Topic: RAV not scanning incoming mail after upgrade to 5.5

[Tim Hogan]

I upgraded to version 5.5 last week.  I have RAV version 8.3.3 installed on our system with the most recent virus definitions (7/15/2002).  Since the upgrade it no longer seems to be scanning incoming mail.  My maillog no longer shows scans taking place and today several emails infected with the Win32/Frethem.L@mm virus have gotten through to users. After they started arriving I ran ravscan manually and reveived several messages of viruses.  For each instance the ravscan message reported messages such as the following:

home/e-smith/files/users/pvarmenio/Maildir/new/1026844780.17798.e-smith-server->(part0000:)->(IFRAME0) Infected: HTML/IFrame_Exploit*
/home/e-smith/files/users/pvarmenio/Maildir/new/1026844780.17798.e-smith-server->(part0001:decrypt-password.exe) Infected: Win32/Frethem.L@mm

Tim Hogan

[John Alamo]

I would recommend reinstalling RAV and seeing if that solves your problem .. sounds like the upgrade didn't keep all the necessary settings for RAV..

FYI -- you can test RAV using the eicar test file at http://www.eicar.org/ -- simply download, attach to an email, send it and see if RAV intercepts it -- if it does not, something is not configured correctly.

[Greg Zartman]

Tim,

John is correct.  The upgrade overwrote the "hook" that ties RAV into your mail system.  Simply reinstall and the problem will be gone.   See the following:
http://myezserver.com/downloads/mitel/contrib/rav-8.3.2/rav-sme55-howto.html

If you do anything with RAV and SME, I'd make sure to check out myezserver.com before proceeding (howto and downloads sections).  Darrell is the local expert on RAV and SME servers.  He really stays on top of new developments and issues with RAV and SME.  

Regards,

Greg Zartman

[Tim Hogan]

Thanks,

That took care of it.

Tim Hogan