clamav not working?
rcooper at dwford.com
Tue Nov 24 03:32:32 GMT 2009
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Frank
Cusack Sent: Monday, November 23, 2009 9:01 PM To:
mailscanner at lists.mailscanner.info Subject: clamav not working?
> I'm trying to use the clamav (not clamd) virus scanner. clamscan does
> report my email as containing a virus (I'm using the eicar test virus;
> and I've disabled the filename check so that it actually gets to the
> virus check) but mailscanner does not process the clamav output correctly.
Which means what exactly? It misses the virus? It outputs Slovakian? It's
> Looking at ProcessClamAVOutput() in SweepViruses.pm I see a lot of
> pattern matching which is hurting my brain. Ok, that is fine for
> logging but why doesn't it just check the return value of clamav-wrapper
> (which passes the return value of clamscan) to determine success?
Because there is more to the output than logging, such as admin
notification, user notification (of virus name and file containing it) and
of course the return value.
> I also notice in ProcessClamAVOutput() the incorrect comment that
> clamscan stops as soon as one virus is detected. I want to use clamav
> instead of clamd because mailscanner has the poor behavior of simply
> accepting (and declaring "clean") all email when clamd is not available,
> as I noted in a previous message.
Which is :
a. A good reason to use more than one A/V soultion
b. A very good reason use monitoring solutions (try Swatch for
tracking errors found in log files)
c. A very good reason enter the correct configuration values (such
as socket location, or IP address, port)
d. A very good reason to run MailScanner --lint before declaring a
configuration working and useable
> Is anyone actually successfully using the clamav virus scanner?
And how about is anyone sucessfully using clamd as a virus scanner?
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner