Hello, I am running a virus script using F-prot on my 1.17 server too. It is = not the XAV program. But today i discovered that on my server virus = mails don't get deleted as well?!? Thinking back, this behaviour started = when upgrading from 1.12 to 1.17 (yes i did change the filter return = codes). They get scanned and logged as a virus, but still Xmail passes = them on. I tried return codes 16 and 4 (which should be good) and also 5 = and 6 don't work. So i think it is kind of Xmail related rather than XAV = related as i'm not using XAV but do experience the same problems.
Update: I just did some debugging and it turns out that in my script = copying the messagefile to the quarantaine folder does not succeed, = which causes my script to raise an error and so no reject code is = returned. So this makes sense to me. Disabling quarantaine functionality = does 'solve' the problem. Question is: did anything change in the Xmail = architecture from 1.12 to 1.17 which causes this behaviour? I'm thinking = on different file names for the @@file parameter (illegal w2k name?)? Or = different directory where the @@file is saved (some w2k rights issue?)? = Changed user context in which the script/filter is run? Solution? Anyone? Thanks in advance. Boechie. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rob Arends Sent: donderdag 4 december 2003 9:29 To: [EMAIL PROTECTED] Cc: 'John Bishop' Subject: [xmail] Re: XAV help? Yep, I got that. Also got caught with the Retcode when I started - A little better doco = would go a long way. I didn't get anywhere with DoList (author) on the return code to = Xmail=3D0, so I am just using the older (working) version until enough people on W2k complain and it'll get fixed. (Do List says "works for me", and so I'm = the DH that has the problem.) It was all working for me on W2k server, until the "XAVMessage=3D" was = added to the INI. Now it always returns zero. Reverting back to the old binary fixes it, but I don't get the custom message. Other than that I'm really happy with XAV. The version that works for me is no longer available from their site, = but I have attached it for you. ( I know the list will strip it, but you'll = get it cc'd). PS, John - ignore the 2 files in the root of the zip, just use = everything from "\xav" down. Rob :-) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Bishop > Sent: Thursday, December 04, 2003 6:14 PM > To: [EMAIL PROTECTED] > Subject: [xmail] Re: XAV help? >=20 > Hey Rob, >=20 > Riiiight.... whoops :) I'm playing with XAV now (with this=20 > helpful new=20 > info!), as I'd prefer to be running a C app over emails than=20 > a Windows=20 > Script... but have hit another problem. >=20 > When running XMail in debug mode, and sending an email thru with a=20 > virused attachment, the XAV app is returning a value of 0, so the=20 > infected email is still going through. >=20 > With debugging enabled in the xav.ini file, the log file shows: >=20 > [2003-12-04 15:08:30] XAVMessage=3D[Your email was rejected due=20 > to a virus=20 > attachment.] > [2003-12-04 15:08:30] AntivirusPath=3D[d:\Apps\f-prot\f-prot.exe] > [2003-12-04 15:08:30] AntivirusCommand=3D > [/COLLECT /DUMB /AI /ARCHIVE /NOBOOT /NOMEM /PACKED /NOFLOPPY /SILENT] > [2003-12-04 15:08:30] AntivirusReturn=3D[3] > [2003-12-04 15:08:30] DecoderPath=3D[d:\Apps\xav\mpack\munpack.exe] > [2003-12-04 15:08:30] DecoderCommand=3D[] > [2003-12-04 15:08:30] DecoderReturn=3D[1] > [2003-12-04 15:08:30] Creating temp folder=20 > D:\Apps\xav\tmp-1070579309708- > 3620-swing >=20 >=20 > Any ideas? :) >=20 > Cheers, > John :) >=20 > -----Original Message----- > From: "Rob Arends" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Date: Thu, 4 Dec 2003 01:10:42 +1100 > Subject: [xmail] Re: XAV help? >=20 > > John,=20 > >=20 > > The Retcode in the quotes on the xav.tab is actually a number. > > It is the number you want xav to return to xmail in the=20 > case of a virus > > being found. > > This means you could use "4", "5", or "6", etc. > >=20 > > Rob :-) > >=20 > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of John Bishop > > > Sent: Thursday, November 27, 2003 3:11 PM > > > To: [EMAIL PROTECTED] > > > Subject: [xmail] XAV help? > > >=20 > > > Hi guys, > > >=20 > > > I'm a long-time mail admin that's just discovered and started=20 > > > migrating=20 > > > to XMail - it's a great app. Also, kudos to those of you that=20 > > > have put=20 > > > so much useful advice online (web pages, forums, custom apps=20 > > > etc) - it=20 > > > makes life a *lot* easier for us newbs :) > > >=20 > > > I'm currently trying to the the XAV AV filter working on my=20 > > > new server=20 > > > (Windows 2003). I've downloaded F-Prot for DOS, and this is=20 > > > working fine=20 > > > at detecting viruses on it's own (tested with Eicar's dummy=20 > > > virus file). > > >=20 > > > I've placed the following line in my filters-in.tab file: > > > "*" {tab} "*" {tab} "0.0.0.0/0" {tab} "0.0.0.0/0" {tab} "xav.tab" > > >=20 > > > And I've placed a xav.tab file in my /filters folder, containing: > > > "d:\apps\xav\xav.exe" {tab} "d:\apps\xav" {tab} "@@FILE"=20 > > > {tab} "@@FROM"=20 > > > {tab} "@@RCPT" {tab} "Retcode" > > >=20 > > > After sending an email thru the server with the Eicar dummy=20 > > > virus file=20 > > > attached, the mail does not get rejected... the xav.log file > > contains: > > >=20 > > > [2003-11-27 11:55:53] XAVMessage=3D[Your email was rejected due=20 > > > to a virus=20 > > > attachment.] > > > [2003-11-27 11:55:53] AntivirusPath=3D[d:\Apps\f-prot\f-prot.exe] > > > [2003-11-27 11:55:53] AntivirusCommand=3D > > > [/COLLECT /DUMB /AI /ARCHIVE /NOBOOT /NOMEM /PACKED /NOFLOPPY > > /SILENT] > > > [2003-11-27 11:55:53] AntivirusReturn=3D[3] > > > [2003-11-27 11:55:53] = DecoderPath=3D[d:\Apps\xav\mpack\munpack.exe] > > > [2003-11-27 11:55:53] DecoderCommand=3D[] > > > [2003-11-27 11:55:53] DecoderReturn=3D[1] > > > [2003-11-27 11:55:53] Creating temp folder=20 > > > d:\Apps\xav\tmp-1069962953079- > > > 1572-swing > > >=20 > > >=20 > > > ...So! Any suggestions as to what I need to do to get this=20 > > > working guys?=20 > > > Sorry for the long email, just wanted to make sure I was=20 > > > giving you all=20 > > > the info you might need to help me diagnose this problem. > > >=20 > > > Cheers all, > > > John :) > > >=20 > > > - > > > To unsubscribe from this list: send the line "unsubscribe=20 > xmail" in > > > the body of a message to [EMAIL PROTECTED] > > > For general help: send the line "help" in the body of a message to > > > [EMAIL PROTECTED] > > >=20 > > >=20 > >=20 > > - > > To unsubscribe from this list: send the line "unsubscribe xmail" in > > the body of a message to [EMAIL PROTECTED] > > For general help: send the line "help" in the body of a message to > > [EMAIL PROTECTED] >=20 > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] >=20 >=20 -- Binary/unsupported file stripped by Ecartis -- -- Type: application/x-zip-compressed -- File: xav 22.aug.2003.zip - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
