******************************************************************************************
TESTING

just execute the /var/log/copfilter/default/tests/make_all_tests.sh and the steps below will
be performed, a logfile is written to make_all_tests.log, if any of below fails 
see MANUAL and FAQ for erros, debugging etc

make_all_tests.sh will:
-----------------------

0. send you a test exe attachment email (to test renattach)
   you should check if the email you received has a renamed attachment
   so instead of getting test.exe as an attachment you should get test.exe.bad instead

1. send you a test spam mail  (to test p3scan and spamassassin)
   a) you should check if the email you received has a changed subject: "***** SPAM ***** (XX/XX) <original subject>"
   b) you should check if the email you received contains a "X-Virus-Scanner" line,  then you actually know that 
      the pop3 proxy (p3scan) is actually scanning your incoming pop3 emails
   c) you should check if the email you received contains a "X-Spam-Report" line in the email header, 
      then you actually know that spamassassin (spamd) is actually scanning your emails for spam

2. send you a harmless testvirus mail (to test clamav and fprot)
   you should check if get a "found virus" email report, 
   and if both f-prot and clamav found the virus 
   (this info is included int the "found virus" email report

3. make a local spam test (to see if spamassassin is running)

4. download clamav signature updates and send you an update email
   you should check if you received such an email with the information about
   the current clamav virus signatures (date or version number of virus signatures)

5. make a local virus scan test with clamav
   check the output to see if clamav found the testvirus

6. download f-prot signature updates and send you an update email
   you should check if you received such an email with the information about
   the current f-prot virus signatures (date or version number of virus signatures)

7. make a local virus scan test with f-prot
   check the output to see if f-prot found the testvirus



in 3. 5. and 7. you will see how much time (in seconds) the step took

my results:
intel celeron 300MHz, 128MB RAM
SPAMASSASSIN: identified spam (8.1/7.0) for root:702 in 4.4 seconds, 873 bytes.
CLAMAV:       Time: 4.530 sec (0 m 4 s)
F-PROT:       Time: 0:00

amd athlon XP 2200MHz, running in a vmware session with 48MB RAM
SPAMASSASSIN: identified spam (8.1/7.0) for root:702 in 1.4 seconds, 873 bytes.
CLAMAV:       Time: 1.255 sec (0 m 1 s)
F-PROT:       Time: 0:00

i'd like to include your results too if you have different hardware




**************************
you can visit http://www.testvirus.org and send yourself a virus from this website as well


**************************
examples of emails you will get

0. renattach - email with a renamed attachment
   Email Header: X-Filtered-With: renattach 1.2.1
                 X-RenAttach-Info: mode=badlist action=rename count=0
   Subject: [renamed attachment] test mail from your ipcop machine with a .exe attachment
   Body: test mail from your ipcop machine with a .exe attachment 


1. p3scan and spamassassin - changed email
   a) Subject: ***** SPAM ***** (16.22/07.00) test mail from your ipcop machine, VIAGRA
   a) Email Header: X-Virus-Scanner: P3Scan Version 1.0 by <laitcg@cox.net>/<folke@ashberg.de>
   b) Email Header: 
      X-Spam-Flag: YES
      X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on verena.madlener.tk
      X-Spam-Level: ****************
      X-Spam-Status: Yes, hits=16.2 required=7.0 tests=BIZ_TLD,DOMAIN_BODY,
	      EXCUSE_14,HTML_30_40,HTML_FONTCOLOR_UNKNOWN,HTML_FONT_INVISIBLE,
	      HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,NO_REAL_NAME,
	      OBFUSCATING_COMMENT,OFFERS_ETC,REMOVE_PAGE,SUBJ_VIAGRA,VIAGRA 
	      autolearn=no version=2.63
      X-Spam-Report: 
	      *  0.3 NO_REAL_NAME From: does not include a real name
	      *  2.8 SUBJ_VIAGRA Subject includes "viagra"
	      *  1.8 DOMAIN_BODY BODY: Domain registration spam body
	      *  1.9 VIAGRA BODY: Plugs Viagra
	      *  0.2 OFFERS_ETC BODY: Stop the offers, coupons, discounts etc!
	      *  0.2 EXCUSE_14 BODY: Tells you how to stop further spam
	      *  0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
	      *  0.8 HTML_30_40 BODY: Message is 30% to 40% HTML
	      *  0.0 HTML_MESSAGE BODY: HTML included in message
	      *  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
	      *  0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as background
	      *  0.8 REMOVE_PAGE URI: URL of page called "remove"
	      *  0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
	      *  1.7 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
	      *  4.3 OBFUSCATING_COMMENT HTML comments which obfuscate text

      now you know that the email was successfully scanned for spam by spamassassin 
      the X-Spam-Report line tells you which score the email reached, spamassassin marks
      an email as spam as soon as it reaches a certain score limit, different tests 
      result in different scores, example: if no sender is defined, if 100% of the 
      mail is HTML or if words like porn, viagra are found in the message 
      -> then the score gets higher, the higher the score the more certain it will be spam
      (this test is to check scanning functionality)

2. fprot and clamav - "found virus" email report (with eicar.com testvirus)
   Subject: Virus found in a mail to you.
   Body:
   Hello XXXXXXX
   This mail was generated automatically from P3Scan, which runs on
   verena.madlener.tk.(none) for scanning all mails for spam and viruses.

     In a mail sent to you a virus has been found.

   Virus name:
       clamscan found virus *Eicar-Test-Signature* in email attachment *eicar.com*
   Sender of the email:
       <ipcop@mydomain.com>
   Subject:
       (harmless) VIRUS test mail from your ipcop machine
   Connection date:
       POP3 from XXXXXXXXX:3236 to XXXXXXXXXXX:110
   Message File:
       /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan/children/2595/p3scan.1Uzaii
   
   Instead of the infected email this message has been sent to you.
   
   The original email (including the virus) has been 
   saved to a file in this directory:
   /var/log/copfilter/default/opt/p3scan/default/var/spool/p3scan
   
   The name of the file (containing the virus infected email) is the same as in 
   the Message File description above. It starts with "p3scan." and ends 
   with a combination of 6 random characters or numbers.
   An example:  p3scan.fqlCuS
   --
   P3Scan 1.0
   by Jack S. Lai <laitcg@cox.net> 

   have a look at the Virus name line, here you will see which virus scanner 
   found which virus, for example you see that clamscan AND fprot found the 
   eicar testvirus !  with this method you can also see if one virus scanner failed 
   to recognize a virus found by the other scanner !!


3. self explaining


4. clamav signatur update - Email
   Subject: clamav antivirus update
   Body: 
   --------------------------------------
   ClamAV update process started at Wed Apr 28 01:00:36 2004
   main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
   daily.cvd updated (version: 287, sigs: 1047, f-level: 2, builder: tomek)
   Database updated (21276 signatures) from database.clamav.net (195.70.36.141).
   clamscan / ClamAV version 0.70


5. self explaining


6. fprot signatur update - Email
   Subject: f-prot antivirus update
   Body:
   F-PROT ANTIVIRUS
   Program version: 4.4.0
   Engine version: 3.14.10
   
   VIRUS SIGNATURE FILES
   SIGN.DEF created 11 March 2004
   SIGN2.DEF created 11 March 2004
   MACRO.DEF created 8 March 2004


7. self explaining