Has anyone installed a virus scanner on there Raq?

http://www.uk2raq.com/raqfaq/raqfaqshow.php?faq=96

I am thinking about adding the virus scanner linked above but am somewhat worried about hacking around to much with my Raq 4i. Has anyone tried it and if so what kinda luck have you had? I wish Cobalt would just release a package with the virus scanner. It also seems strange that the anti-virus companies(f-prot) do not charge to download there virus definition files.

Thanks

Matthew

I followed the UK2 instructions for the install without too much difficulty. The update script etc., works great, however until I actually rebooted the server the scanner did not work.
As far as I know the f-prot scanner is now commercial - it was still free when I got it - you might have to check with them about it.

from what I've read about this install on the RackShack forums, your status light for email services in your Raq CP will stop working. Apart from that it works well.

check this thread:
http://forum.rackshack.net/showthread.php?s=&threadid=5391

i have solved the light problem also . what i found out is that when configuring the mailscanner i had to start and stop it several time and while stopping it sendmails also stops by default <- this is a bug i guess.
so the light went off in the CP. and also the checkbox was not checked in the control panel for email server :(

solution
just check the email server checkbox in the control panel and the light status would turn green then.

Note
if you stop mailscanner then sendmails stop automatically and its very difficult to kill the process as it gives error.
it also uses quite a bit of resources

Hope the above information helps

# Set what to do with infected attachments or messages.
# keep ==> Store under the "Quarantine Dir"
# delete ==> Just delete them
#Action = delete
Action = keep


Does this simply select whether to save a copy of infected messages to the hard drive on the Raq? If I set it to delete will it simply not keep a local copy but still fully function to clean email and deliver warning messages? I don't want a directory I must remember to periodically clean out.

Matt

Originally posted by hci


Does this simply select whether to save a copy of infected messages to the hard drive on the Raq? If I set it to delete will it simply not keep a local copy but still fully function to clean email and deliver warning messages? I don't want a directory I must remember to periodically clean out.

Matt
yes it does save a copy to your harddrive on the raq.
action=delete will not keep a copy of it , so you can change it from keep to delete.

Originally posted by hci


Does this simply select whether to save a copy of infected messages to the hard drive on the Raq? If I set it to delete will it simply not keep a local copy but still fully function to clean email and deliver warning messages? I don't want a directory I must remember to periodically clean out.

Matt
yes it does save a copy to your harddrive on the raq.
action=delete will not keep a copy of it , so you can change it from keep to delete. :)

Due to limitations placed on us by the Regulation of Investigatory Powers
Act 2000, we were unable to keep a copy of the infected attachment. Please
ask the sender of the message to disinfect their original version and send
you a clean copy.


It seems to result in the above message being sent which I do not really like either.

Matt

you can change the message by editing these two files :)

/usr/local/MailScanner/etc/deleted.filename.message.txt
/usr/local/MailScanner/etc/deleted.virus.message.txt


you can put your custom messages in them

Is there a way to simply delete all the local copies once a week?

Thanks

Matthew

You should be able to set up a cronjob (running as root) to empty the relevant directories once a week.

The thing that I want MailScanner to do and it does not seem to support is signing all virus related messages with my domain or at least my email address.

When a virus infected email has a virus attachment removed it says this:


Warning: This message has had one or more attachments removed. Please read the "VirusWarning.txt" attachment(s) for more information.

When the virus is right in the body of the message we get something like this:



Content-Type: text/plain; charset="us-ascii"; name="VirusWarning.txt"
Content-Disposition: inline; filename="VirusWarning.txt"
Content-Transfer-Encoding: quoted-printable

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "the entire message"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Sun Apr 28 16:39:11 2002 the virus scanner said:
/var/spool/MailScanner/incoming/g3SLd3K00774/msg-479-1.txt Infection: V=
BS/LoveLetter.gen

Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quaran=
tine (message g3SLd3K00774).
--
Postmaster

The sender of the virus gets something like this:

Our virus detector has just been triggered by a message you sent:-
To: <matth@mydomain.com>
Subject: Virus
Date: Sun Apr 28 16:39:11 2002
Any infected parts of the message have not been delivered.

This message is simply to warn you that your computer system may have a
virus present and should be checked.

The virus detector said this about the message:
Report: /var/spool/MailScanner/incoming/g3SLd3K00774/msg-479-1.txt Infection: VBS/LoveLetter.gen

--
MailScanner
Email Virus Scanner


What I want is to have all warnings signed something like:

--
MailScanner <postmaster@mydomain.com>
Email Virus Scanner @ mail.mydomain.com

This way the recipient knows which email server is running the virus scanner. Did it come from there email server or someone elses? With the default messages the end user really has no idea whoose email server is running the virus scanner unless they are somewhat technical.

I would think that this would be a commonly needed thing with the scanner but it almost looks like the only way to do it is to modify every single config file in the etc directory. Is that right?

Secondly, I log into the MailScanner etc directory via ftp but am unable to ftp anything into the directory. Using Ftp to upload an updated file in seems much easier then using pico for everything. Is there anyway to do this?

Sorry for the looong post.

Thanks

Matthew

yes, changing the config files is the only way to do it.

the simplest method to do this without using pico
1 telnet/ssh as root and change to the /usr/local/MailScanner/etc/ dirctory
2 tar the /etc directory ie.. tar cpvf text.tar *
3 then copy it to your main sites ftp directory on the raq
4 then download it on your comp
5 Change the files as desired tar it back
6 upload it to main sites ftp directory again
7 copy it to the /etc directory
8 then untar it again in the etc directory in the ssh ie.. tar xvf text.tar

or

change the permissions on the /etc directoryso that you can make changes to it through ftp as by default it is owned by root

change the permissions on the /etc directoryso that you can make changes to it through ftp as by default it is owned by root

Used chmod to change permissions on etc. Works great now. Just need to figure out how to write a script to empty the Quarantine directory once a week now. Thats not at all urgent though.

Thanks all!!!

Matthew

/etc/cron.daily/AVupdate.sh: : Ambiguous redirect

Could anyone tell me what this means?

Matt

Just need to figure out how to write a script to empty the Quarantine directory once a week now. Thats not at all urgent though.

http://www.sng.ecs.soton.ac.uk/mailscanner/files/contrib/clean_quarantine

Think the above will work in case anybody else has a need for this.

Matt

Originally posted by hci


http://www.sng.ecs.soton.ac.uk/mailscanner/files/contrib/clean_quarantine

Think the above will work in case anybody else has a need for this.

Matt

have you tried it ???

have you tried it ???

Yes, it works ok. Copied it to cron.daily and set it for 5 days. I did change "mailscanner" too "MailScanner". Not sure if it was necessary.

quarantine_dir=/var/spool/mailscanner/quarantine

I thought Linux was case sensitive.

Matt