clamd configuration?

Jason Ede j.ede at birchenallhowden.co.uk
Fri Jul 6 10:41:37 IST 2007


I had the same problem with clamd missing the attached virus although all looks fine through the debug apart from the test viruses not being detected.

I've checked user and permission levels and all looks good as far as I can see...

I've gone back to using clamavmodule for now...

Oh, MailScanner is 4.61.7 and clamav is the 0.91rc2

Jason

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Chris Yuzik
Sent: 04 July 2007 03:51
To: MailScanner discussion
Subject: Re: clamd configuration?

Rick Cooper wrote:

> Please run MailScanner in debug mode, show what is output from the clamd
> section, and if possible the clamd.conf, remember that is where the clam
> daemon is getting it's parameter. If MailScanner cannot reach clamd there
> will be alerts even if you are not in debug mode. Also note if you supply a
> path to the socket the port is not used. If you are not using unix sockets
> (/tmp/clamd or /tmp/clamd.sock, etc) then you should have an IP address
> (probably 127.0.0.1) for the socket address.

Rick,

Ok, here you go. I put MailScanner into debug mode, did a lint, plopped
a message with the eicar test file into the inqueue, etc. Looks like
clamd is called and the messages handed off, but it doesn't find the virus.

Chris

# MailScanner --lint
Read 777 hostnames from the phishing whitelist
Config: calling custom init function SQLBlacklist
Config: calling custom init function MailWatchLogging
Config: calling custom init function SQLWhitelist
Checking version numbers...
Version number in MailScanner.conf (4.61.7) is correct.

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is
/var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
lock.pl sees Config  LockType =  posix
lock.pl sees have_module =  0
Using locktype = posix
Creating hardcoded struct_flock subroutine for linux (Linux-type)
MailScanner.conf says "Virus Scanners = clamd"
Debug Mode Is On
Use Threads : YES
IP        : 127.0.0.1
Port      : 3310
Lock File : NOT USED
Time Out  : 300
Scan Dir  : /var/spool/MailScanner/incoming/29637/ISITINSTALLED
Clamd : Sending PING
Clamd : GOT 'PONG'
ClamD is running

Found these virus scanners installed: clamavmodule, clamd


# service MailScanner start
Starting MailScanner daemons:
          incoming sendmail:                                [  OK  ]
          outgoing sendmail:                                [  OK  ]
          MailScanner:       In Debugging mode, not forking...
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
Ignore errors about failing to find EOCD signature
Stopping now as you are debugging me.
                                                            [  OK  ]
[root at devel MailScanner]# commit ineffective with AutoCommit enabled at
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93,
<CLIENT> line 138.
Commmit ineffective while AutoCommit is on at
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93,
<CLIENT> line 138.

and

Jul  3 19:46:49 devel MailScanner[29319]: MailScanner E-Mail Virus
Scanner version 4.61.7 starting...
Jul  3 19:46:49 devel MailScanner[29319]: Read 777 hostnames from the
phishing whitelist
Jul  3 19:46:49 devel MailScanner[29319]: Config: calling custom init
function SQLBlacklist
Jul  3 19:46:49 devel MailScanner[29319]: Starting up SQL Blacklist
Jul  3 19:46:49 devel MailScanner[29319]: Read 28 blacklist entries
Jul  3 19:46:49 devel MailScanner[29319]: Config: calling custom init
function MailWatchLogging
Jul  3 19:46:49 devel MailScanner[29319]: Started SQL Logging child
Jul  3 19:46:49 devel MailScanner[29319]: Config: calling custom init
function SQLWhitelist
Jul  3 19:46:49 devel MailScanner[29319]: Starting up SQL Whitelist
Jul  3 19:46:49 devel MailScanner[29319]: Read 18 whitelist entries
Jul  3 19:46:49 devel MailScanner[29319]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Jul  3 19:46:50 devel MailScanner[29319]: Using SpamAssassin results cache
Jul  3 19:46:50 devel MailScanner[29319]: Connected to SpamAssassin
cache database
Jul  3 19:46:50 devel MailScanner[29319]: Expired 2 records from the
SpamAssassin cache
Jul  3 19:46:50 devel MailScanner[29319]: Enabling SpamAssassin
auto-whitelist functionality...
Jul  3 19:46:52 devel MailScanner[29319]: lock.pl sees Config  LockType
=  posix
Jul  3 19:46:52 devel MailScanner[29319]: lock.pl sees have_module =  0
Jul  3 19:46:52 devel MailScanner[29319]: Using locktype = posix
Jul  3 19:46:52 devel MailScanner[29319]: Creating hardcoded
struct_flock subroutine for linux (Linux-type)
Jul  3 19:46:52 devel MailScanner[29319]: New Batch: Scanning 3
messages, 55415 bytes
Jul  3 19:46:52 devel MailScanner[29319]: Created attachment dirs for 3
messages
Jul  3 19:46:52 devel MailScanner[29319]: Spam Checks: Starting
Jul  3 19:46:55 devel MailScanner[29319]: SpamAssassin returned 0
Jul  3 19:46:56 devel MailScanner[29319]: SpamAssassin returned 0
Jul  3 19:46:59 devel MailScanner[29319]: SpamAssassin returned 0
Jul  3 19:46:59 devel MailScanner[29319]: Spam Checks completed at 8412
bytes per second
Jul  3 19:46:59 devel MailScanner[29319]: Virus and Content Scanning:
Starting
Jul  3 19:46:59 devel MailScanner[29319]: Commencing scanning by clamd...
Jul  3 19:46:59 devel MailScanner[29365]: Debug Mode Is On
Jul  3 19:46:59 devel MailScanner[29365]: Use Threads : YES
Jul  3 19:46:59 devel MailScanner[29365]: IP        : 127.0.0.1
Jul  3 19:46:59 devel MailScanner[29365]: Port      : 3310
Jul  3 19:46:59 devel MailScanner[29365]: Lock File : NOT USED
Jul  3 19:46:59 devel MailScanner[29365]: Time Out  : 300
Jul  3 19:46:59 devel MailScanner[29365]: Scan Dir  :
/var/spool/MailScanner/incoming/29319
Jul  3 19:46:59 devel MailScanner[29365]: Clamd : Sending PING
Jul  3 19:46:59 devel MailScanner[29365]: Clamd : GOT 'PONG'
Jul  3 19:46:59 devel MailScanner[29365]: ClamD is running
Jul  3 19:46:59 devel MailScanner[29365]: SENT : MULTISCAN
/var/spool/MailScanner/incoming/29319
Jul  3 19:46:59 devel MailScanner[29319]: Completed scanning by clamd
Jul  3 19:46:59 devel MailScanner[29319]: Completed checking by
/usr/local/bin/file
Jul  3 19:46:59 devel MailScanner[29319]: Virus Scanning completed at
367181 bytes per second
Jul  3 19:46:59 devel MailScanner[29319]: About to deliver 3 messages
Jul  3 19:46:59 devel MailScanner[29319]: Uninfected: Delivered 3 messages
Jul  3 19:46:59 devel MailScanner[29319]: Batch completed at 8175 bytes
per second (55415 / 6)
Jul  3 19:46:59 devel MailScanner[29319]: Batch (3 messages) processed
in 6.78 seconds
Jul  3 19:46:59 devel MailScanner[29319]: Logging message l642kYcl029232
to SQL
Jul  3 19:46:59 devel MailScanner[29319]: Logging message l642kPu9029221
to SQL
Jul  3 19:46:59 devel MailScanner[29319]: Logging message l642juvd029134
to SQL
Jul  3 19:46:59 devel MailScanner[29319]: "Always Looked Up Last" took
0.01 seconds
Jul  3 19:46:59 devel MailScanner[29319]: Config: calling custom end
function SQLBlacklist
Jul  3 19:46:59 devel MailScanner[29319]: Closing down by-domain spam
blacklist
Jul  3 19:46:59 devel MailScanner[29319]: Config: calling custom end
function MailWatchLogging
Jul  3 19:46:59 devel MailScanner[29319]: Config: calling custom end
function SQLWhitelist
Jul  3 19:46:59 devel MailScanner[29319]: Closing down by-domain spam
whitelist
Jul  3 19:46:59 devel MailScanner[29319]: MailScanner child dying of old age
Jul  3 19:46:59 devel MailScanner[29327]: l642kYcl029232: Logged to
MailWatch SQL
Jul  3 19:46:59 devel MailScanner[29327]: l642kPu9029221: Logged to
MailWatch SQL
Jul  3 19:46:59 devel MailScanner[29327]: l642juvd029134: Logged to
MailWatch SQL
Jul  3 19:49:08 devel MailScanner[29637]: MailScanner E-Mail Virus
Scanner version 4.61.7 starting...

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


More information about the MailScanner mailing list