query if mailscanner using clamscan

Glenn Steen glenn.steen at gmail.com
Fri Jul 27 08:47:15 IST 2007 

On 27/07/07, simon <mailadmin at baladia.gov.kw> wrote:
> Thanks Julian and guys
>
> there was a path mismatch in my MailScanner.conf and clamd.conf file..
> its Ok now .. works fine
> really do appreciate
> but as julian says i dont need 2 .. i mean clamav n clamd as its gonna
> scan 2 times with the same virus scanner..
>
> btw all this queries i have been writing is
>
> I ONLY WANT MY INCOMING AND OUTGOIN MAILS TO BE SCANNED BY THE CLAMD
> DAEMON as per jules SA+clamav script
> the script says
>
> ...............................................
> 'If you want to use MailScanners support for Clamd (virus-scanning'
> echo 'daemon) then I recommend you cancel this script now (press Ctrl-C)'
> echo 'and install the RPMs for clamav, clamav-db and clamd from'
> echo '     http://dag.wieers.com/rpm/packages/clamav'
> echo 'Then re-run this script and tell me that clamscan is installed in'
> echo '/usr/bin. This will set up your virus.scanners.conf file for you.'
> .....................................................
>
> now i have installed as per the instructions and see that
> clamscan is in /usr/bin
>
> my MailScanner.conf file has the following settings
> ----------------------------------------------------------
> i tried Virus Scanners = auto
> and also Virus Scanners = clamav clamd
> -------------------------------------------------------------
>
> my virus.scanners.conf settings for clam*
> ------------------------------------------------------
> clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local
> clamd           /bin/false                              /usr/local
> clamavmodule    /bin/false                              /tmp
> .....................................................................
>
> Now how do i know if MailScanner support for Clamd (virus-scanning daemon )
> is actually working .. which logs will tell me tht
>
> in mailScanner.conf
> the setting VirusScanners =auto is fine or i have to say
> VirusScanners= clamav clamd
> right now having either in my MailScanner.conf file the maillog logs is
> the same

Simon, you've been shown how to determine what the "auto" setting will
use... Just do a
MailScanner --lint
and look at the last lines ... The scanner(s) found will be the scanners used.

If you want to be specific, you should detail
Virus Scanners = clamd
OR
Virus Scanners = clamavmodule
OR
Virus Scanners = clamav
... Where the first one gives you Clamd support, the second
ClamAVModule and the last clamscan ... Clear?


> does the below line of my logs mean that MailScanner is using clamd ( the
> virus scanning daemon )
> --------------
>
> Jul 27 09:40:16 kmdnstest MailScanner[7454]: Virus and Content Scanning:
> Starting

No, it means it is trying to scan the message with all available
"commercial" AV scanners.
Send an EICAR through and look on the log entries for that specific
message. The maillog is where these things are at, so there is where
you need look.

> ------------------------------------
>
> apprecite your help pls
>
> here below is my maillog : pls ignore the receipents
> ----------------------------------------------------------
>
> Jul 27 09:40:01 kmdnstest sendmail[7463]: l6R6e05H007463:
> to=guy20034u at yahoo.com, ctladdr=root (0/0), delay=00:00:01,
> xdelay=00:00:00, mailer=relay, pri=30048, relay=[127.0.0.1] [127.0.0.1],
> dsn=2.0.0, stat=Sent (l6R6e12k007465 Message accepted for delivery)
> Jul 27 09:40:04 kmdnstest MailScanner[7454]: New Batch: Scanning 1
> messages, 817 bytes
> Jul 27 09:40:16 kmdnstest MailScanner[7454]: Virus and Content Scanning:
> Starting
> Jul 27 09:40:34 kmdnstest MailScanner[7454]: Uninfected: Delivered 1 messages
> Jul 27 09:40:43 kmdnstest sendmail[7481]: l6R6e12k007465:
> to=<guy20034u at yahoo.com>, ctladdr=<root at localhost.localdomain> (0/0),
> delay=00:00:42, xdelay=00:00:08, mailer=esmtp, pri=120347,
> relay=f.mx.mail.yahoo.com. [68.142.202.247], dsn=2.0.0, stat=Sent (ok
> dirdel)
> -----------------------------------------------------------------

These log entries are inconclusive, since we don't know whether there
was a virus in that message or not. Use an EICAR (as I already showed
you how) and you'll see... If it looks like this, then something is
up;-).

> Thnaks in advance
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list