On Sun, Nov 16, 2003 at 03:41:26PM -0700, Stephen Bosch wrote: > No, sorry about that -- those were separate things. I tried different > ways of sending it from a remote host, and they all failed because the > test viruses were detected by the remote servers; then I tried setting > QS_SPAMASSASSIN="on" so that qmail-scanner would send all local mail to > spamc, and then qmail-scanner didn't detect the test virus there
QS_SPAMASSASSIN has nothing to do with virus scanning, so it's a red herring. > > >What's wrong with sending it from another box on your network? > > They've all got RELAYCLIENT set. That has nothing to do with virus scanning either - only the definition of QMAILQUEUE matters. > >Ah - so Q-S is working - it's just that sweep doesn't appear to work for > >you. > > > >Heh - you included some of qmail-queue.log up above - but didn't do it for > >a > >message showing the above symptoms! How about that then? > > I *did* -- that log data you see is for a message that contained the > EICAR test attachment... see why I am confused? This is making NO sense > to me. Oh yeah - it is there - but with no output... > I wonder if the single user version of Sophos sweep is fuggered so that > it detects when you try and run it from a daemon? Sophos sells a "unix > server" version of their product now... but I've always known sweep to > work with qmail-scanner, so I'm really at a loss. Nope - you're running sweep - not sophie. Turn on full persistant debugging by setting '$debug=100;' in qmail-scanner-queue.pl. That makes qmail-scanner-queue.pl *not* delete the working area after it's finished dealing with a particular message. Let a few messages through (tail qmail-queue.log to see that messages have been processed), then turn '$debug' back to '1' to stop any more from being kept. Then you should have dirs under working/new that you can enter to see their contents. Then run sweep manually over that dir to see what it says. i.e. (as root) cd /var/spool/qmailscan/working/new/a.dir.name/ setuidgid qscand sweep -f -all -eec -sc -ss -nb -nc -archive \ /var/spool/qmailscan/working/new/a.dir.name/ i.e. make sure you run sweep as qscand - as that's what Q-S runs it as. But this still goes back to how do you know it's not working. To test it, why not send the eicar.com virus as an attachment via SMTP from another workstation? In fact, that's the kind of message you really want to catch via '$debug=100;' in order to really see what's gone wrong. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
