Commandline version of F-Prot?

Discussions on webmail and the Professional version.
Post Reply
vnvjeep
Posts: 88
Joined: Tue Jun 25, 2002 3:01 pm
Location: Orlando, FL

Commandline version of F-Prot?

Post by vnvjeep »

Hi Peter,

What version of F-Prot do you need to get this working? I downloaded the free DOS-based commandline version of F-Prot, and pointed ME to the F-PROT.EXE... will this work? I sent the standard eicar.com 68-byte file through, but it doesn't seem like it works. Is it supposed to replace the attachment with a txt attachment containing "<<- Attachment was removed... blah blah ->>"?

Thanks,
Mike

Guest

Post by Guest »

I am using FPCMD.EXE (with version 3.11a) rather than F-PROT.EXE and it works fine. I had to restart my MTA before it started working though.

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Post by Admin »

The new version of the Professional kit, which was just uploaded, supports the free version (for personal use), but due to some issues with running it under MailEnable it is a lot slower than running the command line application in the Windows version of F-Prot.

More anti-virus applications will be supported soon.

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Post by MailEnable »

Mike,

The issue with running F-PROT (DOS), the Freeware one, is that it creates a new Virtal DOS machine for every file processed (VERY Intensive) and is likely to cause stability problems. None the less,we have load tested the now current beta of Pro/AV and it seems to cope... but it is something that we would not recommend for obvious reasons.

As mentioned the new version of professional has improved A/V support - we should now be able to integrate with all major A/V vensors very easily.

The answer is (right now) FRISK (FPCMD.EXE) and SOPHOS. We will post on this as we move closer to the release.

Regards,

Dave
Regards, Andrew

rshade98
Posts: 14
Joined: Tue Jul 09, 2002 4:49 pm
Contact:

fprot

Post by rshade98 »

I am now using fprot and it has clogged up my inbound queue no mail is being passed from the inbound queues to the post offices. any suggestions. this si with newest mailenable and fprot 3.12a

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Post by MailEnable »

It is likely that your MTA will need to be restarted (as this is responsible for moving messages between connector queues).

Make sure you use the FPCMD.EXE file as the path to your virus scanning utility.

In the short term, you should probably disable anti-virus until you queues clear.
Regards, Andrew

rshade98
Posts: 14
Joined: Tue Jul 09, 2002 4:49 pm
Contact:

did it again

Post by rshade98 »

Ok I tested it again and it does the ame thing. I also downloaded the newest versions of mailenable off the site, I enabled antivirus plugin then set it to fprot, then stopped and started my MTA. MTA started fine and seemed to be working but after a day of use MTA will no longer transfer inbound message and has died. I had to go into the registry and turn it from enabled=1 to enabled =0, just so my mta will start back up. is this a problem for anyone else or am I just not getting it right somewhere.

vnvjeep
Posts: 88
Joined: Tue Jun 25, 2002 3:01 pm
Location: Orlando, FL

Post by vnvjeep »

Seems to work fine for me after I got the latest update on there. Before, I had about 50 NTVDM sessions going... but after the update, all is well, even with the DOS version of F-PROT.

MPedroche
Posts: 17
Joined: Sun Jul 07, 2002 2:27 am
Location: Spain

F-StopW.exe

Post by MPedroche »

So that the anti-virus works, it is necessary to have out or outside of service the "Real Time Protector" whose file is F-StopW.exe.
The F-StopW.exe, if it is being executed, it impedes the erased of the infected files.

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Post by MailEnable »

This is correct. When the service attempts to access files - the F-Prot "Real Time Protector" prevents the deletion of the virus; hence inhibiting the removal.

In short, you should not run any Real-Time antivirus protection on a PC that is running the MTA with Virus Protection enabled (from within ME).
Regards, Andrew

vnvjeep
Posts: 88
Joined: Tue Jun 25, 2002 3:01 pm
Location: Orlando, FL

Post by vnvjeep »

Dang... so you're saying my copy of NAI's Netshield is going to prevent things from working? How about this for an option... exclude the mailenable directories from being scanned... unless, mailenable sticks the attachments somewhere else before scanning them, like some temp directory?

Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Post by Admin »

MailEnable extracts the attachments to a Scatch directory in order to run a virus checker over them. This directory is set in the Anti-Virus options in the administration program. You would have to make sure this directory is ignored is you have any "real-time" AV checkers running.

Post Reply