[Avcheck] attachments not scanned

Ward van Wanrooij w.vanwanrooij@siteworld.nl
Fri, 27 Jul 2001 16:27:28 +0100


Hi,

I just installed avpcheck and a trial edition of AVP today.

I configured everything according to the HOWTO, and read about every
message abut avpcheck in the postfix mailing lists. Mails get scanned by
avpcheck, however it never finds a single virus. I use the following
commandline to start avpcheck:

/usr/bin/env - HOME=/ /bin/nice /usr/local/bin/uchroot -u avpd
/var/spool/avp ./kavdaemon -Y -O -dl -V -pb -* -MD -MP -W+ -f=/ctl -r
/tst
By using -W+, it also generates a report, which contains a lot of these
entries:
/tst/avp.996243672.10654.tmp    ok. 
 
Current object: <0>Jul 27 16:21:12:/tst/avp.996243672.10654.tmp 
 
         Sector Objects :      0              Known viruses :      0 
                  Files :      1               Virus bodies :      0 
                Folders :      0                Disinfected :      0 
               Archives :      0                    Deleted :      0 
                 Packed :      0                   Warnings :      0 
                                                 Suspicious :      0 
         Speed (Kb/sec) :      0                  Corrupted :      0 
              Scan time :  00:00:01              I/O Errors :      0 

It never detects a mail with a viral attachment (e.g. eicar, SirCam),
however when I compile the first sample of AVP and use that to connect
to the avpdaemon and directly scan the file (eicar.com, virus.doc), it
does detect the virus, it also reports this in the report file:

Query for the tests: <0>Jul 27 13:28:51:/tst/eicar.com 
 
/tst/eicar.com  infected: EICAR-Test-File 
File /tst/eicar.com contains a virus.
 
Current object: <0>Jul 27 13:28:51:/tst/eicar.com 
 
         Sector Objects :      0              Known viruses :      1 
                  Files :      1               Virus bodies :      1 
                Folders :      0                Disinfected :      0 
               Archives :      0                    Deleted :      0 
                 Packed :      0                   Warnings :      0 
                                                 Suspicious :      0 
         Speed (Kb/sec) :      0                  Corrupted :      0 
              Scan time :  00:00:01              I/O Errors :      0 

I am really puzzled and am looking forward to any help you might be able
to offer.

Bye,

Ward van Wanrooij