query if mailscanner using clamscan

simon mailadmin at baladia.gov.kw
Fri Jul 27 07:41:53 IST 2007 

Thanks Julian and guys

there was a path mismatch in my MailScanner.conf and clamd.conf file..
its Ok now .. works fine
really do appreciate
but as julian says i dont need 2 .. i mean clamav n clamd as its gonna
scan 2 times with the same virus scanner..

btw all this queries i have been writing is

I ONLY WANT MY INCOMING AND OUTGOIN MAILS TO BE SCANNED BY THE CLAMD
DAEMON as per jules SA+clamav script
the script says

...............................................
'If you want to use MailScanners support for Clamd (virus-scanning'
echo 'daemon) then I recommend you cancel this script now (press Ctrl-C)'
echo 'and install the RPMs for clamav, clamav-db and clamd from'
echo '     http://dag.wieers.com/rpm/packages/clamav'
echo 'Then re-run this script and tell me that clamscan is installed in'
echo '/usr/bin. This will set up your virus.scanners.conf file for you.'
.....................................................

now i have installed as per the instructions and see that
clamscan is in /usr/bin

my MailScanner.conf file has the following settings
----------------------------------------------------------
i tried Virus Scanners = auto
and also Virus Scanners = clamav clamd
-------------------------------------------------------------

my virus.scanners.conf settings for clam*
------------------------------------------------------
clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
clamd           /bin/false                              /usr/local
clamavmodule    /bin/false                              /tmp
.....................................................................

Now how do i know if MailScanner support for Clamd (virus-scanning daemon )
is actually working .. which logs will tell me tht

in mailScanner.conf
the setting VirusScanners =auto is fine or i have to say
VirusScanners= clamav clamd
right now having either in my MailScanner.conf file the maillog logs is
the same
does the below line of my logs mean that MailScanner is using clamd ( the
virus scanning daemon )
--------------

Jul 27 09:40:16 kmdnstest MailScanner[7454]: Virus and Content Scanning:
Starting
------------------------------------

apprecite your help pls

here below is my maillog : pls ignore the receipents
----------------------------------------------------------

Jul 27 09:40:01 kmdnstest sendmail[7463]: l6R6e05H007463:
to=guy20034u at yahoo.com, ctladdr=root (0/0), delay=00:00:01,
xdelay=00:00:00, mailer=relay, pri=30048, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (l6R6e12k007465 Message accepted for delivery)
Jul 27 09:40:04 kmdnstest MailScanner[7454]: New Batch: Scanning 1
messages, 817 bytes
Jul 27 09:40:16 kmdnstest MailScanner[7454]: Virus and Content Scanning:
Starting
Jul 27 09:40:34 kmdnstest MailScanner[7454]: Uninfected: Delivered 1 messages
Jul 27 09:40:43 kmdnstest sendmail[7481]: l6R6e12k007465:
to=<guy20034u at yahoo.com>, ctladdr=<root at localhost.localdomain> (0/0),
delay=00:00:42, xdelay=00:00:08, mailer=esmtp, pri=120347,
relay=f.mx.mail.yahoo.com. [68.142.202.247], dsn=2.0.0, stat=Sent (ok
dirdel)
-----------------------------------------------------------------


Thnaks in advance


Regards

simon










> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> simon wrote:
>> Dear All,
>>
>> Thanks once again julian..
>> btw i removed virus scanning =auto from my MailScanner.conf file and now
>> i
>> have virus scanning = clamav clamd so that i would like mailscanner to
>> clamscan every incommin n outgoin mail message.
>> but now when i restart mailscanner i see in maillogs
>>
> For starters there is no point specifying clamav and clamd as you will
> just be scanning everything twice with the same virus scanner!
>
>> Cannot find Socket (/tmp/clamd) Exiting!
>>
>> if i say service clamd status
>>
>> clamd (pid 1779) is running...
>>
>> so clamd daemon is running
>>
>> really apprecite ur help
>>
> Check to see if the socket /tmp/clamd actually exists, and compare the
> clamd-specific settings in MailScanner.conf with those in clamd.conf.
>
>>
>> Thanks and Regards
>>
>> simon
>>
>>
>>
>>
>>
>>> In which case 'auto' will only use 'clamav'. To find 'clamavmodule' you
>>> must have the module installed. To find 'clamd' the daemon must be
>>> running, and the Clamd-specific MailScanner.conf options must be set
>>> correctly.
>>>
>>> simon wrote:
>>>
>>>> Thanks agin guys for ur immediate reply
>>>>
>>>> here the MailScanner --lint output..
>>>>
>>>> Read 797 hostnames from the phishing whitelist
>>>> Checking version numbers...
>>>> Version number in MailScanner.conf (4.61.7) is correct.
>>>> --------------------------------------------------------------
>>>> Checking for SpamAssassin errors (if you use it)...
>>>> SpamAssassin temporary working directory is
>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> SpamAssassin temp dir =
>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> Using SpamAssassin results cache
>>>> Connected to SpamAssassin cache database
>>>> SpamAssassin reported no errors.
>>>> Using locktype = posix
>>>> Creating hardcoded struct_flock subroutine for linux (Linux-type)
>>>> MailScanner.conf says "Virus Scanners = auto"
>>>> Found these virus scanners installed: clamav
>>>>
>>>>
>>>> -----------------------------------------------------------------
>>>>
>>>> gues sits fine... but it has no reference to clamscan or clamd
>>>>
>>>>
>>>> regards
>>>>
>>>> simon
>>>>
>>>>
>>>>
>>>>> If you are running the RPM version of clamav then your
>>>>> virus.scanners.conf file is right, as clamscan is in
>>>>> /usr/bin/clamscan.
>>>>> Check that 'auto' is picking them up correctly by doing a
>>>>> "MailScanner
>>>>> --lint".
>>>>>
>>>>> simon wrote:
>>>>>
>>>>>
>>>>>> Thanks Guys  for you quick reply,
>>>>>>
>>>>>> Btw i did forget to mention and ask u wht new should be added to
>>>>>> virus.scanners.conf file since after the script was run there is a
>>>>>> /etc/MailScanner/virus.scanners.conf.bak file
>>>>>>
>>>>>> here the clam lines for the /etc/MailScanner/virus.scanners.conf
>>>>>>
>>>>>> ------------------------
>>>>>>
>>>>>> clamav          /usr/lib/MailScanner/clamav-wrapper     /usr
>>>>>> clamd           /bin/false                              /usr
>>>>>> clamavmodule    /bin/false                              /tmp
>>>>>>
>>>>>> ------------------------------------------
>>>>>> i guess this above file does not reference clamscan if im right..
>>>>>> do let me know if i hav to edit this file.
>>>>>> my clamscan is is /usr/bin
>>>>>> n clamd is in /usr/sbin
>>>>>>
>>>>>> and in MailScanner.conf it says
>>>>>>
>>>>>> Virus Scanners = auto
>>>>>>
>>>>>> i did keep it auto as i will install bitdefender latter and would
>>>>>> like
>>>>>> MS
>>>>>> to search for the installed antivirus software
>>>>>>
>>>>>> Appreciate your help
>>>>>>
>>>>>> Thanks and regards
>>>>>>
>>>>>> simon
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> What does you /etc/MailScanner/virus.scanners.conf say for the clam
>>>>>>> lines?
>>>>>>> What does the "Virus Scanners = " line in MailScanner.conf say?
>>>>>>>
>>>>>>> simon wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Dear All,
>>>>>>>>
>>>>>>>> i have recently installed new sendmail based mail server and
>>>>>>>> installed
>>>>>>>> mailscanner + jules packge spamassassin + clamAV and have
>>>>>>>> instructed
>>>>>>>> clamd
>>>>>>>> virus scanning daemon to be used by mailScanner for scanning email
>>>>>>>> when
>>>>>>>> installing the package. i have also installed clamav, clamav-db
>>>>>>>> and
>>>>>>>> clamd
>>>>>>>> from  http://dag.wieers.com/rpm/packages/clamav
>>>>>>>> and everythin workin OK.
>>>>>>>> i have clamscan installed in /usr/bin
>>>>>>>>
>>>>>>>> but how could i know if mailscanner is really using clamd daemon n
>>>>>>>> clamscan to scan emails
>>>>>>>>
>>>>>>>>
>>>>>>>> Appreciate ur help
>>>>>>>>
>>>>>>>>
>>>>>>>> regards
>>>>>>>>
>>>>>>>> simon
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Jules
>>>>>>>
>>>>>>> --
>>>>>>> Julian Field MEng CITP
>>>>>>> www.MailScanner.info
>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>>
>>>>>>> Need help customising MailScanner?
>>>>>>> Contact me!
>>>>>>> Need help fixing or optimising your systems?
>>>>>>> Contact me!
>>>>>>> Need help getting you started solving new requirements from your
>>>>>>> boss?
>>>>>>> Contact me!
>>>>>>>
>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> This message has been scanned for viruses and
>>>>>>> dangerous content by MailScanner, and is
>>>>>>> believed to be clean.
>>>>>>> For all your IT requirements visit www.transtec.co.uk
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>> Jules
>>>>>
>>>>> --
>>>>> Julian Field MEng CITP
>>>>> www.MailScanner.info
>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>
>>>>> Need help customising MailScanner?
>>>>> Contact me!
>>>>> Need help fixing or optimising your systems?
>>>>> Contact me!
>>>>> Need help getting you started solving new requirements from your
>>>>> boss?
>>>>> Contact me!
>>>>>
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>> For all your IT requirements visit www.transtec.co.uk
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>> Jules
>>>
>>> --
>>> Julian Field MEng CITP
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new requirements from your boss?
>>> Contact me!
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> For all your IT requirements visit www.transtec.co.uk
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>>
>>
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.2 (Build 2014)
> Charset: ISO-8859-1
>
> wj8DBQFGqRVTEfZZRxQVtlQRAkkrAKCqECvP3FSpi8+QPFa/H1HIHsmujQCfQYzM
> ksCe+s24DfHgPgwPBEa07ok=
> =GiIT
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
Network Administrator

More information about the MailScanner mailing list