ClamAV response not interpreted
Jules Field
MailScanner at ecs.soton.ac.uk
Sun Jan 31 11:55:55 GMT 2010
Please post all the output from your call to clamscan on this message.
Also test that "MailScanner --lint" successfully reports ClamAV finding
the EICAR in the "lint test" message that it uses.
On 29/01/2010 22:09, Jens Huenerberg wrote:
> Hi,
>
> I'm using MailScanner-4.78.17-1 with ClamAV and SpamAssassin 3.3.0.
>
> For the installation, I've used the install script for MailScanner and
> the latest easy install package for ClamAV and SpamAssassin (which by
> the way failed to build an RSA module but nevertheless completed
> successfully).
>
> As I'm using CentOS 5.x, I skipped the installation of ClamAV from
> that package and installed the RPM packages for version 0.95.3 from
>
> http://packages.sw.be/clamav/
>
> instead. All this worked out fine.
>
> In the end, MailScanner seemed to operate the way it should.
> Headers are marked and Spam is classified. Great.
>
> As I was unsure, whether ClamAV was working, I've sent an EICAR
> signature in an email from a remote system to my new mail server.
>
> I expected to get a reject or at least a warning. But no:
>
> "X-myorg-MailScanner: Found to be clean"
>
> No warnings, nothing. Surprise, surprise. In a next step, I've
> performed some tests with ClamAV. And ClamAV always detects the virus
> signature. Ok. So I adjusted the clamav-wrapper script:
>
> --->
>
> $ClamScan $ExtraScanOptions $ScanOptions "$@"
>
> retval=$?
>
> #Log command and results
> echo $ClamScan $ExtraScanOptions $ScanOptions>>/tmp/whatscan
> echo $retval >>/tmp/scanlog
>
> <----
>
> What I found, was a virus positive return value (1):
>
> /usr/bin/clamscan --tempdir=/tmp/clamav.22701
> 1
>
> Obviously, ClamAV had been asked to scan the email, found it to
> contain a virus and reported this back to MailScanner. But MailScanner
> did not complain in any way.
>
> Have I missed some special option to let MailScanner do something with
> a positive answer? Or am I completely misled and wrong?
>
> Any hint or help is very much appreciated ...
>
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list