I have been using qmail-scanner on our mail server at West Coast Aerospace for about two years, scanning with spamd and McAffe uvscan. A few months ago, unsatisfied with Network Associate's abysmal service and support I also added ClamAV scanning. I was delighted to discover that clamscan is a signifigantly better virus scanner, with hella faster signature updates (unfortunately it takes a lot more memory, but hey! memory is cheap!) Last week my mail server went down with a hardware problem, and I was forced to run temporaraly on an older server, and I had to disable clamscan because of insufficient memory. I was shocked at how many of the new virus variants slipped right past uvscan.
Anyway, after fixing the mailserver and re-enabling clamscan, I took a closer look, and noticed that there were still some viruses that were slipping through both uvscan AND clamscan. I left three such mails in my inbox, logged into the mail server and manually ran clamscan from the command line.
huitzil:~/Maildir/cur$ clamscan /home/postmaster/Maildir/cur/1081349019.21614.huitzil:2,S: OK /home/postmaster/Maildir/cur/1081349057.21706.huitzil:2,S: OK /home/postmaster/Maildir/cur/1081342441.19144.huitzil:2,S: OK /home/postmaster/Maildir/cur/1081351599.22847.huitzil:2,S: OK
----------- SCAN SUMMARY ----------- Known viruses: 20905 Scanned directories: 1 Scanned files: 4 Infected files: 0 Data scanned: 0.13 MB I/O buffer size: 131072 bytes Time: 0.925 sec (0 m 0 s)
It did not detect ANY of the three viruses, which was depressing. I then read the clamscan manpage, and took particular note of the --mbox option.
--mbox Enable scanning of various mail file types (also treat stdin as
a mailbox - for backward compatibility).So I tried again with that option, and bingo!
huitzil:~/Maildir/cur$ clamscan --mbox /home/postmaster/Maildir/cur/1081349019.21614.huitzil:2,S: Worm.SomeFool.P FOUND /home/postmaster/Maildir/cur/1081349057.21706.huitzil:2,S: Worm.SomeFool.P FOUND /home/postmaster/Maildir/cur/1081342441.19144.huitzil:2,S: OK /home/postmaster/Maildir/cur/1081351599.22847.huitzil:2,S: Worm.SomeFool.P FOUND
----------- SCAN SUMMARY ----------- Known viruses: 20905 Scanned directories: 1 Scanned files: 4 Infected files: 3 Data scanned: 0.12 MB I/O buffer size: 131072 bytes Time: 0.936 sec (0 m 0 s)
So I manually added --mbox to $clamscan_options in /var/qmail/bin/qmail-scanner-queue.pl with joy in my heart.
So my question is; Was the --mbox option left out of qmail-scanner's clamav support for a reason, or it did it just get missed in the documentation?
Anyway. My thanks to the authors of qmail-scanner, for being so darn nifty.
--- James Paige Information Systems West Coast Aerospace, Inc.
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
