[Qmail-scanner-general]eicar/happy99 etc are not being quarantined? (failing stat)

Tue, 16 Sep 2003 01:25:47 -0700 

Hello,

I have installed qmail-scanner and the qmailqueue patch and other extra's and
it seems to be working.

the scanner is invoked and does block the configured extensions (.scr etc)
and also blocks on subject line. However the quarantining/detection is
failing for specific files. Both eicar.com in the test_installation.sh as a
manual Happy99 test are going right through. Below is a log snippet from a
test with Happy99:


 skipping auto-generated file 1063202257.4093-0.Stinger
 p_s: checking Happy99.exe against perlscanner database...
 p_s: file Happy99.exe is lowercased to happy99.exe and has extension .exe
 p_s: compare happy99.exe against perlscanner database
*p_s: happy99.exe: 10000   Happy99 Trojan
*p_s: 10000, Happy99 Trojan
*p_s: 0, , 10000
 p_s: checking happy99.exe against perlscanner database...
 p_s: file happy99.exe is lowercased to happy99.exe and has extension .exe
 p_s: compare happy99.exe against perlscanner database
*p_s: happy99.exe: 10000   Happy99 Trojan
*p_s: 10000, Happy99 Trojan
*p_s: 0, , 10000
 p_s:  finished scan of dir "/var/spool/qmailscan/Stinger10632022574564091"
in 0.003742 secs

Note that the lined prepended with * are generated by some debug statements I
added:

&debug("p_s: compare $lfile against perlscanner database") if
 (!$ps_skipfile); if ( ($array{$lfile} || $array{$extension}) &&
 !$ps_skipfile ) {
  &debug("p_s: $lfile: $array{$lfile}") ;
  if ($array{$lfile}) {
    ($fsize,$quarantine_description) = split(/\t/,$array{$lfile},2);
    &debug("p_s: $fsize, $quarantine_description") ;
  } else {
    $destring="Disallowed attachment type";
    ($fsize,$quarantine_description) = split(/\t/,$array{$extension},2);
  }
  $attachment_list.="$file:$size,";
  &debug("p_s: $quarantine_event, $size, $fsize") ;
  if (!$quarantine_event && $size eq $fsize || $fsize =~ /^(\-|\*|any|0)$/i )


It seems that the stat:

($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$
blocks) = stat("$file");

a bit earlier in the code fails. (this is all around line 1100 for me, built
with --debug yes).


Any help with this would be very much appreciated as I am not at all familiar
with perl. (yes I know, shame on me ;) )

thanks,

Esger



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to