Amavisd and dualscan virus scanner ?

Olivier CALVANO o.calvano at gmail.com
Thu Jan 28 05:35:36 CET 2016


Hi

I have a problems with my linux mail server, running on postfix/amavisd-new
and clamav.

a lot of mails with trojan is not detected by clamav, on personnal pc with
sophos, i have
alert:
     Java/Adwind.SY
     Java/Adwind.LL
and on a other PC with Kaspersky, he detect to suspicious into a .doc file.


I have installed Sophos on my linux server and when i start Amavisd:

2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: Using primary internal av
scanner code for ClamAV-clamd
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
KasperskyLab AVP - aveclient
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
KasperskyLab AntiViral Toolkit Pro (AVP)
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
KasperskyLab AVPDaemonClient
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
CentralCommand Vexira (new) vascan
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: Avira
AntiVir
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: Avira
AntiVir
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: Command
AntiVirus for Linux
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
Symantec CarrierScan via Symantec CommandLineScanner
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
Symantec AntiVirus Scan Engine
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
F-Secure Linux Security
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: CAI
InoculateIT
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: CAI
eTrust Antivirus
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: MkS_Vir
for Linux (beta)
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: MkS_Vir
daemon
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: ESET
Software ESETS Command Line Interface
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: ESET
NOD32 for Linux File servers
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: Norman
Virus Control v5 / Linux
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: Panda
CommandLineSecure 9 for Linux
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: NAI
McAfee AntiVirus (uvscan)
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
VirusBuster
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
CyberSoft VFind
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: avast!
Antivirus
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: Ikarus
AntiVirus for Linux
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
BitDefender
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner:
BitDefender
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No primary av scanner: ArcaVir
for Linux
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No secondary av scanner:
ClamAV-clamscan
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No secondary av scanner:
F-PROT Antivirus for UNIX
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No secondary av scanner: FRISK
F-Prot Antivirus
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No secondary av scanner: Trend
Micro FileScanner
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No secondary av scanner: drweb
- DrWeb Antivirus
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: No secondary av scanner:
Kaspersky Antivirus v5.5
2016 Jan 28 05:27:52 scan-srv4 amavis[2280]: Found secondary av scanner
Sophos Anti Virus (savscan) at /opt/sophos-av/bin/savscan




i see that he detect Sophos in secondary, but when i receive a mail:
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) presenting full
original message to scanners as
/var/spool/amavisd/tmp/amavis-20160128T052932-02282-1r4HDvpq/parts/p006
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) run_av Using
(ClamAV-clamd): (code) CONTSCAN
/var/spool/amavisd/tmp/amavis-20160128T052932-02282-1r4HDvpq/parts\n
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) ClamAV-clamd:
Connecting to socket  /var/run/clamd.amavisd/clamd.sock
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) new socket by
IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout set to 10
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) ClamAV-clamd:
Sending CONTSCAN
/var/spool/amavisd/tmp/amavis-20160128T052932-02282-1r4HDvpq/parts\n to
socket /var/run/clamd.amavisd/clamd.sock
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) rw_loop read: got
eof
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) run_av
(ClamAV-clamd): CLEAN
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) run_av
(ClamAV-clamd) result: clean
2016 Jan 28 05:29:33 scan-srv4 amavis[2282]: (02282-01) do_notify_and_quar:
ccat=Clean (1,0) ("1":Clean, "0":CatchAll) ccat_block=(), qar_mth=

he check only Clamav.


Can i configure Amavisd for check with Clamav AND Sophos ?


thanks for your help.
Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160128/8b57544a/attachment.html>


More information about the amavis-users mailing list