• Mailscan on Linux - Newbie

    By Christian Kostenzer 2 decades ago

    I have installed MailScan Version 0.99a beta on my Linux Box. When I try to send a Testemail containing a Virus, I get this Message twice, first I get the Mailmessage containing the virus, the second without. I would like to keep out Messages containing suspicious material, there should be only one Mailmessage, without the viral Code.



    Thanx and Regards Christian

    • Configuration?

      By Hans-Georg Franke 2 decades ago

      Hi Christian,

      do you configure MailScan to send infected attachments to a specific mail address?

      Please set in NOTES.INI

      MailScan_DebugLevel=3

      MailScan_logToFile=1

      and post content of NOTESDATA/mailscan.log

      Greetings Hans-Georg

      • By Christian Kostenzer 2 decades ago

        Hans-Georg, thank you very much for that quick response. The Logfile has following content:



        MailScan-Addin: Startup……

        MailScan-Addin: MailScan Version 0.99a beta, Copyright © 2004 Hans-Georg Franke

        MailScan-Addin: MailScan comes with ABSOLUTELY NO WARRANTY;

        MailScan-Addin: This is free software, and you are welcome to redistribute it under certain conditions;

        MailScan-Addin: For details see included file "license.txt"

        MailScan-Addin: DebugLevel: 3

        MailScan-Addin: Error finding configuration information. Using defaults!

        MailScan-Addin: Initialization complete.

        MailScan-Addin: Searching for Mailboxes.

        MailScan-Addin: No Multiple Mailboxes.

        MailScan-Addin: Startup Completed.

        MailScan-Addin: Found 2 Attachments



        MailScan-Addin: Scanning Attachment

        MailScan-Addin: Filename ATTLTQW4



        MailScan-Addin: Creating Directory/home/domino/MailScan/144006

        MailScan-Addin: Cleaning directory/home/domino/MailScan/144006

        MailScan-Addin: Extracting to/home/domino/MailScan/144006/ATTLTQW4

        MailScan-Addin: Starting scanner with command:

        "/usr/local/f-prot/f-prot" -dumb -archive -silent "/home/domino/MailScan/144006/ATTLTQW4"

        MailScan-Addin: Returncode of virusscanner: 768

        MailScan-Addin: Returncode Virscan: 3

        MailScan-Addin: Processing returncode

        MailScan-Addin: Start of processRC

        MailScan-Addin: Processing Subject

        MailScan-Addin: Manipulating Subject by adding (Not Set) for rc3 before=1

        MailScan-Addin: Processing Body

        MailScan-Addin: Processing delete

        MailScan-Addin: Start of processDelete



        MailScan-Addin: Scanning Attachment

        MailScan-Addin: Filename eicar.com



        MailScan-Addin: Creating Directory/home/domino/MailScan/144006

        MailScan-Addin: Cleaning directory/home/domino/MailScan/144006

        MailScan-Addin: Extracting to/home/domino/MailScan/144006/eicar.com

        MailScan-Addin: Starting scanner with command:

        "/usr/local/f-prot/f-prot" -dumb -archive -silent "/home/domino/MailScan/144006/eicar.com"

        MailScan-Addin: Returncode of virusscanner: 768

        MailScan-Addin: Returncode Virscan: 3

        MailScan-Addin: Processing returncode

        MailScan-Addin: Start of processRC

        MailScan-Addin: Processing Subject

        MailScan-Addin: Manipulating Subject by adding (Not Set) for rc3 before=1

        MailScan-Addin: Processing Body

        MailScan-Addin: Processing delete

        MailScan-Addin: Start of processDelete

        MailScan-Addin: Attachments ready

        MailScan-Addin: Delete routingstate - item not found

        MailScan-Addin: Delete failurereason - item not found

        MailScan-Addin: Removing directory/home/domino/MailScan/144006

        MailScan-Addin: processNote ready

        MailScan-Addin: Found 2 Attachments

        MailScan-Addin: Attachments ready

        MailScan-Addin: Delete routingstate - item not found

        MailScan-Addin: Delete failurereason - item not found

        MailScan-Addin: Removing directory E<[@¼­ÃB^L¼ðA¸­ÃB

        MailScan-Addin: processNote ready



        The Configuration is very near to the standard, which comes with the software. I have set all sections to "yes-Rename in Filesystem". When I am looking with tail -f to Logfile and am sending a Virus affected Email, I see, that the first Email is inn my Inbox already and the scanner is starting later. Maybe there is something wrong, that the EMail is routed to my Mailfile, before any other task can work on that Email.





        Regards Christian

        • Some hints and more questions

          By Hans-Georg Franke 2 decades ago

          Hi Christian,

          the servertask can't find the configuration-DB. Do you use upper- and lowercase letters?

          Please post your notes.ini specifying mailscan-entries plus the two lines extmgr_addins= and servertasks=.

          Please also post the output of:

          ll/opt/lotus/notes/latest/linux/libmailscan.so

          and

          ll/opt/lotus/notes/latest/linux/mailscan

          (It is possible that the extension manager isn't running due to missing rights to execute.)

          Please add MailScan_ExtDebugLevel=3 to your NOTES.INI. Do you see more output at console?

          Greetings Hans-Georg

          • By Christian Kostenzer 2 decades ago

            Hi Hans-Georg,



            In Notes.ini i have following entries regarding MailScan:

            ….

            ServerTasks=mailscan,Replica,Router,Update,AMgr,Adminp,Statlog,DECS,HTTP,POP3,kspam

            …..

            Extmgr_addins=libkspam.so,mailscan



            MailScanConfigDB=vircon.nsf

            MailScan_DebugLevel=3

            MailScan_ExtDebugLevel=3



            From/opt/lotus/notes/latest/linux:

            -rwxrwxrwx 1 root root 55477 Mar 24 19:50/opt/lotus/notes/latest/linux/mailscan

            -rwxr-xr-x 1 root root 13701 Mar 24 19:50/opt/lotus/notes/latest/linux/libmailscan.so



            In my Domino Root Directory I have as the configuration DB:

            -rw-r–r– 1 notes domino 524288 Apr 26 11:20 vircon.nsf



            I believe that Virusscanning is active, it is just a little bit too late, because the Emails are stored to my Inbox Folder and after that the scanning is started. That could be also the reason for getting the Mails twice, even the second one is scanned and the attachments, containing the Virus are removed. In this case I also get "(Virus found)" in my Subject, therefore the CConfiguration DB should be OK.



            Regards Christian

            • ExtMgr isn't running

              By Hans-Georg Franke 2 decades ago

              Hi,

              please change

              Extmgr_addins=libkspam.so,mailscan

              to

              Extmgr_addins=libkspam.so,libmailscan.so

              it should produce some running extensionmanager. I fix this error in the example configuration.



              Greetings Hans-Georg

              • By Christian Kostenzer 2 decades ago

                Hi - i changed notes.ini - without a better result. I get Virus affected Emails twice.



                Regards

                Christian

                • Output at console

                  By Hans-Georg Franke 2 decades ago

                  Hi,

                  if your server starts, do you see output like:

                  MailScan-ExtMgr: DebugLevel: 3

                  MailScan-ExtMgr: Tag encrypted Mail with …..

                  Mailscan-ExtMgr: Startup ….

                  Mailscan-ExtMgr: Registered

                  (Every time a new task is started?)???



                  What sort of Linux do you use? Which domino version?



                  Greetings Hans-Georg

                  • By Christian Kostenzer 2 decades ago

                    Hi Hans-Georg,

                    I get following output on the console when a Mailscan Task is started:



                    load mailscan

                    > 27.04.2004 12:54:49 Logging to:/home/domino/mailscan.log

                    27.04.2004 12:54:49 MailScan-Addin: MailScan Version 0.99a beta, Copyright © 2004 Hans-Georg Franke

                    27.04.2004 12:54:49 MailScan-Addin: MailScan comes with ABSOLUTELY NO WARRANTY;

                    27.04.2004 12:54:49 MailScan-Addin: This is free software, and you are welcome to redistribute it under certain conditions;

                    27.04.2004 12:54:49 MailScan-Addin: For details see included file "license.txt"

                    27.04.2004 12:54:49 MailScan-Addin: DebugLevel: 3

                    27.04.2004 12:54:49 MailScan-Addin: Startup Completed.



                    I am using Redhat 8 and Domino 6.5.1 (with German Language Pack).



                    Thanks and regards - Christian

                    • Hi Christian .....

                      By Hans-Georg Franke 2 decades ago

                      sorry for lasting as long.

                      Can you try setting some other permissons (uid-bit):

                      chmod 2555 libmailscan.so

                      chmod 2555 mailscan

                      Direct at server-start, do you see some messages from MailScan-ExtMgr?

                      Do you have the possibility to debug?

                      Greetings Hans-Georg