Hi, [EMAIL PROTECTED]
Situation: qmail-scanner 1.22 + kav (Kaspersky AntiVirus) 5.0
Here is part of qmail-queue.log:
Tue, 03 Aug 2004 22:44:39 YAKST:1982: p_s: finished scan of dir "/var/spool/qmail-scanner/tmp/phoenix.slavel.ru10915370594791982" in 0.01764 secs
Tue, 03 Aug 2004 22:44:39 YAKST:1982: ini_sc: scanning message took 5.296706 seconds
Tue, 03 Aug 2004 22:44:39 YAKST:1982: q_r: fork off child into /var/qmail/bin/qmail-queue...
Tue, 03 Aug 2004 22:44:39 YAKST:2007: q_r: xstatus=0
Tue, 03 Aug 2004 22:44:39 YAKST:1982: qmail-scanner: Clear:RC:1(192.168.100.74): 2.427886 44427 [EMAIL PROTECTED] [EMAIL PROTECTED] [Fwd: ] <[EMAIL PROTECTED]> file.zip:28978 1091537074.1993-0.phoenix.slavel.ru:77 1091537074.1993-1.phoenix.slavel.ru:75 1091537074.1993-2.phoenix.slavel.ru:355 orig-phoenix.slavel.ru10915370594791982:44427
... everything seems to be OK?
Hmm? not at all... for sure, file.zip contains MyDoom.m virus (actually, it doesn't matter what virus is at email: kav can't recognize it at all)
at the same time:
[EMAIL PROTECTED] nua]# setuidgid qscand /usr/bin/kavscanner /var/spool/qmail-scanner/
Kaspersky Virus Scanner for linux. Version 5.0.2.0/RELEASE build #1
Copyright (C) Kaspersky Lab. 1998-2003.
There are 95016 records loaded, the latest update 03-08-2004
Config file: /etc/kav/5.0/kav4unix.conf
...
/var/spool/qmail-scanner/tmp/phoenix.slavel.ru10915370594791982/file.zip
~/phoenix.slavel.ru10915370594791982/file.zip/file.bat INFECTED I-Worm.Mydoom.m
~hoenix.slavel.ru10915370594791982/file.zip/file.bat CUREFAILED I-Worm.Mydoom.m
...
Here we are...
[EMAIL PROTECTED] nua]# ls -l /var/qmail/bin/qmail-scanner-queue.pl
-rwsr-xr-x 1 qscand qscand 91353 Aug 3 22:43 /var/qmail/bin/qmail-scanner-queue.pl*
[EMAIL PROTECTED] nua]# ls -l /var/spool/qmail-scanner/
-rw-rw---- 1 qscand qscand 672 Aug 3 22:44 mailstats.csv
-rw------- 1 qscand root 37976 Aug 3 23:15 qmail-queue.log
-rw------- 1 qscand root 34 Aug 3 21:58 qmail-scanner-queue-version.txt
drwxrwx--- 5 qscand qscand 4096 Aug 3 21:58 quarantine/
-rw-r----- 1 qscand root 12288 Aug 3 22:15 quarantine-attachments.db
-rw-rw---- 1 qscand qscand 4273 Aug 3 22:14 quarantine-attachments.txt
-rw-rw---- 1 qscand qscand 0 Aug 3 21:58 quarantine.log
-rwxr--r-- 1 root root 40 Mar 20 2003 refresh_db*
drwx------ 4 qscand root 4096 Aug 3 23:15 tmp/
lrwxrwxrwx 1 qscand qscand 35 Aug 3 21:58 viruses -> /var/spool/qmail-scanner/quarantine/
lrwxrwxrwx 1 qscand qscand 39 Aug 3 21:58 viruses.log -> /var/spool/qmail-scanner/quarantine.log
drwxrwx--- 5 qscand qscand 4096 Aug 3 21:58 working/
Kavscanner from qmail-scanner doesn't errors, just says 'Clear' despite of virus at email... and it seems there's no problem with read/write permission and kav works just fine under unprivileged (qscand) user
Any ideas?
---------------- Best Regards, Yuri Nosyrev Russia, Chita mail to: nua at slavel dot ru
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
