Hello, I have a very strange problem with qsheff with clamav-0.88+rar3-patch (under Debian/Sarge+up to date patches installed).
I'm using clamav for two years now, w/o any problems (clamd, clamscan, and clamdscan are working well, and really stable). I was doing a ClamAV upgrades, but not a qsheff upgrades, which was installed in 0.8-r3 wersion, with the following config: WORKDIRPREFIX = /var/spool/qsheffq TEMPDIRPREFIX = /var/tmp/qsheffq LOGFILE = /var/log/qsheff.log RULEFILE = /usr/local/etc/qsheff.rules WBLISTFILE = /usr/local/etc/qsheff.wblist enable_blackhole = 1 paronia_level = 0 enable_quarantine = 0 enable_wblist = 0 enable_subject_filter = 1 enable_spam_prog = 0 enable_virus_prog = 1 MIME_PROG = "/usr/local/bin/ripmime -i mesg -e -d" MIME_PROG_OK_RET = 0 MIME_PROG_ERR_RET = -1 SPAM_PROG = "/usr/local/bin/zabit -i -d" SPAM_PROG_OK_RET = 0 SPAM_PROG_SPAM_RET = 1 SPAM_PROG_ERR_RET = 2 VIRUS_PROG = "/usr/local/bin/clamdscan --quiet" VIRUS_PROG_OK_RET = 0 VIRUS_PROG_VIRUS_RET = 1 VIRUS_PROG_ERR_RET = 2 QUEUE_PROG = /var/qmail/bin/qmail-queue.orig ... and all was working really good! Last weekend I discovered ;) qheff-2.0-r1. It has many new interesting features (especially the advanced filters), so I decided to upgrade. I used a configure script with the following options: ./configure --with-clamd-socket=/tmp/clamd -with-qmailgroup=qmail --with-clamav --enable-local-users (yes, the /tmp/clamd socket is where it should be, clamd is up and running): srwxrwxrwx 1 clamav clamav 0 Mar 26 14:26 clamd ... then I compiled it (w/o problems), then stopped the qmail, uninstalled the old qsheff (deleting all the remains "by hand"), and then I installed the new one, and ran a install-wrapper.sh script (all was checked twice :)) All went (in theory) good. Mail was delivered all the time, but... one of my users has told me today, that he is receiving viruses in *.zip archives! (There was no trace in /var/log/clamav/clamd.log of any found viruses - since the new version of qsheff was installed... strange, isn't it?). So... I've got one *.zip archive with virus inside, and I started to investigate it. Geez... in fact, clam(d)scan found VIRUS in the file each time! But, when the same file is send via SMTP from my workstation, then qsheff is passing it to QUEUE, and e-mail with such attachment is passing w/o any troubles. WHY?? I tested this with both qsheff releases: 2.0-r1 (and now 2.0-r2), and 1.0-r5 - in both cases there are NO ERRORS, but e-mails with viruses in attachments are not killed, and qsheff is putting them to the queue as SAFE. :( In qsheff 1.0-r5 I tested it with clamd enabled, and with clamd disabled, and clamdscan set as external VIRUSPROG - e-mail are passing... Now I can only return to 0.8-r3, and it is working well with my clamdscan, as before, but this is not exactly what I wanted... :( Could anyone help, pls? Besttest, -Chris PS. My qsheff-2.0-r2 config: QSHEFFDIR = /var/qsheff LOGFILE = /var/log/qsheff.log debug_level = 99 paronia_level = 0 drop_empty_line = 1 enable_blackhole = 1 enable_quarantine = 0 enable_wblist = 0 enable_header_filter = 1 enable_body_filter = 1 enable_attach_filter = 1 enable_clamd = 1 MIME_PROG = "/usr/local/bin/ripmime" enable_custom_prog = 0 CUSTOM_PROG = "/path/to/filter_prog -param1 -param2" CUSTOM_PROG_OK_RET = 0 CUSTOM_PROG_CUSTOM_RET = 1 CUSTOM_PROG_ERR_RET = 2 - I'm using the newest ripmime: v1.4.0.6 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
