ClamAV response not interpreted
Jules Field
MailScanner at ecs.soton.ac.uk
Sun Jan 31 11:58:27 GMT 2010
On 30/01/2010 20:12, Jens Huenerberg wrote:
> On 30.01.2010, Mark Sapiro wrote:
>
>> On 11:59 AM, Jens Huenerberg wrote:
>>>
>>> Obviously, ClamAV had been asked to scan the email, found it to contain
>>> a virus and reported this back to MailScanner. But MailScanner did not
>>> complain in any way.
>>
>> What does 'MailScanner --lint' say?
>
> # MailScanner --lint
> Trying to setlogsock(unix)
>
> Reading configuration file /etc/MailScanner/MailScanner.conf
> Reading configuration file /etc/MailScanner/conf.d/README
> Read 858 hostnames from the phishing whitelist
> Read 5661 hostnames from the phishing blacklists
>
> Checking version numbers...
> Version number in MailScanner.conf (4.78.17) is correct.
>
> Unrar is not installed, it should be in /usr/bin/unrar.
> This is required for RAR archives to be read to check
> filenames and filetypes. Virus scanning is not affected.
>
>
> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
> ERROR: is not correct, it should match X-myorg-MailScanner-From
>
>
> Checking for SpamAssassin errors (if you use it)...
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database
> config: failed to parse line, skipping, in
> "/etc/mail/spamassassin/mailscanner.c f":
> use_dcc 0
> SpamAssassin reported an error.
> Connected to Processing Attempts Database
> Created Processing Attempts Database successfully
> There are 0 messages in the Processing Attempts Database
> Using locktype = posix
> MailScanner.conf says "Virus Scanners = clamav"
> Found these virus scanners installed: clamavmodule
> ===========================================================================
>
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> LibClamAV Warning:
> ***********************************************************
> LibClamAV Warning: *** This version of the ClamAV engine is outdated.
> ***
> LibClamAV Warning: *** DON'T PANIC! Read
> http://www.clamav.net/support/faq ***
> LibClamAV Warning:
> ***********************************************************
In which case your clamav installation is a bit screwed. It should have
reported finding the EICAR test message in the output just here. It is
not finding your copy of clamscan at all. I would suspect your
/etc/MailScanner/virus.scanners.conf file has the wrong location for
clamav, clamavmodule and clamd. If you used the RPMs, then all those
lines in that file should say "/usr" at the end and not "/usr/local".
> ===========================================================================
>
>
> If any of your virus scanners (clamavmodule)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list