Hi!
Even though qmail-scanner would match the string "Infected:" from the
summary, as Doug Monroe says, it should never look for it. qmail-scanner
looks for the exitcode from RAV and from that determines if the output
should be searched or not.
Activate debugging and look in qmail-queue.log. The exitcode should be 1 if
no virus are found. All other exitcodes (including 0!) indicates either that
a virus is found or an error of some kind (atleast when run from
qmail-scanner since the "update ok" and other codes doesn't apply here).
I've changed a line in qmail-scanner-queue.pl from:
if ($ravlin_status > 1) {
to:
if ($ravlin_status != 1) {
Sincerly, Jonas Mixter
----- Original Message -----
From: "Payal Rathod" <[EMAIL PROTECTED]>
To: "qmail-scanner" <[EMAIL PROTECTED]>
Sent: Tuesday, July 01, 2003 3:49 PM
Subject: [Qmail-scanner-general]false alarms
Hi,
I have installed,
qmail-scanner 1.16
RAV 8.3.1
clamscan 0.60
qmail 1.03
Now qmail-scanner is giving false alarms over simple sessions like
this.
[EMAIL PROTECTED] root]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to linux (127.0.0.1).
Escape character is '^]'.
220 linux.local ESMTP
mail from: <test>
250 ok
rcpt to: <rp>
250 ok
data
354 go ahead
Subject: False Alarm.
.
250 ok 1057066737 qp 4211
quit
221 linux.local
Connection closed by foreign host.
The mail is not delivered to user rp but a notification is given to admin
user p1. I am pasting the mail to admin below for reference.
User rp does not receive any mail.
I had reinstalled rav quite a few times in last 2-3 days and compiled
qmail-scanner many times too usually with,
# ./configure --log-details yes --add-dscr-hdrs all
Is there any problem with virus scanner RAV or qmail-scanner?
Return-Path: <>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 4228 invoked by alias); 1 Jul 2003 13:38:57 -0000
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 4220 invoked by uid 510); 1 Jul 2003 13:38:57 -0000
Date: 1 Jul 2003 13:38:57 -0000
From: "System Anti-Virus Administrator" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: virus found in sent message "False Alarm."
Message-ID: <[EMAIL PROTECTED]>
X-Tnz-Problem-Type: 40
MIME-Version: 1.0
Content-type: text/plain
X-Qmail-Scanner-Mail-From: test via linux.local
X-Qmail-Scanner-Rcpt-To: rp
X-Qmail-Scanner: 1.16 (ravlin: 8.3.1. clamscan: 0.60. virus Found.
Processed in 7.770939 secs)
Attention: test
A virus was found in an Email message you sent.
)
This Email scanner intercepted it and stopped the entire message
reaching its destination.
The virus was reported to be:
0. Different virus bodies: 0.
Please update your virus scanner or contact your IT support
personnel as soon as possible as you have a virus on your system.
Your message was sent with the following envelope:
MAIL FROM: test
RCPT TO: rp
... and with the following headers:
---
MAILFROM: test
Received: from unknown (127.0.0.1)
by 127.0.0.1 with SMTP; 1 Jul 2003 13:38:48 -0000
)
Subject: False Alarm.
---
The original message is kept in:
linux.local:/var/spool/qmailscan/quarantine
where the System Anti-Virus Administrator can further diagnose it.
The Email scanner reported the following when it scanned that message:
---
How do I fix this thing?
Thanks a lot and looking for more info on this.
With warm regards,
-Payal
--
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
