Grisoft AVG antivirus is NOT scanning mail on server

Discussions on webmail and the Professional version.
labsy
Posts: 148
Joined: Sun Nov 16, 2003 6:49 am
Location: Slovenia

Grisoft AVG antivirus is NOT scanning mail on server

Post by labsy »

Hello!

I have installed Grisoft AVG 7.0 antivirus to scan mail on server.
Everything seems installed okay, if I click diagnose on mailEnable, I see antivirus ENABLED and module for antivirus MEAVGR7 is also ENABLED:

--------
MTA Filtering Status - MailEnable MTA Filters - Enabled - Pass
MTA Filter Status - MEAVGR7 - Enabled - Pass
--------

But mails are NOT scanned!

Also, mails with attachments should be CERTIFIED with text message, saying that mail is virus-free, but this message is not added.

Now, I do not know where to begin searching for mistake - in mailEnable or AVG antivirus.
Any idea?

Grumpydoug
Posts: 45
Joined: Thu Jul 17, 2003 2:01 pm

AVG

Post by Grumpydoug »

Which version did you buy " AVG Email Server Edition " or " AVG File Server Edition "... Ver 6 would protect the entire system, but I think Ver 7 has to be bought in Configurations of 5, 10, 15, 25, 30, 40, 50, 75, 100 for email version... I use Ver 7 on my file server but have kept Ver 6 for the mail server because of these limitations..

labsy
Posts: 148
Joined: Sun Nov 16, 2003 6:49 am
Location: Slovenia

Post by labsy »

Huh, :shock: these versions....

I really do not know if we were asked for some licences... But version is 7.0, and if I click on LICENCE tab it says:
Count of licences: 1

Hmm, what if we go back to AVG 6.0 version? Do you think there is some great difference if we use it only for scanning mail on server?

Grumpydoug
Posts: 45
Joined: Thu Jul 17, 2003 2:01 pm

AVG SERVER

Post by Grumpydoug »

If you look at the AVG control panel you'll see that the " Email Scanner is not installed " if you have the file server version.
Version 6 is still supported and updated, I don't see where ver7 is any better at scanning than ver6 was, just more controls and a lot more money...

When ver6 expires it will be time to look for a new scanner... Grisoft states " the number of licenses is determined by the number of mailboxes or email accounts " in ver7, I give 20 email accounts with each domain and at $1030.00 per 100 accounts thats over $200.00 per domain...

labsy
Posts: 148
Joined: Sun Nov 16, 2003 6:49 am
Location: Slovenia

Post by labsy »

I made some changes:

1.) Still using AVG 7.0

2.) In mailEnable MTA configuration I changed settings - instead of avg.exe I entered avgscan.exe to be run on scanning e-mails

3.) I made a test:
- I stopped MTA service
- then I run MTA service in debug mode with MEMTA -debug
- I sent mail with virus in .ZIP file
- I saw these scanning results:

----------------
Attachment (1) Found - Processing
Attachment Processing Completed
Attachment (2) Found - Processing
Attachment Processing Completed
Attachment (3) Found - Processing
Attachment Processing Completed
Scanning: C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\1.ATT
AVG7 Anti-Virus command line scanner
Copyright (c) 2003 GRISOFT, s.r.o.
Program version 7.0, engine 718
Virus Database: Version 261.5.5 30-12-2003
Tested: 1 files, 2 sectors
Infections: 0
Returned 0
Scanning: C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT
AVG7 Anti-Virus command line scanner
Copyright (c) 2003 GRISOFT, s.r.o.
Program version 7.0, engine 718
Virus Database: Version 261.5.5 30-12-2003
AST=1
C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT Virus identified I-Worm/Yaha.Q
C:\PROGRA~1\MAILEN~1\Scratch\385ACA~1.MAI\2.ATT:\WINDOWS\TEMP\Valentine.scr Viru
s identified I-Worm/Yaha.Q
Tested: 2 files, 2 sectors
Infections: 2
Returned 0

----------------

Here you can see that avgscan.exe did its job just fine - it found virus even inside .ZIP file!

...but e-mail is still infected - .ZIP attachment is delivered normally to receipents address, without changes and without warning.

I also tried to add /CLEAN parameter to avgscan.exe, so I run it with:
"[AGENT]" "[FILENAME]" /ARC /NOMEM /NOHIMEM /NOSELF /NOEXPORT /EXT=* /CLEAN
I tried to remove /NOEXPORT parameter, but still no help - viruses are NOT REMOVED!

Any idea?

JohnN
Posts: 6
Joined: Thu Jul 18, 2002 6:26 am
Location: Iowa, US

Post by JohnN »

The reason that AVGSCAN.EXE that is part of AVG7, does not remove viruses is that it does not generate an exit code when finished running. The version of AVGSCAN.EXE included with AVG6 does generate this code as does the AVG.EXE included with AVG6 and AVG7.

This can be verified by creating a script that calls AVGSCAN.EXE, checks a file then ECHO's the %ERRORLEVEL% system variable. Both AVG.EXE and AVGSCAN.EXE included with AVG6 generate the code, 5 or 6. With AVG7 only AVG.EXE generate the appropriate code. The AVGSCAN.EXE in AVG7 generates nothing, and the %ERRORLEVEL% always shows 0.

I sent a message to Grisoft requesting a remedy to scripting using the AVGSCAN.EXE of AVG7. I stated that I needed a 32bit command line scanner that generated return codes to properly run my scripts. They sent me a zip file AVGSCANL.ZIP that they said would remedy my problems. I have not yet tried it with my scripts or with ME Pro. I will post back success or failure.

labsy
Posts: 148
Joined: Sun Nov 16, 2003 6:49 am
Location: Slovenia

Post by labsy »

Huh...yep, that's it!
I was suspicious to mailEnable which I thought did not parse ERROR CODE right - but I did not assume that error code is not even generated!

I hardly await your feedback... and it would be great if you could share this file for testing... of course, if you did not pay for it :roll:

JohnN
Posts: 6
Joined: Thu Jul 18, 2002 6:26 am
Location: Iowa, US

Post by JohnN »

Testing of the AVGSCANL.EXE with my server scripts and integrated with ME worked with the EICAR.COM test virus. The virus was striped out of the test mail as expected. Proper exit return codes were created.

This mail server is not yet in production, so I do not have any real work results. Based on the output and results from the test virus I expect that this will work properly in production.

cyx
Posts: 43
Joined: Tue Oct 07, 2003 5:33 am
Location: New Jersey, USA
Contact:

looking for a virus test file

Post by cyx »

I'm looking for a virus file so I could test
our AVG7 and ME pro..

Anybody can send me a virus please ? :)
Rafael B.

MartynK
Posts: 1376
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Post by MartynK »

Get the test virus file from http://www.eicar.org/anti_virus_test_file.htm it is a file used by most software companies and you cannot do any damage with it.

karenk
Posts: 11
Joined: Wed Oct 02, 2002 6:42 pm
Location: Oklahoma, USA

Post by karenk »

Testing of the AVGSCANL.EXE with my server scripts and integrated with ME worked with the EICAR.COM test virus. The virus was striped out of the test mail as expected. Proper exit return codes were created.
I obtained a copy of AVBSCANL.EXE too. It does return an exit code when I run it from a command line, scanning the EICAR.COM test virus. But I still can't get ME to use it properly. When mailed, the test virus comes through undisturbed.

Did you do anything besides selecting the correct location for AVGSCANL.EXE? I didn't see an entry for AVG 7 in ME, so I selected AVG 6, then changed the name of the AV program. Kept the default AVG 6 command line. Test button in ME says everything's OK, but virii aren't being bothered. :)

Karen
Karen Kenworthy
Karen's Power Tools Newsletter
http://www.karenware.com/

cyx
Posts: 43
Joined: Tue Oct 07, 2003 5:33 am
Location: New Jersey, USA
Contact:

This is what I did..

Post by cyx »

For me it works great!
This is what I did differently:

Open regedit.exe and follow to this node:
HKEY_LOCAL_MACHINE->SOFTWARE->Mail Enable->Mail Enable->Agents->MTA->Filters->MEAVGRI

And change the parameter "Antivirus parameters" to:
"[AGENT]" "[FILENAME]" /EXT=* /CLEAN /ARC /ARCW /RTW /MACROW /REPORT c:\scan.log /NOMEM /NOHIMEM /NOSELF /NOEXPORT

As you can see this will also create a report on c:\scan.log of everything AVG scans...

Good luck.
Rafael B.

Gus121
Posts: 2
Joined: Tue Jan 06, 2004 10:40 am
Location: UK

AVGSCANL.EXE file

Post by Gus121 »

Please can you tell me where you get hold of AVGSCANL.EXE file thankyou
--Gus

kanasai

Post by kanasai »

Anyone can tell where to get AVGSCANL.EXE ??

I encountered the same thing as labsy, AVG can detect the virus but it doesn't remove the virus file.

Brett Rowbotham
Posts: 560
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

AVG Command line scanner

Post by Brett Rowbotham »

Email technicalsupport@grisoft.com and ask for AVGSCANL.EXE, they will send it to you. Make sure you ask for the correct file as they tried to tell me that AVGSCAN.EXE does not support exit codes (which we all know by now) even though I mentioned AVGSCANL.EXE. I did get the file on my second request.

Post Reply