Code: Select all
VIRUS-UNCLEANED=1 ACTION=DISCARD
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOWCheers
Dave
Testing ClamAV Email Scan
Moderators: ScalixSupport, admin
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
-
DuckSmak
- Posts: 13
- Joined: Mon Apr 17, 2006 9:44 am
DAVE!!!!
How's it goin bud! Thanks for your help so-far man, I really appreciate it.
2 things...
First, when you initially asked me to edit the "ALL-ROUTES.VIR" file to contain those 2 lines, I did immediately. Just so you can see, the following is an exact copy of the complete contents from "ALL-ROUTES.VIR" file:
VIRUS-UNCLEANED=1 ACTION=DISCARD
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW
I originally copied this diretly from your text in this forum and re-saved the file. The above is the current configuration, and was prior to running your to other console tests:
Please can you post the raw information without interpretation as it makes it easier to debug
I need to see:
1) The output of ls -l /var/opt/scalix/rules
2) The output of cat -vet /var/opt/scalix/rules/ALL-ROUTES.VIR
2nd thing is this - I don't know if this would be for you or not, but it seems as though there is a bug in this forum. When I refresh the screen to see if you have replied to my post, it usually is set to "Oldest first". I just changed it to "Newest First" and saw your reply. To make sure, I set it back to "Oldest First" and your post was nowhere to be found. I toggled between the two to verify for certainty that this is the case, and your post was only appearing when I sorted by "Newest First".
Please let me know what steps to take next.
Thanks
How's it goin bud! Thanks for your help so-far man, I really appreciate it.
2 things...
First, when you initially asked me to edit the "ALL-ROUTES.VIR" file to contain those 2 lines, I did immediately. Just so you can see, the following is an exact copy of the complete contents from "ALL-ROUTES.VIR" file:
VIRUS-UNCLEANED=1 ACTION=DISCARD
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW
I originally copied this diretly from your text in this forum and re-saved the file. The above is the current configuration, and was prior to running your to other console tests:
Please can you post the raw information without interpretation as it makes it easier to debug
I need to see:
1) The output of ls -l /var/opt/scalix/rules
2) The output of cat -vet /var/opt/scalix/rules/ALL-ROUTES.VIR
2nd thing is this - I don't know if this would be for you or not, but it seems as though there is a bug in this forum. When I refresh the screen to see if you have replied to my post, it usually is set to "Oldest first". I just changed it to "Newest First" and saw your reply. To make sure, I set it back to "Oldest First" and your post was nowhere to be found. I toggled between the two to verify for certainty that this is the case, and your post was only appearing when I sorted by "Newest First".
Please let me know what steps to take next.
Thanks
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
2nd statement disregarded.
WRT the 1st, the output you posted only had one line in the ALL-ROUTES.VIR which is why I asked again.
Can you stop the Service Router, run the command and restart the Service Router and then post the output of
This will indicate if there are any errors in the file. There should be no reference to ndninfo.txt as you are not specifying it in your ALL-ROUTES.VIR file.
Next, do the following where the path to the clam.exe file is usually in /usr/share/doc/clamav-$version/test
This should log information to the audit log. Please post that.
Cheers
Dave
WRT the 1st, the output you posted only had one line in the ALL-ROUTES.VIR which is why I asked again.
Can you stop the Service Router, run the command
Code: Select all
omconfaud router 11Code: Select all
omshowlog -s routerThis will indicate if there are any errors in the file. There should be no reference to ndninfo.txt as you are not specifying it in your ALL-ROUTES.VIR file.
Next, do the following
Code: Select all
omlogon -h localhost -u "User Name" -p password
omsend -t "Another User/mailnode" -s "Test" -z /path/to/clam.exe
omlogoffThis should log information to the audit log. Please post that.
Cheers
Dave
-
DuckSmak
- Posts: 13
- Joined: Mon Apr 17, 2006 9:44 am
srv1:/var/opt/scalix/rules # omshowlog -s router
WARNING Service Router(Service Router) 04.19.06 07:58:33
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 04.19.06 07:58:33
[OM 5152] Error on line 3: Unknown token or syntax error
WARNING Service Router(Service Router) 04.19.06 08:05:14
[SYS 2] No such file or directory
File Name: /var/opt/scalix/rules/ndninfo.txt
<- sdl_MapStdCharInt
<- sdl_MapSysChar
-> sdl_MapSysChar
-> sdl_InitData
-> sdl_MapStdCharInt
-> sdl_InitData
<- sdl_MapStdCharInt
<- sdl_MapSysChar
<- cvc_CmpCS
-> cvc_GetOutString
<- cvc_GetOutString
<- cvc_ConvertString2
-> rsl_ParseNdnInfo
-> rsl_FormFullRulePath
<- rsl_FormFullRulePath
<- /build/10.0.1.3/src/lib/ombase/os/os_fopen.c:71[1,2]
WARNING Service Router(Service Router) 04.19.06 08:05:14
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 04.19.06 08:05:14
[OM 5152] Error on line 1: Error in NDN-INFO specification
File Name: /var/opt/scalix/rules/ndninfo.txt
As for the second part of the instructions, I need further assistance. I was able to troubleshoot to an extent. When I try to enter the "omsend" command, this is what I get:
srv1:/var/opt/scalix/rules # omsend -t "duh/srv1,nscmtrading" -s "Test" -z /home/carlos/Documents/downloads/clamav-0.88.1/clamav-0.88.1/test/clam.exe
usage: omsend [-u name[/mailnode]] [-p password] [-s subject]
[-t to_name]... [-f from_name]... [-c cc_name]... [-b bcc_name]..
[-l dist_list]... [recipient]... [-a ascii_filename]...
[-r binary_filename]... [-z filecode filename]...
[-ad|-ar|-ap] [-mp] [-mu] [-d delay] [-k character_set] [-q]
srv1:/var/opt/scalix/rules #
If I take off the file path and just input srv1:/var/opt/scalix/rules # omsend -t "Carlos/srv1,nscmtrading" -s "Test"
then I get a "Enter Message:" prompt. But I also have noticed it doesn't matter what name I put in there. It doesn't have to be a valid email or account.
Anyway, when I input that WITH the file path, something bombs it out.
When I DON'T use a file path, it doesn't bomb out, but I don't know the command to actually send the test email from the console. It tells me to enter the text, but then how do I actually send it? I've just been using "control, C" to abort the text line.
I have to take off for the day, so I won't be able to send another message. Thanks for all your help so far man...Appreciate it!
Have a great weekend!
WARNING Service Router(Service Router) 04.19.06 07:58:33
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 04.19.06 07:58:33
[OM 5152] Error on line 3: Unknown token or syntax error
WARNING Service Router(Service Router) 04.19.06 08:05:14
[SYS 2] No such file or directory
File Name: /var/opt/scalix/rules/ndninfo.txt
<- sdl_MapStdCharInt
<- sdl_MapSysChar
-> sdl_MapSysChar
-> sdl_InitData
-> sdl_MapStdCharInt
-> sdl_InitData
<- sdl_MapStdCharInt
<- sdl_MapSysChar
<- cvc_CmpCS
-> cvc_GetOutString
<- cvc_GetOutString
<- cvc_ConvertString2
-> rsl_ParseNdnInfo
-> rsl_FormFullRulePath
<- rsl_FormFullRulePath
<- /build/10.0.1.3/src/lib/ombase/os/os_fopen.c:71[1,2]
WARNING Service Router(Service Router) 04.19.06 08:05:14
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 04.19.06 08:05:14
[OM 5152] Error on line 1: Error in NDN-INFO specification
File Name: /var/opt/scalix/rules/ndninfo.txt
As for the second part of the instructions, I need further assistance. I was able to troubleshoot to an extent. When I try to enter the "omsend" command, this is what I get:
srv1:/var/opt/scalix/rules # omsend -t "duh/srv1,nscmtrading" -s "Test" -z /home/carlos/Documents/downloads/clamav-0.88.1/clamav-0.88.1/test/clam.exe
usage: omsend [-u name[/mailnode]] [-p password] [-s subject]
[-t to_name]... [-f from_name]... [-c cc_name]... [-b bcc_name]..
[-l dist_list]... [recipient]... [-a ascii_filename]...
[-r binary_filename]... [-z filecode filename]...
[-ad|-ar|-ap] [-mp] [-mu] [-d delay] [-k character_set] [-q]
srv1:/var/opt/scalix/rules #
If I take off the file path and just input srv1:/var/opt/scalix/rules # omsend -t "Carlos/srv1,nscmtrading" -s "Test"
then I get a "Enter Message:" prompt. But I also have noticed it doesn't matter what name I put in there. It doesn't have to be a valid email or account.
Anyway, when I input that WITH the file path, something bombs it out.
When I DON'T use a file path, it doesn't bomb out, but I don't know the command to actually send the test email from the console. It tells me to enter the text, but then how do I actually send it? I've just been using "control, C" to abort the text line.
I have to take off for the day, so I won't be able to send another message. Thanks for all your help so far man...Appreciate it!
Have a great weekend!
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
First off, I gave you the wrong parameter to omsend. Instead of -z use -r
Second, remove the files ALL-ROUTES.VIR~, ndninfo.txt and ndninfo.txt~, they are not needed.
I'm concerned that you may have some extra information or control characters somewhere in the ALL-ROUTES.VIR file so, I'd advise that you recreate the file from scratch.
Cheers
Dave
Second, remove the files ALL-ROUTES.VIR~, ndninfo.txt and ndninfo.txt~, they are not needed.
I'm concerned that you may have some extra information or control characters somewhere in the ALL-ROUTES.VIR file so, I'd advise that you recreate the file from scratch.
Cheers
Dave
-
DuckSmak
- Posts: 13
- Joined: Mon Apr 17, 2006 9:44 am
Dave,
This worked very well. I followed all instructions, sent the email from the console, viewed the "audit" log and it showed the denial. I then logged into the "admin" and "another user" account, tested multiple emails to and from the 2 accounts. The 2 different virus emails that I sent were both denied, but the regular text email I sent worked perfectly.
Thanks for all your help on this Dave!
Hasta!
This worked very well. I followed all instructions, sent the email from the console, viewed the "audit" log and it showed the denial. I then logged into the "admin" and "another user" account, tested multiple emails to and from the 2 accounts. The 2 different virus emails that I sent were both denied, but the regular text email I sent worked perfectly.
Thanks for all your help on this Dave!
Hasta!
-
Detachable
- Posts: 11
- Joined: Thu Feb 16, 2006 5:24 pm
resurrected
I cant get it to float still:
everything matched 1:1 with duck's problem, then...
even the errors from omshowlog were the same.
Now it really spits out garbage.
Here's the
everything matched 1:1 with duck's problem, then...
even the errors from omshowlog were the same.
Now it really spits out garbage.
Here's the
Code: Select all
omshowlog -s router
WARNING Service Router(Service Router) 03.03.06 16:30:11
[OM 7850] There was no message-id record in the message, so one was added.
New message-id is X000000000019ff3.1141428611.s81433.rrmd.com
WARNING Service Router(Service Router) 03.16.06 20:48:47
[OM 7850] There was no message-id record in the message, so one was added.
New message-id is X000000000025173.1142567327.s81433.rrmd.com
WARNING Service Router(Service Router) 03.16.06 20:48:48
[OM 7850] There was no message-id record in the message, so one was added.
New message-id is X000000000025183.1142567328.s81433.rrmd.com
WARNING Service Router(Service Router) 04.05.06 10:07:55
[OM 7850] There was no message-id record in the message, so one was added.
New message-id is X000000000042123.1144249675.s81433.rrmd.com
WARNING Service Router(Service Router) 05.18.06 22:55:02
[SYS 2] No such file or directory
File Name: /var/opt/scalix/rules/ndninfo.txt
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- rsl_GetRuleValue
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- rsl_GetRuleValue
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- rsl_GetRuleValue
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- /build/10.0.0.175/src/lib/ombase/os/os_fopen.c:71[1,2]
WARNING Service Router(Service Router) 05.18.06 22:55:02
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 05.18.06 22:55:02
[OM 5152] Error on line 1: Error in NDN-INFO specification
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 05.18.06 23:57:11
[SYS 2] No such file or directory
File Name: /var/opt/scalix/rules/ndninfo.txt
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- rsl_GetRuleValue
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- rsl_GetRuleValue
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- rsl_GetRuleValue
-> rsl_GetRuleValue
-> cvc_ConvertString2
<- cvc_ConvertString2
<- /build/10.0.0.175/src/lib/ombase/os/os_fopen.c:71[1,2]
WARNING Service Router(Service Router) 05.18.06 23:57:11
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 05.18.06 23:57:11
[OM 5152] Error on line 1: Error in NDN-INFO specification
File Name: /var/opt/scalix/rules/ndninfo.txt
WARNING Service Router(Service Router) 05.19.06 01:05:38
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 05.19.06 01:05:38
[OM 5152] Error on line 1: Unknown ACTION value
WARNING Service Router(Service Router) 05.19.06 01:21:20
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 05.19.06 01:21:20
[OM 5152] Error on line 1: Unknown ACTION value
WARNING Service Router(Service Router) 05.19.06 01:21:52
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 05.19.06 01:21:52
[OM 5152] Error on line 1: Unknown ACTION value
WARNING Service Router(Service Router) 05.19.06 01:22:12
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 05.19.06 01:22:12
[OM 5152] Error on line 1: Unknown ACTION value
WARNING Service Router(Service Router) 05.19.06 01:24:58
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR
WARNING Service Router(Service Router) 05.19.06 01:24:58
[OM 5152] Error on line 1: Unknown ACTION value
SERIOUS ERROR Service Router(Service Router) 05.19.06 01:26:18
[OM 5187] Child process (Mapper) failed.
Current errno value: 2
<- cust_GetCustomiseInfo
<- cust_PresentAndTrue
-> vs_ScanActive
<- vs_ScanActive
-> vs_omScanInit
-> vs_GenericScanInit
-> rsl_MapVScanInit
-> rsl_FormFullRulePath
<- rsl_FormFullRulePath
-> rsl_ReuseOrInvokeMapper
-> rsl_FormFullRulePath
<- rsl_FormFullRulePath
-> rsl_InvokeMapper
<- /build/10.0.0.175/src/lib/rsl/rsl_match.c:488[100,5187]
<- /build/10.0.0.175/src/lib/rsl/rsl_match.c:755[100,5187]
<- /build/10.0.0.175/src/lib/rsl/rsl_match.c:1465[100,5187]
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
-
Detachable
- Posts: 11
- Joined: Thu Feb 16, 2006 5:24 pm
-rw-r--r-- 1 root root 77 May 19 01:26 ALL-ROUTES.VIR
-r-xr-xr-x 1 root root 231 May 19 11:10 ndninfo.txt
-r-xr-xr-x 1 root root 35644 Feb 3 06:27 omvscan.map
And the ndinfo.txt says on one line ...
However that's just the thing, the All-Routs doesn't mention the ndninfo.txt
It's contents, and very sure there are no hidden characters is"
It's like its reading stuff that isn't there, could it have been cached? I've been in the habit of turning on and off the service router in between adjustments like this
omoff -d 0 rtr
omon rtr
-r-xr-xr-x 1 root root 231 May 19 11:10 ndninfo.txt
-r-xr-xr-x 1 root root 35644 Feb 3 06:27 omvscan.map
And the ndinfo.txt says on one line ...
Code: Select all
A virus was found in your message. The virus could not be cleaned and thus the message was not sent to the recipient. We highly recommend that you install or update your virus protection software and scan your computer for viruses.However that's just the thing, the All-Routs doesn't mention the ndninfo.txt
It's contents, and very sure there are no hidden characters is"
Code: Select all
VIRUS-UNCLEANED=1 ACTION=DISCARD
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOWIt's like its reading stuff that isn't there, could it have been cached? I've been in the habit of turning on and off the service router in between adjustments like this
omoff -d 0 rtr
omon rtr
-
Detachable
- Posts: 11
- Joined: Thu Feb 16, 2006 5:24 pm
Who is online
Users browsing this forum: No registered users and 11 guests