SOLVED - RE: [Mimedefang] Vexira not being launched by MIMEDefang

Cormack, Ken kcormack at acs.roadway.com
Tue Sep 2 15:52:00 EDT 2003


List,

Rowan's suggestion has led to my discovery of the problem, with Vexira.  The
missing lines I noted earlier, from my /etc/mail/mimedefang-filter, were
entirely the problem.

Vexira is now being launched by MIMEDefang, and it is correctly trapping
virii in the server's mail flow, as I see in the maillog.

Thanks for the help!

Ken


-----Original Message-----
From: Cormack, Ken [mailto:kcormack at acs.roadway.com]
Sent: Tuesday, September 02, 2003 3:37 PM
To: 'mimedefang at lists.roaringpenguin.com'
Subject: RE: [Mimedefang] Vexira not being launched by MIMEDefang


I think you might be on to something, Rowan...

Our working version of /etc/mail/mimedefang-filter is lacking explicit
"message_contains_virus_vexira" and "entity_contains_virus_vexira" lines,
although several other antivirus products are accomodated.

Our mimedefang-filter file is based on the version provided a couple
versions ago.  Maybe it just predates the addition of vexira support, though
I've tried to be careful to merge enhancements from later versions with our
modified version.  Oddly enough, the required support for Vexira WAS in my
/usr/local/bin/mimedefang.pl file.

I've added the appropriate lines to /etc/mail/mimedefang-filter, and I'm
preparing to test, but I'm sure this was the problem.

Ken

-----Original Message-----
From: John Rowan Littell [mailto:littejo at earlham.edu]
Sent: Tuesday, September 02, 2003 3:10 PM
To: 'mimedefang at lists.roaringpenguin.com'
Subject: Re: [Mimedefang] Vexira not being launched by MIMEDefang


-----BEGIN PGP SIGNED MESSAGE-----

Lo, Cormack, Ken and the coffee pot sang in unison:

[Vexira mimedfang.pl description snipped]
>
> ... and "mimedefang.pl -features" reports File::Scan NO installed, and
> VEXIRA installed, but MIMEDefang seems to make no attempt to call vexira,
to
> process a message.  Even the EICAR test file gets through.
>
> Note that when I manually scan an EICAR-containing file using Vexira from
> the commandline, it DOES report that it sees the EICAR test data in the
test
> file.  So I know the vexira product is correctlt installed and
functioning.
>
> Does anyone have any thoughts?
>

I suspect that this depends heavily on the mimedefang-filter script
that you use.  If you have a message_contains_virus sub in your
filter, you'll need to explicitly reference Vexira, e.g.:

sub message_contains_virus () {
	return message_contains_virus_vexira() if
($Features{'Virus:VEXIRA'});

	[etc.]
}

I don't, off the top of my head, know whether the suggested filters
contain Vexira calls yet or not (I have largely rewritten our site's
filter from scratch).  Can you post the relevant section of your
filter?

  --rowan

- -- 
John "Rowan" Littell
Systems Administrator
Earlham College Computing Services
http://www.earlham.edu/~littejo/
2003-09-02 14:07
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
Comment: Made with pgp4pine 1.76

iQCVAwUBP1TrB5dUNSJ2nf/5AQH2NgQA3nrhOLwUY8m/iiaYGmy6piZbwIvjguLm
lyDbKg8ig8fbWosF/0hIVPBivMUY1i2hvn188f5yA8GtCcTsCHulPsSkWPdEyc77
7DIEmkJn7m3JKDTzpgTFZsL1wuqhocsUmMO99gs0eZFBjI/dEqSxm4zVLDvWx+Wd
a4U362t2VAY=
=DRdN
-----END PGP SIGNATURE-----

_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang



More information about the MIMEDefang mailing list