Disabling antivirus

Glenn Steen glenn.steen at gmail.com
Thu Jun 9 22:11:37 IST 2011 

1. Set Virus Scanning to no,
to disable that part.

2. This will neither stop the installed scanners from being updated, nor
exclude them from the lint tests. Jules designed it this way deliberately,
and for good reason.

3. Clamav scanner is a wrapped up call to clamscan run as the user you run
MS as. The clamd thing passes the job of scanning the batch to the clamd
daemon, which pribably runs as the clamav user/group. Amend the permissions
and ownerships so that it xan, but without fouling up things for MS as
such... And you're good. There's at least one wiki page in the MS wiki to
guide you, as well as numerous (but old-ish) posts in this ml... Go read
them.

Cheers!
-- 
-- Glenn

Den 9 jun 2011 20.56, "Sandro Dentella" <sandro.dentella at gmail.com> skrev:



2011/6/8 Ryan Ivey <iveymr at gmail.com>
>
> On Wed, Jun 8, 2011 at 6:44 AM, Sandro Dentella <sandro.de...
Thanks for the hint Ryan! I wasn't aware of --lint option. I could fix a
couplpe of errors. In fact I see that setting to 'no' turns out the EICAR
infected message but does not stop the message:

MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamd
===========================================================================


Virus and Content Scanning: Starting
===========================================================================

If any of your virus scanners (clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.


that I find misleading if  the meaning is that virus scanning is disabled!

A last question: I had problems setting the permission. Using Virus Scanenr
= clamd raise an error:

 ===========================================================================


Virus and Content Scanning: Starting
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./MSlintPTFbzv/lstat() failed:
Permission denied. ERROR :: /var/spool/MailScanner/incoming/22945
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================


that I don't have if I set Virus Scanners = clamav

user and Group definition in MailScanner.conf are:

  Run As User = postfix
  Incoming Work User =
  Quarantine User =
  Incoming Work Group = clamav
  Quarantine Group =
  Run As Group = www-data
  Incoming Work Group = clamav

and postfix also belongs to clamav group.

I don't really know ho to interpret the error. Since the virus scanner is
clamd, it means that clamd user should be able to create
/var/spool/MailScanner/incoming/22945, correct? clamd *is* able to do
that...

Any help is appreciated

sandro
*:-)



--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110609/d2a87305/attachment.html

More information about the MailScanner mailing list