Open vkbaker53 opened 7 years ago
msapiro
commented
7 years ago Did you test the wrapper per the suggestions in the comments in virus.scanners.conf?
Also, shouldn't the wrapper be /usr/lib/MailScanner/wrapper/mcafee6-wrapper, not /usr/lib/MailScanner/mcafee6-wrapper.
vkbaker53
commented
7 years ago Yes, to both inquiries.
I did drop the mcafee6 wrapper into the new directory and tested. The mcafree6 script does function properly per test instructions as outlined in the virus.scanners.conf file.
However, MailScanner --lint responds with eicar.com discovered only by clamd ... no mention of mcafee6.
msapiro
commented
7 years ago What do you have for Virus Scanners in /etc/MailScanner/MailScanner.conf and all included files in /etc/MailScanner/conf.d/ and possibly elsewhere. Or, what does
ms-peek 'virus scanners' /etc/MailScanner/MailScanner.conf
produce?
vkbaker53
commented
7 years ago [MailScanner]# ms-peek 'virus scanners' /etc/MailScanner/MailScanner.conf mcafee6 clamd
[MailScanner]# grep mcafee virus.scanners.conf mcafee6 /usr/lib/MailScanner/wrapper/mcafee6-wrapper /usr/local/uvscan
[MailScanner]# ll /usr/lib/MailScanner/wrapper/mcafee* -rwxr-xr-x 1 root root 11037 Sep 3 13:47 /usr/lib/MailScanner/wrapper/mcafee6-autoupdate -rwxr-xr-x 1 root root 2175 Sep 3 13:47 /usr/lib/MailScanner/wrapper/mcafee6-wrapper
[MailScanner]# /usr/lib/MailScanner/wrapper/mcafee6-wrapper /usr/local/uvscan /etc/named.conf McAfee VirusScan Command Line for Linux32 Version: 6.0.3.356 Copyright (C) 2010 McAfee, Inc. (408) 988-3832 LICENSED COPY - June 27 2010
AV Engine version: 5400.1158 for Linux32. Dat set version: 8643 created Sep 3 2017 Scanning for 668555 viruses, trojans and variants.
Time: 00:00.00
[MailScanner]# MailScanner --lint Trying to setlogsock(unix)
Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 1500 hostnames from the phishing whitelist Read 12417 hostnames from the phishing blacklists Config: calling custom init function MailWatchLogging Started SQL Logging child
Checking version numbers... Version number in MailScanner.conf (5.0.6) is correct.
Your envelope_sender_header in spamassassin.conf is correct.
Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature"
If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function MailWatchLogging
msapiro
commented
7 years ago MailScanner.conf says "Virus Scanners = mcafee6 clamd" mktemp: invalid option -- - Usage: mktemp [-V] | [-dqtu] [-p prefix] [template]
This is a clue
Found these virus scanners installed: clamd
MailScanner is calling
/usr/lib/MailScanner/wrapper/mcafee6-wrapper /usr/local/uvscan IsItInstalled
which is apparently throwing the mktemp error when it does
/usr/local/uvscan/uvscan --version | grep "Dat set version: " > /dev/null
vkbaker53
commented
7 years ago Yes, uvscan is installed.
I'm becoming increasingly convinced MailScanner-5.0.6-4 has unresolvable difficulty with mcafee6. Manual invocation of the wrapper scripts (both wrapper and update) operates predictably whereas they fail under purview of MailScanner.
It appears I may have to revert to the 4.84 version.
msapiro
commented
7 years ago Yes, uvscan is installed.
Yes, I know that from previous comments. Did you actually do
/usr/lib/MailScanner/wrapper/mcafee6-wrapper /usr/local/uvscan IsItInstalled
and/or
/usr/local/uvscan/uvscan --version | grep "Dat set version: " > /dev/null
Please do those and see what happens. Also, just
/usr/local/uvscan/uvscan --version
msapiro
commented
7 years ago I understand your frustration, and I'm trying to help find the problem. The --lint output you posted says when MailScanner calls
/usr/lib/MailScanner/wrapper/mcafee6-wrapper /usr/local/uvscan -IsItInstalled
it gets a non-zero status return. I'm trying to determine why. If you want to just make it work, you could replace the lines
if [ "x$1" = "x-IsItInstalled" ]; then
[ -x ${PackageDir}/$prog ] || exit 1
${PackageDir}/$prog --version | grep "Dat set version: " > /dev/null [ $? = 0 ] && exit 0
exit 1 fi
in mcafee6-wrapper with
if [ "x$1" = "x-IsItInstalled" ]; then exit 0 fi
That will always return true to -IsItInstalled and it should work.
Note in my prior comments,
/usr/lib/MailScanner/wrapper/mcafee6-wrapper /usr/local/uvscan IsItInstalled
should be
/usr/lib/MailScanner/wrapper/mcafee6-wrapper /usr/local/uvscan -IsItInstalled
(i.e., a hyphen before IsItInstalled).
vkbaker53
commented
7 years ago Thanks Mark. I sincerely appreciate the assistance; however reverting to 4.84 is necessary at this time.
I operate several MailScanner servers (I am one of Juilan's early adopters) and wanted to test the 5.0 version on a private server before rolling out to the masses.
Alas, this experience hasn't been quite what I expected. I've encountered more manual intervention than I want to apply to client environments.
I'll spin up a VM in the future and evaluate 5.0 once again. Maybe the short term solution is to ditch McAfee and move to another AV engine.
shawniverson
commented
7 years ago @msapiro Do you know if mcafee6 is a "free" scanner? If so, I can take a shot at debugging it.
msapiro
commented
7 years ago @shawniverson You can get a "free trial", but it requires a paid license.
jcbenton
commented
7 years ago I removed mcafee because it was no longer free. It had also changed so the wrapper did not work. Anyone that has a licensed copy is free to create a wrapper and provide it to the project.
What happened to AV support for mcafee6?
Moving the mcafee6 wrapper from a 4.84 release to the new /usr/lib/MailScanner/mcafee6-wrapper folder and editing virus.scanners.conf file doesn't seem to do the trick. I've listed mcafee6 within the MailScanner.conf as one of the Virus Scanners.
When issuing MailScanner --lint only clam AV is invoked.