Need help getting clamav working
Alexander Dalloz
ad+lists at uni-x.org
Fri Apr 15 15:05:08 UTC 2005
Am Fr, den 15.04.2005 schrieb Bob Brennan um 16:09:
> I have placed it above
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
> and
> MAILER(smtp)dnl
> MAILER(procmail)dnl
> rebuilt sendmail.cf and restarted sendmail, no errors in maillog
Good. But the DAEMON_OPTIONS line is not necessary as it instructs the
sendmail.cf build to nothing which wouldn't build anyway.
> Sent myself a clean email from gmail and got
> X-Virus-Scanned: clamd / ClamAV version 0.71, clamav-milter version 0.71
> X-Virus-Status: Clean
> in the header (same as before)
Wow, that is a very old ClamAV version. You should really update
quickly. 0.83 is current. I see Fedora Extras you are using (you posted
that in the other reply) only has the very old 0.71 version. I highly
recommend to either use the repository I am using or Dag's.
> Sent myself clean and dirty emails from within the server, no clamav
> headers. I think that is a matter of expectation-alignment, probably
> mail that does not come in from the outside world is not being
> clamaved. So I guess I will have to wait for a real virus, I doubt
> gmail would appreciate me being a virus mailer even if it is only to
> myself.
>
> So I guess 2 questions remain:
> 1. How do I know if viruses are indeed been blocked? (can't find an
> appropriate log file)
You should see that in your log. Mine shows i.e.
Apr 13 15:05:57 blacky sendmail[18992]: j3DD4bLI018992:
from=<id at damad.com>, size=81057, class=0, nrcpts=1,
msgid=<200504131304.j3DD4bLI018992 at mail.anonymous.de>, proto=ESMTP,
daemon=MTA, relay=[212.33.168.146]
Apr 13 15:05:57 blacky clamav-milter[29150]: j3DD4bLI018992:
/tmp/clamav-5f22f2bc3fa7379d/msg.8mIvEZ: Worm.Mytob.AF Intercepted virus
from <id at damad.com> to <lolita at uni-x.org>
Apr 13 15:05:57 blacky clamav-milter[29150]: File quarantined as
/var/spool/clamav/050413/j3DD4bLI018992.Worm.Mytob.AF
Apr 13 15:05:57 blacky clamav-milter[29150]: Quarantined infected mail
as /var/spool/clamav/050413/j3DD4bLI018992.Worm.Mytob.AF
Apr 13 15:05:57 blacky sendmail[18992]: j3DD4bLI018992: Milter: data,
discard
Apr 13 15:05:57 blacky sendmail[18992]: j3DD4bLI018992: discarded
My clamav-milter setup is following:
$ cat /etc/sysconfig/clamav-milter
CLAMAV_FLAGS=" --dont-wait \
--quiet \
--noreject \
--force-scan \
--dont-log-clean \
--local \
--outgoing \
--server=localhost \
--quarantine-dir=/var/spool/clamav \
--pidfile=/var/run/clamav/clamav-milter.pid \
unix:/var/spool/clamav/clamav-milter.sock \
"
> 2. How do I know my definitions are being kept up-to-date with no
> apparent freshclam?
If you don't run freshclam you should run a cronjob. But keep care to
not being blocked by the ClamAV guys when querying the ClamAV server too
often. It is better to use freshclam. freshclam is normally packaged
together with the clamd daemon.
I let log the updates:
==> /var/log/maillog <==
Apr 15 15:10:28 blacky clamd[3870]: SelfCheck: Database modification
detected. Forcing reload.
Apr 15 15:10:29 blacky clamd[3870]: Reading databases from
/var/lib/clamav
Apr 15 15:10:30 blacky clamd[3870]: Database correctly reloaded (32866
viruses)
Apr 15 15:13:28 blacky clamav-milter[29150]: Loading new database
Apr 15 15:13:29 blacky clamav-milter[29150]: ClamAV: Protecting against
32866 viruses
Apr 15 15:13:29 blacky clamav-milter[29150]: Loaded ClamAV 0.83/831/Fri
Apr 15 14:17:38 2005
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.14_FC2smp
Serendipity 16:52:10 up 3 days, 13:32, load average: 0.21, 0.15, 0.13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050415/c59d3500/attachment-0001.sig>
More information about the fedora-list
mailing list