[Qmail-scanner-general]qmailscanner+bitdefender

Bitz Fri, 01 Oct 2004 20:11:56 -0700

Hello,

I am testing out qmailscanner1.23+bitdefender but having problems getting it to work... belows the snapshot of the qmail-queue.log, there was not output for the bitdefender....

Sat, 02 Oct 2004 12:19:04 ChST:18674: bitdefender: starting scan of directory "/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674"... Sat, 02 Oct 2004 12:19:04 ChST:18674: run /usr/bin/bdc --list --all --alev=10 --flev=10 --arc --mail /var/spool/qmailscan/tmp/test.pinoy.org109668354448218674 2>&1 Sat, 02 Oct 2004 12:19:04 ChST:18674: --output of bdc was: -- Sat, 02 Oct 2004 12:19:04 ChST:18674: bitdefender: finished scan of dir "/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674" in 0.185104 secs

-------------------------------

But when I ran bdc manually, it can detect the viruses on my quarantined folder...

/usr/bin/bdc --all --alev=10 --flev=10 --arc --mail /var/spool/qmailscan/quarantine

/var/spool/qmailscan/quarantine/new/test.pi ... 2004 22:17:35 +0900]=>(MIME part)=>yours.pif infected: [EMAIL PROTECTED] /var/spool/qmailscan/quarantine/new/tes ... :08 +0900]=>(MIME part)=>(message body) suspected: Exploit.Iframe.Vulnerability /var/spool/qmailscan/quarantine/new/test.pin ... t 2004 10:17:08 +0900]=>(MIME part)=>aladw.exe infected: [EMAIL PROTECTED]

What am I doing wrong? I have also attached my qmail-queue.log.

Thanks in advance.

-b

Sat, 02 Oct 2004 12:19:04 ChST:18674: +++ starting debugging for process 18674 by 
uid=501
Sat, 02 Oct 2004 12:19:04 ChST:18674: setting UID to EUID so subprocesses can access 
files generated by this script
Sat, 02 Oct 2004 12:19:04 ChST:18674: program name is qmail-scanner-queue.pl, version 
1.23
Sat, 02 Oct 2004 12:19:04 ChST:18674: incoming SMTP connection from via SMTP from 
202.88.64.7
Sat, 02 Oct 2004 12:19:04 ChST:18674: w_c: mkdir 
/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674
Sat, 02 Oct 2004 12:19:04 ChST:18674: w_c: start dumping incoming msg into 
/var/spool/qmailscan/working/tmp/test.pinoy.org109668354448218674 [0.000739]
Sat, 02 Oct 2004 12:19:04 ChST:18674: c_a_g: found MIME attachment
Sat, 02 Oct 2004 12:19:04 ChST:18674: w_c: primary Content-Type of multipart/mixed 
found
Sat, 02 Oct 2004 12:19:04 ChST:18674: w_c: found a top-level boundary definition of 
\-\-\-\-\-\-\-\-\-\-\-\-090001080907070904070204
Sat, 02 Oct 2004 12:19:04 ChST:18674: w_c: attachment  1: Content-Type of text/plain 
found
Sat, 02 Oct 2004 12:19:04 ChST:18674: found C-T attachment filename eicar.com
Sat, 02 Oct 2004 12:19:04 ChST:18674: w_c: attachment  2: Content-Type of text/plain 
found
Sat, 02 Oct 2004 12:19:04 ChST:18674: w_c: rename new msg from 
/var/spool/qmailscan/working/tmp/test.pinoy.org109668354448218674 to 
/var/spool/qmailscan/working/new/test.pinoy.org109668354448218674 [0.001689]
Sat, 02 Oct 2004 12:19:04 ChST:18674: d_m: starting /usr/local/bin/reformime  
-x/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674/ 
</var/spool/qmailscan/working/new/test.pinoy.org109668354448218674 [0.000211]
Sat, 02 Oct 2004 12:19:04 ChST:18674: d_m: finished /usr/local/bin/reformime  
-x/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674/ [0.005315]
Sat, 02 Oct 2004 12:19:04 ChST:18674: d_m: Check for zip files...
Sat, 02 Oct 2004 12:19:04 ChST:18674: d_m: unpacking message took 0.005583 seconds
Sat, 02 Oct 2004 12:19:04 ChST:18674: unsetting QMAILQUEUE env var
Sat, 02 Oct 2004 12:19:04 ChST:18674: g_e_h: return-path is "[EMAIL PROTECTED]", 
recips is "[EMAIL PROTECTED]"
Sat, 02 Oct 2004 12:19:04 ChST:18674: from=Test <[EMAIL PROTECTED]>,subj=test, 
x-qmail-scanner-message-id=<[EMAIL PROTECTED]> via SMTP from 202.88.64.7
Sat, 02 Oct 2004 12:19:04 ChST:18674: ini_sc: start scanning
Sat, 02 Oct 2004 12:19:04 ChST:18674: ini_sc: recursively scan the directory 
/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674/
Sat, 02 Oct 2004 12:19:04 ChST:18674: scanloop: starting scan of directory 
"/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674"...
Sat, 02 Oct 2004 12:19:04 ChST:18674: scanloop: 
scanner=bitdefender_scanner,plain_text_msg=0
Sat, 02 Oct 2004 12:19:04 ChST:18674: bitdefender: starting scan of directory 
"/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674"...
Sat, 02 Oct 2004 12:19:04 ChST:18674: run /usr/bin/bdc  --list --all --alev=10 
--flev=10 --arc --mail   /var/spool/qmailscan/tmp/test.pinoy.org109668354448218674  
2>&1
Sat, 02 Oct 2004 12:19:04 ChST:18674: --output of bdc was:
--
Sat, 02 Oct 2004 12:19:04 ChST:18674: bitdefender: finished scan of dir 
"/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674" in 0.185104 secs
Sat, 02 Oct 2004 12:19:04 ChST:18674: scanloop: scanner=spamassassin,plain_text_msg=0
Sat, 02 Oct 2004 12:19:04 ChST:18674: SA: run /usr/bin/spamc  -f -u "[EMAIL 
PROTECTED]" < /var/spool/qmailscan/working/new/test.pinoy.org109668354448218674
Sat, 02 Oct 2004 12:19:05 ChST:18674: SA: overwriting 
/var/spool/qmailscan/working/new/test.pinoy.org109668354448218674 with 
/var/spool/qmailscan/working/new/test.pinoy.org109668354448218674.spamc
Sat, 02 Oct 2004 12:19:05 ChST:18674: spamassassin: finished scan of dir 
"/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674" in 0.212427 secs
Sat, 02 Oct 2004 12:19:05 ChST:18674: scanloop: finished scan of 
"/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674"...
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: type is a size!
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: skipping auto-generated file 
1096683544.18676-0.test.pinoy.org
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: checking eicar.com against perlscanner 
database...
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: file eicar.com is lowercased to eicar.com 
and has extension .com
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: compare eicar.com (size 68) against 
perlscanner database
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: skipping auto-generated file 
orig-test.pinoy.org109668354448218674
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: checking eicar.com against perlscanner 
database...
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: file eicar.com is lowercased to eicar.com 
and has extension .com
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s: compare eicar.com (size 68) against 
perlscanner database
Sat, 02 Oct 2004 12:19:05 ChST:18674: p_s:  finished scan of dir 
"/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674" in 0.024098 secs
Sat, 02 Oct 2004 12:19:05 ChST:18674: ini_sc: scanning message took 0.422446 seconds
Sat, 02 Oct 2004 12:19:05 ChST:18674: q_r: fork off child into 
/var/qmail/bin/qmail-queue...
Sat, 02 Oct 2004 12:19:05 ChST:18682: q_r: xstatus=0
Sat, 02 Oct 2004 12:19:05 ChST:18674: qmail-scanner[18674]: 
Clear:RC:1(202.88.64.7):SA:0(0.1/10.0): 0.431135 914 [EMAIL PROTECTED] [EMAIL 
PROTECTED] test <[EMAIL PROTECTED]> 1096683544.18676-0.test.pinoy.org:5 eicar.com:68 
orig-test.pinoy.org109668354448218674:914
Sat, 02 Oct 2004 12:19:05 ChST:18674: cleanup: /bin/rm -rf 
/var/spool/qmailscan/tmp/test.pinoy.org109668354448218674/ 
/var/spool/qmailscan/working/new/test.pinoy.org109668354448218674
Sat, 02 Oct 2004 12:19:05 ChST:18674: all finished. Total of 0.522809 secs

[Qmail-scanner-general]qmailscanner+bitdefender

Reply via email to