[Avcheck] Possible errors in my master.cf

Michael Tokarev mjt@tls.msk.ru
Mon, 20 May 2002 14:06:56 +0400


Serge Leschinsky wrote:
> 
> Dear Sirs!
> 
>  I've installed AVcheck 0.8. I tested it and saw the following
> > [root@builder-host avcheck-0.7]# ./check
> > /var/spool/avp/./tst/1479.tmp (from root, to root) is infected:
> > infected: EICAR-Test-File
>  so  I've decided that  avp daemon and avchek work. After that I
>  tried to change  master.cf as it was written in postfix.readme

Seems ok.

>  Apparently, I do something wrong because the test message  isn't
> been found by avcheck.

?  What was not found - a *message* (i.e. mail disappeared), or a *virus*
(i.e. avp/avcheck wan't detect a virus, passing all mail as if there was
no viruses) ?  But see below.

>  master.cf (only edition parts):
> > # ============================================================================
> > # service        type   private unpriv  chroot  wakeup  maxproc command + args
> > #                       (yes)   (yes)   (yes)   (never) (50)
> > # ============================================================================
> > localhost:1025   inet   n       -       n       -       -       smtpd -o content_filter=avcheck
> > smtp             inet   n       -       n       -       -       smtpd
> > #smtps           inet   n       -       n       -       -       smtpd
>  ------------------- .... ----------------------------
> > avcheck          unix   -       n       n       -       5       pipe
> >   flags=q user=avclient argv=/var/spool/avp/avcheck
> >   -d /var/spool/avp/./tst -s AVP:/var/spool/avp/ctl/AvpCtl
> >   -f ${sender} -S :1025 -- ${recipient}
> >
>  May be somebody can share a working master.cf or point me my
> mistake...

Serge, please look to your logs.  You did just the opposite compared to
instructions in README.Postfix.  If someone will for whatether reason
send something infected to your localhost:1025, you'll get a mail loop.
In contrast, mail sent to port 25 will not be checked for viruses (in
your logs, there is no single line about avcheck -- all mail delivered
without being checked for viruses).

I hope you'll be able to figure out what's wrong based on the above
info.  I suggest you to *think* before asking more questions -- this
will be useful to *you*, because it seems you don't understand the
basics, and without that it's difficult to solve other possible
problems if there will be ones (no offenses please, all may happen).

Regards,
 Michael.