More antivirus fun...

Kevin Miller kevin.miller at juneau.org
Mon Feb 25 20:42:31 UTC 2019 

Yup:
root at mx1:/var/spool/MailScanner/incoming# grep mtagroup /etc/group
mtagroup:x:1002:clamav,postfix,mail,www-data,sophosav

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: MailScanner [mailto:mailscanner-bounces+kevin.miller=juneau.org at lists.mailscanner.info] On Behalf Of Shawn Iverson via MailScanner
Sent: Monday, February 25, 2019 11:34 AM
To: MailScanner Discussion
Cc: Shawn Iverson
Subject: Re: More antivirus fun...

Is the clam user in the mtagroup on all hosts?

On Mon, Feb 25, 2019 at 3:30 PM Kevin Miller <kevin.miller at juneau.org<mailto:kevin.miller at juneau.org>> wrote:
Following up on last weeks upgrades.

To wit, on a couple of my hosts clamd is working as advertised.  On a couple others, it's only partially working.  I ran MailScanner --lint on a fully working box, mxt, and a partially working box, mx1 and compared the /var/log/clamav/clamav.log files.

mxt:
Mon Feb 25 10:47:48 2019 -> /var/spool/MailScanner/incoming/65439/1.message: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
Mon Feb 25 10:47:48 2019 -> /var/spool/MailScanner/incoming/65439/1/neicar.com<http://neicar.com>: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND

mx1:
Mon Feb 25 10:31:20 2019 -> /var/spool/MailScanner/incoming/13106/1.message: Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND
Mon Feb 25 10:31:20 2019 -> /var/spool/MailScanner/incoming/13106/1/neicar.com<http://neicar.com>: Can't open file or directory ERROR

So it appears that for whatever reason "neicar.com<http://neicar.com>" isn't found on mx1, the partially working box.  The directory is available, as evidenced by the fist log entry.

I did a "locate neicar.com<http://neicar.com>" on both hosts and neither returned a location for that filename, but perhaps it's created on the fly by the lint process?

Permissions match on both hosts.

It's a puzzler...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20190225/0b764b28/attachment.html>

More information about the MailScanner mailing list