Anybody successfully get Clam Antivirus
(
http://www.konarski.edu.pl/~zolw/clam.html) to work with exiscan? I can
get it to work with exim running as a daemon in the foreground but when
exim is run in the background it fails. Here is my configuration and
debug output. I am using exiscan-4.04-7. Any ideas?
Configuration:
exiscan_scanner = cmdline
exiscan_crypt_salt = ex
exiscan_unpack_mime = true
exiscan_scanner_path = /usr/local/clamav/bin/clamscan
exiscan_scanner_options = --stdout --threads 0 --disable-summary |
exiscan_scanner_regexp_trigger = FOUND
exiscan_scanner_regexp_description = :(.*)FOUND
-------
Test e-mail with exim in forground:
./sendEmail -f boutilpj@??? -t boutilpj@??? -u 'Virus
Test' -m 'Virus' -s localhost:35 -a
/usr/local/src/VIRUS/clamav-0.14/test/eicar.com
ERROR: The server returned the following error:
550 exiscan found malicious content ( Eicar-Test-Signature )
EXITING
Debug output from exim:
/usr/local/exim-scan/bin/exim -v -bd -oX 35
LOG: MAIN
exim 4.04 daemon started: pid=22221, no queue runs, listening for
SMTP on [142.227.51.1]:35 [127.0.0.1]:35
LOG: smtp_connection MAIN
SMTP connection from localhost [127.0.0.1] (TCP/IP connection count = 1)
exiscan: starting
exiscan: using command line scanner. Path:
/usr/local/clamav/bin/clamscan, Options: --stdout --threads 0
--disable-summary |
exiscan: calling scanner as '/usr/local/clamav/bin/clamscan --stdout
--threads 0 --disable-summary /var/spool/exim-scan/scan/17F1q2-0005nE-00
2>&1 >
/var/spool/exim-scan/scan/17F1q2-0005nE-00/17F1q2-0005nE-00-scanner_output'
exiscan cleanup: unlinking
/var/spool/exim-scan/scan/17F1q2-0005nE-00/17F1q2-0005nE-00-complete
exiscan cleanup: unlinking
/var/spool/exim-scan/scan/17F1q2-0005nE-00/eicar.com
exiscan cleanup: unlinking
/var/spool/exim-scan/scan/17F1q2-0005nE-00/textfile0
exiscan cleanup: unlinking
/var/spool/exim-scan/scan/17F1q2-0005nE-00/textfile1
exiscan cleanup: unlinking
/var/spool/exim-scan/scan/17F1q2-0005nE-00/textfile2
exiscan cleanup: unlinking
/var/spool/exim-scan/scan/17F1q2-0005nE-00/textfile3
exiscan cleanup: unlinking
/var/spool/exim-scan/scan/17F1q2-0005nE-00/17F1q2-0005nE-00-scanner_output
LOG: MAIN REJECT
rejected by local_scan(): exiscan found malicious content (
Eicar-Test-Signature )
LOG: smtp_connection MAIN
SMTP connection from localhost [127.0.0.1] lost
-------------------------
Same test with exim in background:
./sendEmail -f boutilpj@??? -t boutilpj@??? -u 'Virus
Test' -m 'Virus' -s localhost:35 -a
/usr/local/src/VIRUS/clamav-0.14/test/eicar.com
EXITING
Exim run as:
/usr/local/exim-scan/bin/exim -bd -oX 35
From exim_mainlog:
2002-06-03 21:07:59 17F1rj-0005tt-00 temporarily rejected by
local_scan(): exiscan: unable to open scanner output file for reading:
/var/spool/exim-scan/scan/17F1rj-0005tt-00/17F1rj-0005tt-00-scanner_output
From exim_rejectlog:
2002-06-03 21:07:59 17F1rj-0005tt-00 temporarily rejected by
local_scan(): exiscan: unable to open scanner output file for reading:
/var/spool/exim-scan/scan/17F1rj-0005tt-00/17F1rj-0005tt-00-scanner_output
Envelope-from: <boutilpj@???>
Envelope-to: <boutilpj@???>
P Received: from localhost ([127.0.0.1])
by Trademart-1.ednet.ns.ca with smtp (Exim 4.04)
id 17F1rj-0005tt-00
for boutilpj@???; Mon, 03 Jun 2002 21:07:59 -0300
F From: <boutilpj@???>
T To: <boutilpj@???>
Subject: Virus Test
Date: Mon, 3 Jun 2002 21:7:59 -0600
X-Mailer: sendEmail-v1.33
Content-Type: multipart/mixed; boundary="----MIME delimiter for
sendEmail-499875.868204981"
Mime-Version: 1.0
I Message-Id: <E17F1rj-0005tt-00@???>
