Re: [Exim] Exiscan-ACL + clamav: At my wits end

Top Page
Delete this message
Reply to this message
Author: Adam Moffett
Date:  
To: Odhiambo Washington
CC: exim-users
Subject: Re: [Exim] Exiscan-ACL + clamav: At my wits end
>
>You have a goofed config in that case.


I'm sure I must. I just don't know where.

>
>> I fiddled with clamav's config file a bit, tried it with and without
>> the "ScanMail" option, also tried using and not using the demime = *
>> option in my data ACL, I tried running clamav with both a TCP socket
> > and a local socket, plus everything else I could think of.
>
>
>You did not read the docs at all, just fiddling.


I always read the docs before I try asking dumb questions ;)

That's why you don't see me on the list much.

> > **In exim main config:
> > av_scanner = clamd:/tmp/clamd
>
>
>That is correct, if you also have in clamav.conf a line that says:
>LocalSocket /tmp/clamd


I do.

>
> > **My data ACL, minus comments:


<snip>

>That, too, is correct.


I thought so, since it's pretty much copied directly out of the docs.

>
> >
>  > **Excerpt from "exim -bd -d"..where it processes the data ACL:
>  > 14383 using ACL "acl_check_data"
>  > 14383 processing "deny"
>  > 14383 check demime = *
>  > 14383 check condition = ${if >{$demime_errorlevel}{2}{1}{0}}
>  > 14383                 = 0
>  > 14383 deny: condition test failed
>  > 14383 processing "deny"
>  > 14383 check demime =

> >
>ade:adp:bat:bas:chm:cmd:cpl:crt:eml:hlp:hta:inf:ins:isp:lnk:msc:msp:mst:pcd:scr:sct:shs:vbs:vbe:wsf:wsh:wsc:exe:com
> > 14383 deny: condition test failed
>> 14383 processing "deny"
>> 14383 check demime = *
>> 14383 check malware = *
>> 14383 deny: condition test failed
>> 14383 accept: condition test succeeded
>
>
>How did you feed in the message?


The normal way, with an smtp connection.

>
>1. Test after changing the "User clamav" to "User exim" or whatever it
>    is that you get when you do exim -bP exim_user


Exim runs as user mail...I thought having the clamav user in the mail
group would be sufficient, but I changed this to "User mail" as you
suggested. I get the same problem.

>2. Check panic log for any clues


The panic log says nothing. If I kill clamd, there are messages in
the panic log saying that it can't connect to clamd...otherwise
nothing.

clamav's log is also not helpful....I thought having "verbose"
logging would tell me something, but it doesn't seem to. It logs
when a virus is successfully detected (like when I tell it SCAN
/path/to/virus), it logs when it does it's self checks, and it logs
the fact that it started and stopped.

I wish the problem was really that easy...I'd have it running already.