Situation: we are using hmailserver for our mail server. This server stores all incoming mails temporarily as a file so external antivirus software (with a command line scanner) has the opportunity to scan this .tmp or .eml file. After the scan the mail server looks at the return code and acts on it by deleting the attachment or the mail if a tread is found.
To do this we use a bat file like this
"C:\Program Files\ESET\ESET Endpoint Antivirus\ecls.exe" /no-log-console /log-file=C:\hmailserver\logs\eset.log /no-log-all /no-quarantine /clean-mode=none /no-boots %1
exit %errorlevel%
The problem is that all viruses are passed even when a tread should be found:
This is what a log looked like:
ECLS Command-line scanner, version 5.0.2229.0, (C) 1992-2014 ESET, spol. s r.o.
Module loader, version 1060 (20150617), build 1092
Module perseus, version 1472 (20150930), build 1713
Module scanner, version 12488 (20151030), build 26481
Module archiver, version 1238 (20150921), build 1250
Module advheur, version 1162 (20150923), build 1128
Module cleaner, version 1114 (20151004), build 1145
Command line: /no-log-console /log-file=C:\hmailserver\logs\eset.log /no-log-all /no-quarantine /clean-mode=none /no-boots C:\Program Files (x86)\hMailServer\Data\{9B097597-F2B3-488D-AECC-B9BE156D5BE1}.eml
Scan started at: 10/30/15 10:13:07
Scan completed at: 10/30/15 10:13:07
Scan time: 0 sec (0:00:00)
Total: files - 1, objects 2
Infected: files - 0, objects 0
Cleaned: files - 0, objects 0
What are we doing wrong with the parameters. We need the scanner to scan the file, and only the file (no memory or boot sectors) and then return a value if a tread is found. The file may NOT be cleaned or quarantined. We have the exit codes set to 50.
We are using Eset Endpoint antivirus 5.0.2229.1
This should be our first line of defense but for some odd reason we cannot seem to get it working.
All help is welcome
ps: this the 3th try. All other tries did not get posted