This Q-S list is turning into the clamscan list!
Jeremy Oddo wrote:
>
> So, I got qmail-queue up and running--and I THINK it's running
> correctly. I can send and receive e-mail just fine. I installed clamAV
> as per INSTALL and I ran the tests...it all worked fine.
>
> Now, I'm trying to integrate clam into qmail-queue. I've set the clamAV
> var in qmail-scanner-queue.pl, etc.
you did what?...how?
>From the debug info in the log bits you sent, you are -not- running through
clamscan, you're -only- running through perlscan.
There is no evidence in the log you sent of lines like:
29/08/2002 13:17:52:16191: clamscan: starting scan of directory ...
29/08/2002 13:17:52:16191: run /usr/local/bin/clamscan -r ...
29/08/2002 13:17:52:16191: --output of clamscan was: ...
29/08/2002 13:17:52:16191: clamscan: finished scan of dir ...
Try and -add- clamscan to your config and remake/install
qmail-scanner-queue.pl. Example only-
--scanners "verbose_spamassassin,clamscan"
and, don't forget to boost your qmail-smtpd run script's softlimit (as
discussed many times in the archives of this list), and restart qmail.
> Then I tried a "real" test. I sent
> an e-mail from one test user to another test user. I attached the "test
> virus" for clam. Judging by what I can make out of the log file, the
> e-mail WAS scanned; however, I never got an e-mail stating that a virus
> was found and the e-mail didn't show up anywhere (ie: the receiver
> never got it, and it never went to "quarentine").
>
> Is there a little something I forgot? Here's a snip from my log file:
>
> 29/08/2002 12:52:02:26646: +++ starting debugging for process 26646 by
> uid=508 at 29/08/2002 12:52:02
> 29/08/2002 12:52:02:26646: setting UID to EUID so subprocesses can
> access files generated by this script
> 29/08/2002 12:52:02:26646: program name is qmail-scanner-queue.pl,
> version 1.13
> 29/08/2002 12:52:02:26646: incoming SMTP connection from via smtp from
> 127.0.0.1
> 29/08/2002 12:52:02:26646: w_c: mkdir
> /var/spool/qmailscan/mailserv-02103065072242326646
> 29/08/2002 12:52:02:26646: w_c: start dumping incoming msg into
> /var/spool/qmailscan/working/tmp/mailserv-02103065072242326646
> [1030650722.68783]
> 29/08/2002 12:52:02:26646: w_c: rename new msg from
> /var/spool/qmailscan/working/tmp/mailserv-02103065072242326646 to
> /var/spool/qmailscan/working/new/mailserv-02103065072242326646
> [1030650722.69143]
> 29/08/2002 12:52:02:26646: d_m: starting /usr/local/bin/reformime
> -x/var/spool/qmailscan/mailserv-02103065072242326646/
> </var/spool/qmailscan/working/new/mailserv-02103065072242326646
> [1030650722.69193]
> 29/08/2002 12:52:02:26646: d_m: finished /usr/local/bin/reformime
> -x/var/spool/qmailscan/mailserv-02103065072242326646/ [1030650722.70625]
> 29/08/2002 12:52:02:26646: d_m: Checking all attachments to see if
> they're MS-TNEF
> 29/08/2002 12:52:02:26646: d_m: is
> /var/spool/qmailscan/mailserv-02103065072242326646/1030650722.26648-0.ma
> ilserv-02 is a TNEF file?: 256 [1030650722.71098]
> 29/08/2002 12:52:02:26646: d_m: is
> /var/spool/qmailscan/mailserv-02103065072242326646/test1 is a TNEF
> file?: 256 [1030650722.71535]
> 29/08/2002 12:52:02:26646: d_m: Manually unpack any zip files as some
> virus scanners don't do zip under Unix!
> 29/08/2002 12:52:02:26646: d_m: unpacking message took 0.024193 seconds
> 29/08/2002 12:52:02:26646: unsetting QMAILQUEUE env var
> 29/08/2002 12:52:02:26646: g_e_h: return-path is "[EMAIL PROTECTED]", recips
> is "[EMAIL PROTECTED]"
> 29/08/2002 12:52:02:26646: from=<[EMAIL PROTECTED]>,subj=Virus 8.29.02.01,
> x-qmail-scanner-message-id=<1402.172.22.1.5.1030650722.squirrel@mailserv
> -02.ampix.local> via smtp from 127.0.0.1
> 29/08/2002 12:52:02:26646: ini_sc: start scanning
> 29/08/2002 12:52:02:26646: p_s: starting scan of directory
> "/var/spool/qmailscan/mailserv-02103065072242326646"...
> 29/08/2002 12:52:02:26646: p_s: '81:ILOVEYOU' = 'Virus-subject' = 'Love
> Letter Virus/Trojan'
> 29/08/2002 12:52:02:26646: p_s: type is a header!
> 29/08/2002 12:52:02:26646: p_s: checking for objects containing
> subject: ILOVEYOU
> 29/08/2002 12:52:02:26646: p_s: '84:.{100,}' = 'Virus-date' = 'MIME
> Header Buffer Overflow'
> 29/08/2002 12:52:02:26646: p_s: type is a header!
> 29/08/2002 12:52:02:26646: p_s: checking for objects containing date:
> .{100,}
> 29/08/2002 12:52:02:26646: p_s: '85:.{100,}' = 'Virus-mime-version' =
> 'MIME Header Buffer Overflow '
> 29/08/2002 12:52:02:26646: p_s: type is a header!
> 29/08/2002 12:52:02:26646: p_s: checking for objects containing
> mime-version: .{100,}
> 29/08/2002 12:52:02:26646: p_s: '86:.{100,}' = 'Virus-resent-date' =
> 'MIME Header Buffer Overflow'
> 29/08/2002 12:52:02:26646: p_s: type is a header!
> 29/08/2002 12:52:02:26646: p_s: checking for objects containing
> resent-date: .{100,}
> 29/08/2002 12:52:02:26646: p_s:
> '89:[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|I1MCH2TH@ya
> hoo.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|muwripa@fa
> iresuivre.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|YJPFJTGZ@exci
> te.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|tsnlqd@exc
> ite.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]' = 'Virus-to' =
> 'BadTrans Trojan exploit!'
> 29/08/2002 12:52:02:26646: p_s: type is a header!
> 29/08/2002 12:52:02:26646: p_s: checking for objects containing to:
> [EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|I1MCH2TH@yahoo.
> com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|muwripa@faires
> uivre.com|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
> om|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|tsnlqd@excite.
> com|[EMAIL PROTECTED]|[EMAIL PROTECTED]
> 29/08/2002 12:52:02:26646: p_s: 'eicar.com' = '69' = 'EICAR Test Virus'
> 29/08/2002 12:52:02:26646: p_s: type is a size!
> 29/08/2002 12:52:02:26646: p_s: 'happy99.exe' = '10000' = 'Happy99
> Trojan'
> 29/08/2002 12:52:02:26646: p_s: type is a size!
> 29/08/2002 12:52:02:26646: p_s: 'zipped_files.exe' = '120495' =
> 'W32/ExploreZip.worm.pak virus'
> 29/08/2002 12:52:02:26646: p_s: type is a size!
> 29/08/2002 12:52:02:26646: p_s: skipping auto-generated file
> 1030650722.26648-0.mailserv-02
> 29/08/2002 12:52:02:26646: p_s: checking test1 against perlscanner
> database...
> 29/08/2002 12:52:02:26646: p_s: file test1 is lowercased to test1 and
> has extension
> 29/08/2002 12:52:02:26646: p_s: compare test1 against perlscanner
> database
> 29/08/2002 12:52:02:26646: p_s: finished scan of dir
> "/var/spool/qmailscan/mailserv-02103065072242326646" in 0.006852 secs
> 29/08/2002 12:52:02:26646: ini_sc: recursively scan the directory
> /var/spool/qmailscan/mailserv-02103065072242326646/
> 29/08/2002 12:52:02:26646: scanloop: starting scan of directory
> "/var/spool/qmailscan/mailserv-02103065072242326646"...
> 29/08/2002 12:52:02:26646: scanloop: finished scan of
> "/var/spool/qmailscan/mailserv-02103065072242326646"...
> 29/08/2002 12:52:02:26646: ini_sc: scanning message took 0.007463
> seconds
> 29/08/2002 12:52:02:26646: q_r: fork off child into
> /var/qmail/bin/qmail-queue...
> 29/08/2002 12:52:02:26646: cleanup: /bin/rm -rf
> /var/spool/qmailscan/mailserv-02103065072242326646/
> /var/spool/qmailscan/working/new/mailserv-02103065072242326646
> 29/08/2002 12:52:02:26646: all finished. Total of 0.170572 secs
>
> Thanks for any help!
> Jeremy
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Qmail-scanner-general mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
