Is my clamav working?

Jørn-Morten Innselset jorn-morten.innselset at BANETELE.COM
Mon Mar 22 13:53:03 GMT 2004 

Miguel,

yes, it seems that clamav is updated and working fine by itself (I'm using
freshclam to update the sigs every hour). And yes, /var/log/maillog shows
that clamav indeed is executed by MailScanner and infected files are found.
But it doesn't show any signs of it in the report, which makes me wonder if
MailScanner is picking up the output from ClamAV like it should.

I tried disabling f-prot and running with just "Virus Scanners = clamav" -
that caused infected files to pass through mailscanner that were picked up
by my RAV installation I still keep for safety...

Jorn-Morten


----- Original Message ----- 
From: "Miguel Koren O'Brien de Lacy" <miguelk at KONSULTEX.COM.BR>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Monday, March 22, 2004 2:18 PM
Subject: Re: Is my clamav working?



Jorn;

It seems to be working fine ( Mar 22 02:10:11 ....) . You may want to
chek in your maillog if you have it updating the pattern. Check for
lines like this:

"ClamAV-autoupdate"

and

"updated"

Miguel

Jørn-Morten Innselset wrote:

>I'm a bit unsure that clamav is working in my Mailscanner setup - it
_seems_
>to work, according to the output to maillog (I've set up f-prot and clamav
>as scanners):
>
>Mar 22 02:10:09 mx MailScanner[41528]: Virus and Content Scanning: Starting
>Mar 22 02:10:11 mx MailScanner[41528]:
>/var/CommuniGate/spool/MailScanner/incoming/41528/./52599/mp3music.pif:
>Worm.SomeFool.I FOUND
>Mar 22 02:10:11 mx MailScanner[41528]: Virus Scanning: ClamAV found 1
>infections
>Mar 22 02:10:11 mx MailScanner[41528]:
>/var/CommuniGate/spool/MailScanner/incoming/41528/52599/mp3music.pif
>Infection: W32/Netsky.J at mm
>Mar 22 02:10:11 mx MailScanner[41528]: Virus Scanning: F-Prot found virus
>W32/Netsky.J at mm
>Mar 22 02:10:11 mx MailScanner[41528]: Virus Scanning: F-Prot found 1
>infections
>Mar 22 02:10:11 mx MailScanner[41528]: Infected message 52599 came from
>24.136.151.35
>Mar 22 02:10:11 mx MailScanner[41528]: Virus Scanning: Found 1 viruses
>Mar 22 02:10:11 mx MailScanner[41528]: Filename Checks: Possible MS-Dos
>program shortcut attack (52599 mp3music.pif)
>Mar 22 02:10:11 mx MailScanner[41528]: Other Checks: Found 1 problems
>Mar 22 02:10:11 mx MailScanner[41528]: Virus Scanning completed at 15408
>bytes per second
>Mar 22 02:10:11 mx MailScanner[41528]: Notices: Warned about 1 messages
>Mar 22 02:10:11 mx MailScanner[41528]: Virus Processing completed at 30816
>bytes per second
>Mar 22 02:10:11 mx MailScanner[41528]: Disinfection completed at 30816
bytes
>per second
>
>But there is no sign of clamav in the report:
>
>The following e-mail messages were found to have viruses in them:
>
>    Sender: xxx at xxx.xxx
>IP Address: 24.136.151.35
> Recipient: yyy at yyy.yyy
>   Subject: Re: Your music
> MessageID: 52599
>    Report: F-Prot:
>/var/CommuniGate/spool/MailScanner/incoming/41528/52599/mp3music.pif
>Infection: W32/Netsky.J at mm
>            MailScanner: Shortcuts to MS-Dos programs are very dangerous in
>email (mp3music.pif)
>
>Why isn't clamav mentioned here? Are there any settings I've overlooked?
>
>Running MailScanner-devel-4.29.3, clamav-devel-20040313 on FreeBSD 4.9 with
>CommuniGate Pro.
>
>--
>jmi
>
>
>



-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

More information about the MailScanner mailing list