<div dir="ltr"><div dir="ltr"><div>Kevin,</div><div><br></div><div><a href="https://github.com/MailScanner/v5/pull/353">https://github.com/MailScanner/v5/pull/353</a><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 21, 2019 at 8:03 PM Kevin Miller <<a href="mailto:kevin.miller@juneau.org">kevin.miller@juneau.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Re: my previous message, I change the owner/group of /var/spool/MailScanner/incoming/clamav-tmp to postfix:mtagroup and it cleaned up the permissions error I had noted.<br>
<br>
In my further testing, I configured MailScanner to only use Sophos rather than it and clamav. It detects messages as viral, but let doesn't quarantine them (using clamd does). <br>
<br>
>From my mail.log:<br>
Feb 21 15:50:07 mxt MailScanner[3122]: Virus and Content Scanning: Starting<br>
Feb 21 15:50:15 mxt MailScanner[3122]: >>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/3122/836C01002EF.AD186/nmsg-3122-1.txt<br>
Feb 21 15:50:15 mxt MailScanner[3122]: Virus Scanning: Sophos found 1 infections<br>
Feb 21 15:50:15 mxt MailScanner[3122]: Infected message var came from<br>
Feb 21 15:50:15 mxt MailScanner[3122]: Virus Scanning: Found 1 viruses<br>
Feb 21 15:50:36 mxt MailScanner[3122]: Requeue: 836C01002EF.AD186 to E6FF31005DD<br>
Feb 21 15:50:36 mxt MailScanner[3122]: Uninfected: Delivered 1 messages<br>
<br>
There's several oddities such as "var/pool" rather than "/var/spool".<br>
Lines 3 - 5 clearly note the infection but the message is requeued and sent through as if it was clean. Really odd.<br>
<br>
Testing the wrapper from the CLI I got the following output which seems pretty much what one would expect:<br>
===================================<br>
root@mxt:/opt/sophos-av/bin# /usr/lib/MailScanner/wrapper/sophos-wrapper /opt/sophos-av/ /tmp<br>
SAVScan virus detection utility<br>
Version 5.53.0 [Linux/AMD64]<br>
Virus data version 5.60, February 2019<br>
Includes detection for 30926993 viruses, Trojans and worms<br>
Copyright (c) 1989-2019 Sophos Limited. All rights reserved.<br>
<br>
System time 15:46:59, System date 21 February 2019<br>
<br>
IDE directory is: /opt/sophos-av/lib/sav<br>
<br>
Using IDE file tofse-cl.ide<br>
...dozens of similar lines snipped...<br>
Using IDE file docd-rwe.ide<br>
<br>
Quick Scanning<br>
<br>
0 files scanned in 8 seconds.<br>
No viruses were discovered.<br>
End of Scan.<br>
===================================<br>
<br>
MailScanner --lint gave the following:<br>
<br>
MailScanner.conf says "Virus Scanners = sophos"<br>
Found these virus scanners installed: sophos, clamd<br>
===========================================================================<br>
Filename Checks: Windows/DOS Executable (1 <a href="http://eicar.com" rel="noreferrer" target="_blank">eicar.com</a>)<br>
Other Checks: Found 1 problems<br>
Virus and Content Scanning: Starting<br>
>>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/5033/1/<a href="http://neicar.com" rel="noreferrer" target="_blank">neicar.com</a><br>
Virus Scanning: Sophos found 1 infections<br>
Infected message var came from <br>
Virus Scanning: Found 1 viruses<br>
<br>
There seems to be some piece of the puzzle that apparently has a typo in it, leading to the "var/pool" error and probably the reason the message is delivered even though noted as a virus.<br>
<br>
...Kevin<br>
--<br>
Kevin Miller<br>
Network/email Administrator, CBJ MIS Dept.<br>
155 South Seward Street<br>
Juneau, Alaska 99801<br>
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357<br>
<br>
<br>
<br>
<br>
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" rel="noreferrer" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr">Shawn Iverson, CETL<div>Director of Technology</div><div>Rush County Schools</div><div>765-932-3901 option 7</div><div><a href="mailto:iversons@rushville.k12.in.us" target="_blank">iversons@rushville.k12.in.us</a></div><div><br></div><div><img src="https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ" style="font-size: 12.8px;" width="96" height="96"><img src="https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ" width="89" height="96"></div><div><img src="https://docs.google.com/uc?export=download&id=1aBrlQou4gjB04FY-twHN_0Dn3GHVNxqa&revid=0Bw5iD0ToYvs_RnQ0eDhHcm95WHBFdkNRbXhQRXpoYkR6SEEwPQ" style="font-size: 12.8px;"><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>