[Avcheck] attachments not scanned
Ward van Wanrooij
w.vanwanrooij@siteworld.nl
Fri, 27 Jul 2001 16:27:28 +0100
Hi,
I just installed avpcheck and a trial edition of AVP today.
I configured everything according to the HOWTO, and read about every
message abut avpcheck in the postfix mailing lists. Mails get scanned by
avpcheck, however it never finds a single virus. I use the following
commandline to start avpcheck:
/usr/bin/env - HOME=/ /bin/nice /usr/local/bin/uchroot -u avpd
/var/spool/avp ./kavdaemon -Y -O -dl -V -pb -* -MD -MP -W+ -f=/ctl -r
/tst
By using -W+, it also generates a report, which contains a lot of these
entries:
/tst/avp.996243672.10654.tmp ok.
Current object: <0>Jul 27 16:21:12:/tst/avp.996243672.10654.tmp
Sector Objects : 0 Known viruses : 0
Files : 1 Virus bodies : 0
Folders : 0 Disinfected : 0
Archives : 0 Deleted : 0
Packed : 0 Warnings : 0
Suspicious : 0
Speed (Kb/sec) : 0 Corrupted : 0
Scan time : 00:00:01 I/O Errors : 0
It never detects a mail with a viral attachment (e.g. eicar, SirCam),
however when I compile the first sample of AVP and use that to connect
to the avpdaemon and directly scan the file (eicar.com, virus.doc), it
does detect the virus, it also reports this in the report file:
Query for the tests: <0>Jul 27 13:28:51:/tst/eicar.com
/tst/eicar.com infected: EICAR-Test-File
File /tst/eicar.com contains a virus.
Current object: <0>Jul 27 13:28:51:/tst/eicar.com
Sector Objects : 0 Known viruses : 1
Files : 1 Virus bodies : 1
Folders : 0 Disinfected : 0
Archives : 0 Deleted : 0
Packed : 0 Warnings : 0
Suspicious : 0
Speed (Kb/sec) : 0 Corrupted : 0
Scan time : 00:00:01 I/O Errors : 0
I am really puzzled and am looking forward to any help you might be able
to offer.
Bye,
Ward van Wanrooij