clamav plugin?

Wed, 28 Jan 2004 14:40:48 -0800 

Hi all,

Do any of you has been able to make the clamav plugin stop Worm.SCO.A? It
seems to me there's something broken with the plugin...

For example, I saved a copy of a message containing the virus into the file
virus-sco, its headers show:
-----
Received: from wifi-d9148176.obudanet.hu (HELO netvision.net.il)
(217.20.129.118)
  by baba.logidac.com (qpsmtpd/0.27-dev) with ESMTP; Wed, 28 Jan 2004
15:20:07 +0000
From: [EMAIL PROTECTED]
-----
if I search my current log file, I get this:
-----
@400000004017d3230cb1f63c tcpserver: pid 79378 from 217.20.129.118
@400000004017d3262eb64e2c tcpserver: ok 79378
baba.logidac.com:216.17.100.14:25
wifi-d9148176.obudanet.hu:217.20.129.118::2254
[...]
@400000004017d32b0ee1de2c 79378 dispatching EHLO netvision.net.il
@400000004017d32b10cdbc24 79378 250-baba.logidac.com
@400000004017d32b1163a324 79378 250-PIPELINING
@400000004017d32b129028bc 79378 250 8BITMIME
@400000004017d32c08a82dcc 79378 dispatching MAIL
FROM:<[EMAIL PROTECTED]>
@400000004017d32c08ad88e4 79378 full from_parameter:
FROM:<[EMAIL PROTECTED]>
@400000004017d32c08ae3c94 79378 from email address :
[<[EMAIL PROTECTED]>]
[...]
@400000004017d33102df3cb4 79378 running plugin  clamav
@400000004017d33103306ddc 79378 clamav plugin: Running:
/usr/local/bin/clamscan --stdout -i --mbox --max-recursion=50 --disable-summ
ary /tmp/cwPtARKnQN 2>&1
@400000004017d3311c9f1854 79378 clamav plugin: clamscan results:
@400000004017d3311ca7bf2c 79378 running plugin  queue::qmail_2dqueue
@400000004017d3311e7b69d4 79378 250 Queued!
@400000004017d33134a374cc 79378 dispatching QUIT
@400000004017d33134a86e3c 79378 221 baba.logidac.com
@400000004017d33134aaa4a4 79378 running plugin  dnsbl
@400000004017d33134ecaee4 tcpserver: end 79378 status 0
-----

However, when I run the command manually, I get the expected result:
-----
$
/usr/local/bin/clamscan --stdout -i --mbox --max-recursion=50 --disable-summ
ary /home/gfk/virus-sco 2>&1
/home/gfk/virus-sco: Worm.SCO.A FOUND
-----

ClamAV has been update to catch this worm since yesterday, so it should have
been able to catch it. Any thoughts on what is going wrong?

Thanks in advance,
GFK's
-- 
Guillaume Filion, ing. jr
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/

Reply via email to