MailScanner 4.78.17 doesn't detect viruses, have checked tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10)

Tue Jan 12 16:47:13 GMT 2010

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Julian Field
> Sent: Tuesday, January 12, 2010 11:31 AM
> To: MailScanner discussion
> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked
> tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10)
> 
> In which case I would suspect permissions. Are you using clamav or
> clamd? If clamav, make sure the "Run As User" can read the files in
the
> /var/spool/MailScanner/incoming directory. If clamd, ensure the group
> and perms are set as described in the MailScanner.conf file (look for
> clamd and you'll find the settings it tells you about).
> 
> Jules.
> 

I am running clamav 0.95.3 and have not set a "Run As User" (running
sendmail). When I do a clamav-wrapper scan of
/var/spool/MailScanner/incoming I get sensible output (clamav returns
"OK" or other sensible output for each message). When I set the
MailScanner symlink to my older install (4.77.10-1) virus scanning works
as expected and ./MailScanner --lint returns a hit for eicar. I'm still
perplexed.

Sunny Forro

> On 12/01/2010 16:19, Sunny Forro wrote:
> >
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info
> > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> Julian
> > Field
> > Sent: Tuesday, January 12, 2010 11:02 AM
> > To: MailScanner discussion
> > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have
checked
> > tmp permissions and no symlink, reinstalled clamav (worked in
> 4.77.10)
> >
> > Check your virus.scanners.conf file to ensure it is pointing at the
> > correct place for clamav.
> > If "which clamscan" reports /usr/local/bin/clamscan then the clamav
> line
> >
> > in virus.scanners.conf should end in "/usr/local" and if it reports
> > /usr/bin/clamscan then the line should end in "/usr".
> >
> > That would be the first place to look. Then "MailScanner --lint"
> should
> > detect the EICAR test pattern successfully. Once "MailScanner
--lint"
> > works, you're there.
> >
> > Jules.
> >
> >
> > ------ Outlook sucks -----------
> >
> > Jules, thanks for the reply!
> > I checked "which clamscan" and yes it does point to
> > /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does
> end
> > in /usr/local. Still no lint under 4.78.17, but works fine under
> > pervious versions on the same box. Using clamav-wrapper to do a scan
> of
> > /tmp gives me sensible output however.
> >
> > Sunny
> >
> >
> >
> > On 12/01/2010 15:45, Sunny Forro wrote:
> >
> >> Hello,
> >>
> >> I've just upgraded to 4.78.17 and now mailscanner doesn't report
> >> viruses detected by clamav in production or lint. I've scanned the
> >> /tmp directory with clamav-wrapper and get sensible clam output.
> /tmp
> >> is not symlinked. I've reinstalled clamav, and manually reinstalled
> >> all the per-tars from the install directory. I've even tried
> >> downgrading MIME-tools to 5.420 (as found on another post), but to
> no
> >> effect (and since reinstalled from perl-tar to 5.427). I've removed
> >> and reinstalled Perl5.8.9, also to no effect. I'm running
MS4.78.17,
> >> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/ mailwatch
> >> 1.0.4, apache13, mysql5077, php5, virtualized through VMWare
VSphere
> >> 4.0. I've switched back to 4.77.10 as this properly identifies
> virii.
> >> I'm out of ideas - Any suggestions? Is there something else I need
> to
> >> check, or something else I missed?
> >>
> >> Any help would be greatly appreciated.
> >>
> >> Sunny Forro
> >>
> >> P.S. Thanks a million to Julian Field for a fantastic solution to
> the
> >> deluge of spam we had grown accustomed to.
> >>
> >>
> > Jules
> >
> >
> 
> Jules
> 
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> 
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!