Does anyone have the current F-Prot command line syntax
Question asked by Joe Wolf - February 18, 2015 at 8:18 AM
Unanswered
ClamAV is letting hundreds of infected files thru every day.  It no longer seems to be able to scan attachments inside .eml file format (neither will Microsoft Security Essentials).  F-Prot will and it's reasonably priced.  I have done quite a few tests on infected .eml files and find F-Prot is the most reasonable way to go, and ClamAV is nearly useless.  I can provide an example if you post an email address I'll send them to you.
 
What I need to know is if anyone has the proper current F-Prot command line syntax.  I used to use it, but have lost my notes.  It was on the old forums here, but that data is gone as well.
 
Thanks,
-Joe
Thanks,
-Joe

14 Replies

Reply to Thread
0
Webio Replied
Hello, I'm wondering .. which F-Prot version you are using with SmarterMail? F-PROT ANTIVIRUS FOR WINDOWS CORPORATE for 50USD? There is F-PROT ANTIVIRUS FOR LINUX MAIL SERVERS but I don't see any Windows version. Thanks
0
Joe Wolf Replied
When Cyren took over F-Prot they eliminated several versions. For Windows they only have Home and Corporate. They used to have a mail server version but they dropped it when Cyren took over. Home won't install on a Windows Server OS so you have to use the Corporate version. There used to be licensing issues, but no longer. The bottom line is that ClamAV is doing a TERRIBLE job right now. I've run days and weeks old viruses thru virustotal.com and ClamAV is one of 4 or 5 out of 57 that won't pick them up. From what I can tell ClamAV cannot scan an attachment inside a .eml file.
Thanks,
-Joe
0
Joe Wolf Replied
I can see the link to the Knowledge Base article on an old SM 10 help file, but the KB article is no longer valid. http://help.smartertools.com/SmarterMail/v10/Default.aspx?qq=%2fSmarterMail%2fv10%2fTopics%2fInstallation%2fSpamVirusIntegration.aspx
Thanks,
-Joe
0
Joe Wolf Replied
Well after further investigation it doesn't look like the new version of F-Prot will work. You can't scan an individual file like you could on the older versions.
Thanks,
-Joe
0
Joe Wolf Replied
Here's a report of an infected .eml file that goes right thru ClamAV. Don't worry, it's just the report: https://www.virustotal.com/en/file/4c1f8e12c3647094303d27a3827a2f7d97faed53f7ea441842744ba0643610a2/analysis/1424294208/
Thanks,
-Joe
0
Webio Replied
How many files are being placed in one directory during AV scanning? http://support.f-prot.com/index.php?/Knowledgebase/Article/View/140/0/what-are-the-f-prot-antivirus-command-line-scanner-command-line-options fpscan is allowing to point it to some directory. I also see possibility to write a small command line program in the middle which is generating fpscan command line options which excludes all files except one provided by SmarterMail but I'm not sure how quick files are being added/removed in command line scanning directory.
0
Webio Replied
On the other hand maybe Eset NOD32 would be good alternative? EDIT: Only thing is that if they allow to use normal NOD32 on server level in their licensing. EDIT2: One more thing: is there any place in ST KB or SM docs where I can find information about command line scanning? I was wondering what scan should return (0/1) but I can't find this information anywhere. EDIT3: About NOD32 - never mind. It doesn't allow to be installed on server system.
0
Joe Wolf Replied
There used to be both forum and KB articles on setting up the various command line scanner options, but that's all gone now. SmarterMail will call the command line scanner for each message sent or received, but the new F-Prot won't scan an individual file, only a folder and that won't work. It looks like Avira has a command line scanner that might work, but you have to buy a server level subscription to get the pattern updates. Very frustrating.
Thanks,
-Joe
0
Webio Replied
IMHO there is one more possibility :). When you look at virustotal report you will see that there is also AVG software which found virus in your file. I'm not sure if AVG is providing command line console but Declude is probably using AVG virus database located in file incavi.avm . This file can't be downloaded directly from AVG website so IMHO solution would be using free version of AVG and using its incavi.avm file (of course if it is still being used by latest version because incavi.avm from Declude package is from 2013). On ther other hand if AVG Free is providing command line util then maybe it could be used directly in SmarterMail. EDIT: Here you have URL to hmailserver docs describing how to use AVG: https://www.hmailserver.com/documentation/v4.2/?page=feature_antivirus_external
0
Webio Replied
One more thing. I've found here: http://www.mailsbestfriend.com/downloads/Configs/Virus.cfg command for f-prot: C:\Progra~1\FSI\F-PROT\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE=5 /NOBOOT /DUMB /REPORT=report.txt
0
Joe Wolf Replied
The problem is that since Cyren took over F-PROT fpcmd.exe is no longer the command line scanner. The replacement does not have the ability to scan a single file.
Thanks,
-Joe
0
Webio Replied
So .. have you found another AV solution? ESET has not so nice licensing model because ESET File Server software can be used only on one server when you buy NOD32 endpoint security suite for about 5-19 workstations. I'm using 3 smartermail gateways within my server room and one outside so I need 4 AV licenses. Now I'm checking Avast which for its "Avast Endpoint Protection Suite" allows to use their software on any type of system (client or server edition). There is also multiple examples in internet how to use command line util ashCmd.exe (hmailserver forum contains some examples). For 5 licenses of Avast Endpoint price is 175usd which (of course it depens of your situation) is not so big price IMHO.
0
Webio Replied
Command line example from: https://www.hmailserver.com/forum/viewtopic.php?t=22159 "ashCmd.exe /a /c /t=A /_" works fine for me when it comes to Avast. I'm not using Avast directly from SmarterMail but from Declude which I'm using as AV/SPAM solution.
0
Mitch Shanley Replied
I found a work around and I believe it works.. use this in smartermail tab C:\fprot.bat %filepath

then create a bat file with this in it
SET ERR=0
"C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\fpscan.exe" /disinfect %1 /output=c:\fprot.log
IF NOT ERRORLEVEL 1 GOTO CLEAN
IF ERRORLEVEL 1 SET ERR=1
IF ERRORLEVEL 1 SET ERR=2
IF ERRORLEVEL 1 SET ERR=3
IF ERRORLEVEL 1 SET ERR=4
IF ERRORLEVEL 1 SET ERR=5
IF ERRORLEVEL 1 SET ERR=6
MOVE /Y %1 C:\SmarterMail\Viruses
GOTO END
:CLEAN
:END

Reply to Thread