query if mailscanner using clamscan

UxBoD uxbod at splatnix.net
Fri Jul 27 08:39:59 IST 2007 

Simon,

Looks like ClamAV is installed twice.  Please check for clamdscan in /usr/local/sbin and /usr/sbin.  I guess it will be in both places. The RPM will install to /usr and Jules package will install too /usr/local.  Decide which one you wish to use and remove the other.

Once that has been done set virus.scanners.conf to where the directory for clamd is, which would be either /usr or /usr/local.

Set the VirusScanners = clamd in MailScanner.conf

Ensure that the socket is being created in the same place that MailScanner.conf is set to use.

Remember! if you switch from RPM too Jules package, or vice verse, the socket path will change.  Please consult either /etc/clamd.conf or /usr/local/etc/clamd.conf.

Hope this makes sense?

Regards,

--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854  36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net

----- Original Message -----
From: "simon" <mailadmin at baladia.gov.kw>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Friday, July 27, 2007 7:41:53 AM (GMT) Europe/London
Subject: Re: query if mailscanner using clamscan

Thanks Julian and guys

there was a path mismatch in my MailScanner.conf and clamd.conf file..
its Ok now .. works fine
really do appreciate
but as julian says i dont need 2 .. i mean clamav n clamd as its gonna
scan 2 times with the same virus scanner..

btw all this queries i have been writing is

I ONLY WANT MY INCOMING AND OUTGOIN MAILS TO BE SCANNED BY THE CLAMD
DAEMON as per jules SA+clamav script
the script says

...............................................
'If you want to use MailScanners support for Clamd (virus-scanning'
echo 'daemon) then I recommend you cancel this script now (press Ctrl-C)'
echo 'and install the RPMs for clamav, clamav-db and clamd from'
echo '     http://dag.wieers.com/rpm/packages/clamav'
echo 'Then re-run this script and tell me that clamscan is installed in'
echo '/usr/bin. This will set up your virus.scanners.conf file for you.'
.....................................................

now i have installed as per the instructions and see that
clamscan is in /usr/bin

my MailScanner.conf file has the following settings
----------------------------------------------------------
i tried Virus Scanners = auto
and also Virus Scanners = clamav clamd
-------------------------------------------------------------

my virus.scanners.conf settings for clam*
------------------------------------------------------
clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
clamd           /bin/false                              /usr/local
clamavmodule    /bin/false                              /tmp
.....................................................................

Now how do i know if MailScanner support for Clamd (virus-scanning daemon )
is actually working .. which logs will tell me tht

in mailScanner.conf
the setting VirusScanners =auto is fine or i have to say
VirusScanners= clamav clamd
right now having either in my MailScanner.conf file the maillog logs is
the same
does the below line of my logs mean that MailScanner is using clamd ( the
virus scanning daemon )
--------------

Jul 27 09:40:16 kmdnstest MailScanner[7454]: Virus and Content Scanning:
Starting
------------------------------------

apprecite your help pls

here below is my maillog : pls ignore the receipents
----------------------------------------------------------

Jul 27 09:40:01 kmdnstest sendmail[7463]: l6R6e05H007463:
to=guy20034u at yahoo.com, ctladdr=root (0/0), delay=00:00:01,
xdelay=00:00:00, mailer=relay, pri=30048, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (l6R6e12k007465 Message accepted for delivery)
Jul 27 09:40:04 kmdnstest MailScanner[7454]: New Batch: Scanning 1
messages, 817 bytes
Jul 27 09:40:16 kmdnstest MailScanner[7454]: Virus and Content Scanning:
Starting
Jul 27 09:40:34 kmdnstest MailScanner[7454]: Uninfected: Delivered 1 messages
Jul 27 09:40:43 kmdnstest sendmail[7481]: l6R6e12k007465:
to=<guy20034u at yahoo.com>, ctladdr=<root at localhost.localdomain> (0/0),
delay=00:00:42, xdelay=00:00:08, mailer=esmtp, pri=120347,
relay=f.mx.mail.yahoo.com. [68.142.202.247], dsn=2.0.0, stat=Sent (ok
dirdel)
-----------------------------------------------------------------


Thnaks in advance


Regards

simon










> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> simon wrote:
>> Dear All,
>>
>> Thanks once again julian..
>> btw i removed virus scanning =auto from my MailScanner.conf file and now
>> i
>> have virus scanning = clamav clamd so that i would like mailscanner to
>> clamscan every incommin n outgoin mail message.
>> but now when i restart mailscanner i see in maillogs
>>
> For starters there is no point specifying clamav and clamd as you will
> just be scanning everything twice with the same virus scanner!
>
>> Cannot find Socket (/tmp/clamd) Exiting!
>>
>> if i say service clamd status
>>
>> clamd (pid 1779) is running...
>>
>> so clamd daemon is running
>>
>> really apprecite ur help
>>
> Check to see if the socket /tmp/clamd actually exists, and compare the
> clamd-specific settings in MailScanner.conf with those in clamd.conf.
>
>>
>> Thanks and Regards
>>
>> simon
>>
>>
>>
>>
>>
>>> In which case 'auto' will only use 'clamav'. To find 'clamavmodule' you
>>> must have the module installed. To find 'clamd' the daemon must be
>>> running, and the Clamd-specific MailScanner.conf options must be set
>>> correctly.
>>>
>>> simon wrote:
>>>
>>>> Thanks agin guys for ur immediate reply
>>>>
>>>> here the MailScanner --lint output..
>>>>
>>>> Read 797 hostnames from the phishing whitelist
>>>> Checking version numbers...
>>>> Version number in MailScanner.conf (4.61.7) is correct.
>>>> --------------------------------------------------------------
>>>> Checking for SpamAssassin errors (if you use it)...
>>>> SpamAssassin temporary working directory is
>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> SpamAssassin temp dir =
>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> Using SpamAssassin results cache
>>>> Connected to SpamAssassin cache database
>>>> SpamAssassin reported no errors.
>>>> Using locktype = posix
>>>> Creating hardcoded struct_flock subroutine for linux (Linux-type)
>>>> MailScanner.conf says "Virus Scanners = auto"
>>>> Found these virus scanners installed: clamav
>>>>
>>>>
>>>> -----------------------------------------------------------------
>>>>
>>>> gues sits fine... but it has no reference to clamscan or clamd
>>>>
>>>>
>>>> regards
>>>>
>>>> simon
>>>>
>>>>
>>>>
>>>>> If you are running the RPM version of clamav then your
>>>>> virus.scanners.conf file is right, as clamscan is in
>>>>> /usr/bin/clamscan.
>>>>> Check that 'auto' is picking them up correctly by doing a
>>>>> "MailScanner
>>>>> --lint".
>>>>>
>>>>> simon wrote:
>>>>>
>>>>>
>>>>>> Thanks Guys  for you quick reply,
>>>>>>
>>>>>> Btw i did forget to mention and ask u wht new should be added to
>>>>>> virus.scanners.conf file since after the script was run there is a
>>>>>> /etc/MailScanner/virus.scanners.conf.bak file
>>>>>>
>>>>>> here the clam lines for the /etc/MailScanner/virus.scanners.conf
>>>>>>
>>>>>> ------------------------
>>>>>>
>>>>>> clamav          /usr/lib/MailScanner/clamav-wrapper     /usr
>>>>>> clamd           /bin/false                              /usr
>>>>>> clamavmodule    /bin/false                              /tmp
>>>>>>
>>>>>> ------------------------------------------
>>>>>> i guess this above file does not reference clamscan if im right..
>>>>>> do let me know if i hav to edit this file.
>>>>>> my clamscan is is /usr/bin
>>>>>> n clamd is in /usr/sbin
>>>>>>
>>>>>> and in MailScanner.conf it says
>>>>>>
>>>>>> Virus Scanners = auto
>>>>>>
>>>>>> i did keep it auto as i will install bitdefender latter and would
>>>>>> like
>>>>>> MS
>>>>>> to search for the installed antivirus software
>>>>>>
>>>>>> Appreciate your help
>>>>>>
>>>>>> Thanks and regards
>>>>>>
>>>>>> simon
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> What does you /etc/MailScanner/virus.scanners.conf say for the clam
>>>>>>> lines?
>>>>>>> What does the "Virus Scanners = " line in MailScanner.conf say?
>>>>>>>
>>>>>>> simon wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Dear All,
>>>>>>>>
>>>>>>>> i have recently installed new sendmail based mail server and
>>>>>>>> installed
>>>>>>>> mailscanner + jules packge spamassassin + clamAV and have
>>>>>>>> instructed
>>>>>>>> clamd
>>>>>>>> virus scanning daemon to be used by mailScanner for scanning email
>>>>>>>> when
>>>>>>>> installing the package. i have also installed clamav, clamav-db
>>>>>>>> and
>>>>>>>> clamd
>>>>>>>> from  http://dag.wieers.com/rpm/packages/clamav
>>>>>>>> and everythin workin OK.
>>>>>>>> i have clamscan installed in /usr/bin
>>>>>>>>
>>>>>>>> but how could i know if mailscanner is really using clamd daemon n
>>>>>>>> clamscan to scan emails
>>>>>>>>
>>>>>>>>
>>>>>>>> Appreciate ur help
>>>>>>>>
>>>>>>>>
>>>>>>>> regards
>>>>>>>>
>>>>>>>> simon
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Jules
>>>>>>>
>>>>>>> --
>>>>>>> Julian Field MEng CITP
>>>>>>> www.MailScanner.info
>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>>
>>>>>>> Need help customising MailScanner?
>>>>>>> Contact me!
>>>>>>> Need help fixing or optimising your systems?
>>>>>>> Contact me!
>>>>>>> Need help getting you started solving new requirements from your
>>>>>>> boss?
>>>>>>> Contact me!
>>>>>>>
>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> This message has been scanned for viruses and
>>>>>>> dangerous content by MailScanner, and is
>>>>>>> believed to be clean.
>>>>>>> For all your IT requirements visit www.transtec.co.uk
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>> Jules
>>>>>
>>>>> --
>>>>> Julian Field MEng CITP
>>>>> www.MailScanner.info
>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>
>>>>> Need help customising MailScanner?
>>>>> Contact me!
>>>>> Need help fixing or optimising your systems?
>>>>> Contact me!
>>>>> Need help getting you started solving new requirements from your
>>>>> boss?
>>>>> Contact me!
>>>>>
>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>> For all your IT requirements visit www.transtec.co.uk
>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>> Jules
>>>
>>> --
>>> Julian Field MEng CITP
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> Need help customising MailScanner?
>>> Contact me!
>>> Need help fixing or optimising your systems?
>>> Contact me!
>>> Need help getting you started solving new requirements from your boss?
>>> Contact me!
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> For all your IT requirements visit www.transtec.co.uk
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>>
>>
>>
>
> Jules
>
> - --
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> For all your IT requirements visit www.transtec.co.uk
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.2 (Build 2014)
> Charset: ISO-8859-1
>
> wj8DBQFGqRVTEfZZRxQVtlQRAkkrAKCqECvP3FSpi8+QPFa/H1HIHsmujQCfQYzM
> ksCe+s24DfHgPgwPBEa07ok=
> =GiIT
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> For all your IT requirements visit www.transtec.co.uk
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


-- 
Network Administrator
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list