Anti-Virus Intergration - as per the manual

[sneakza]

Hi,

Ive followed the documentation on how to intergrate anti-virtus into scalix, but i test it with EICAR and it still gets though.. not sure if its just eicar but i've also set OMAV_LOGLEVEL to 2 and i dont get any logging..

this is my config file /var/opt/scalix/rules/ALL-ROUTES.VIR

VIRUS-FOUND=1 ACTION=REJECT NOTIFY="This message has been discarded due to virus infection."
VIRUS-FOUND=0 ACTION=ALLOW
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=!ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="Virus Removed and message Delivered successfully."

Ive tried Clam AV and Trend and I dont get any joy, but I dont think its the anti-virus, any idea.. I have restarted the the services and it still doesnt do the trick

any ideas?

[ScalixSupport]

What OS? I'd like to see your /etc/passwd and /etc/groups files.

Thanks,
Don

[ScalixSupport]

Have you restarted the SR since adding the ALL-ROUTES.VIR file? Did you create ALL-ROUTES.VIR on your Linux box or PC? If it's the latter, then you'll need to convert from DOS format to Unix. To do that, use the dos2unix command. Can you do an "ls -l" in your /var/opt/scalix/rules subdirectory and post it here?

Thanks,
Rachel

[gstark]

I'm seeing exactly the same issues. ALL-ROUTES.VIR was created on the linux box.

OS is CentOS 4.3

/etc/paswd:

Code: Select all

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
pegasus:x:100:500:tog-pegasus OpenPegasus WBEM/CIM services:/var/lib/Pegasus:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
gstark:x:500:501:Gary Stark:/home/gstark:/bin/bash
lstark:x:501:100:Leigh D Stark:/home/lstark:/bin/sh
scalix:x:101:101:Scalix User:/var/opt/scalix:/bin/true
sxadmin:x:502:503:Scalix Server user:/home/sxadmin:/bin/bash
clamav:x:102:102:Clamav database update user:/var/lib/clamav:/sbin/nologin
clamilt:x:103:103:Clamav Milter User:/var/run/clamav-milter:/sbin/nologin
sa-milt:x:104:104:SpamAssassin Milter:/var/run/spamass-milter:/sbin/nologin


/etc/group

Code: Select all

root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
dbus:x:81:
floppy:x:19:
vcsa:x:69:
rpm:x:37:
utmp:x:22:
haldaemon:x:68:
netdump:x:34:
nscd:x:28:
slocate:x:21:
sshd:x:74:
rpc:x:32:
mailnull:x:47:
smmsp:x:51:
rpcuser:x:29:
nfsnobody:x:65534:
pcap:x:77:
apache:x:48:
squid:x:23:
webalizer:x:67:
xfs:x:43:
ntp:x:38:
gdm:x:42:
pegasus:x:500:
named:x:25:
dovecot:x:97:
mysql:x:27:
gstark:x:501:
lstark:x:502:
scalix:x:101:
sxadmin:x:503:
clamav:x:102:
clamilt:x:103:
sa-milt:x:104:


ls -l :

Code: Select all

[root@venizia rules]# pwd
/var/opt/scalix/rules
[root@venizia rules]# ls -l
total 56
-rw-r--r--  1 root root     283 Jun 12 20:39 ALL-ROUTES.VIR
-rw-r--r--  1 root root     109 Jun 12 20:40 ndninfo.txt
-r-xr-xr-x  1 root scalix 35644 Mar 28 04:26 omvscan.map
[root@venizia rules]#


[gstark]

And it becomes really frustrating when you reduce things down to the very, very basic, and you see messages that make no sense at all.

Consider ...

From the Administration Guide:

Create a text file containing the virus scanning rules you want to use. Each rule is a
single line of text as shown below:
message-attribute=mvalue action-attribute=avalue action-attribute=avalue ...
message-attribute is either VIRUS-FOUND or VIRUS-UNCLEANED.
mvalue is a numerical value specifying the number of viruses detected/
uncleaned. Enter 0 to indicate none, or enter 1 to indicate one or more.
action-attribute and avalue can be one of the following:
ACTION=ALLOW
ACTION=DISCARD
ACTION=REJECT
ACTION=DEFER
ACTION=RETURN

So ...

ALL-ROUTES.VIR

VIRUS-FOUND=1 ACTION=DISCARD
VIRUS-FOUND=0 ACTION=ALLOW

Yields ...

WARNING Service Router(Service Router) 06.12.06 22:21:04
[OM 5150] WARNING - Error encountered processing rule file:
/var/opt/scalix/rules/ALL-ROUTES.VIR


WARNING Service Router(Service Router) 06.12.06 22:21:04
[OM 5152] Error on line 1: Unknown ACTION value

Which totally contradicts what is in the documentation.

This should not be that difficult.

What am I missing here?

[Valerion]

Here's my ALL-ROUTES.VIR, which does work fine

Code: Select all

VIRUS-FOUND=1 VIRUS-UNCLEANED=1 ACTION=DISCARD
VIRUS-FOUND=1 VIRUS-UNCLEANED=0 ACTION=ALLOW
VIRUS-FOUND=0 ACTION=ALLOW

I know some Scalix config files are sensitive to exact formatting, and having a space, for example, after the end of the line causes it to be ignored / generate an error. Not sure if this is the case with the routing rules as well. Also check that your file is in UNIX text format and not in DOS format.