amavisd, McAffee uvscan with/without --mime?

2003-06-10
2003-06-11
  • Oliver Rutsch
    Oliver Rutsch
    2003-06-10

    Hi,

    We're using amavisd 0.1 with postfix 20010228 on SuseLinux 7.0 and McAffee uvscan (engine 4.24).

    If I try the unmodified amavisd-test daemon with make check I got the following output:

    Jun 10 10:12:17 post amavisd-test[14755]: /tmp/amavis/amavis-XXfDuxoQ: from=<root@post>, to=<root@post>
    Jun 10 10:12:17 post amavisd-test[14755]: Using /usr/local/bin/uvscan
    Jun 10 10:12:18 post amavisd-test[14755]: Scanning /tmp/amavis/amavis-XXfDuxoQ/parts/*
    Scanning file /tmp/amavis/amavis-XXfDuxoQ/parts/msg-14755-1.txt
    Scanning file /tmp/amavis/amavis-XXfDuxoQ/parts/part-00005

    Summary report on /tmp/amavis/amavis-XXfDuxoQ/parts/*
    File(s)
            Total files: ...........       2
            Clean: .................       2
            Possibly Infected: .....       0
    Jun 10 10:12:18 post amavisd-test[14755]: Testing mode - no email sent. X-Virus-Scanned: by amavisd 0.1
    Jun 10 10:12:18 post amavisd-test[14755]: do_exit:325 - ending execution with 0

    If I add the --mime option for uvscan in the amavisd-test daemon I got the following output:

    Jun 10 10:13:38 post amavisd-test[15150]: /tmp/amavis/amavis-XX59MRMC: from=<root@post>, to=<root@post>
    Jun 10 10:13:38 post amavisd-test[15150]: Using /usr/local/bin/uvscan
    Jun 10 10:13:39 post amavisd-test[15150]: Scanning /tmp/amavis/amavis-XX59MRMC/parts/*
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/msg-15150-1.txt
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z/test3.tar
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z/test3.tar/test2.zip
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z/test3.tar/test2.zip/TEST.TAR.GZ
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z/test3.tar/test2.zip/TEST.TAR.GZ/test.tar
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z/test3.tar/test2.zip/TEST.TAR.GZ/test.tar/EICAR.COM.bz2
    Scanning file /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z/test3.tar/test2.zip/TEST.TAR.GZ/test.tar/EICAR.COM.bz2/EICAR.COM
    /tmp/amavis/amavis-XX59MRMC/parts/part-00005/test3.tar.Z/test3.tar/test2.zip/TEST.TAR.GZ/test.tar/EICAR.COM.bz2/EICAR.COM
            Found: EICAR test file NOT a virus.

    Summary report on /tmp/amavis/amavis-XX59MRMC/parts/*
    File(s)
            Total files: ...........       9
            Clean: .................       8
            Possibly Infected: .....       1
    Jun 10 10:13:39 post amavisd-test[15150]: do_exit:548 - ending execution with 0

    Does that mean that uvscan doesn't recognize the eicar test file in the first case? Do I always have to supply --mime to uvscan? If so, I think it should be added to amavis and amavisd.

    Any suggestions?

    Bye, Oliver.

     
    • Lars Hecking
      Lars Hecking
      2003-06-11

      Please post to amavis-user - I hardly ever read this
      forum.

      Please post full debug output for the first case - use
      -l 5 instead of -l 2. This might be a problem with the
      file command or one of the unpackers.