clamd configuration?

Chris Yuzik itdept at fractalweb.com
Wed Jul 4 03:51:26 IST 2007 

Rick Cooper wrote:

> Please run MailScanner in debug mode, show what is output from the clamd
> section, and if possible the clamd.conf, remember that is where the clam
> daemon is getting it's parameter. If MailScanner cannot reach clamd there
> will be alerts even if you are not in debug mode. Also note if you supply a
> path to the socket the port is not used. If you are not using unix sockets
> (/tmp/clamd or /tmp/clamd.sock, etc) then you should have an IP address
> (probably 127.0.0.1) for the socket address.

Rick,

Ok, here you go. I put MailScanner into debug mode, did a lint, plopped 
a message with the eicar test file into the inqueue, etc. Looks like 
clamd is called and the messages handed off, but it doesn't find the virus.

Chris

# MailScanner --lint
Read 777 hostnames from the phishing whitelist
Config: calling custom init function SQLBlacklist
Config: calling custom init function MailWatchLogging
Config: calling custom init function SQLWhitelist
Checking version numbers...
Version number in MailScanner.conf (4.61.7) is correct.

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is 
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
lock.pl sees Config  LockType =  posix
lock.pl sees have_module =  0
Using locktype = posix
Creating hardcoded struct_flock subroutine for linux (Linux-type)
MailScanner.conf says "Virus Scanners = clamd"
Debug Mode Is On
Use Threads : YES
IP        : 127.0.0.1
Port      : 3310
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/29637/ISITINSTALLED
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

Found these virus scanners installed: clamavmodule, clamd


# service MailScanner start
Starting MailScanner daemons:
          incoming sendmail:                                [  OK  ]
          outgoing sendmail:                                [  OK  ]
          MailScanner:       In Debugging mode, not forking...
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
Ignore errors about failing to find EOCD signature
Stopping now as you are debugging me.
                                                            [  OK  ]
[root at devel MailScanner]# commit ineffective with AutoCommit enabled at 
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, 
<CLIENT> line 138.
Commmit ineffective while AutoCommit is on at 
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, 
<CLIENT> line 138.

and

Jul  3 19:46:49 devel MailScanner[29319]: MailScanner E-Mail Virus 
Scanner version 4.61.7 starting...
Jul  3 19:46:49 devel MailScanner[29319]: Read 777 hostnames from the 
phishing whitelist
Jul  3 19:46:49 devel MailScanner[29319]: Config: calling custom init 
function SQLBlacklist
Jul  3 19:46:49 devel MailScanner[29319]: Starting up SQL Blacklist
Jul  3 19:46:49 devel MailScanner[29319]: Read 28 blacklist entries
Jul  3 19:46:49 devel MailScanner[29319]: Config: calling custom init 
function MailWatchLogging
Jul  3 19:46:49 devel MailScanner[29319]: Started SQL Logging child
Jul  3 19:46:49 devel MailScanner[29319]: Config: calling custom init 
function SQLWhitelist
Jul  3 19:46:49 devel MailScanner[29319]: Starting up SQL Whitelist
Jul  3 19:46:49 devel MailScanner[29319]: Read 18 whitelist entries
Jul  3 19:46:49 devel MailScanner[29319]: SpamAssassin temporary working 
directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Jul  3 19:46:50 devel MailScanner[29319]: Using SpamAssassin results cache
Jul  3 19:46:50 devel MailScanner[29319]: Connected to SpamAssassin 
cache database
Jul  3 19:46:50 devel MailScanner[29319]: Expired 2 records from the 
SpamAssassin cache
Jul  3 19:46:50 devel MailScanner[29319]: Enabling SpamAssassin 
auto-whitelist functionality...
Jul  3 19:46:52 devel MailScanner[29319]: lock.pl sees Config  LockType 
=  posix
Jul  3 19:46:52 devel MailScanner[29319]: lock.pl sees have_module =  0
Jul  3 19:46:52 devel MailScanner[29319]: Using locktype = posix
Jul  3 19:46:52 devel MailScanner[29319]: Creating hardcoded 
struct_flock subroutine for linux (Linux-type)
Jul  3 19:46:52 devel MailScanner[29319]: New Batch: Scanning 3 
messages, 55415 bytes
Jul  3 19:46:52 devel MailScanner[29319]: Created attachment dirs for 3 
messages
Jul  3 19:46:52 devel MailScanner[29319]: Spam Checks: Starting
Jul  3 19:46:55 devel MailScanner[29319]: SpamAssassin returned 0
Jul  3 19:46:56 devel MailScanner[29319]: SpamAssassin returned 0
Jul  3 19:46:59 devel MailScanner[29319]: SpamAssassin returned 0
Jul  3 19:46:59 devel MailScanner[29319]: Spam Checks completed at 8412 
bytes per second
Jul  3 19:46:59 devel MailScanner[29319]: Virus and Content Scanning: 
Starting
Jul  3 19:46:59 devel MailScanner[29319]: Commencing scanning by clamd...
Jul  3 19:46:59 devel MailScanner[29365]: Debug Mode Is On
Jul  3 19:46:59 devel MailScanner[29365]: Use Threads : YES
Jul  3 19:46:59 devel MailScanner[29365]: IP        : 127.0.0.1
Jul  3 19:46:59 devel MailScanner[29365]: Port      : 3310
Jul  3 19:46:59 devel MailScanner[29365]: Lock File : NOT USED
Jul  3 19:46:59 devel MailScanner[29365]: Time Out  : 300
Jul  3 19:46:59 devel MailScanner[29365]: Scan Dir  : 
/var/spool/MailScanner/incoming/29319
Jul  3 19:46:59 devel MailScanner[29365]: Clamd : Sending PING
Jul  3 19:46:59 devel MailScanner[29365]: Clamd : GOT 'PONG'
Jul  3 19:46:59 devel MailScanner[29365]: ClamD is running
Jul  3 19:46:59 devel MailScanner[29365]: SENT : MULTISCAN 
/var/spool/MailScanner/incoming/29319
Jul  3 19:46:59 devel MailScanner[29319]: Completed scanning by clamd
Jul  3 19:46:59 devel MailScanner[29319]: Completed checking by 
/usr/local/bin/file
Jul  3 19:46:59 devel MailScanner[29319]: Virus Scanning completed at 
367181 bytes per second
Jul  3 19:46:59 devel MailScanner[29319]: About to deliver 3 messages
Jul  3 19:46:59 devel MailScanner[29319]: Uninfected: Delivered 3 messages
Jul  3 19:46:59 devel MailScanner[29319]: Batch completed at 8175 bytes 
per second (55415 / 6)
Jul  3 19:46:59 devel MailScanner[29319]: Batch (3 messages) processed 
in 6.78 seconds
Jul  3 19:46:59 devel MailScanner[29319]: Logging message l642kYcl029232 
to SQL
Jul  3 19:46:59 devel MailScanner[29319]: Logging message l642kPu9029221 
to SQL
Jul  3 19:46:59 devel MailScanner[29319]: Logging message l642juvd029134 
to SQL
Jul  3 19:46:59 devel MailScanner[29319]: "Always Looked Up Last" took 
0.01 seconds
Jul  3 19:46:59 devel MailScanner[29319]: Config: calling custom end 
function SQLBlacklist
Jul  3 19:46:59 devel MailScanner[29319]: Closing down by-domain spam 
blacklist
Jul  3 19:46:59 devel MailScanner[29319]: Config: calling custom end 
function MailWatchLogging
Jul  3 19:46:59 devel MailScanner[29319]: Config: calling custom end 
function SQLWhitelist
Jul  3 19:46:59 devel MailScanner[29319]: Closing down by-domain spam 
whitelist
Jul  3 19:46:59 devel MailScanner[29319]: MailScanner child dying of old age
Jul  3 19:46:59 devel MailScanner[29327]: l642kYcl029232: Logged to 
MailWatch SQL
Jul  3 19:46:59 devel MailScanner[29327]: l642kPu9029221: Logged to 
MailWatch SQL
Jul  3 19:46:59 devel MailScanner[29327]: l642juvd029134: Logged to 
MailWatch SQL
Jul  3 19:49:08 devel MailScanner[29637]: MailScanner E-Mail Virus 
Scanner version 4.61.7 starting...

More information about the MailScanner mailing list