Dnia 2004-11-28 10:13 użytkownik Jacek Politowski napisał :
O, to zupełnie inne doświadczenia niż moje.
Clamd u mnie skanuje bez problemu.
I jakoś nie za bardzo chce mi się wierzyć w to, że ,,wszystko
wyglądało ok'' - coś musiało wyglądać nie ,,ok'', choćby paniclog
exima, albo clamd.log.
Nie wierzysz? Proszę bardzo:
[EMAIL PROTECTED]:~$ /usr/bin/clamscan --mbox --block-encrypted
/usr/local/share/eicar/eicar.com.txt
/usr/local/share/eicar/eicar.com.txt: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 27566
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 1.624 sec (0 m 1 s)
[EMAIL PROTECTED]:~$ /usr/bin/clamdscan --mbox --block-encrypted
/usr/local/share/eicar/eicar.com.txt
WARNING: Ignoring option -m (--mbox): please edit clamd.conf instead.
WARNING: Ignoring option --block-encrypted: please edit clamd.conf
instead.
/usr/local/share/eicar/eicar.com.txt: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.019 sec (0 m 0 s)
Konfiguracja antywirusa w exim4.conf:
av_scanner = cmdline:/usr/bin/clamscan --mbox --block-encrypted
%s:FOUND:.{1,} (.*) FOUND
i efekt:
[EMAIL PROTECTED]:~$ telnet menek.one.pl 25
Trying 81.219.150.155...
Connected to menek.one.pl.
Escape character is '^]'.
220 menek.one.pl ESMTP Sun, 28 Nov 2004 18:59:49 +0100
ehlo menek
250-menek.one.pl Hello menek.one.pl [81.219.150.155]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from:[EMAIL PROTECTED]
250 OK
rcpt to:[EMAIL PROTECTED]
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From:[EMAIL PROTECTED]
To:[EMAIL PROTECTED]
EICAR-STANDARD-ANTIVIRUS-TEST-FILE
.
550-This message contains a virus or other harmful content
550 (Eicar-Test-Signature)
Jak widać działa.
Teraz clamd:
av_scanner = cmdline:/usr/bin/clamdscan --mbox --block-encrypted
%s:FOUND:.{1,} (.*) FOUND
i efekt:
[EMAIL PROTECTED]:~$ telnet menek.one.pl 25
Trying 81.219.150.155...
Connected to menek.one.pl.
Escape character is '^]'.
220 menek.one.pl ESMTP Sun, 28 Nov 2004 18:52:54 +0100
ehlo menek
250-menek.one.pl Hello menek.one.pl [81.219.150.155]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
mail from:[EMAIL PROTECTED]
250 OK
rcpt to:[EMAIL PROTECTED]
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From:[EMAIL PROTECTED]
To:[EMAIL PROTECTED]
EICAR-STANDARD-ANTIVIRUS-TEST-FILE
.
250 OK id=1CYTFa-0003rB-27
I poszedł mail!
A teraz jeszcze logi:
exim4/mainlog:
clamd:
2004-11-28 18:54:37 1CYTFa-0003rB-27 <= [EMAIL PROTECTED] H=menek.one.pl
(menek) [81.219.150.155] P=esmtp S=281
2004-11-28 18:54:37 1CYTFa-0003rB-27 => inny <[EMAIL PROTECTED]>
R=local_user T=mail_spool
2004-11-28 18:54:37 1CYTFa-0003rB-27 Completed
clam:
2004-11-28 19:00:26 1CYTLG-0003wR-DO H=menek.one.pl (menek)
[81.219.150.155] F=<[EMAIL PROTECTED]> rejected after DATA: This message
contains a virus or other harmful content (Eicar-Test-Signature)
exim4/paniclog jest pusty od kilku miesięcy
clamav-daemon.log:
Sun Nov 28 18:50:09 2004 -> SelfCheck: Database status OK.
Sun Nov 28 18:50:10 2004 -> /usr/local/share/eicar/eicar.com.txt:
Eicar-Test-Signature FOUND
To wynik skanowania z shella.
Pozdrawiam.
--
http://www.miki.z.pl miki(AT)z.pl
Gadu-gadu: 2128279 Mobile: +48607345846 IRC: `miki`
Linux Registered User # 285966
"Put some excitement between your legs - ride a bike!"
