ClamAV only scanning message headers
Scott Silva
ssilva at sgvwater.com
Wed Sep 30 00:51:25 IST 2009
on 9-29-2009 1:23 PM Jared spake the following:
> Greetings, MailScanner community,
>
> I have been using MailScanner with Postfix and ClamAV for several years
> now and it has been an extremely effective system for combating spam and
> malware for my users. I have just refreshed our system to bring the
> relevant software up to a reasonable rev as well as putting it on much
> more capable hardware.
>
> Everything seems to be working with the exception of my virus scanning.
> Here’s the situation:
> My ‘Incoming Work Dir’ is set to /tmp (as it’s in RAM rather than on
> disk for speed). As mail comes in, I can see that a MailScanner child
> creates a subdirectory of /tmp with its PID, and then calls the ClamAV
> wrapper to scan that directory. My expectation is that MailScanner
> decodes all MIME parts and decodes Base64 for the AV engine to troll and
> will leave them in that temporary directory.
>
> The problem is that the only file being written out into those
> directories is the message header – no other MIME parts (or even a
> plain-text part, for that matter) ever make it into the directory. As a
> result, ClamAV is unable to detect infections because it will never see
> them.
>
> I have confirmed that ClamAV is able to detect viruses (by using an
> EICAR test file) when run from the command line and/or the MailScanner
> wrapper script, and that Clam is only being “fed” files like
> /tmp/PID/MessageID.header
>
> Is there something that I’m missing in my install? Do I have a
> fundamental misunderstanding of how MailScanner interacts with ClamAV
> via the wrapper? I have tried running MailScanner in debug mode, but
> there’s really no useful information in there.
>
> Any guidance would be very much appreciated!
><Snip>
Read http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips
and maybe
http://wiki.mailscanner.info/doku.php?id=maq:index#i_don_t_get_output_from_clamav_or_other_anti-virus_what_is_wrong
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090929/6ddc9714/signature.bin
More information about the MailScanner
mailing list