Menu
▾
▴
[Qmail-scanner-general]clamscan --mbox
|
From: James P. <jam...@we...> - 2004-04-09 15:17:48
|
Hello, qmail-scanner friends!
I have been using qmail-scanner on our mail server at West Coast
Aerospace for about two years, scanning with spamd and McAffe uvscan. A
few months ago, unsatisfied with Network Associate's abysmal service and
support I also added ClamAV scanning. I was delighted to discover that
clamscan is a signifigantly better virus scanner, with hella faster
signature updates (unfortunately it takes a lot more memory, but hey!
memory is cheap!) Last week my mail server went down with a hardware
problem, and I was forced to run temporaraly on an older server, and I
had to disable clamscan because of insufficient memory. I was shocked at
how many of the new virus variants slipped right past uvscan.
Anyway, after fixing the mailserver and re-enabling clamscan, I took a
closer look, and noticed that there were still some viruses that were
slipping through both uvscan AND clamscan. I left three such mails in my
inbox, logged into the mail server and manually ran clamscan from the
command line.
huitzil:~/Maildir/cur$ clamscan
/home/postmaster/Maildir/cur/1081349019.21614.huitzil:2,S: OK
/home/postmaster/Maildir/cur/1081349057.21706.huitzil:2,S: OK
/home/postmaster/Maildir/cur/1081342441.19144.huitzil:2,S: OK
/home/postmaster/Maildir/cur/1081351599.22847.huitzil:2,S: OK
----------- SCAN SUMMARY -----------
Known viruses: 20905
Scanned directories: 1
Scanned files: 4
Infected files: 0
Data scanned: 0.13 MB
I/O buffer size: 131072 bytes
Time: 0.925 sec (0 m 0 s)
It did not detect ANY of the three viruses, which was depressing. I then
read the clamscan manpage, and took particular note of the --mbox option.
--mbox Enable scanning of various mail file types (also treat stdin as
a mailbox - for backward compatibility).
So I tried again with that option, and bingo!
huitzil:~/Maildir/cur$ clamscan --mbox
/home/postmaster/Maildir/cur/1081349019.21614.huitzil:2,S:
Worm.SomeFool.P FOUND
/home/postmaster/Maildir/cur/1081349057.21706.huitzil:2,S:
Worm.SomeFool.P FOUND
/home/postmaster/Maildir/cur/1081342441.19144.huitzil:2,S: OK
/home/postmaster/Maildir/cur/1081351599.22847.huitzil:2,S:
Worm.SomeFool.P FOUND
----------- SCAN SUMMARY -----------
Known viruses: 20905
Scanned directories: 1
Scanned files: 4
Infected files: 3
Data scanned: 0.12 MB
I/O buffer size: 131072 bytes
Time: 0.936 sec (0 m 0 s)
So I manually added --mbox to $clamscan_options in
/var/qmail/bin/qmail-scanner-queue.pl with joy in my heart.
So my question is; Was the --mbox option left out of qmail-scanner's
clamav support for a reason, or it did it just get missed in the
documentation?
Anyway. My thanks to the authors of qmail-scanner, for being so darn nifty.
---
James Paige
Information Systems
West Coast Aerospace, Inc.
|
