AvMailGate does not find Eicar
I installes Antivir and AntivirMailGate from SuSEs original 7.3prof. antivir is working find and it detects the test-file from eicar: checking drive/path (cwd): /home/jochen /home/jochen/fff Date: 2.12.2001 Time: 10:10:59 Size: 68 VIRUS: file contains code of the virus 'Eicar-Test-Signatur' /home/jochen/eicarcom2.zip Date: 2.12.2001 Time: 23:58:43 Size: 308 VIRUS: file contains a signature of the virus 'Eicar-Test-Signatur' My /etc/avmailgate.conf looks this way: user uucp group uucp SpoolDir /var/spool/vscan/avmailgate Postmaster jochen PidFile_avgated /var/run/avmailgate/avmailgate_d.pid ListenAddress 192.168.0.1 port 25 SmtpTimeout 300 MaxIncomingConnections 0 MaxMessageSize 0 #MaxRecipientsPerMessage100 #MinFreeBlocks 100 RefuseEmptyMailFrom NO PidFile_avgatefwd /var/run/avmailgate/avmailgate_fwd.pid MaxForwarders 3 BlockSuspiciousMime FALSE ExposeAlerts FALSE ForwardTo SMTP: localhost port smtp-backdoor my /etc/sendmail.cf contains the following: O DaemonPortOptions=Name=MTA,Port=smtp-backdoor my /etc/services contains the following: smtp-backdoor 825/tcp # AntiVir MailGate When I send the attached eicar-test-file AntiVirMailGate shows no reaction. When starting with "rcavgate start" /var/log/mail shows the following: Dec 3 06:58:15 jochen avgated[19907]: ready to accept connections on port 25 Dec 3 06:58:16 jochen avmgatefwd[19906]: running in full featured mode When sending a mail with kmail /var/log/mail shows the following: Dec 3 07:05:38 jochen sendmail[19982]: fB365c419982: from=jochen, size=442, class=0, nrcpts=1, msgid=<200112030605.fB365c419982@jochen.wa-p.netz>, relay=localhost [[UNIX: localhost]] Dec 3 07:05:39 jochen sendmail[19984]: fB365c419982: to=jk@wa-p.de, ctladdr=jochen (500/100), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120442, relay=smtp.wa-p.de [62.67.200.3], dsn=2.0.0, stat=Sent (ok 1007359540 qp 28590) Can anyone please help me - it's very urgent for me. Thanx. -- WA-P: Programmierung - Beratung - Hosting Stuttgarter Strasse 3 - D-73033 Goeppingen Tel. 07161 - 92 95 94 Fax 07161 - 1 36 01 http://internet.wa-p.de - jk@wa-p.de
On Mon, 3 Dec 2001, Jochen Kaechelin wrote:
my /etc/sendmail.cf contains the following: O DaemonPortOptions=Name=MTA,Port=smtp-backdoor
my /etc/services contains the following:
smtp-backdoor 825/tcp # AntiVir MailGate
Looks ok.
Dec 3 06:58:15 jochen avgated[19907]: ready to accept connections on port 25 Dec 3 06:58:16 jochen avmgatefwd[19906]: running in full featured mode
Dec 3 07:05:38 jochen sendmail[19982]: fB365c419982: from=jochen, size=442, class=0, nrcpts=1, msgid=<200112030605.fB365c419982@jochen.wa-p.netz>, relay=localhost [[UNIX: localhost]] Dec 3 07:05:39 jochen sendmail[19984]: fB365c419982: to=jk@wa-p.de, ctladdr=jochen (500/100), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120442, relay=smtp.wa-p.de [62.67.200.3], dsn=2.0.0, stat=Sent (ok 1007359540 qp 28590)
Those two log snippets confuse me a bit. avgated tells it accepts connections on port 25, but the second snippets tells me sendmail accepted the message. After the sendmail.cf changes, did you issue rcsendmail restart? Can you telnet localhost 25 and tell me, what you see as greeting? HTH best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (www.amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
It's working fine now. I forgot to tell kmail to use "localhost" as smtp. I still asked "smtp.wa-p.de" for new mails! avmailgate now regonizes the "eicar"-testfile and I will get a warning mesage! Or is there still something to do? Are there any other testfiles to check if it works fine! Thanx Jochen
participants (2)
-
Jochen Kaechelin -
Rainer Link