[Avcheck] Fwd: Re: AV Server

Len Conrad LConrad@Go2France.com
Fri, 16 Nov 2001 17:01:42 +0000


Michael, Ralf,

The client has continued to pound on the FreeBSD+postfix+Kasp+avcheck0.6.

He sends 1000's of msg to the server with no virus, and all passes well, no 
kernel errors.

He sends one msg with a virus and gets this error:

/kernel: dscheck(#da/2): b_bcount 37 is not on a sector boundary (ssize 512)

So we're pretty convinced the problem is virus-related, not hardware related.

Len

------------------



>This problem is beginning to look like it only occurs when the "SMTPD -o 
>content filter" is activated.
>
>Could the software really be the cause.  No amount of hardware testing 
>shows any memory or disk problems (brand new Dell server).
>
>Len
>
>------------------------------
>
>
>> > In order to pin this on kasp or avcheck rather than the , you're going to
>> > have be really rigourous in doing the A vs B testing.
>> >
>> > I would start with using the master.cf.save file rather than the master.cf
>> > file with the av settings.  then just hit the server really hard with the
>> > merak test, and/or the postfix smtp-source program.  the destination
>> > mailbox can be on imail where it just dumps all msgs to that box to nul
>>
>>Ok, here are the results of testing...
>>
>>Mass sending of email (~500 emails)
>>     without content filter ===> no errors
>>     with content filter     ====> no errors
>>
>>Sending of an email with the EICAR-Test-File ( 1 email)
>>     without content filter ===> no errors
>>     with content fillter ===> error
>>                                          ^^^^^
>>
>>What is the "virus detection engine" doing different when a virus
>>is discovered that is causing the following error message on the
>>console and the message logfile?
>>
>>/kernel: dscheck(#da/2): b_bcount 37 is not on a sector boundary (ssize 512)
>
>_______________________________________________
>Avcheck mailing list
>Avcheck@list.corpit.ru
>http://www.corpit.ru/mailman/listinfo/avcheck

http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways