Nadgorliwy mks / amavis. (wirusy z pld-users ;) )
Mateusz Korniak
mateusz w ant.gliwice.pl
Wto, 26 Sie 2003, 16:24:03 CEST
Próbnie zainstalowałem zestaw antivirusowy, ale niestety jest on zdecydowanie
nadgorliwy - traktuje jako wirusy np. puste miale z kmaila albo cześć maili z
tej listy ;)
Jakieś sugestie - co sprawdzić - TIA ?
Posiłkowałem się opisem:
http://www.pld-linux.org/Members/jasio/mks-postfix/view
Pakiety jakie mam (Ra):
poldek> ls *amavis* -I
amavisd-new-20030314-3
poldek> ls *mks* -I
mks-1.9.1-2
mks-bases-1.9.1-2
mks-updater-1.9.1-2
mksd-1.14-3
mksd-clients-1.14-3
Całość o tyle dziwna że virusami staja się maile które potem nie są
identyfikowane jako zainfekowane:
[root w beauty virusmails]# mks32 virus-pldusers
mks_vir: init... 1.9.1 for Linux i386, 2003.07.10
mks_vir: database version 2003 7 21 11 51
mks_vir: init OK, scan mode
mks_vir: check file(s)
mks_vir: file: virus-pldusers
mks_vir: ==OK==
mks_vir: status: OK virus-pldusers
mks_vir: exit code: 0x00
Natomiast używany przez amavisa programik daje dziwne wyniki:
[root w beauty virusmails]# mkschk virus-pldusers
ERR 064 /var/spool/amavis/virusmails/virus-pldusers
[root w beauty virusmails]# mkschk eicar.com
VIR Eicar.Test /var/spool/amavis/virusmails/eicar.com
[root w beauty virusmails]# mkschk /etc/ld.so.conf
OK /etc/ld.so.conf
A fragment /var/log/maillog:
Aug 26 16:04:20 beauty postfix/cleanup[8678]: 9A5B2FB08:
message-id=<Pine.LNX.4.56L.0308261603420.16296 w piorun.ds.pg.gda.pl>
Aug 26 16:04:20 beauty postfix/qmgr[6745]: 9A5B2FB08:
from=<pld-devel-pl-return-46338-mateusz=ant.gliwice.pl w pld-linux.org>,
size=2491, nrcpt=1 (queue active)
Aug 26 16:04:20 beauty amavis[8504]: (08504-05) ESMTP:10024
/var/spool/amavis/runtime/amavis-20030826T155905-08504:
<pld-devel-pl-return-46338-mateusz=ant.gliwi
ce.pl w pld-linux.org> -> <mateusz w ant.gliwice.pl> Received: SIZE=2491 from
beauty.ant.gliwice.pl ([127.0.0.1]) by localhost (beauty [127.0.0.1])
(amavisd-new, po
rt 10024) with ESMTP id 08504-05 for <mateusz w ant.gliwice.pl>; Tue, 26 Aug
2003 16:04:20 +0200 (CEST)
Aug 26 16:04:20 beauty postfix/smtpd[8677]: disconnect from
gabber.metalab.unc.edu[152.2.241.57]
Aug 26 16:04:20 beauty amavis[8504]: (08504-05) body hash:
7579f32addbcf667a71c83fbf6e31654
Aug 26 16:04:20 beauty amavis[8504]: (08504-05) Checking:
<pld-devel-pl-return-46338-mateusz=ant.gliwice.pl w pld-linux.org> ->
<mateusz w ant.gliwice.pl>
Aug 26 16:04:20 beauty amavis[8504]: (08504-05) Using MkS_Vir Daemon for
Linux: /usr/bin/mkschk -s
/var/spool/amavis/runtime/amavis-20030826T155905-08504/parts/
part-00001
Aug 26 16:04:20 beauty amavis[8504]: (08504-05) run_av: /usr/bin/mkschk
status=1 (256 ),ERR 064 S
/var/spool/amavis/runtime/amavis-20030826T155905-08504/parts/p
art-00001
Aug 26 16:04:20 beauty amavis[8504]: (08504-05) local delivery:
<pld-devel-pl-return-46338-mateusz=ant.gliwice.pl w pld-linux.org> ->
<virus-quarantine>, mbx=/var
/spool/amavis/virusmails/virus-20030826-160420-08504-05
Aug 26 16:04:20 beauty amavis[8504]: (08504-05) SEND via SMTP:
[127.0.0.1:10025] <virusalert w localhost> -> <virusalert w localhost>
Aug 26 16:04:20 beauty postfix/smtpd[8682]: connect from localhost[127.0.0.1]
Aug 26 16:04:20 beauty postfix/smtpd[8682]: DCEA0FB09:
client=localhost[127.0.0.1]
Aug 26 16:04:20 beauty postfix/cleanup[8678]: DCEA0FB09:
message-id=<VA08504-05 w beauty>
Aug 26 16:04:21 beauty postfix/smtpd[8682]: disconnect from
localhost[127.0.0.1]
Aug 26 16:04:21 beauty amavis[8504]: (08504-05) INFECTED (),
<pld-devel-pl-return-46338-mateusz=ant.gliwice.pl w pld-linux.org> ->
<mateusz w ant.gliwice.pl>, quara
ntine virus-20030826-160420-08504-05, Message-ID:
<Pine.LNX.4.56L.0308261603420.16296 w piorun.ds.pg.gda.pl>
Aug 26 16:04:21 beauty amavis[8504]: (08504-05) TIMING [total 441 ms] - SMTP
EHLO: 3 (1%), SMTP pre-MAIL: 1 (0%), SMTP pre-DATA-flush: 5 (1%), SMTP DATA:
31 (7%
), body hash: 1 (0%), mime_decode: 29 (6%), get-file-type: 17 (4%),
decompose_part: 1 (0%), parts: 0 (0%), AV-scan-1: 14 (3%), write-header: 11
(2%), save-to-lo
cal-mailbox: 1 (0%), fwd-connect: 154 (35%), fwd-mail-from: 74 (17%),
fwd-rcpt-to: 3 (1%), write-header: 8 (2%), fwd-data: 25 (6%), fwd-rundown: 53
(12%), unlin
k-1-files: 11 (3%), rundown: 0 (0%)
--
Mateusz Korniak
Więcej informacji o liście dyskusyjnej pld-users-pl