On Sat, 2003-12-06 at 14:02, Stephen Bosch wrote: > > Fri, 05 Dec 2003 17:11:47 -0700:2656: found C-T attachment filename vi-rus.exe > > Fri, 05 Dec 2003 17:11:47 -0700:2656: sweep: starting scan of directory \ > "/var/spool/qmailscan/tmp/www.vodacomm.ca10706695074612656"... > > Fri, 05 Dec 2003 17:11:47 -0700:2656: run /usr/bin/sweep -f -all -eec -sc -nc -ss > > -nb -archive /var/spool/qmailscan/tmp/www.vodacomm.ca10706695074612656 2>&1 > > Fri, 05 Dec 2003 17:11:47 -0700:2656: --output of sophos sweep was: > > -- > > Fri, 05 Dec 2003 17:11:47 -0700:2656: sweep: finished scan of dir > > "/var/spool/qmailscan/tmp/www.vodacomm.ca10706695074612656" in 1.074209 secs
> > Say I change to the message's corresponding directory in > /var/spool/qmailscan/tmp: > > > [EMAIL PROTECTED] www.vodacomm.ca10706695074612656]# pwd > > /var/spool/qmailscan/tmp/www.vodacomm.ca10706695074612656 > > [EMAIL PROTECTED] www.vodacomm.ca10706695074612656]# ls > > total 8 > > 162403 -rw------- 1 qscand nofiles 18 Dec 5 17:11 > > 1070669507.2658-0.www.vodacomm.ca > > 162406 -rw------- 1 qscand nofiles 68 Dec 5 17:11 vi-rus.exe > > [EMAIL PROTECTED] www.vodacomm.ca10706695074612656]# /command/setuidgid qscand > > sweep -f -all -eec -sc -ss -nb -nc -archive * > >>>> Virus 'EICAR-AV-Test' found in file vi-rus.exe > > [EMAIL PROTECTED] www.vodacomm.ca10706695074612656]# That certainly doesn't appear consistant. A frew things: a> Q-S is running /usr/bin/sweep, whereas you manually ran "sweep" - is it the same executable? b> those two checks aren't the same: Q-S runs "sweep... /dir/name", and you ran it manually via "cd /dir/name ; sweep *". See if that makes a difference. c> softlimits,softlimits,softlimits. Ensure you are not allowing sweep to run out of memory. e.g. test it as: softlimit -a ?????? /command/setuidgid qscand sweep .... where the softlimit setting is whatever you set in your smtp startup script. You may find that your manual run fails to find it then... Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
