[Qmail-scanner-general]Newbie + clamAV = Grrrr...

Jeremy Oddo Thu, 29 Aug 2002 12:49:30 -0700

So, I got qmail-queue up and running--and I THINK it's running
correctly.  I can send and receive e-mail just fine.  I installed clamAV
as per INSTALL and I ran the tests...it all worked fine.


Now, I'm trying to integrate clam into qmail-queue.  I've set the clamAV
var in qmail-scanner-queue.pl, etc.  Then I tried a "real" test.  I sent
an e-mail from one test user to another test user.  I attached the "test
virus" for clam.  Judging by what I can make out of the log file, the
e-mail WAS scanned; however, I never got an e-mail stating that a virus
was found and the e-mail didn't show up anywhere (ie:  the receiver
never got it, and it never went to "quarentine").

Is there a little something I forgot?  Here's a snip from my log file:

29/08/2002 12:52:02:26646: +++ starting debugging for process 26646 by
uid=508 at 29/08/2002 12:52:02
29/08/2002 12:52:02:26646: setting UID to EUID so subprocesses can
access files generated by this script
29/08/2002 12:52:02:26646: program name is qmail-scanner-queue.pl,
version 1.13
29/08/2002 12:52:02:26646: incoming SMTP connection from via smtp from
127.0.0.1
29/08/2002 12:52:02:26646: w_c: mkdir
/var/spool/qmailscan/mailserv-02103065072242326646
29/08/2002 12:52:02:26646: w_c: start dumping incoming msg into
/var/spool/qmailscan/working/tmp/mailserv-02103065072242326646
[1030650722.68783]
29/08/2002 12:52:02:26646: w_c: rename new msg from
/var/spool/qmailscan/working/tmp/mailserv-02103065072242326646 to
/var/spool/qmailscan/working/new/mailserv-02103065072242326646
[1030650722.69143]
29/08/2002 12:52:02:26646: d_m: starting /usr/local/bin/reformime
-x/var/spool/qmailscan/mailserv-02103065072242326646/
</var/spool/qmailscan/working/new/mailserv-02103065072242326646
[1030650722.69193]
29/08/2002 12:52:02:26646: d_m: finished /usr/local/bin/reformime
-x/var/spool/qmailscan/mailserv-02103065072242326646/ [1030650722.70625]
29/08/2002 12:52:02:26646: d_m: Checking all attachments to see if
they're MS-TNEF
29/08/2002 12:52:02:26646: d_m: is
/var/spool/qmailscan/mailserv-02103065072242326646/1030650722.26648-0.ma
ilserv-02 is a TNEF file?: 256 [1030650722.71098]
29/08/2002 12:52:02:26646: d_m: is
/var/spool/qmailscan/mailserv-02103065072242326646/test1 is a TNEF
file?: 256 [1030650722.71535]
29/08/2002 12:52:02:26646: d_m: Manually unpack any zip files as some
virus scanners don't do zip under Unix!
29/08/2002 12:52:02:26646: d_m: unpacking message took 0.024193 seconds
29/08/2002 12:52:02:26646: unsetting QMAILQUEUE env var
29/08/2002 12:52:02:26646: g_e_h: return-path is "[EMAIL PROTECTED]", recips
is "[EMAIL PROTECTED]"
29/08/2002 12:52:02:26646: from=<[EMAIL PROTECTED]>,subj=Virus 8.29.02.01,
x-qmail-scanner-message-id=<1402.172.22.1.5.1030650722.squirrel@mailserv
-02.ampix.local> via smtp from 127.0.0.1
29/08/2002 12:52:02:26646: ini_sc: start scanning
29/08/2002 12:52:02:26646: p_s: starting scan of directory
"/var/spool/qmailscan/mailserv-02103065072242326646"...
29/08/2002 12:52:02:26646: p_s:  '81:ILOVEYOU' = 'Virus-subject' = 'Love
Letter Virus/Trojan'
29/08/2002 12:52:02:26646: p_s:  type is a header!
29/08/2002 12:52:02:26646: p_s:  checking for objects containing
subject: ILOVEYOU
29/08/2002 12:52:02:26646: p_s:  '84:.{100,}' = 'Virus-date' = 'MIME
Header Buffer Overflow'
29/08/2002 12:52:02:26646: p_s:  type is a header!
29/08/2002 12:52:02:26646: p_s:  checking for objects containing date:
.{100,}
29/08/2002 12:52:02:26646: p_s:  '85:.{100,}' = 'Virus-mime-version' =
'MIME Header Buffer Overflow '
29/08/2002 12:52:02:26646: p_s:  type is a header!
29/08/2002 12:52:02:26646: p_s:  checking for objects containing
mime-version: .{100,}
29/08/2002 12:52:02:26646: p_s:  '86:.{100,}' = 'Virus-resent-date' =
'MIME Header Buffer Overflow'
29/08/2002 12:52:02:26646: p_s:  type is a header!
29/08/2002 12:52:02:26646: p_s:  checking for objects containing
resent-date: .{100,}
29/08/2002 12:52:02:26646: p_s:
'89:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|I1MCH2TH@ya
hoo.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|muwripa@fa
iresuivre.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|YJPFJTGZ@exci
te.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|tsnlqd@exc
ite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]' = 'Virus-to' =
'BadTrans Trojan exploit!'
29/08/2002 12:52:02:26646: p_s:  type is a header!
29/08/2002 12:52:02:26646: p_s:  checking for objects containing to:
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|I1MCH2TH@yahoo.
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|muwripa@faires
uivre.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
om|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|tsnlqd@excite.
com|[EMAIL PROTECTED]|[EMAIL PROTECTED]
29/08/2002 12:52:02:26646: p_s:  'eicar.com' = '69' = 'EICAR Test Virus'
29/08/2002 12:52:02:26646: p_s: type is a size!
29/08/2002 12:52:02:26646: p_s:  'happy99.exe' = '10000' = 'Happy99
Trojan'
29/08/2002 12:52:02:26646: p_s: type is a size!
29/08/2002 12:52:02:26646: p_s:  'zipped_files.exe' = '120495' =
'W32/ExploreZip.worm.pak virus'
29/08/2002 12:52:02:26646: p_s: type is a size!
29/08/2002 12:52:02:26646: p_s: skipping auto-generated file
1030650722.26648-0.mailserv-02
29/08/2002 12:52:02:26646: p_s: checking test1 against perlscanner
database...
29/08/2002 12:52:02:26646: p_s: file test1 is lowercased to test1 and
has extension 
29/08/2002 12:52:02:26646: p_s: compare test1 against perlscanner
database
29/08/2002 12:52:02:26646: p_s:  finished scan of dir
"/var/spool/qmailscan/mailserv-02103065072242326646" in 0.006852 secs
29/08/2002 12:52:02:26646: ini_sc: recursively scan the directory
/var/spool/qmailscan/mailserv-02103065072242326646/
29/08/2002 12:52:02:26646: scanloop: starting scan of directory
"/var/spool/qmailscan/mailserv-02103065072242326646"...
29/08/2002 12:52:02:26646: scanloop: finished scan of
"/var/spool/qmailscan/mailserv-02103065072242326646"...
29/08/2002 12:52:02:26646: ini_sc: scanning message took 0.007463
seconds
29/08/2002 12:52:02:26646: q_r: fork off child into
/var/qmail/bin/qmail-queue...
29/08/2002 12:52:02:26646: cleanup: /bin/rm -rf
/var/spool/qmailscan/mailserv-02103065072242326646/
/var/spool/qmailscan/working/new/mailserv-02103065072242326646
29/08/2002 12:52:02:26646: all finished. Total of 0.170572 secs



Thanks for any help!
Jeremy



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

[Qmail-scanner-general]Newbie + clamAV = Grrrr...

Reply via email to