MailScanner 5.3.4 clamd does not appear to be participating.

Thu Apr 1 14:20:07 UTC 2021

Hello,
Thanks for those pointers, it was an ownership issue to do with /var/run/clamd.mailscanner/clamd.sock. It was owned by the wrong account. It seems to be up and running now.

Vince.

On 31/03/2021, 15:17, "MailScanner on behalf of Christophe GRENIER" <mailscanner-bounces+v.andrews=noc.ac.uk at lists.mailscanner.info on behalf of grenier at cgsecurity.org> wrote:

    Caution: This email has originated from outside of the organisation. Do not click links or open attachments unless you have verified the sender and content is safe. Thank you.

    On Wed, 31 Mar 2021, Andrews, Vincent wrote:

    > Hello,
    >
    > We have a new MailScanner V5.3.4 on a CentOS 7 system. Running the –lint command proves that it can use both Sophos and clamd, however it is only Sophos that appears to be catching
    > viruses.
    >
    > Clamd is installed via the OS route – version is 0.103.0-3.
    >
    > MailScanner.conf is ‘Virus Scanners = auto’ was ‘Virus Scanners = clamd, sophos’.
    >
    > Virus.scanners.conf entry for clamd is /bin/false, but as I cannot see a specific wrapper I assume that is Ok.
    >
    > I am loath to cut out Sophos from the list and see what happens.
    >
    > Do I need to do anything else?

    Hello

    A good start is to check your clamd configuration.
    On my CentOS servers, I am using /etc/clamd.d/mailscanner.conf
    MaxThreads 50
    FixStaleSocket true
    LocalSocket /var/run/clamd.mailscanner/clamd.sock
    User postfix
    LogFile /var/log/clamd.mailscanner
    LogFileMaxSize 0
    LogVerbose yes
    LogClean no
    Debug no
    LogTime yes
    TemporaryDirectory /var/tmp

    Check the daemon with
    systemctl status clamd at mailscanner.service

    If it's OK, use clamdscan (not clamscan) to check a file that can be read
    by everyone (ie. /etc/hosts):
    clamdscan -c /etc/clamd.d/mailscanner.conf /etc/hosts
    /etc/hosts: OK

    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Time: 0.002 sec (0 m 0 s)
    Start Date: 2021:03:31 16:13:29
    End Date:   2021:03:31 16:13:29

    Regards,
            Christophe
    --
        ,-~~-.___.     ._.
       / |  '     \    | |--------.   Christophe GRENIER
      (  )         0   | |        | grenier at cgsecurity.org
       \_/-, ,----'    | |        |
          ====         !_!-v---v--.
          /  \-'~;      .--------.   TestDisk & PhotoRec
         /  __/~| ._-""||        |   Data Recovery
       =(  _____|_|____||________|   https://www.cgsecurity.org

This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete this email from your system.
The National Oceanography Centre (NOC) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before opening the attachments. NOC does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses.
Opinions, conclusions or other information in this message and attachments that are not related directly to NOC business are solely those of the author and do not represent the views of NOC.