[Postfixbuch-users] Amavisd & Kaspersky

Stefan Kugler stefan.kugler at aon.at
Sa Okt 18 21:50:48 CEST 2003 

Servus!

Nachdem mein toller Postfix-Cyrus-Mysql-Server nun läuft möchte ich nun auch
amavisd und spamassassin dazu, um das ganze ein zu perfektionieren :)

Einziger Haken an der Sache:
Es will nicht so recht...

Folgender Status:
Die Mails werden an Amavis übergeben, da spießt es sich aber mit dem
Mailscanner (Kaspersky AV für Linux Workstations).
Die Vorlage aus der amavis.conf hat nicht ganz gepasst, da habe ich die
Pfade erfolgreich angepasst. Nur der kavscanner mag nicht so richtig.

Das Ende des Logfiles schaut so aus:
Oct 18 21:25:57 www amavis[27170]: (27170-01) Using KasperskyLab AntiViral
Toolkit Pro (AVP): /opt/kav/bin/kavscanner -i0
/var/spool/amavis/amavis-20031018T212534-27170/parts
Oct 18 21:25:57 www amavis[27170]: (27170-01) run_command: [27261]
/opt/kav/bin/kavscanner -i0
/var/spool/amavis/amavis-20031018T212534-27170/parts </dev/null 2>&1
Oct 18 21:26:29 www amavis[27170]: (27170-01) run_av:
/opt/kav/bin/kavscanner status=25
(6400 ),...-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b
-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/
\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\
b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b
|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\
\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\r/var/spool/amavi
s/amavis-20031018T212534-27170/parts/part-00001
OK\n\r/var/spool/amavis/amavis-20031018T212534-27170/parts/part-00004
\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\
b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b
|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\
\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b
\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\...
Oct 18 21:26:29 www amavis[27170]: (27170-01)
...b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\
\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\
b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b
-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\b|\b/
\b-\b\\\b|\b/\b-\b\\\b|\b/\b-\b\\\r~/amavis/amavis-20031018T212534-27170/par
ts/part-00004 INFECTED EICAR-Test-File\n\r\r
Oct 18 21:26:30 www amavis[27170]: (27170-01) Virus scanner failure:
/opt/kav/bin/kavscanner (exit status: 25)
Oct 18 21:26:30 www amavis[27170]: (27170-01) WARN: all primary virus
scanners failed, trying backups
Oct 18 21:26:30 www amavis[27170]: (27170-01) prolong_timer after
virus_scan: remaining time = 277.000 s
Oct 18 21:26:30 www amavis[27170]: (27170-01) TROUBLE in check_mail:
virus_scan FAILED: ALL VIRUS SCANNERS FAILED:
Oct 18 21:26:30 www amavis[27170]: (27170-01) sending SMTP response: "451
4.5.0 Error in processing, id=27170-01, virus_scan FAILED: ALL VIRUS
SCANNERS FAILED: "
Oct 18 21:26:30 www amavis[27170]: (27170-01) PRESERVING EVIDENCE in
/var/spool/amavis/amavis-20031018T212534-27170
Oct 18 21:26:33 www amavis[27170]: (27170-01) TIMING [total 62571 ms] - SMTP
EHLO: 2891 (5%), SMTP pre-MAIL: 1 (0%), mkdir tempdir: 438 (1%), create
email.txt: 64 (0%), SMTP pre-DATA-flush: 1601 (3%), SMTP DATA: 17 (0%), body
hash: 1 (0%), mkdir parts: 515 (1%), mime_decode: 3663 (6%), get-file-type:
7210 (12%), get-file-type: 170 (0%), get-file-type: 136 (0%),
decompose_part: 3142 (5%), decompose_part: 151 (0%), decompose_part: 3150
(5%), get-file-type: 576 (1%), decompose_part: 2378 (4%), parts: 0 (0%),
AV-scan-1: 32871 (53%), rundown: 3597 (6%)
Oct 18 21:26:33 www amavis[27170]: (27170-01) ESMTP> 451 4.5.0 Error in
processing, id=27170-01, virus_scan FAILED: ALL VIRUS SCANNERS FAILED:
Oct 18 21:26:33 www amavis[27170]: (27170-01) prolong_timer after reading
SMTP command: remaining time = 273.290 s
Oct 18 21:26:33 www amavis[27170]: (27170-01) ESMTP< QUIT\r\n
Oct 18 21:26:33 www amavis[27170]: (27170-01) ESMTP> 221 2.0.0 [127.0.0.1]
(amavisd) closing transmission channel
Oct 18 21:26:36 www postfix/smtp[27253]: 10A2780E90:
to=<stefan.kugler at aon.at>, relay=127.0.0.1[127.0.0.1], delay=94,
status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in
processing, id=27170-01, virus_scan FAILED: ALL VIRUS SCANNERS FAILED:  (in
reply to end of DATA command))

Die manuelle Ausgabe vom kavscanner schaut so aus:
[root at www root]# /opt/kav/bin/kavscanner -i0
/var/spool/amavis/amavis-20031018T212534-27170
Kaspersky Virus Scanner for linux. Version 4.5.0.0/RELEASE
Copyright (C) Kaspersky Lab. 1998-2003.
There are 75802 records loaded, the latest update 18-10-2003
Config file: /etc/kav/4.5/kav4unix.conf
/var/spool/amavis/amavis-20031018T212534-27170/email.txt
~r at borgmistelbach.ac.at>][Date Sat, 18 Oct 2003 21:25:04 +0200 (CEST)]/text
OK
~t 2003 21:25:04 +0200 (CEST)]/eicar_com.zip/eicar.com INFECTED
EICAR-Test-File
/var/spool/amavis/amavis-20031018T212534-27170/parts/part-00001 OK
~/amavis/amavis-20031018T212534-27170/parts/part-00004 INFECTED
EICAR-Test-File

Nun, hat von euch jemand diese Version im Einsatz und kann mir eine
funktionierende amavis.conf (oder nur den Teil) posten?
Oder gibts sonstige Ansätze?

Vielen Dank!

Grüße, Stefan

Mehr Informationen über die Mailingliste Postfixbuch-users