Need help getting clamav working

Alexander Dalloz ad+lists at uni-x.org
Fri Apr 15 12:06:58 UTC 2005


Am Fr, den 15.04.2005 schrieb Bob Brennan um 12:43:

> The setup:
> * Home FC3 server hosting a dozen websites + email + webmail
> * sendmail + dovecot for pop3/imap/smtp
> * spamassasin
> * squirellmail for webmail
> 
> The problem:
> * far too many virus-emails hitting my M$-Outlook users (yes I do care)
> * from high praise on this list I decided to install clamav

Good choice :9

> * can't get clamav working!

Hm, but I am sure we can find the trouble maker quickly.

> What works so far:
> * set yum to point to FC3 extras repo - ok
> * yum install clamav - ok
> * yum install clamav-milter -ok
> * googled "clamav howto" and settled on
> http://www.airride.net/linux/fc2+clamav-howto.html as the best

Yes, well done. Too available from fedoranews.org.

> * edited /etc/clam.d/milter.conf to remove "example"
> * added INPUT_MAIL_FILTER(`clamav',`S=local:/var/run/clamav-milter/clamav.sock,F=,T=S:4m;R:4m')dnl
> to sendmail.mc

Let me ask: where exactly did you add this milter line? The order
matters in sendmail.mc. If you grep your sendmail.cf file you must find
a line

Xclamav, S=local:/var/run/clamav-milter/clamav.sock, F=T, T=S:4m;R:4m

Be sure about the correct path for the socket file! Is it really
"/var/run/clamav-milter"? I think common installs use
"/var/run/clamav/". So does the RPM from
http://crash.fce.vutbr.cz/crash-hat/.

> * m4 the .mc file and restarted sendmail
> * chkconfig --level 2345 clamav-milter on
> * chkconfig --level 2345 clamd.milter on

There is no such service "clamd.milter". clamd is no milter, there is
just one and that is called "clamav-milter".

> * service clamav-milter start - [OK]
> * service clamd.milter start - [OK]

Did you write that from mind? It should only be "clamd" (see above).

> * verified all settings above took effect
> 
> I let that sit overnight and had no log reports so I forwarded an
> email with attached virus.zip nasty to myself, it was delivered to me
> normally and there is no clamav log file or header info indicating it
> was scanned like spamassasin adds.

When starting Sendmail, observe the maillog and messages syslog file.
When starting the clamav services (clamd, freshclam, clamav-milter)
observe the messages log and their log files below /var/log.

> The question(s):
> * clamav doesn't appear to be doing anything to emails, including
> virus-laden ones, what am I missing?

I suspect misconfiguration (see above comments).

> * there are lots of references to "freshclam" to automatically update
> but "yum install freshclam" doesn't work and I can't find anything by
> that name installed on my system. How to ensure proper updating?

freshclam is part of the clamav RPM. It is a service: service freshclam
start. But before you use it please adjust it's configuration file
/etc/freshclam.conf. Most important for the "DatabaseMirror" line.

> bob

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.14_FC2smp 
Serendipity 13:55:29 up 3 days, 10:35, load average: 0.18, 0.26, 0.20 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050415/8b6050c1/attachment-0001.sig>


More information about the fedora-list mailing list