.scanners.conf should end in "/usr/local" and if it reports
> /usr/bin/clamscan then the line should end in "/usr".
>
> That would be the first place to look. Then "MailScanner --lint" should
> detect the EICAR test pattern successfully. Once "MailScanner --lint"
> works, you're there.
>
> Jules.
>
>
> ------ Outlook sucks -----------
>
> Jules, thanks for the reply!
> I checked "which clamscan" and yes it does point to
> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does end
> in /usr/local. Still no lint under 4.78.17, but works fine under
> pervious versions on the same box. Using clamav-wrapper to do a scan of
> /tmp gives me sensible output however.
>
> Sunny
>
>
>
> On 12/01/2010 15:45, Sunny Forro wrote:
>    
>> Hello,
>>
>> I've just upgraded to 4.78.17 and now mailscanner doesn't report
>> viruses detected by clamav in production or lint. I've scanned the
>> /tmp directory with clamav-wrapper and get sensible clam output. /tmp
>> is not symlinked. I've reinstalled clamav, and manually reinstalled
>> all the per-tars from the install directory. I've even tried
>> downgrading MIME-tools to 5.420 (as found on another post), but to no
>> effect (and since reinstalled from perl-tar to 5.427). I've removed
>> and reinstalled Perl5.8.9, also to no effect. I'm running MS4.78.17,
>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch
>> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare VSphere
>> 4.0. I've switched back to 4.77.10 as this properly identifies virii.
>> I'm out of ideas - Any suggestions? Is there something else I need to
>> check, or something else I missed?
>>
>> Any help would be greatly appreciated.
>>
>> Sunny Forro
>>
>> P.S. Thanks a million to Julian Field for a fantastic solution to the
>> deluge of spam we had grown accustomed to.
>>
>>      
> Jules
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list