How to Connect Sophos Endpoint Antiviurs connecti with Hmail

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
ashishd
New user
New user
Posts: 5
Joined: 2014-05-09 16:31

How to Connect Sophos Endpoint Antiviurs connecti with Hmail

Post by ashishd » 2014-05-09 16:57

We are using hmail server for our web integration service. So User can automatically register with our mail server. Now we have installed Sophos Endpoint Antivirus, I was try to add command line sequence in Executable command line in hmail antivirus section.

Unfortunately it was get me error on Test. Error is Virus Detection Failed. Return code: 2

You can find the below snapshot url.
http://postimg.org/image/sixxt2qs9/

Please help me out, what should I have to do to get it resolved.

-Ashish

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: How to Connect Sophos Endpoint Antiviurs connecti with H

Post by Bill48105 » 2014-05-09 17:22

Did you read this?
http://www.sophos.com/en-us/support/kno ... 10069.aspx
And this
http://www.sophos.com/en-us/support/kno ... 13252.aspx

hmail uses the command line to call AV (except for ClamAV which is ClamD client & done over TCP/IP) so you must know the proper command line to tell hmail to call it with, the right path and the result codes returned so hmail knows how to act. You'll also want to tell it to not delete the file if possible.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

ashishd
New user
New user
Posts: 5
Joined: 2014-05-09 16:31

Re: How to Connect Sophos Endpoint Antiviurs connecti with H

Post by ashishd » 2014-05-09 17:33

Hi,

I had read all those documents and according to those documents I was use below command line argument in Hmail.

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe -cleanup -di -pua -remove

& Return Valus: 250

But still I got same error.

What I have to diagnose here.

-Ashish

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: How to Connect Sophos Endpoint Antiviurs connecti with H

Post by Bill48105 » 2014-05-09 17:53

youll need to test from command line manually. In a batch file you can view/print the results and the return value
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: How to Connect Sophos Endpoint Antiviurs connecti with H

Post by Bill48105 » 2014-05-09 18:01

IOW make a batch file like:

Code: Select all

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe -cleanup -di -pua -remove %1
echo  %errorlevel%
Then run it from CMD like:
scan.cmd test.eml

if you named the batch file scan.cmd & you have a test email in same folder named test.eml. If you run it it should tell you the return code. But be sure to test it with CLEAN email to know CLEAN result & test it with VIRUS email to know VIRUS result. They should be diffent.
For a test "virus" create a text file with just this:

Code: Select all

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
From here: http://www.eicar.org/86-0-Intended-use.html
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

ashishd
New user
New user
Posts: 5
Joined: 2014-05-09 16:31

Re: How to Connect Sophos Endpoint Antiviurs connecti with H

Post by ashishd » 2014-05-12 13:22

Hi,

I got below error message after execute the command.

"ERROR" 7492 "2014-05-12 04:29:47.707" "Severity: 3 (Medium), Code: HM5400, Source: ProcessLauncher::Launch, Description: A launched process did not exit within an expected time. The command line is C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sav32cli.exe -cleanup -di -pua -remove %1 C:\hMailServer\Data\{950EA7A0-D6B6-41F1-81A4-D7323356C38C}.eml. The timeout occurred after 20000 milliseconds. hMailServer will continue to wait for process to finish."

What step should I've to take.

-Ashish

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: How to Connect Sophos Endpoint Antiviurs connecti with H

Post by Bill48105 » 2014-05-12 16:31

Run that same command from CMD to see what happens. You can't see it when hmail runs it so run it yourself manually..
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

ashishd
New user
New user
Posts: 5
Joined: 2014-05-09 16:31

Re: How to Connect Sophos Endpoint Antiviurs connecti with H

Post by ashishd » 2014-05-12 16:52

Hi Bill,

I was tried it run manually and it was start scanning on command mode. Please find the below URL to get snapshot for the same.

Snapshot: http://postimg.org/image/467r9cs2b/

-Ashish

Post Reply