Grisoft AVG antivirus is NOT scanning mail on server
Grisoft AVG antivirus is NOT scanning mail on server
Hello!
I have installed Grisoft AVG 7.0 antivirus to scan mail on server.
Everything seems installed okay, if I click diagnose on mailEnable, I see antivirus ENABLED and module for antivirus MEAVGR7 is also ENABLED:
--------
MTA Filtering Status - MailEnable MTA Filters - Enabled - Pass
MTA Filter Status - MEAVGR7 - Enabled - Pass
--------
But mails are NOT scanned!
Also, mails with attachments should be CERTIFIED with text message, saying that mail is virus-free, but this message is not added.
Now, I do not know where to begin searching for mistake - in mailEnable or AVG antivirus.
Any idea?
I have installed Grisoft AVG 7.0 antivirus to scan mail on server.
Everything seems installed okay, if I click diagnose on mailEnable, I see antivirus ENABLED and module for antivirus MEAVGR7 is also ENABLED:
--------
MTA Filtering Status - MailEnable MTA Filters - Enabled - Pass
MTA Filter Status - MEAVGR7 - Enabled - Pass
--------
But mails are NOT scanned!
Also, mails with attachments should be CERTIFIED with text message, saying that mail is virus-free, but this message is not added.
Now, I do not know where to begin searching for mistake - in mailEnable or AVG antivirus.
Any idea?
-
- Posts: 45
- Joined: Thu Jul 17, 2003 2:01 pm
AVG
Which version did you buy " AVG Email Server Edition " or " AVG File Server Edition "... Ver 6 would protect the entire system, but I think Ver 7 has to be bought in Configurations of 5, 10, 15, 25, 30, 40, 50, 75, 100 for email version... I use Ver 7 on my file server but have kept Ver 6 for the mail server because of these limitations..
-
- Posts: 45
- Joined: Thu Jul 17, 2003 2:01 pm
AVG SERVER
If you look at the AVG control panel you'll see that the " Email Scanner is not installed " if you have the file server version.
Version 6 is still supported and updated, I don't see where ver7 is any better at scanning than ver6 was, just more controls and a lot more money...
When ver6 expires it will be time to look for a new scanner... Grisoft states " the number of licenses is determined by the number of mailboxes or email accounts " in ver7, I give 20 email accounts with each domain and at $1030.00 per 100 accounts thats over $200.00 per domain...
Version 6 is still supported and updated, I don't see where ver7 is any better at scanning than ver6 was, just more controls and a lot more money...
When ver6 expires it will be time to look for a new scanner... Grisoft states " the number of licenses is determined by the number of mailboxes or email accounts " in ver7, I give 20 email accounts with each domain and at $1030.00 per 100 accounts thats over $200.00 per domain...
I made some changes:
1.) Still using AVG 7.0
2.) In mailEnable MTA configuration I changed settings - instead of avg.exe I entered avgscan.exe to be run on scanning e-mails
3.) I made a test:
- I stopped MTA service
- then I run MTA service in debug mode with MEMTA -debug
- I sent mail with virus in .ZIP file
- I saw these scanning results:
----------------
Attachment (1) Found - Processing
Attachment Processing Completed
Attachment (2) Found - Processing
Attachment Processing Completed
Attachment (3) Found - Processing
Attachment Processing Completed
Scanning: C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\1.ATT
AVG7 Anti-Virus command line scanner
Copyright (c) 2003 GRISOFT, s.r.o.
Program version 7.0, engine 718
Virus Database: Version 261.5.5 30-12-2003
Tested: 1 files, 2 sectors
Infections: 0
Returned 0
Scanning: C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT
AVG7 Anti-Virus command line scanner
Copyright (c) 2003 GRISOFT, s.r.o.
Program version 7.0, engine 718
Virus Database: Version 261.5.5 30-12-2003
AST=1
C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT Virus identified I-Worm/Yaha.Q
C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT:\WINDOWS\TEMP\Valentine.scr Viru
s identified I-Worm/Yaha.Q
Tested: 2 files, 2 sectors
Infections: 2
Returned 0
----------------
Here you can see that avgscan.exe did its job just fine - it found virus even inside .ZIP file!
...but e-mail is still infected - .ZIP attachment is delivered normally to receipents address, without changes and without warning.
I also tried to add /CLEAN parameter to avgscan.exe, so I run it with:
"[AGENT]" "[FILENAME]" /ARC /NOMEM /NOHIMEM /NOSELF /NOEXPORT /EXT=* /CLEAN
I tried to remove /NOEXPORT parameter, but still no help - viruses are NOT REMOVED!
Any idea?
1.) Still using AVG 7.0
2.) In mailEnable MTA configuration I changed settings - instead of avg.exe I entered avgscan.exe to be run on scanning e-mails
3.) I made a test:
- I stopped MTA service
- then I run MTA service in debug mode with MEMTA -debug
- I sent mail with virus in .ZIP file
- I saw these scanning results:
----------------
Attachment (1) Found - Processing
Attachment Processing Completed
Attachment (2) Found - Processing
Attachment Processing Completed
Attachment (3) Found - Processing
Attachment Processing Completed
Scanning: C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\1.ATT
AVG7 Anti-Virus command line scanner
Copyright (c) 2003 GRISOFT, s.r.o.
Program version 7.0, engine 718
Virus Database: Version 261.5.5 30-12-2003
Tested: 1 files, 2 sectors
Infections: 0
Returned 0
Scanning: C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT
AVG7 Anti-Virus command line scanner
Copyright (c) 2003 GRISOFT, s.r.o.
Program version 7.0, engine 718
Virus Database: Version 261.5.5 30-12-2003
AST=1
C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT Virus identified I-Worm/Yaha.Q
C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT:\WINDOWS\TEMP\Valentine.scr Viru
s identified I-Worm/Yaha.Q
Tested: 2 files, 2 sectors
Infections: 2
Returned 0
----------------
Here you can see that avgscan.exe did its job just fine - it found virus even inside .ZIP file!
...but e-mail is still infected - .ZIP attachment is delivered normally to receipents address, without changes and without warning.
I also tried to add /CLEAN parameter to avgscan.exe, so I run it with:
"[AGENT]" "[FILENAME]" /ARC /NOMEM /NOHIMEM /NOSELF /NOEXPORT /EXT=* /CLEAN
I tried to remove /NOEXPORT parameter, but still no help - viruses are NOT REMOVED!
Any idea?
The reason that AVGSCAN.EXE that is part of AVG7, does not remove viruses is that it does not generate an exit code when finished running. The version of AVGSCAN.EXE included with AVG6 does generate this code as does the AVG.EXE included with AVG6 and AVG7.
This can be verified by creating a script that calls AVGSCAN.EXE, checks a file then ECHO's the %ERRORLEVEL% system variable. Both AVG.EXE and AVGSCAN.EXE included with AVG6 generate the code, 5 or 6. With AVG7 only AVG.EXE generate the appropriate code. The AVGSCAN.EXE in AVG7 generates nothing, and the %ERRORLEVEL% always shows 0.
I sent a message to Grisoft requesting a remedy to scripting using the AVGSCAN.EXE of AVG7. I stated that I needed a 32bit command line scanner that generated return codes to properly run my scripts. They sent me a zip file AVGSCANL.ZIP that they said would remedy my problems. I have not yet tried it with my scripts or with ME Pro. I will post back success or failure.
This can be verified by creating a script that calls AVGSCAN.EXE, checks a file then ECHO's the %ERRORLEVEL% system variable. Both AVG.EXE and AVGSCAN.EXE included with AVG6 generate the code, 5 or 6. With AVG7 only AVG.EXE generate the appropriate code. The AVGSCAN.EXE in AVG7 generates nothing, and the %ERRORLEVEL% always shows 0.
I sent a message to Grisoft requesting a remedy to scripting using the AVGSCAN.EXE of AVG7. I stated that I needed a 32bit command line scanner that generated return codes to properly run my scripts. They sent me a zip file AVGSCANL.ZIP that they said would remedy my problems. I have not yet tried it with my scripts or with ME Pro. I will post back success or failure.
Testing of the AVGSCANL.EXE with my server scripts and integrated with ME worked with the EICAR.COM test virus. The virus was striped out of the test mail as expected. Proper exit return codes were created.
This mail server is not yet in production, so I do not have any real work results. Based on the output and results from the test virus I expect that this will work properly in production.
This mail server is not yet in production, so I do not have any real work results. Based on the output and results from the test virus I expect that this will work properly in production.
looking for a virus test file
I'm looking for a virus file so I could test
our AVG7 and ME pro..
Anybody can send me a virus please ?
our AVG7 and ME pro..
Anybody can send me a virus please ?
Rafael B.
Get the test virus file from http://www.eicar.org/anti_virus_test_file.htm it is a file used by most software companies and you cannot do any damage with it.
I obtained a copy of AVBSCANL.EXE too. It does return an exit code when I run it from a command line, scanning the EICAR.COM test virus. But I still can't get ME to use it properly. When mailed, the test virus comes through undisturbed.Testing of the AVGSCANL.EXE with my server scripts and integrated with ME worked with the EICAR.COM test virus. The virus was striped out of the test mail as expected. Proper exit return codes were created.
Did you do anything besides selecting the correct location for AVGSCANL.EXE? I didn't see an entry for AVG 7 in ME, so I selected AVG 6, then changed the name of the AV program. Kept the default AVG 6 command line. Test button in ME says everything's OK, but virii aren't being bothered.
Karen
This is what I did..
For me it works great!
This is what I did differently:
Open regedit.exe and follow to this node:
HKEY_LOCAL_MACHINE->SOFTWARE->Mail Enable->Mail Enable->Agents->MTA->Filters->MEAVGRI
And change the parameter "Antivirus parameters" to:
"[AGENT]" "[FILENAME]" /EXT=* /CLEAN /ARC /ARCW /RTW /MACROW /REPORT c:\scan.log /NOMEM /NOHIMEM /NOSELF /NOEXPORT
As you can see this will also create a report on c:\scan.log of everything AVG scans...
Good luck.
This is what I did differently:
Open regedit.exe and follow to this node:
HKEY_LOCAL_MACHINE->SOFTWARE->Mail Enable->Mail Enable->Agents->MTA->Filters->MEAVGRI
And change the parameter "Antivirus parameters" to:
"[AGENT]" "[FILENAME]" /EXT=* /CLEAN /ARC /ARCW /RTW /MACROW /REPORT c:\scan.log /NOMEM /NOHIMEM /NOSELF /NOEXPORT
As you can see this will also create a report on c:\scan.log of everything AVG scans...
Good luck.
Rafael B.
-
- Posts: 560
- Joined: Mon Nov 03, 2003 7:48 am
- Location: Cape Town
AVG Command line scanner
Email technicalsupport@grisoft.com and ask for AVGSCANL.EXE, they will send it to you. Make sure you ask for the correct file as they tried to tell me that AVGSCAN.EXE does not support exit codes (which we all know by now) even though I mentioned AVGSCANL.EXE. I did get the file on my second request.