a problem with latest version 0.9

[Chuck Harding]

I just updated to 0.9 and, following the directions in the ReadMe.txt file, upgraded ClamAV to 0.90.1
with the '--enable-experimental' option for configure per the reccomendations in the readme file, and
started getting many lines like the following in my procmail.log:

SoftlabsAV 0.9: WARNING: ClamAV version '0.90.1-exp' is not supported to scan mbox files. Version 0.80 or higher is required!

I tracked down the source of the message to inc/av_clamcheck.inc and it looks as though the logic in there is not set up to
handle the 0.90.1 version correctly. The output from clamscan --stdout -V is

ClamAV 0.90.1-exp/2914/Fri Mar 23 11:25:24 2007

Thanks for an otherwise fine product.

[Robert Allerstorfer]

Hi Chuck,

thanks for your feedback.

Since I cannot reproduce the problem you are observing, I need a verbose log output to get an idea of this problem's possible source. Thus, please first turn on procmail's verbose logging. If you are using the shipped /etc/procmailrc file, look for

VERBOSE = 'on'

and uncomment that line (remove the # symbol on the line's beginning).

Then, send yourself a mail and copy&paste the corresponding section of the procmail.log file here.

Thanks,
rob.

[Chuck Harding]

Here's the verbose procmail log output for several messages as requested:

procmail: [22863] Mon Mar 26 10:40:04 2007
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/antivirus.rc"
procmail: Assigning "av_LINEBUF_MIN=16384"
procmail: Score:   16384   16384 ""
procmail: Score:   -2048   14336 ""
procmail: Assigning "LINEBUF=16384"
procmail: Assigning "av_RCFILE=/etc/procmailrcs/SoftlabsAV/antivirus.rc"
procmail: Assigning "MATCH="
procmail: Matched "/etc/procmailrcs/SoftlabsAV/"
procmail: Match on "^^\/.+/"
procmail: Matched "/etc/procmailrcs/SoftlabsAV"
procmail: Match on "^^\/.+[^/]"
procmail: Assigning "av_INSTALLDIR=/etc/procmailrcs/SoftlabsAV"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av__ver.inc"
procmail: Assigning "av_VERSION=0.9"
procmail: Assigning "av_UA=SoftlabsAV 0.9"
procmail: Assigning "MATCH"
procmail: Assigning "av_MAILDIR_SAVED=/home/charding/Mail"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_v320.inc"
procmail: Assigning "av_LOGFILE_SAVED=/home/charding/var/log/procmail.log"
procmail: Assigning "LOGFILE"
procmail: Opening "/dev/null"
procmail: No match on ! "^[.]$"
procmail: Assigning "MAILDIR=/home/charding/Mail"
procmail: Match on ! "^^        ^^"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_const.inc"
procmail: Assigning "DQ=""
procmail: Assigning "SPC= "
procmail: Assigning "TAB=       "
procmail: Assigning "NL=
"
procmail: Assigning "CR=^M"
procmail: Assigning "WS=        "
procmail: Assigning "WSB=
"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/antivirus.conf"
procmail: Assigning "av_LOG_USER=name"
procmail: Assigning "av_VIRUSES_LOGFILE=/var/spool/mail/viruses.log"
procmail: Assigning "av_TRASHDIR=/var/spool/mail/charding_TRASH"
procmail: Assigning "av_DELIVER_TO_MAILDIR=off"
procmail: Assigning "av_STRIP_BODY=off"
procmail: Assigning "av_REMOVE_INFECTED=on"
procmail: Assigning "av_DELIVER_UNIDENTIFIED=on"
procmail: Assigning "av_SCAN_ALL=on"
procmail: Assigning "av_PHISH_ALL=on"
procmail: Assigning "av_DEBUG=off"
procmail: Assigning "av_BAD_EXT=bat|chm|cmd|com|cpl|exe|hta|pif|scr|vbe|vbs|jpe?g"
procmail: Assigning "av_DISABLE_USERS=  "
procmail: No match on "."
procmail: Assigning "MAILDIR=/home/charding/Mail"
procmail: Assigning "LOGFILE=/home/charding/var/log/procmail.log"
procmail: Opening "/home/charding/var/log/procmail.log"
procmail: Assigning "TEST=test"
procmail: Assigning "av_CLAMSCAN_PROG=clamscan"
procmail: Assigning "TRUE=^^(on|yes|true)^^"
procmail: Assigning "FALSE=^^(off|no|false)^^"
procmail: Assigning "av_TRASHDIR=/var/spool/mail/charding_TRASH"
procmail: Assigning "av_VIRUSDIR=/var/spool/mail/charding_TRASH/viruses"
procmail: No match on ! "."
procmail: Match on ! "^^(on|yes|true)^^"
procmail: Assigning "DELIVER_TO_MAILDIR"
procmail: No match on "^^(on|yes|true)^^"
procmail: Assigning "av_STRIP_BODY"
procmail: No match on "^^(off|no|false)^^"
procmail: Assigning "av_REMOVE_INFECTED=on"
procmail: No match on "^^(off|no|false)^^"
procmail: Assigning "av_DELIVER_UNIDENTIFIED=on"
procmail: No match on "^^(off|no|false)^^"
procmail: Assigning "av_SCAN_ALL=on"
procmail: No match on "^^(off|no|false)^^"
procmail: Assigning "av_PHISH_ALL=on"
procmail: Match on ! "^^(on|yes|true)^^"
procmail: Assigning "av_DEBUG"
procmail: No match on ! "."
procmail: Assigning "av_ARCHIVE_EXT=zip|rar"
procmail: Assigning "av_UUE_EXT=b64|bhx|hqx|mim|uue?|xxe"
procmail: Assigning "av_CLEAN_EXT=jpg|Html|SCAN_ALL"
procmail: Assigning "av_TO"
procmail: Assigning "MATCH"
procmail: Assigning "MATCH="
procmail: Matched ""MediaWiki announcements and site admin list"        <mediawiki-l@lists.wikimedia.org>"
procmail: Match on "^to:[       ]*\/[^  ].*"
procmail: Assigning "av_TO="MediaWiki announcements and site admin list"        <mediawiki-l@lists.wikimedia.org>"
procmail: Assigning "av_VIRUSTEST"
procmail: Match on "[@]"
procmail: No match on "[@]"
procmail: Assigning "av_XMAILER"
procmail: Assigning "MATCH"
procmail: No match on "^x-mailer:[      ]*\/[^  ].*"
procmail: No match on "^user-agent:[    ]*\/[^  ].*"
procmail: Assigning "av_CHARSET=([a-z][a-z0-9_-]+[a-z0-9])"
procmail: Assigning "av_VERBOSE_SAVED=on"
procmail: Assigning "av_X_VIRUS"
procmail: Assigning "av_SUBJECT"
procmail: Assigning "av_NEWSUBJECT"
procmail: Assigning "av_FILENAME_ENCODED"
procmail: Assigning "MATCH"
procmail: Assigning "MATCH="
procmail: Matched "Re: [Mediawiki-l] wgLogo"
procmail: Match on "^subject:[  ]*\/[^  ].*"
procmail: Assigning "av_SUBJECT=Re: [Mediawiki-l] wgLogo"
procmail: No match on "=\?([a-z][a-z0-9_-]+[a-z0-9])\?[bq]\?[^?]+\?="
procmail: Assigning "av_ID"
procmail: Executing "date,+%Y%m%d-%H%M%S.%N"
procmail: Assigning "av_ID=20070326-104004.583454440"
procmail: Assigning "MATCH="
procmail: Matched "20070326-104004.583454"
procmail: Match on "^^\/........-......\......."
procmail: Assigning "av_ID=20070326-104004.583454"
procmail: Assigning "av_MULTIPART"
procmail: No match on "^content-type:[  ]+multipart/[^;         ]+[;    ]+"
procmail: No match on "^content-type:[
]+multipart/[^;         ]+[;    ]+"
procmail: Assigning "av_FN_MATCH"
procmail: No match on "^^(on|yes|true)^^"
procmail: No match on "^\/content-(type|disposition):[
]+[^;]+(;[      ]*
[       ]+.+)*;[
]+(file)?name[
]*=[
]*"?.*=\?([a-z][a-z0-9_-]+[a-z0-9])\?[bq]\?[^?]+\?=[^"]*"?[     ]*;?$"
procmail: Assigning "av_FILENAME_ORIG"
procmail: Assigning "av_FILENAME"
procmail: Assigning "av_EXT"
procmail: Assigning "av_EXT_FIRST"
procmail: Assigning "MATCH"
procmail: No match on "."
procmail: Assigning "av_MIME"
procmail: No match on "."
procmail: Assigning "av_UNRAR"
procmail: Assigning "FIELD=[^ ]+ +"
procmail: Assigning "av_UNPACK_PROG"
procmail: Assigning "av_VIRUSFILE"
procmail: Assigning "av_FILETYPE"
procmail: Assigning "av_VIR_FOUND"
procmail: Assigning "av_VIR_FOUND_FIRST"
procmail: Assigning "av_LOGMSG"
procmail: No match on "."
procmail: Match on ! "."
procmail: Assigning "av_FILETYPE"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_html.inc"
procmail: Assigning "MATCH"
procmail: No match on "^content-type:[  ]+\/text/html([;        ]+|$)"
procmail: No match on "^content-type:[
]+\/text/html[;
]+"
procmail: No match on "^^\/[^;
]+"
procmail: No match on "^^Html^^"
procmail: Match on "."
procmail: Assigning "av_EXT=SCAN_ALL"
procmail: Assigning "av_MIME=(Non-HTML)"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_mbox.inc"
procmail: No match on "."
procmail: Assigning "av_VIR_TYPE=MBOX"
procmail: Assigning "av_VIR_FOUND=MBOX.SCAN_ALL"
procmail: Assigning "av_LOGMSG=SoftlabsAV 0.9: Potential malicious mail of type MBOX.SCAN_ALL detected
"
procmail: Assigning "av_REQUIRED_DIR=/var/spool/mail/charding_TRASH/viruses/MBOX"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_mkdir.inc"
procmail: Executing "test -d "/var/spool/mail/charding_TRASH/viruses/MBOX""
procmail: No match on ! "test -d "/var/spool/mail/charding_TRASH/viruses/MBOX""
procmail: Assigning "av_REQUIRED_DIR"
procmail: Assigning "av_VIRUSFILE=/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox"
procmail: Assigning "av_VIRUSFILE_ESC=/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox"
procmail: Assigning "LASTFOLDER=/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox"
procmail: Opening "/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox"
procmail: Acquiring kernel-lock
procmail: Assigning "av_FILENAME=(no attachment)"
procmail: Assigning "av_FN_MATCH"
procmail: Assigning "EXITCODE"
procmail: No match on ! "."
procmail: Assigning "av_DELIVER"
procmail: Executing "test -r "/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox""
procmail: No match on ! "test -r "/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox""
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_clamcheck.inc"
procmail: Assigning "av_CLAMAV_VERSION"
procmail: Assigning "av_CLAMSCAN_ID"
procmail: Assigning "av_DETECT_BROKEN"
procmail: Assigning "av_CLAMAV_CVD"
procmail: Assigning "MATCH"
procmail: Executing "clamscan,--stdout,-V"
procmail: Assigning "av_CLAMAV_VERSION=ClamAV 0.90.1-exp"
procmail: Assigning "MATCH="
procmail: Matched "0.90.1-exp"
procmail: Match on "^^(clamscan / )?ClamAV \/[^/]+(/[0-9]+)?"
procmail: Assigning "av_CLAMAV_VERSION=0.90.1-exp"
procmail: No match on "^^version \/.+"
procmail: No match on "/\/[0-9]+"
procmail: Assigning "MATCH="
procmail: Matched "0.90"
procmail: Match on "^^\/[0-9]+\.[0-9]+"
procmail: Assigning "av_CLAMAV_VERSION_NR=0.90"
procmail: Score:       0      +0 ""
procmail: Score:       0      +0 ""
procmail: Assigning "av_CLAMSCAN_ID=700"
procmail: No match on ! "."
procmail: Match on ! "."
procmail: Executing "$av_CLAMSCAN_PROG --debug --no-summary --tempdir=/dev/null 2>&1"
procmail: Assigning "av_CLAMAV_DB=LibClamAV debug: Setting /dev/null as global temporary directory
LibClamAV debug: Initializing the engine (0.90.1-exp)
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Compiling regex:^((((((0[xX])?[a-fA-F0-9])+\.?)+)?0[xX][a-fA-F0-9]+\.?(((0[xX])?[a-fA-F0-9])+\.?)+)|(((((0[xX])?[a-fA-F0-9])+\.?)+)?000[0-9]+\.?(((0[xX])?[a-fA-F0-9])+\.?)+)|([0-9]{8,}))$
LibClamAV debug: Compiling regex:^(a[dfilmoqrtuwxz]|b[bdeghijmorstwyz]|c[ahlmnosuy]|d[ejkmz]|e[cegrstu]|f[ijr]|g[abdeghilmnprtuwy]|h[nrtu]|i[delnqst]|j[emop]|k[eghimwz]|l[birstuv]|m[acglmnoqrstuvwxyz]|n[aegilopru]|om|p[aehkltwy]|qa|r[ow]|s[cdeginorz]|t[dghjklmnorvwz]|u[agyz]|v[enu]|ws|y[etu])$
LibClamAV debug: Compiling regex:^(A[CDEFGILMNOQRSTUWXZ]|B[ABDEFGHIJMNORSTVWYZ]|C[ACDFGHIKLMNORUVXYZ]|D[EJKMOZ]|E[CEGRSTU]|F[IJKMOR]|G[ABDEFGHILMNPQRSTUWY]|H[KMNRTU]|I[DELMNOQRST]|J[EMOP]|K[EGHIMNRWYZ]|L[ABCIKRSTUVY]|M[ACDGHKLMNOPQRSTUVWXYZ]|N[ACEFGILOPRUZ]|OM|P[AEFGHKLMNRSTWY]|QA|R[EOUW]|S[ABCDEGHIJKLMNORTUVYZ]|T[CDFGHJKLMNOPRTVWZ]|U[AGKMSYZ]|V[ACEGINU]|W[FS]|Y[ETU]|Z[AMW]|BIZ|CAT|COM|EDU|GOV|INT|MIL|NET|ORG|PRO|AERO|ARPA|COOP|INFO|JOBS|MOBI|NAME|MUSEUM)$
LibClamAV debug: Compiling regex:^ *(([a-zA-Z]([-$_@&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})*:(//)?)?(([-$_@&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})|\+)+\.((([-$_@&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})|\+)+\.)*(A[CDEFGILMNOQRSTUWXZ]|B[ABDEFGHIJMNORSTVWYZ]|C[ACDFGHIKLMNORUVXYZ]|D[EJKMOZ]|E[CEGRSTU]|F[IJKMOR]|G[ABDEFGHILMNPQRSTUWY]|H[KMNRTU]|I[DELMNOQRST]|J[EMOP]|K[EGHIMNRWYZ]|L[ABCIKRSTUVY]|M[ACDGHKLMNOPQRSTUVWXYZ]|N[ACEFGILOPRUZ]|OM|P[AEFGHKLMNRSTWY]|QA|R[EOUW]|S[ABCDEGHIJKLMNORTUVYZ]|T[CDFGHJKLMNOPRTVWZ]|U[AGKMSYZ]|V[ACEGINU]|W[FS]|Y[ETU]|Z[AMW]|BIZ|CAT|COM|EDU|GOV|INT|MIL|NET|ORG|PRO|AERO|ARPA|COOP|INFO|JOBS|MOBI|NAME|MUSEUM)(/((([-$_@.&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})|\+)+/?)*)?(\?(([-$_@.&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})+\+)*)?(#([-$_@.&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})+)?|(http|https|ftp)://.+) *$
LibClamAV debug: Compiling regex:^ *([a-zA-Z]([-$_@&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})*:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}(:(([-$_@&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})|\+)+)?(/((([-$_@.&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})|\+)+/?)*)?(\?(([-$_@.&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})+\+)*)?(#([-$_@.&a-zA-Z0-9!*"'(),]|%[0-9a-fA-f]{2})+)? *$
LibClamAV debug: Phishcheck module initialized
LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock
LibClamAV debug: Can't open Lock file for Database Directory: /usr/share/clamav
LibClamAV debug: Loading databases from /usr/share/clamav
LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock
LibClamAV debug: Can't open Lock file for Database Directory: /usr/share/clamav/daily.inc
LibClamAV Error: cli_loaddbdir(): Can't open directory /usr/share/clamav/daily.inc
LibClamAV debug: cli_loaddbdir(): error loading database /usr/share/clamav/daily.inc
ERROR: Unable to open file or directory"
procmail: Assigning "MATCH="
procmail: Matched "/usr/share/clamav
"
procmail: Match on ".+$()LibClamAV debug: Loading databases from \/[^ ]+$"
procmail: Matched "/usr/share/clamav"
procmail: Match on "^\/.+"
procmail: Assigning "av_CLAMAV_DB=/usr/share/clamav"
procmail: Executing "sigtool,--stdout,-i,/usr/share/clamav/daily.cvd"
procmail: Assigning "av_CLAMAV_CVD=ERROR: cvdinfo: Can't read/parse CVD header of /usr/share/clamav/daily.cvd"
procmail: No match on ".+$()Version: \/[0-9]+"
procmail: Match on "."
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_clamscan.inc"
procmail: Match on "^^MBOX^^"
procmail: Assigning "av_PHISH_OPTIONS=on"
procmail: Score:     700     700 ""
procmail: Score:    -799     -99 ""
procmail: Assigning "av_LOG1=SoftlabsAV 0.9: WARNING: ClamAV version '0.90.1-exp' is not "
procmail: Assigning "av_LOG2=supported to scan mbox files. Version 0.80 or higher is required!
"
procmail: Assigning "LOG=SoftlabsAV 0.9: WARNING: ClamAV version '0.90.1-exp' is not supported to scan mbox files. Version 0.80 or higher is required!
"
SoftlabsAV 0.9: WARNING: ClamAV version '0.90.1-exp' is not supported to scan mbox files. Version 0.80 or higher is required!
procmail: Assigning "av_LOG1"
procmail: Assigning "av_LOG2"
procmail: Assigning "av_CLAMAV_RESULT=(ClamAV 0.90.1-exp not supported for mbox!)"
procmail: Assigning "SWITCHRC"
procmail: No match on ! "^^(jpg|Html|SCAN_ALL)^^"
procmail: Match on ! "^^0^^"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_log.inc"
procmail: Match on ! "."
procmail: Executing "file,/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox"
procmail: Assigning "av_FILETYPE=/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox: ASCII mail text"
procmail: Assigning "MATCH="
procmail: Matched "ASCII mail text"
procmail: Match on "^[^:]+[:] \/[^,(]+"
procmail: Assigning "av_FILETYPE=ASCII mail text"
procmail: Executing "ls,-l,/var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox"
procmail: Assigning "av_FILEINFO=-rw-------  1 charding charding 5213 Mar 26 10:40 /var/spool/mail/charding_TRASH/viruses/MBOX/20070326-104004.583454_SCAN_ALL.mbox"
procmail: Assigning "MATCH="
procmail: Matched "5213"
procmail: Match on "^[^ ]+ +[^ ]+ +[^ ]+ +[^ ]+ +\/[^ ]+"
procmail: Assigning "av_FILESIZE=5213"
procmail: Assigning "av_FILEINFO"
procmail: Assigning "MATCH=MBOX"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_length.inc"
procmail: Score:       4       4 "."
procmail: Assigning "av_LENGTH=4"
procmail: Assigning "av_SPC3"
procmail: Score:       4       4 ""
procmail: Score:      -4       0 ""
procmail: Assigning "MATCH=5213"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_length.inc"
procmail: Score:       4       4 "."
procmail: Assigning "av_LENGTH=4"
procmail: Assigning "av_SPC4"
procmail: Assigning "av_MULTIPLIER"
procmail: Score:       7       7 ""
procmail: Score:      -4       3 ""
procmail: Assigning "av_MULTIPLIER=3"
procmail: Match on "."
procmail: Assigning "av_CAT= "
procmail: Assigning "av_CAT_MULTIPLIED"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_cat.inc"
procmail: Score:       3       3 ""
procmail: Assigning "av_CAT_MULTIPLIED= "
procmail: Score:       3       3 ""
procmail: Score:      -1       2 ""
procmail: Assigning "av_MULTIPLIER=2"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_cat.inc"
procmail: Score:       2       2 ""
procmail: Assigning "av_CAT_MULTIPLIED=  "
procmail: Score:       2       2 ""
procmail: Score:      -1       1 ""
procmail: Assigning "av_MULTIPLIER=1"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_cat.inc"
procmail: Score:       1       1 ""
procmail: Assigning "av_CAT_MULTIPLIED=   "
procmail: Score:       1       1 ""
procmail: Score:      -1       0 ""
procmail: Assigning "av_SPC4=   "
procmail: Assigning "av_CAT_MULTIPLIED"
procmail: Assigning "av_CAT"
procmail: Assigning "av_MULTIPLIER"
procmail: Assigning "av_LOGNAME"
procmail: Match on "^^name^^"
procmail: Assigning "av_LOGNAME=charding"
procmail: Assigning "MATCH=20070326-104004.583454       charding        MBOX.SCAN_ALL   (ClamAV 0.90.1-exp not supported for mbox!)     "
procmail: Assigning "av_LOG2=   5213    "(no attachment)"       ASCII mail text (Non-HTML)
"
procmail: Assigning "VERBOSE=off"
procmail: [22863] Mon Mar 26 10:40:05 2007
procmail: Assigning "SWITCHRC"
procmail: Assigning "LOG=SoftlabsAV 0.9: Potential malicious mail of type MBOX.SCAN_ALL detected
"
SoftlabsAV 0.9: Potential malicious mail of type MBOX.SCAN_ALL detected
procmail: Assigning "av_X_VIRUS=This message was caught by SoftlabsAV 0.9 due to its potential MBOX.SCAN_ALL type infection"
procmail: Assigning "INCLUDERC=/etc/procmailrcs/SoftlabsAV/inc/av_formail.inc"
procmail: Assigning "av_FORMAIL_ARG1=-iX-Virus-Filter: This message was caught by SoftlabsAV 0.9 due to its potential MBOX.SCAN_ALL type infection"
procmail: Assigning "av_FORMAIL_ARG2"
procmail: No match on "^^(on|yes|true)^^"
procmail: Executing "formail,-iX-Virus-Filter: This message was caught by SoftlabsAV 0.9 due to its potential MBOX.SCAN_ALL type infection"
procmail: No match on "."
procmail: No match on "^^(on|yes|true)^^"
procmail: Assigning "av_FOLDER_FIRST=/"
procmail: Assigning "av_FOLDER_MIDDLE=."
procmail: Assigning "av_FOLDER_LAST"
procmail: Assigning "av_DELIVER_TO_MAILDIR"
procmail: Assigning "av_FOLDER=/var/spool/mail/charding_TRASH/viruses/20070326-104004.583454_MBOX.SCAN_ALL.virus"
procmail: Assigning "av_FOLDER=/var/spool/mail/charding_TRASH/viruses/20070326-104004.583454_MBOX.SCAN_ALL.virus"
procmail: Assigning "LASTFOLDER=/var/spool/mail/charding_TRASH/viruses/20070326-104004.583454_MBOX.SCAN_ALL.virus"
procmail: Opening "/var/spool/mail/charding_TRASH/viruses/20070326-104004.583454_MBOX.SCAN_ALL.virus"
procmail: Acquiring kernel-lock
procmail: Notified comsat: "charding@0:/var/spool/mail/charding_TRASH/viruses/20070326-104004.583454_MBOX.SCAN_ALL.virus"
procmail: Assigning "EXITCODE=0"
procmail: Executing "logger,-i,-t,procmail,-p,mail.info,l2QHe41m022860: lastfolder=/var/spool/mail/charding_TRASH/viruses/20070326-104004.583454_MBOX.SCAN_ALL.virus"

[Robert Allerstorfer]

Thank you for posting the log. I have found your problem's source. It's not caused by SoftlabsAV, however, the warning it gave is not correct. I have corrected this in SVN and would recommend you to update the files in question within your SoftlabsAV/inc/ directory.

To do so, please first make sure you have the subversion client installed on your server and then exexute the following commands on the sh shell:

svn co https://softlabsav.svn.sourceforge.net/svnroot/softlabsav softlabsav
mv -f softlabsav/etc/procmailrcs/SoftlabsAV/inc/*.inc /etc/procmailrcs/SoftlabsAV/inc/

Then, *dis*able procmail's verbose logging and see what you will get in your procmail.log file. Please post it here.

Thanks,
rob.

[Chuck Harding]

SoftlabsAV 0.9+_devel-20070327: ERROR: ClamAV 0.90.1-exp uses wrong DB directory '/usr/share/clamav'. Please recompile ClamAV with the correct '--with-dbdir' configure option!
SoftlabsAV 0.9+_devel-20070327: Potential malicious mail of type MBOX.SCAN_ALL detected
SoftlabsAV 0.9+_devel-20070327: ERROR: ClamAV 0.90.1-exp uses wrong DB directory '/usr/share/clamav'. Please recompile ClamAV with the correct '--with-dbdir' configure option!
SoftlabsAV 0.9+_devel-20070327: Potential malicious mail of type MBOX.SCAN_ALL detected
SoftlabsAV 0.9+_devel-20070327: ERROR: ClamAV 0.90.1-exp uses wrong DB directory '/usr/share/clamav'. Please recompile ClamAV with the correct '--with-dbdir' configure option!
SoftlabsAV 0.9+_devel-20070327: Potential malicious mail of type MBOX.SCAN_ALL detected
SoftlabsAV 0.9+_devel-20070327: ERROR: ClamAV 0.90.1-exp uses wrong DB directory '/usr/share/clamav'. Please recompile ClamAV with the correct '--with-dbdir' configure option!
SoftlabsAV 0.9+_devel-20070327: Potential malicious mail of type MBOX.SCAN_ALL detected
SoftlabsAV 0.9+_devel-20070327: ERROR: ClamAV 0.90.1-exp uses wrong DB directory '/usr/share/clamav'. Please recompile ClamAV with the correct '--with-dbdir' configure option!
SoftlabsAV 0.9+_devel-20070327: Potential malicious mail of type MBOX.SCAN_ALL detected

until I disabled SAV. My question is, why should SAV care which DB directory ClamAV is using?

[Robert Allerstorfer]

OK, this is the expected output. SoftlabsAV does not need ClamAV's DB directory, however, it does need a working clamscan. As of ClamAV 0.8, a working clamscan additionally returns information about its daily DB in use, when its version is queried by the -V option. Thus, executing

clamscan -V

must return something like

ClamAV 0.90.1-exp/2941/Tue Mar 27 10:24:38 2007

In your case, it just returned

ClamAV 0.90.1-exp

That is only the case when clamscan tries to use a DB directory which does not actually contain any Clam Virus Database. The path to the DB directory to be used by clamscan is compiled in into the clamscan binary, resulting from the '--with-dbdir' configure option at compile time.

You currently have '/usr/share/clamav' as the DB directory compiled in into clamscan, but clamscan cannot use a DB residing in that directory. So, the error message SoftlabsAV is now issuing gives you the solution to the problem:

Please recompile ClamAV with the correct '--with-dbdir' configure option!

[Chuck Harding]

OK. I rebuilt ClamAV with the --with-dbdir=/var/clamav/db (which had been previously created with appropriate permissions) and the results from sending a test message was:

SoftlabsAV 0.9+_devel-20070327: Potential malicious mail of type MBOX.SCAN_ALL detected
        (no virus identified) (ClamAV 0.90.1-exp/2942)
From charding@llnl.gov  Tue Mar 27 11:28:07 2007
Subject: Testing new ClamAV and SoftLabsAV
  Folder: LLNL

So it all seems to be working as expected. I'd like it if the noise in the log about MBOX.SCAN_ALL could  possibly be turned down, though. Is that possible?

[Robert Allerstorfer]

That's fine - recompiling clamscan definitely solved your problem!

Regarding the log noise about MBOX.SCAN_ALL mails with no virus identified, please open a feature request ticket via the Tracker: On SoftlabsAV's SourceForge project start page (http://sourceforge.net/projects/softlabsav/), under "Public Areas", click on "Tracker", then on "Submit New". Select "Feature request" as the Category, and "SoftlabsAV procmail-filter" as the Group.

regards,
rob.