<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Hello,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I am configuring a new mailscanner cluster. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The old mail scanner cluster is correctly using multiple antivirus software. When the linter is run on the old cluster multiple virus scanners are being used; see configuration and lint output below.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The new scanner cluster is NOT using Sophos anti-virus. I have confirmed by debugging that /usr/lib/MailScanner/wrapper/sophos-wrapper is being successfully called to detect Sophos. Sophos-wrapper is NOT being called during the virus scanning stage. See configuration and lint output below.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I have successfully ran Sophos antivirus and update from the command line on the new cluster. Not sure where to go from here.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>All suggestions welcome,<o:p></o:p></p><p class=MsoNormal>Danny<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>/etc/MailScanner/MailScanner.conf<o:p></o:p></b></p><p class=MsoNormal>[snip]<o:p></o:p></p><p class=MsoNormal>Virus Scanners = avg esets clamd Sophos<o:p></o:p></p><p class=MsoNormal>[snip]<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>Old Cluster Lint.<o:p></o:p></b></p><p class=MsoNormal>[root ~]# MailScanner --lint 2>&1<o:p></o:p></p><p class=MsoNormal>Trying to setlogsock(unix)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/MailScanner.conf<o:p></o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/conf.d/README<o:p></o:p></p><p class=MsoNormal>[snip]<o:p></o:p></p><p class=MsoNormal>MailScanner.conf says "Virus Scanners = avg esets clamd sophos"<o:p></o:p></p><p class=MsoNormal>Found these virus scanners installed: sophos, avg, esets<o:p></o:p></p><p class=MsoNormal>===========================================================================<o:p></o:p></p><p class=MsoNormal>Filename Checks: Windows/DOS Executable (1 eicar.com)<o:p></o:p></p><p class=MsoNormal>Filetype Checks: Allowing 1 eicar.com (no match found)<o:p></o:p></p><p class=MsoNormal>Other Checks: Found 1 problems<o:p></o:p></p><p class=MsoNormal>Virus and Content Scanning: Starting<o:p></o:p></p><p class=MsoNormal>Avg: Virus identified EICAR_Test in neicar.com<o:p></o:p></p><p class=MsoNormal>Virus Scanning: Avg found 1 infections<o:p></o:p></p><p class=MsoNormal>No license found.<o:p></o:p></p><p class=MsoNormal>Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .<o:p></o:p></p><p class=MsoNormal>Virus Scanning: Clamd found 1 infections<o:p></o:p></p><p class=MsoNormal>>>> Virus 'EICAR-AV-Test' found in file /var/pool/MailScanner/incoming/9142/1/neicar.com<o:p></o:p></p><p class=MsoNormal>Virus Scanning: Sophos found 1 infections<o:p></o:p></p><p class=MsoNormal>Infected message var came from<o:p></o:p></p><p class=MsoNormal>Virus Scanning: Found 3 viruses<o:p></o:p></p><p class=MsoNormal>===========================================================================<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If any of your virus scanners (sophos,avg,esets)<o:p></o:p></p><p class=MsoNormal>are not listed there, you should check that they are installed correctly<o:p></o:p></p><p class=MsoNormal>and that MailScanner is finding them correctly via its virus.scanners.conf.<o:p></o:p></p><p class=MsoNormal>[snip]<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>New cluster’s /etc/MailScanner/MailScanner.conf<o:p></o:p></b></p><p class=MsoNormal>[snip]<o:p></o:p></p><p class=MsoNormal>Virus Scanners = clamd Sophos<o:p></o:p></p><p class=MsoNormal>[snip]<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>New Cluster Lint.<o:p></o:p></b></p><p class=MsoNormal>[root ~]# MailScanner --lint 2>&1 | tee out<o:p></o:p></p><p class=MsoNormal>Trying to setlogsock(unix)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/MailScanner.conf<o:p></o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/conf.d/00_mailwatch.conf<o:p></o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/conf.d/00_mw-install-script.conf<o:p></o:p></p><p class=MsoNormal>Reading configuration file /etc/MailScanner/conf.d/README<o:p></o:p></p><p class=MsoNormal>[snip]<o:p></o:p></p><p class=MsoNormal>MailScanner.conf says "Virus Scanners = clamd"<o:p></o:p></p><div style='mso-element:para-border-div;border:none;border-bottom:double windowtext 2.25pt;padding:0cm 0cm 1.0pt 0cm'><p class=MsoNormal style='border:none;padding:0cm'>Found these virus scanners installed: sophos, clamd<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>===========================================================================<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Filename Checks: Windows/DOS Executable (1 eicar.com)<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Other Checks: Found 1 problems<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Virus and Content Scanning: Starting<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Virus Scanning: Clamd found 2 infections<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Infected message 1 came from 10.1.1.1<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Virus Scanning: Found 2 viruses<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>===========================================================================<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Virus Scanner test reports:<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>Clamd said "eicar.com was infected: {HEX}EICAR.TEST.3.UNOFFICIAL"<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'><o:p> </o:p></p><p class=MsoNormal style='border:none;padding:0cm'>If any of your virus scanners (sophos,clamd)<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>are not listed there, you should check that they are installed correctly<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'>and that MailScanner is finding them correctly via its virus.scanners.conf.<o:p></o:p></p><p class=MsoNormal style='border:none;padding:0cm'><o:p> </o:p></p><p class=MsoNormal style='border:none;padding:0cm'><o:p> </o:p></p><p class=MsoNormal style='border:none;padding:0cm'><o:p> </o:p></p><p class=MsoNormal style='border:none;padding:0cm'><o:p> </o:p></p></div></div></body></html>