mailscanner not using all anti virus software
dannyjohn93 at gmail.com
dannyjohn93 at gmail.com
Tue Dec 15 05:42:19 UTC 2020
Hello,
I am configuring a new mailscanner cluster.
The old mail scanner cluster is correctly using multiple antivirus software.
When the linter is run on the old cluster multiple virus scanners are being
used; see configuration and lint output below.
The new scanner cluster is NOT using Sophos anti-virus. I have confirmed by
debugging that /usr/lib/MailScanner/wrapper/sophos-wrapper is being
successfully called to detect Sophos. Sophos-wrapper is NOT being called
during the virus scanning stage. See configuration and lint output below.
I have successfully ran Sophos antivirus and update from the command line on
the new cluster. Not sure where to go from here.
All suggestions welcome,
Danny
/etc/MailScanner/MailScanner.conf
[snip]
Virus Scanners = avg esets clamd Sophos
[snip]
Old Cluster Lint.
[root ~]# MailScanner --lint 2>&1
Trying to setlogsock(unix)
Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
[snip]
MailScanner.conf says "Virus Scanners = avg esets clamd sophos"
Found these virus scanners installed: sophos, avg, esets
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Filetype Checks: Allowing 1 eicar.com (no match found)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Avg: Virus identified EICAR_Test in neicar.com
Virus Scanning: Avg found 1 infections
No license found.
Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Virus Scanning: Clamd found 1 infections
>>> Virus 'EICAR-AV-Test' found in file
/var/pool/MailScanner/incoming/9142/1/neicar.com
Virus Scanning: Sophos found 1 infections
Infected message var came from
Virus Scanning: Found 3 viruses
===========================================================================
If any of your virus scanners (sophos,avg,esets)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
[snip]
New cluster's /etc/MailScanner/MailScanner.conf
[snip]
Virus Scanners = clamd Sophos
[snip]
New Cluster Lint.
[root ~]# MailScanner --lint 2>&1 | tee out
Trying to setlogsock(unix)
Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/00_mailwatch.conf
Reading configuration file /etc/MailScanner/conf.d/00_mw-install-script.conf
Reading configuration file /etc/MailScanner/conf.d/README
[snip]
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: sophos, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: {HEX}EICAR.TEST.3.UNOFFICIAL"
If any of your virus scanners (sophos,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201215/663c3cc9/attachment.html>
More information about the MailScanner
mailing list