Gave up on ClamAV, now trying Trend Micro...

[bluemike]

...but now I have a completely different set of problems.

I found and installed TM InterScan VirusWall 3.81. It's install went well, no problems.

I want to keep things as simple as possible, so here's my ALL-ROUTES.VIR:

VIRUS-FOUND=1 ACTION=DISCARD NOTIFY="Your email contains...blah blah"
VIRUS-FOUND=0 ACTION=ALLOW

Now in the omvscan.log I am getting this:

cannot execute "/opt/trend/ISBASE/IScan.BASE/vscan

I notice that there is a web admin console for the VirusWall software. Should I do something in there?

[bluemike]

Here's chunk of the omvscan.log file set to debug mode, if it helps;

2006-01-10 18:09:35:PID=10200:[Command Received]:QUIT Please Close This Session
2006-01-10 18:09:35:PID=10200:[Reply]:221 Virus Scanning Client Shutdown
2006-01-10 18:09:36:PID=10234:############## /var/opt/scalix/tmp/omvscan_cfg.10234
2006-01-10 18:09:36:PID=10234:OMAV_LOGFILE=/var/opt/scalix/logs/omvscan.log
2006-01-10 18:09:36:PID=10234:OMAV_LOGLEVEL=3
2006-01-10 18:09:36:PID=10234:TREND_ENGINE=/opt/trend/ISBASE/IScan.BASE/vscan
2006-01-10 18:09:36:PID=10234:TREND_SCAN_OPTIONS='-p/etc/iscan -v0 -za'
2006-01-10 18:09:36:PID=10234:TREND_CLEAN_OPTIONS='-p/etc/iscan -v0 -za -c'
2006-01-10 18:09:36:PID=10234:TREND_LOGPFX=/var/opt/scalix/tmp/trendvs.log
2006-01-10 18:09:36:PID=10234:TREND_USE_LOCKING=no
2006-01-10 18:09:36:PID=10234:TREND_LOCK_FILE=trendvs.lock
2006-01-10 18:09:36:PID=10234:############## /var/opt/scalix/tmp/omvscan_cfg.10234
2006-01-10 18:09:36:PID=10234:[Reply]:220 Virus Scanning Client Ready
2006-01-10 18:09:36:PID=10234:[Command Received]:HELO From Scalix Service Router, Version 1.0
2006-01-10 18:09:36:PID=10234:[Reply]:250 Ok
2006-01-10 18:09:36:PID=10234:[Command Received]:SCAN:/var/opt/scalix/data/000001t/00061uq
2006-01-10 18:09:36:PID=10234:[Reply]:503 Configuration for anti-virus engine "Trend Micro InterScan VirusWall" broken2006-01-10 18:09:36:PID=10234:[Reply]: - cannot execute "/opt/trend/ISBASE/IScan.BASE/vscan"
2006-01-10 18:09:36:PID=10234:[Command Received]:QUIT Please Close This Session
2006-01-10 18:09:36:PID=10234:[Reply]:221 Virus Scanning Client Shutdown

[ScalixSupport]

You gave up so easily.:-)

For completeness, can you reply back to Rachel's post with some details about the problems you encountered when you went through her troubleshooting steps ?

For the Trend problem, the error message tells us that vscan could not be executed. This is because the default permissions on that binary do not allow anybody other than root or iscan group to execute it. Because the Service Router calls the virus scanner, it is running as user scalix so you need to change the permissions to allow everyone to execute it, i.e. chmod a+rx /opt/trend/ISBASE/IScan .BASE/vscan

Cheers

Dave

[bluemike]

That seemed to do the trick thanks! Why isn't that information in the admin guide? The whole process is kind of a non-starter without it.

I think my problem with the attempt at ClamAV was not configuration but the installation. I grabbed all the ClamAV RPMs but they all seemed to depend on each other. Kind of weird. So I forced a nodeps install. But even when I followed Rachels steps for the config, a omvscan.log file never appeared. I'm sure the screwy install was the problem.

But TM's install went really well. I think I am just used to Windows; with their "next-next-next-finsh" install wizards. That's the one thing I wish all Linux apps had. But Scalix did! WooHoo!