Hi
Having recently got exim and clamav to work, could I ask
- is clamd working
- how is configured in exim (see av-scanner)
- have you checked access via Unix (socket or IP)
All the best
SImon
fhuet wrote:
> Hello all,
>
> Well, I'm still on my clamav problem. Spamassassin seems working :
>
> 2005-03-04 06:23:03 1D75HC-00030m-Vx <= <> U=Debian-exim
> P=spam-scanned S=958 id=E1D75HC-00030j-T4@smtp001
> 2005-03-04 06:23:03 1D75HC-00030m-Vx User 0 set for local_delivery
> transport is on the never_users list
> 2005-03-04 06:23:03 1D75HC-00030m-Vx == root@???
> R=real_local T=local_delivery defer (-29): User 0 set for
> local_delivery transport is on the never_users list
> 2005-03-04 06:23:03 1D75HC-00030j-T4 => root
> <postmaster@???> R=spamcheck_router T=spamcheck
> 2005-03-04 06:23:03 1D75HC-00030j-T4 Completed
>
>
> But Clamav doesn't. I sent me an "eicar mail" with an virus and I
> receveid it without scanning in my mailbox.
>
> Here is several informations:
> /etc/passwd :
> Debian-exim:x:102:102::/var/spool/exim4:/bin/false
> clamav:x:103:103::/var/lib/clamav:/bin/false
>
> /etc/group:
> Debian-exim:x:102:clamav
> clamav:x:103:Debian-exim
>
> ls -la /var/log/exim4
> total 16472
> drwxr-s--- 2 Debian-e adm 4096 Mar 4 06:25 .
> drwxr-xr-x 7 root root 4096 Mar 4 06:25 ..
> -rw-r----- 1 Debian-e adm 1405022 Mar 4 10:26 mainlog
> -rw-r----- 1 Debian-e adm 1664 Mar 4 10:23 paniclog
> -rw-r----- 1 Debian-e adm 487560 Mar 4 10:26 rejectlog
> ...
>
> ls -la /var/spool/exim4/
> total 76
> drwxr-x--- 8 Debian-e Debian-e 4096 Mar 3 01:53 .
> drwxr-xr-x 5 root root 4096 Mar 1 09:14 ..
> drwx------ 2 Debian-e Debian-e 4096 Mar 4 10:23 .spamassassin
> drwxr-x--- 2 Debian-e Debian-e 4096 Feb 24 17:34 db
> drwxr-x--- 2 Debian-e Debian-e 36864 Mar 4 10:25 input
> drwxr-x--- 2 Debian-e Debian-e 16384 Mar 4 10:23 msglog
> drwxr-xr-x 2 Debian-e Debian-e 4096 Mar 1 09:15 rejects
> drwxr-x--- 2 Debian-e Debian-e 4096 Mar 3 00:32 scan
>
> in my exim4.conf:
> av_scanner = clamd:/var/run/clamav/clamd.ctl
>
> clamd.conf:
> LocalSocket /var/run/clamav/clamd.ctl
> FixStaleSocket
> User clamav
> AllowSupplementaryGroups
> ScanMail
> ScanArchive
> ArchiveMaxRecursion 5
> ArchiveMaxFiles 1000
> ArchiveMaxFileSize 10M
> ArchiveMaxCompressionRatio 250
> ReadTimeout 180
> MaxThreads 12
> MaxConnectionQueueLength 15
> LogFile /var/log/clamav/clamav.log
> LogTime
> LogFileMaxSize 0
> PidFile /var/run/clamav/clamd.pid
> DatabaseDirectory /var/lib/clamav
> SelfCheck 3600
> ScanOLE2
> ScanPE
> DetectBrokenExecutables
> ScanHTML
> ArchiveBlockMax
>
> ps axf:
> 24054 ? S 0:01 /usr/sbin/spamd --create-prefs
> --max-children 10 --helper-home-dir -d --pidfile=/var/run/spamd.pid
> 24076 ? S 0:00 \_ spamd child
> 24077 ? S 0:00 \_ spamd child
> 24078 ? S 0:00 \_ spamd child
> 24079 ? S 0:00 \_ spamd child
> 24080 ? S 0:00 \_ spamd child
> 24081 ? S 0:00 \_ spamd child
> 24082 ? S 0:00 \_ spamd child
> 24083 ? S 0:00 \_ spamd child
> 24084 ? S 0:00 \_ spamd child
> 24085 ? S 0:00 \_ spamd child
> 24067 ? S 0:08 /usr/sbin/exim4 -bd -q30m
> 24870 ? S 0:00 /usr/sbin/clamd
>
> Well, I don't understand why clamav doesn't do any scan. I have
> nothing in clamav.log
> Tue Mar 1 12:01:56 2005 -> clamd daemon 0.83 (OS: linux-gnu, ARCH:
> i386, CPU: i386)
> Tue Mar 1 12:01:56 2005 -> Log file size limit disabled.
> Tue Mar 1 12:01:56 2005 -> Running as user clamav (UID 103, GID 103)
> Tue Mar 1 12:01:56 2005 -> Reading databases from /var/lib/clamav
> Tue Mar 1 12:01:57 2005 -> Protecting against 31060 viruses.
> Tue Mar 1 12:01:57 2005 -> Unix socket file /var/run/clamav/clamd.ctl
> Tue Mar 1 12:01:57 2005 -> Setting connection queue length to 15
> Tue Mar 1 12:01:57 2005 -> Archive: Archived file size limit set to
> 10485760 bytes.
>
> That's all...
>
> Sorry for this mail, but I must be in production next week.
>
> Thank you.
>
> Franck
>
--
Simon Windsor
Eml: simon.windsor@???
Tel: 01454 617689
Mob: 07960 321599
