[exim] Exim and clamav

Top Page
Delete this message
Reply to this message
Author: fhuet
Date:  
CC: exim-users
Old-Topics: Re: [exim] Exim config question
Subject: [exim] Exim and clamav
Hello all,

Well, I'm still on my clamav problem. Spamassassin seems working :

2005-03-04 06:23:03 1D75HC-00030m-Vx <= <> U=Debian-exim P=spam-scanned
S=958 id=E1D75HC-00030j-T4@smtp001
2005-03-04 06:23:03 1D75HC-00030m-Vx User 0 set for local_delivery
transport is on the never_users list
2005-03-04 06:23:03 1D75HC-00030m-Vx == root@??? R=real_local
T=local_delivery defer (-29): User 0 set for local_delivery transport is
on the never_users list
2005-03-04 06:23:03 1D75HC-00030j-T4 => root <postmaster@???>
R=spamcheck_router T=spamcheck
2005-03-04 06:23:03 1D75HC-00030j-T4 Completed


But Clamav doesn't. I sent me an "eicar mail" with an virus and I
receveid it without scanning in my mailbox.

Here is several informations:
/etc/passwd :
Debian-exim:x:102:102::/var/spool/exim4:/bin/false
clamav:x:103:103::/var/lib/clamav:/bin/false

/etc/group:
Debian-exim:x:102:clamav
clamav:x:103:Debian-exim

ls -la /var/log/exim4
total 16472
drwxr-s---    2 Debian-e adm          4096 Mar  4 06:25 .
drwxr-xr-x    7 root     root         4096 Mar  4 06:25 ..
-rw-r-----    1 Debian-e adm       1405022 Mar  4 10:26 mainlog
-rw-r-----    1 Debian-e adm          1664 Mar  4 10:23 paniclog
-rw-r-----    1 Debian-e adm        487560 Mar  4 10:26 rejectlog
...


ls -la /var/spool/exim4/
total 76
drwxr-x---    8 Debian-e Debian-e     4096 Mar  3 01:53 .
drwxr-xr-x    5 root     root         4096 Mar  1 09:14 ..
drwx------    2 Debian-e Debian-e     4096 Mar  4 10:23 .spamassassin
drwxr-x---    2 Debian-e Debian-e     4096 Feb 24 17:34 db
drwxr-x---    2 Debian-e Debian-e    36864 Mar  4 10:25 input
drwxr-x---    2 Debian-e Debian-e    16384 Mar  4 10:23 msglog
drwxr-xr-x    2 Debian-e Debian-e     4096 Mar  1 09:15 rejects
drwxr-x---    2 Debian-e Debian-e     4096 Mar  3 00:32 scan


in my exim4.conf:
av_scanner = clamd:/var/run/clamav/clamd.ctl

clamd.conf:
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket
User clamav
AllowSupplementaryGroups
ScanMail
ScanArchive
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogFile /var/log/clamav/clamav.log
LogTime
LogFileMaxSize 0
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
ScanOLE2
ScanPE
DetectBrokenExecutables
ScanHTML
ArchiveBlockMax

ps axf:
24054 ?        S      0:01 /usr/sbin/spamd --create-prefs --max-children 
10 --helper-home-dir -d --pidfile=/var/run/spamd.pid
24076 ?        S      0:00  \_ spamd child
24077 ?        S      0:00  \_ spamd child
24078 ?        S      0:00  \_ spamd child
24079 ?        S      0:00  \_ spamd child
24080 ?        S      0:00  \_ spamd child
24081 ?        S      0:00  \_ spamd child
24082 ?        S      0:00  \_ spamd child
24083 ?        S      0:00  \_ spamd child
24084 ?        S      0:00  \_ spamd child
24085 ?        S      0:00  \_ spamd child
24067 ?        S      0:08 /usr/sbin/exim4 -bd -q30m
24870 ?        S      0:00 /usr/sbin/clamd


Well, I don't understand why clamav doesn't do any scan. I have nothing
in clamav.log
Tue Mar 1 12:01:56 2005 -> clamd daemon 0.83 (OS: linux-gnu, ARCH:
i386, CPU: i386)
Tue Mar 1 12:01:56 2005 -> Log file size limit disabled.
Tue Mar 1 12:01:56 2005 -> Running as user clamav (UID 103, GID 103)
Tue Mar 1 12:01:56 2005 -> Reading databases from /var/lib/clamav
Tue Mar 1 12:01:57 2005 -> Protecting against 31060 viruses.
Tue Mar 1 12:01:57 2005 -> Unix socket file /var/run/clamav/clamd.ctl
Tue Mar 1 12:01:57 2005 -> Setting connection queue length to 15
Tue Mar 1 12:01:57 2005 -> Archive: Archived file size limit set to
10485760 bytes.

That's all...

Sorry for this mail, but I must be in production next week.

Thank you.

Franck