[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Need help getting clamav working



Am Fr, den 15.04.2005 schrieb Bob Brennan um 16:09:

> I have placed it above
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
> and
> MAILER(smtp)dnl
> MAILER(procmail)dnl
> rebuilt sendmail.cf and restarted sendmail, no errors in maillog

Good. But the DAEMON_OPTIONS line is not necessary as it instructs the
sendmail.cf build to nothing which wouldn't build anyway.

> Sent myself a clean email from gmail and got
> X-Virus-Scanned: clamd / ClamAV version 0.71, clamav-milter version 0.71
> X-Virus-Status: Clean
> in the header (same as before)

Wow, that is a very old ClamAV version. You should really update
quickly. 0.83 is current. I see Fedora Extras you are using (you posted
that in the other reply) only has the very old 0.71 version. I highly
recommend to either use the repository I am using or Dag's.

> Sent myself clean and dirty emails from within the server, no clamav
> headers. I think that is a matter of expectation-alignment, probably
> mail that does not come in from the outside world is not being
> clamaved. So I guess I will have to wait for a real virus, I doubt
> gmail would appreciate me being a virus mailer even if it is only to
> myself.
> 
> So I guess 2 questions remain:
> 1. How do I know if viruses are indeed been blocked? (can't find an
> appropriate log file)

You should see that in your log. Mine shows i.e.

Apr 13 15:05:57 blacky sendmail[18992]: j3DD4bLI018992:
from=<id damad com>, size=81057, class=0, nrcpts=1,
msgid=<200504131304 j3DD4bLI018992 mail anonymous de>, proto=ESMTP,
daemon=MTA, relay=[212.33.168.146]
Apr 13 15:05:57 blacky clamav-milter[29150]: j3DD4bLI018992:
/tmp/clamav-5f22f2bc3fa7379d/msg.8mIvEZ: Worm.Mytob.AF Intercepted virus
from <id damad com> to <lolita uni-x org>
Apr 13 15:05:57 blacky clamav-milter[29150]: File quarantined as
/var/spool/clamav/050413/j3DD4bLI018992.Worm.Mytob.AF
Apr 13 15:05:57 blacky clamav-milter[29150]: Quarantined infected mail
as /var/spool/clamav/050413/j3DD4bLI018992.Worm.Mytob.AF
Apr 13 15:05:57 blacky sendmail[18992]: j3DD4bLI018992: Milter: data,
discard
Apr 13 15:05:57 blacky sendmail[18992]: j3DD4bLI018992: discarded

My clamav-milter setup is following:

$ cat /etc/sysconfig/clamav-milter

CLAMAV_FLAGS="  --dont-wait \
                --quiet \
                --noreject \
                --force-scan \
                --dont-log-clean \
                --local \
                --outgoing \
                --server=localhost \
                --quarantine-dir=/var/spool/clamav \
                --pidfile=/var/run/clamav/clamav-milter.pid \
                unix:/var/spool/clamav/clamav-milter.sock \
                "


> 2. How do I know my definitions are being kept up-to-date with no
> apparent freshclam?

If you don't run freshclam you should run a cronjob. But keep care to
not being blocked by the ClamAV guys when querying the ClamAV server too
often. It is better to use freshclam. freshclam is normally packaged
together with the clamd daemon.
I let log the updates:

==> /var/log/maillog <==
Apr 15 15:10:28 blacky clamd[3870]: SelfCheck: Database modification
detected. Forcing reload.
Apr 15 15:10:29 blacky clamd[3870]: Reading databases from
/var/lib/clamav
Apr 15 15:10:30 blacky clamd[3870]: Database correctly reloaded (32866
viruses)
Apr 15 15:13:28 blacky clamav-milter[29150]: Loading new database
Apr 15 15:13:29 blacky clamav-milter[29150]: ClamAV: Protecting against
32866 viruses
Apr 15 15:13:29 blacky clamav-milter[29150]: Loaded ClamAV 0.83/831/Fri
Apr 15 14:17:38 2005

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.14_FC2smp 
Serendipity 16:52:10 up 3 days, 13:32, load average: 0.21, 0.15, 0.13 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]