The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

F-secure mail scanning with fsecure help

Discussion in 'E-mail Discussions' started by ramprage, Sep 26, 2005.

  1. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I'm trying to get Exim to work properly with F-secure but having some trouble. I can get it working fine with Clam but I want to try out f-secure.

    The exim_mailog is showing me the following:

    2005-09-26 20:14:24 1EK436-0007yA-TK malware acl condition: unable to connect to fsecure socket /var/opt/f-secure/fsav/run/.fsav (Permission denied)

    WHM EXIM EDITOR SHOWS THIS:
    #!!# cPanel Exim 4 Config


    av_scanner = fsecure:/var/opt/f-secure/fsav/run/.fsav


    root@ocean [/opt/f-secure/fsav/bin]# ls -lah /var/opt/f-secure/fsav/run/
    total 8.0K
    drwxr-xr-x 2 root root 4.0K Sep 26 20:12 ./
    drwxr-xr-x 5 root root 4.0K Sep 26 00:29 ../
    srwxr-xr-x 1 root root 0 Sep 26 20:12 .fsav=





    root@ocean [/opt/f-secure/fsav/bin]# ls -lah
    total 1.7M
    drwxrwxr-x 2 root root 4.0K Sep 26 00:46 ./
    drwxr-xr-x 7 root root 4.0K Sep 26 00:29 ../
    -rwxr-xr-x 1 root root 13K Sep 26 00:45 dbtool*
    -rwxrwxr-x 1 root root 322K Mar 11 2003 dbtool.orig*
    -rwxrwxr-x 1 root root 4.2K Mar 11 2003 dbupdate*
    -rwxrwxr-x 1 root root 51K Mar 11 2003 fsav*
    -rwxrwxr-x 1 root root 123K Mar 11 2003 fsavd*
    -rwxrwxr-x 1 root root 11K Mar 11 2003 fsavschedule*
    -rwxr-xr-x 1 root root 606K Sep 26 00:46 getdbhtp*
    -rwxrwxr-x 1 root root 487K Mar 11 2003 getdbhtp.orig*


    /etc/fsav.conf


    ## Set the name of UNIX domain socket used for communication between
    ## client and server. If not given, path /tmp/.fsav-<UID> is used
    ## instead. Uncomment the following to set server socket.
    socketname /var/opt/f-secure/fsav/run/.fsav


    Should the virus scanner be set to mail or something? I can't seem to get any more details on the warning message. I've tried changing fsav and fsavd to root.mail but that didn't help.

    Ideas?
     
  2. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    We have been running F-Secure on all our servers for over 1yr and dont hve issues with it. But then again we have it configured to work with MailScanner and not exim.conf so im not sure if can help.

    Our fsav.conf looks something like this;

    # This is configuration file for F-Secure Anti-Virus for Linux 4.52
    #
    # Copyright (C) 2002,2003 F-Secure Corporation
    #

    ## Directory where scan engine databases are located.
    databasedirectory /var/opt/f-secure/fsav/databases

    ## Directory where scan engines are located.
    enginedirectory /opt/f-secure/fsav/lib

    ## Directory where the F-Secure Anti-Virus for Linux is installed.
    installdirectory /opt/f-secure/fsav

    ## Directory from where the new databases are loaded.
    updatedirectory /var/opt/f-secure/fsav/update


    ## Uncomment the following to enable disinfection on infected files by default.
    #action disinfect


    ## Uncomment the following to enable file rename on infected files by default
    #action rename


    ## Uncomment the following to set scan time limit to 30 seconds.
    #scantimeout 30

    ## Uncomment the following to set maximum nested archives to 10.
    # maxnestedarchives 10

    ## Uncomment the following to disable archive scanning by default
    #archivescanning off

    ## Uncomment the following to disable MIME message scanning by default
    mimescanning off

    ## Set the server logfile location. The value can be one of the following:
    ## none - disable logging,
    ## stderr - write log to stderr,
    ## syslog - write log to syslogd(8),
    ## <file> - write log to <file>.
    ## Uncomment ONE of the following to set server's log file location.
    #logfile none
    #logfile stderr
    #logfile syslog
    #logfile /var/opt/f-secure/fsav/log/fsavd.log


    ## Set the name of UNIX domain socket used for communication between
    ## client and server. If not given, path /tmp/.fsav-<UID> is used
    ## instead. Uncomment the following to set server socket.
    #socketname /var/opt/f-secure/fsav/run/.fsav

    ## Set the list of file extensions to be scanned.
    extensions .,acm,app,arj,asd,asp,avb,ax,bat,bin,boo,bz2,cab,ceo,chm,cmd,cnv,com,cpl,csc,dat,dll,do?,drv,eml,ex$

    ## Uncomment the following to disable executable scanning by default
    #scanexecutables off

    ## Uncomment the following to ignore scan errors or suspected
    ## infections described in string from fsav command-interface output.
    ##
    ## WARNING! Ignoring these messages may leave malicious content undetected!
    ##
    #ignore Password protected file
    #ignore MIME decompression error
    #ignore Partial MIME message
    #ignore Invalid MIME header found
     
    #2 jackie46, Sep 26, 2005
    Last edited: Sep 26, 2005
  3. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Thanks, ok

    I had:

    socketname /var/opt/f-secure/fsav/run/.fsav

    and
    #action disinfect

    Turned on:

    Now, what are the permissions of your scanner set to and what is the configuration line in exim.conf for it?
     
  4. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    As mentioned, we dont run f-secure from exim. Its run from MailScanner so i cant help you with the config of exim.
     
  5. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Oh sorry I missed that, would you mind sharing the snipplet of your Mailscanner.conf and the permissions on the f-secure as well please?
     
  6. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    pretty please :)
     
Loading...

Share This Page