hmailserver and NOD32 antyvirus

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

hmailserver and NOD32 antyvirus

Post by abgar » 2005-05-31 03:31

I played a bit with settings to use NOD32 as external scanner but without success:-(
Anyone can help ?
Regards

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-06-02 19:35

I've never tried it myself. Have you found any documentation on how to use the external scanner? I assume it's a "command line scanner"?

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Post by abgar » 2005-06-02 23:48


abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Hi Martin !

Post by abgar » 2005-06-24 17:12

Hi Martin,
What about NOD32 ? Do You have command line for it ?

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-06-26 22:11

I'm having problems setting it up as well. The problem I'm having is that the user interface is shown while it scanns. I've asked a question in the NOD32 user forum about this. Was it the same problem you encountered?

abgar
Normal user
Normal user
Posts: 93
Joined: 2005-03-23 09:33
Location: Warsaw, Poland

Post by abgar » 2005-06-27 11:29

martin- hehe so you have more success than me:-) You forced something to work.
Please post command line call to NOD32 ( from hmail)

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-07-02 13:46

I haven't gotten any reply in the forum yet. Got one tip but that wasn't usable. The problem is that when you run nod32.exe, a user interface is always shown. If this user interface would show a message box of any type that requires user interaction, the hMailServer service will hang. I've not seen any such message boxes during my tests, but I can't gurantee that they won't pop up on your machine. I haven't found any way to completely disable the user interface (there's no documented way to do it).

Having said that, you might be able to run it if you do the following:

Enable External virus scanner with the following settings:
Scanner executable:
"C:\Program Files\ESET\Nod32.exe" /quit /ah /delete /arch+ /sfx+ /scanmem- /scanboot- /scanmbr- "%FILE%"
Return value: 2

(don't forget to replace the path to nod32.exe with the path on your computer).

Now try to send a message that contains the eicar test virus. When I do this, I get a progress bar on the screen every time I send a message. If you get this, open up the Windows control panel, select administrative tools, services. Right click on the hMailServer service and select properties. In the Properties dialog, select the Log on-tab. If Allow service to interact with desktop is enabled, disable that option.

I've only tested this on a few emails.

bazporter
Normal user
Normal user
Posts: 98
Joined: 2005-06-03 16:14

Post by bazporter » 2005-07-02 15:39

What about using Hidden.exe (http://www.savardsoftware.com/downloads.asp) so that the command line becomes:
"C:\Path\to\Hidden.exe C:\Program Files\ESET\Nod32.exe" /quit /ah /delete /arch+ /sfx+ /scanmem- /scanboot- /scanmbr- "%FILE%"

Hidden.exe will prevent the application from interacting with the desktop completely. I use it to run SpamAssassin to stop it popping open the command window when it runs.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-07-02 20:26

When hMailServer launches an application, it already specify in the call to CreateProcess that the application should be launched in silent mode. But this doens't really stop the application from creating new windows that are visible.

The real problem is not that the virus scanner may show a window - if the service is configured not to interact with the desktop, Windows will gurantee that it never shows a message box. But what if the virus scanner is run "hidden" and it displays a message box with something like "Virus found. Delete it?" or whatever. Since this messagebox wouldn't be displayed to the user, it would just remain running and the virus scanner wouldn't quit. This would have the effect that it looks like the email delivery has hung, when it's in fact waiting for user input...

DSmidgy
Normal user
Normal user
Posts: 36
Joined: 2004-05-12 15:48

Post by DSmidgy » 2005-09-01 10:41

Maby you don't know: The "External Virusscanner" tab is missing in WebAdmin interface.


And the problem:

I use this command to scan the mail.
"C:\Program Files\ESET\nod32.exe" /quit /selfcheck- /list- /scanfile+ /scanboot- /scanmbr- /scanmem- /arch+ /sfx+ /pack+ /mailbox+ /ntfs- /sound- /pattern+ /heur+ /ah /adware /unsafe /log+ /logappend /log=D:\ServerLogs\mail\NOD32.log /clean /delete "%FILE%"

And the %FILE% seems to return the wrong path:
D:\ServerData\mail\{4207BEA8-0069-4F69-9162-939E877063D1}.eml

Shouldn't the path be sth. like:
D:\ServerData\mail\domain.com\user1\42\{4207BEA8-0069-4F69-9162-939E877063D1}.eml

For other users of NOD32: no window had shown up in scanning, but the file would be scanned if the path was right.

Dominik

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-09-01 11:21

The path is right. hMailServer launches the virus scanner before the email is delivered to the recipient folder. One single email may be delivered to 4 different users on the server, then it would be weird if hMailServer should virus scan the message once for every user in the different user folders.

DSmidgy
Normal user
Normal user
Posts: 36
Joined: 2004-05-12 15:48

Post by DSmidgy » 2005-09-01 12:00

Scanning Log
NOD32 version 1.1207 (20050831) NT
Command line: /quit /selfcheck- /list- /scanfile+ /scanboot- /scanmbr- /scanmem- /arch+ /sfx+ /pack+ /mailbox+ /ntfs- /sound- /pattern+ /heur+ /ah /adware /unsafe /log+ /logappend /log=D:\ServerLogs\mail\NOD32.log /clean /delete D:\ServerData\mail\{4207BEA8-0069-4F69-9162-939E877063D1}.eml
CRC check of NOD32.EXE file: Disabled
Scanning memory: Not performed (option disabled)
Scanning MBR and boot sectors: Not performed (option disabled)
Date: 1.9.2005 Time: 10:30:03
Scanned disks, folders and files: D:\ServerData\mail\{4207BEA8-0069-4F69-9162-939E877063D1}.eml
Number of scanned files: 0
Number of threats found: 0
Time of completion: 10:30:04 Total scanning time: 1 sec (00:00:01)

I lookd and the folder + file specified in log exists.
Do you know, why doesn't nod32 scan the file?
Should I try disabeling some switches?

DSmidgy
Normal user
Normal user
Posts: 36
Joined: 2004-05-12 15:48

Post by DSmidgy » 2005-09-01 12:06

If I create .bat file and replace %FILE% with existing file the scan works OK.

DSmidgy
Normal user
Normal user
Posts: 36
Joined: 2004-05-12 15:48

Post by DSmidgy » 2005-09-01 13:58

I found that some switch is doing the poblem. I'll try to debug the command.



/arch+ and /mailbox+
These two are blocking the scan.
Does the absence of /arch+ means that nod32 won't be able to detect the virus in .zip file?

It's strange that it works in .bat file but not through hMailServer.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2005-09-01 17:47

I assume you mean that you run the bat directly from the prompt.

I have a theory (very unsure).
When you use /arch+, NOD32 will try to de-compress the files to a temp directory. When running the .bat-file, you'll run that file as a normal windows user and then you have write access to the directory where NOD32 tries to uncompress the file. But when running it from hMailServer, hMailServer might not have write access to the folder where NOD32 tries to write the file.

User avatar
Pern
Normal user
Normal user
Posts: 46
Joined: 2006-09-07 21:14

nod32 popups and silent running

Post by Pern » 2006-09-07 21:27

Below note was take from this site
Notes
After Emailing a few times with
Eset Technical Support - US (ESET.com)
The makers of NOD32, it seams the Progress bar
that shows up upon exiting the Command window
(Even though im telling it not to show the window)
Can not be stoped from showing in version 2.5
ESET.com Claims they will have this problem
fixed in version 3.0, at this time they can not
give a date to the release of NOD32 version 3.0

Email Snip from ESET.com
' I assume you mean the progress bar that is shown upon exiting the on-demand scanner. Its shown only when a larger log is being saved. NOD32 version 3 should introduce a new command line scanner that should work fine for you. Before you ask, I have no time line yet as to when it will be released. Sorry.'
As you can see from the tag below im the owner of ArgoDragonSoftware.info. I devloped code for ArgoSoft's Email Server but im about to give up as it does not work right, and it seams users are not useing my programs too much altho i get about 3 hits a day on the site.
{I think im gonna make a web site for this hMailServer so far after 24 hours ilike it, and am happy i can control thing in it}

one thing i want to do is add the virus programs info the the email, the email server program may do this all ready as i have not been able to send a virus yet as a test.
http://shopping.declude.com/Articles.asp?ID=100 is the place i normaly try to send test viruses from. it is not working as of checking it today

thanks for the nice program..
i have as yet to play with the database
i want to make custom email reports too
Johnny - aka Pern
WebSite: dragonsworkshop.com ** Happy Holidays**

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-09-07 21:33

You can download test antiviruses from here as well:
http://www.eicar.org/anti_virus_test_file.htm

Post Reply