MailScanner 4.78.17 doesn't detect viruses,
have checked tmp permissions and no symlink,
reinstalled clamav (worked in 4.77.10)
Sunny Forro
sunny.forro at compcoind.com
Thu Jan 14 22:00:19 GMT 2010
Jules,
I tried to get the sidecutters from your wishlist -
unfortunately it says that particular item cannot be delivered to a
wishlist address. I'm looking at alternative sources.
Sunny Forro
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Julian Field
> Sent: Thursday, January 14, 2010 9:32 AM
> To: MailScanner discussion
> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have checked
> tmp permissions and no symlink, reinstalled clamav (worked in 4.77.10)
>
> I've got a whole rack full of virtualisation hardware available here,
> thanks anyway.
>
> If you want to make a small donation, there are quite a few things on
> my
> amazon.co.uk wishlist, any of which would be very much appreciated!
The
> side-cutters would be most appreciated at the moment, but anything you
> like the price/look of would go down well :-)
>
> Thanks,
> Jules.
>
> On 14/01/2010 14:07, Sunny Forro wrote:
> > Jules,
> > Thanks a million for your help. I'd like to contribute to the
> > development of MailScanner but am far from well-versed in perl. I'm
> > fairly well versed in FreeBSD (that's my preferred install). Would a
> > virtual machine with ssh help you out any?
> > Thanks,
> > Sunny Forro
> >
> >
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-
> >> bounces at lists.mailscanner.info] On Behalf Of Jules Field
> >> Sent: Tuesday, January 12, 2010 2:00 PM
> >> To: MailScanner discussion
> >> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have
> checked
> >> tmp permissions and no symlink, reinstalled clamav (worked in
> 4.77.10)
> >>
> >> Any chance you could give me remote ssh root access to your server
> so
> >>
> > I
> >
> >> can debug it for you and see what output you're getting from clamav
> >>
> > and
> >
> >> why it isn't parsing it properly?
> >> I've got a reputation to protect, so I'm not going to do anything
> bad
> >> to
> >> you!
> >>
> >> If it takes less than a couple of hours, I'll do it for free too.
:)
> >>
> >> Contact me by email if you're interested.
> >>
> >> Jules.
> >>
> >> On 12/01/2010 18:05, Sunny Forro wrote:
> >>
> >>> I've rerun the ./install.sh script - again to no effect. However,
I
> >>> discovered that MailScanner is properly parsing mcafee's output
but
> >>>
> >> not
> >>
> >>> clamavs. When I lint with my virus scanners set to "clamav mcafee"
> >>>
> > it
> >
> >>> picks up Eicar from mcafee, but nothing from clamav. If I set it
to
> >>> "clamav" it doesn't pick up Eicar at all.
> >>>
> >>> Side Note: I have a paid version of McAfee that I have used until
> >>> recently, when I discovered that the latest release of mcafee for
> >>>
> > BSD
> >
> >>> still relies on an outdated compatibility library (compat3x) that
> >>> doesn't properly install and isn't included in any release since
> >>> FreeBSD5. It also spikes my CPU to 100% while scanning mail and
> >>>
> > slows
> >
> >>> the whole process to a crawl. Running clamav only with a previous
> >>> release of MailScanner produces more reliable results because when
> >>>
> >> my
> >>
> >>> CPU hits 100% (using mcafee and clamav) mail begins to flow
through
> >>> completely untouched.
> >>>
> >>> Sunny
> >>>
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: mailscanner-bounces at lists.mailscanner.info
> >>>>
> >> [mailto:mailscanner-
> >>
> >>>> bounces at lists.mailscanner.info] On Behalf Of Jules Field
> >>>> Sent: Tuesday, January 12, 2010 12:27 PM
> >>>> To: MailScanner discussion
> >>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have
> >>>>
> >> checked
> >>
> >>>> tmp permissions and no symlink, reinstalled clamav (worked in
> >>>>
> >> 4.77.10)
> >>
> >>>> And if you re-run the ./install.sh from MailScanner, just to be
> >>>>
> >>>>
> >>> doubly-
> >>>
> >>>
> >>>> sure?
> >>>>
> >>>> On 12/01/2010 16:49, Sunny Forro wrote:
> >>>>
> >>>>
> >>>>> Rich, thanks for the reply.
> >>>>>
> >>>>> I've gone through and checked the versions of all the perl-tars
> >>>>> against what's installed (and reinstalled some of them to make
> >>>>>
> > sure
> >
> >>>>> the versions match). Everything that I've checked matches the
> >>>>>
> >>>>>
> >>>> expected
> >>>>
> >>>>
> >>>>> versions for this release of MailScanner.
> >>>>>
> >>>>> Sunny
> >>>>>
> >>>>> *From:* mailscanner-bounces at lists.mailscanner.info
> >>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf
Of
> >>>>> *Richard Lynch
> >>>>> *Sent:* Tuesday, January 12, 2010 11:35 AM
> >>>>> *To:* MailScanner discussion
> >>>>> *Subject:* Re: MailScanner 4.78.17 doesn't detect viruses, have
> >>>>> checked tmp permissions and no symlink, reinstalled clamav
> (worked
> >>>>>
> >>>>>
> >>> in
> >>>
> >>>
> >>>>> 4.77.10)
> >>>>>
> >>>>> Sunny Forro wrote:
> >>>>>
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From:mailscanner-bounces at lists.mailscanner.info
> >>>>>
> >>>>>
> >>> <mailto:mailscanner-
> >>>
> >>>
> >>>> bounces at lists.mailscanner.info>
> >>>>
> >>>>
> >>>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> >>>>>
> >>>>>
> >>>> Julian
> >>>>
> >>>>
> >>>>> Field
> >>>>> Sent: Tuesday, January 12, 2010 11:02 AM
> >>>>> To: MailScanner discussion
> >>>>> Subject: Re: MailScanner 4.78.17 doesn't detect viruses, have
> >>>>>
> >>>>>
> >>> checked
> >>>
> >>>
> >>>>> tmp permissions and no symlink, reinstalled clamav (worked in
> >>>>>
> >>>>>
> >>>> 4.77.10)
> >>>>
> >>>>
> >>>>> Check your virus.scanners.conf file to ensure it is pointing at
> >>>>>
> > the
> >
> >>>>> correct place for clamav.
> >>>>> If "which clamscan" reports /usr/local/bin/clamscan then the
> >>>>>
> > clamav
> >
> >>>>>
> >>>> line
> >>>>
> >>>>
> >>>>> in virus.scanners.conf should end in "/usr/local" and if it
> >>>>>
> > reports
> >
> >>>>> /usr/bin/clamscan then the line should end in "/usr".
> >>>>>
> >>>>> That would be the first place to look. Then "MailScanner --lint"
> >>>>>
> >>>>>
> >>>> should
> >>>>
> >>>>
> >>>>> detect the EICAR test pattern successfully. Once "MailScanner
> >>>>>
> >>>>>
> >>> --lint"
> >>>
> >>>
> >>>>> works, you're there.
> >>>>>
> >>>>> Jules.
> >>>>>
> >>>>>
> >>>>> ------ Outlook sucks -----------
> >>>>>
> >>>>> Jules, thanks for the reply!
> >>>>> I checked "which clamscan" and yes it does point to
> >>>>> /usr/local/bin/clamscan. The clamav line in virus.scanners.conf
> >>>>>
> >> does
> >>
> >>>>>
> >>>> end
> >>>>
> >>>>
> >>>>> in /usr/local. Still no lint under 4.78.17, but works fine under
> >>>>> pervious versions on the same box. Using clamav-wrapper to do a
> >>>>>
> >> scan
> >>
> >>>>>
> >>>> of
> >>>>
> >>>>
> >>>>> /tmp gives me sensible output however.
> >>>>>
> >>>>> Sunny
> >>>>>
> >>>>>
> >>>>>
> >>>>> On 12/01/2010 15:45, Sunny Forro wrote:
> >>>>>
> >>>>>
> >>>>> Hello,
> >>>>>
> >>>>>
> >>>>>
> >>>>> I've just upgraded to 4.78.17 and now mailscanner doesn't
> >>>>>
> >> report
> >>
> >>>>> viruses detected by clamav in production or lint. I've
> >>>>>
> > scanned
> >
> >>>>>
> >>>> the
> >>>>
> >>>>
> >>>>> /tmp directory with clamav-wrapper and get sensible clam
> >>>>>
> >> output.
> >>
> >>>>>
> >>>> /tmp
> >>>>
> >>>>
> >>>>> is not symlinked. I've reinstalled clamav, and manually
> >>>>>
> >>>>>
> >>>> reinstalled
> >>>>
> >>>>
> >>>>> all the per-tars from the install directory. I've even
> tried
> >>>>>
> >>>>> downgrading MIME-tools to 5.420 (as found on another
post),
> >>>>>
> >> but
> >>
> >>>>>
> >>>> to no
> >>>>
> >>>>
> >>>>> effect (and since reinstalled from perl-tar to 5.427).
I've
> >>>>>
> >>>>>
> >>>> removed
> >>>>
> >>>>
> >>>>> and reinstalled Perl5.8.9, also to no effect. I'm running
> >>>>>
> >>>>>
> >>>> MS4.78.17,
> >>>>
> >>>>
> >>>>> SA3.2.5, Clam0.95.3, sendmail 8.14.3 on FreeBSD7.0p9, w/
> >>>>>
> >>>>>
> >>>> mailwatch
> >>>>
> >>>>
> >>>>> 1.0.4, apache13, mysql5077, php5, virtualized through
> VMWare
> >>>>>
> >>>>>
> >>>> VSphere
> >>>>
> >>>>
> >>>>> 4.0. I've switched back to 4.77.10 as this properly
> >>>>>
> > identifies
> >
> >>>>>
> >>>> virii.
> >>>>
> >>>>
> >>>>> I'm out of ideas - Any suggestions? Is there something
else
> I
> >>>>>
> >>>>>
> >>>> need to
> >>>>
> >>>>
> >>>>> check, or something else I missed?
> >>>>>
> >>>>>
> >>>>>
> >>>>> Any help would be greatly appreciated.
> >>>>>
> >>>>>
> >>>>>
> >>>>> Sunny Forro
> >>>>>
> >>>>>
> >>>>>
> >>>>> P.S. Thanks a million to Julian Field for a fantastic
> >>>>>
> > solution
> >
> >>>>>
> >>> to
> >>>
> >>>
> >>>> the
> >>>>
> >>>>
> >>>>> deluge of spam we had grown accustomed to.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Jules
> >>>>>
> >>>>>
> >>>>>
> >>>>> This may be totally unrelated but I had a similar problem like
> >>>>>
> > this
> >
> >>>>>
> >>>> at
> >>>>
> >>>>
> >>>>> one point. It turned out that the perl I was running had version
> >>>>>
> >>>>>
> >>> 0.16
> >>>
> >>>
> >>>>> of perl-File-Temp builtin and the version that came packaged
with
> >>>>> MailScanner was 0.19. When perl was updated v0.19 was removed. I
> >>>>>
> >>>>>
> >>>> ended
> >>>>
> >>>>
> >>>>> up having to do a rpm --force on the version that came packaged
> >>>>>
> >> with
> >>
> >>>>> MailScanner.
> >>>>>
> >>>>> This is all from vague memories and I may not have the scenario
> >>>>> exactly right. It took me a while to find it though. Check the
> >>>>>
> >>>>>
> >>>> version
> >>>>
> >>>>
> >>>>> of File::Temp that you are using. I know that once I got the
> >>>>>
> >> correct
> >>
> >>>>> version installed MailScanner --lint started producing expected
> >>>>> results with my virus scanners.
> >>>>>
> >>>>> Rich
> >>>>>
> >>>>>
> >>>>> --
> >>>>>
> >>>>> "Of all tyrannies, a tyranny exercised for the good of its
> victims
> >>>>>
> >>>>>
> >>>> may
> >>>>
> >>>>
> >>>>> be the most oppressive. It may be better to live under robber
> >>>>>
> >> barons
> >>
> >>>>> than omnipotent moral busybodies. The robber baron's cruelty may
> >>>>> sometimes sleep, his cupidity may at some point be satiated; but
> >>>>>
> >>>>>
> >>>> those
> >>>>
> >>>>
> >>>>> who torment us for our own good will torment us without end, for
> >>>>>
> >>>>>
> >>> they
> >>>
> >>>
> >>>> do
> >>>>
> >>>>
> >>>>> so with the approval of their own conscience."
> >>>>>
> >>>>> -- C.S. Lewis
> >>>>>
> >>>>>
> >>>>>
> >>>> Jules
> >>>>
> >>>> --
> >>>> Julian Field MEng CITP CEng
> >>>> www.MailScanner.info
> >>>> Buy the MailScanner book at www.MailScanner.info/store
> >>>>
> >>>> Need help customising MailScanner?
> >>>> Contact me!
> >>>> Need help fixing or optimising your systems?
> >>>> Contact me!
> >>>> Need help getting you started solving new requirements from your
> >>>>
> >> boss?
> >>
> >>>> Contact me!
> >>>>
> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> >>>>
> >>>>
> >>>> --
> >>>> This message has been scanned for viruses and
> >>>> dangerous content by MailScanner, and is
> >>>> believed to be clean.
> >>>>
> >>>> --
> >>>> MailScanner mailing list
> >>>> mailscanner at lists.mailscanner.info
> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>>>
> >>>> Before posting, read http://wiki.mailscanner.info/posting
> >>>>
> >>>> Support MailScanner development - buy the book off the website!
> >>>>
> >>>>
> >>>
> >>>
> >> Jules
> >>
> >> --
> >> Julian Field MEng CITP CEng
> >> www.MailScanner.info
> >> Buy the MailScanner book at www.MailScanner.info/store
> >>
> >> Need help customising MailScanner?
> >> Contact me!
> >> Need help fixing or optimising your systems?
> >> Contact me!
> >> Need help getting you started solving new requirements from your
> boss?
> >> Contact me!
> >>
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> >>
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
More information about the MailScanner
mailing list