MailScanner 4.78.17 doesn't detect viruses,
have checked tmp permissions and no symlink,
reinstalled clamav (worked in 4.77.10)
Sunny Forro
sunny.forro at compcoind.com
Tue Jan 12 18:05:03 GMT 2010
I've rerun the ./install.sh script - again to no effect. However, I
discovered that MailScanner is properly parsing mcafee's output but not
clamavs. When I lint with my virus scanners set to "clamav mcafee" it
picks up Eicar from mcafee, but nothing from clamav. If I set it to
"clamav" it doesn't pick up Eicar at all.
Side Note: I have a paid version of McAfee that I have used until
recently, when I discovered that the latest release of mcafee for BSD
still relies on an outdated compatibility library (compat3x) that
doesn't properly install and isn't included in any release since
FreeBSD5. It also spikes my CPU to 100% while scanning mail and slows
the whole process to a crawl. Running clamav only with a previous
release of MailScanner produces more reliable results because when my
CPU hits 100% (using mcafee and clamav) mail begins to flow through
completely untouched.
Sunny
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Jules Field
> Sent: Tuesday, January 12, 2010 12:27 PM
> To: MailScanner discussion
> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked
> tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10)
>
> And if you re-run the ./install.sh from MailScanner, just to be
doubly-
> sure?
>
> On 12/01/2010 16:49, Sunny Forro wrote:
> >
> > Rich, thanks for the reply.
> >
> > I've gone through and checked the versions of all the perl-tars
> > against what's installed (and reinstalled some of them to make sure
> > the versions match). Everything that I've checked matches the
> expected
> > versions for this release of MailScanner.
> >
> > Sunny
> >
> > *From:* mailscanner-bounces at lists.mailscanner.info
> > [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of
> > *Richard Lynch
> > *Sent:* Tuesday, January 12, 2010 11:35 AM
> > *To:* MailScanner discussion
> > *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have
> > checked tmp permissions and no symlink, reinstalled clamav (worked
in
> > 4.77.10)
> >
> > Sunny Forro wrote:
> >
> >
> > -----Original Message-----
> > From:mailscanner-bounces at lists.mailscanner.info
<mailto:mailscanner-
> bounces at lists.mailscanner.info>
> > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> Julian
> > Field
> > Sent: Tuesday, January 12, 2010 11:02 AM
> > To: MailScanner discussion
> > Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have
checked
> > tmp permissions and no symlink, reinstalled clamav (worked in
> 4.77.10)
> >
> > Check your virus.scanners.conf file to ensure it is pointing at the
> > correct place for clamav.
> > If "which clamscan" reports /usr/local/bin/clamscan then the clamav
> line
> >
> > in virus.scanners.conf should end in "/usr/local" and if it reports
> > /usr/bin/clamscan then the line should end in "/usr".
> >
> > That would be the first place to look. Then "MailScanner --lint"
> should
> > detect the EICAR test pattern successfully. Once "MailScanner
--lint"
> > works, you're there.
> >
> > Jules.
> >
> >
> > ------ Outlook sucks -----------
> >
> > Jules, thanks for the reply!
> > I checked "which clamscan" and yes it does point to
> > /usr/local/bin/clamscan. The clamav line in virus.scanners.conf does
> end
> > in /usr/local. Still no lint under 4.78.17, but works fine under
> > pervious versions on the same box. Using clamav-wrapper to do a scan
> of
> > /tmp gives me sensible output however.
> >
> > Sunny
> >
> >
> >
> > On 12/01/2010 15:45, Sunny Forro wrote:
> >
> >
> > Hello,
> >
> >
> >
> > I've just upgraded to 4.78.17 and now mailscanner doesn't report
> >
> > viruses detected by clamav in production or lint. I've scanned
> the
> >
> > /tmp directory with clamav-wrapper and get sensible clam output.
> /tmp
> >
> > is not symlinked. I've reinstalled clamav, and manually
> reinstalled
> >
> > all the per-tars from the install directory. I've even tried
> >
> > downgrading MIME-tools to 5.420 (as found on another post), but
> to no
> >
> > effect (and since reinstalled from perl-tar to 5.427). I've
> removed
> >
> > and reinstalled Perl5.8.9, also to no effect. I'm running
> MS4.78.17,
> >
> > SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/
> mailwatch
> >
> > 1.0.4, apache13, mysql5077, php5, virtualized through VMWare
> VSphere
> >
> > 4.0. I've switched back to 4.77.10 as this properly identifies
> virii.
> >
> > I'm out of ideas - Any suggestions? Is there something else I
> need to
> >
> > check, or something else I missed?
> >
> >
> >
> > Any help would be greatly appreciated.
> >
> >
> >
> > Sunny Forro
> >
> >
> >
> > P.S. Thanks a million to Julian Field for a fantastic solution
to
> the
> >
> > deluge of spam we had grown accustomed to.
> >
> >
> >
> >
> >
> >
> > Jules
> >
> >
> >
> > This may be totally unrelated but I had a similar problem like this
> at
> > one point. It turned out that the perl I was running had version
0.16
> > of perl-File-Temp builtin and the version that came packaged with
> > MailScanner was 0.19. When perl was updated v0.19 was removed. I
> ended
> > up having to do a rpm --force on the version that came packaged with
> > MailScanner.
> >
> > This is all from vague memories and I may not have the scenario
> > exactly right. It took me a while to find it though. Check the
> version
> > of File::Temp that you are using. I know that once I got the correct
> > version installed MailScanner --lint started producing expected
> > results with my virus scanners.
> >
> > Rich
> >
> >
> > --
> >
> > "Of all tyrannies, a tyranny exercised for the good of its victims
> may
> > be the most oppressive. It may be better to live under robber barons
> > than omnipotent moral busybodies. The robber baron's cruelty may
> > sometimes sleep, his cupidity may at some point be satiated; but
> those
> > who torment us for our own good will torment us without end, for
they
> do
> > so with the approval of their own conscience."
> >
> > -- C.S. Lewis
> >
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list