Re: [exim] Exim and clamav

Top Page
Delete this message
Reply to this message
Author: Simon Windsor
Date:  
To: fhuet
CC: exim-users
Subject: Re: [exim] Exim and clamav
Hi

Having recently got exim and clamav to work, could I ask

- is clamd working
- how is configured in exim (see av-scanner)
- have you checked access via Unix (socket or IP)

All the best

SImon

fhuet wrote:

> Hello all,
>
> Well, I'm still on my clamav problem. Spamassassin seems working :
>
> 2005-03-04 06:23:03 1D75HC-00030m-Vx <= <> U=Debian-exim
> P=spam-scanned S=958 id=E1D75HC-00030j-T4@smtp001
> 2005-03-04 06:23:03 1D75HC-00030m-Vx User 0 set for local_delivery
> transport is on the never_users list
> 2005-03-04 06:23:03 1D75HC-00030m-Vx == root@???
> R=real_local T=local_delivery defer (-29): User 0 set for
> local_delivery transport is on the never_users list
> 2005-03-04 06:23:03 1D75HC-00030j-T4 => root
> <postmaster@???> R=spamcheck_router T=spamcheck
> 2005-03-04 06:23:03 1D75HC-00030j-T4 Completed
>
>
> But Clamav doesn't. I sent me an "eicar mail" with an virus and I
> receveid it without scanning in my mailbox.
>
> Here is several informations:
> /etc/passwd :
> Debian-exim:x:102:102::/var/spool/exim4:/bin/false
> clamav:x:103:103::/var/lib/clamav:/bin/false
>
> /etc/group:
> Debian-exim:x:102:clamav
> clamav:x:103:Debian-exim
>
> ls -la /var/log/exim4
> total 16472
> drwxr-s---    2 Debian-e adm          4096 Mar  4 06:25 .
> drwxr-xr-x    7 root     root         4096 Mar  4 06:25 ..
> -rw-r-----    1 Debian-e adm       1405022 Mar  4 10:26 mainlog
> -rw-r-----    1 Debian-e adm          1664 Mar  4 10:23 paniclog
> -rw-r-----    1 Debian-e adm        487560 Mar  4 10:26 rejectlog
> ...

>
> ls -la /var/spool/exim4/
> total 76
> drwxr-x---    8 Debian-e Debian-e     4096 Mar  3 01:53 .
> drwxr-xr-x    5 root     root         4096 Mar  1 09:14 ..
> drwx------    2 Debian-e Debian-e     4096 Mar  4 10:23 .spamassassin
> drwxr-x---    2 Debian-e Debian-e     4096 Feb 24 17:34 db
> drwxr-x---    2 Debian-e Debian-e    36864 Mar  4 10:25 input
> drwxr-x---    2 Debian-e Debian-e    16384 Mar  4 10:23 msglog
> drwxr-xr-x    2 Debian-e Debian-e     4096 Mar  1 09:15 rejects
> drwxr-x---    2 Debian-e Debian-e     4096 Mar  3 00:32 scan

>
> in my exim4.conf:
> av_scanner = clamd:/var/run/clamav/clamd.ctl
>
> clamd.conf:
> LocalSocket /var/run/clamav/clamd.ctl
> FixStaleSocket
> User clamav
> AllowSupplementaryGroups
> ScanMail
> ScanArchive
> ArchiveMaxRecursion 5
> ArchiveMaxFiles 1000
> ArchiveMaxFileSize 10M
> ArchiveMaxCompressionRatio 250
> ReadTimeout 180
> MaxThreads 12
> MaxConnectionQueueLength 15
> LogFile /var/log/clamav/clamav.log
> LogTime
> LogFileMaxSize 0
> PidFile /var/run/clamav/clamd.pid
> DatabaseDirectory /var/lib/clamav
> SelfCheck 3600
> ScanOLE2
> ScanPE
> DetectBrokenExecutables
> ScanHTML
> ArchiveBlockMax
>
> ps axf:
> 24054 ?        S      0:01 /usr/sbin/spamd --create-prefs 
> --max-children 10 --helper-home-dir -d --pidfile=/var/run/spamd.pid
> 24076 ?        S      0:00  \_ spamd child
> 24077 ?        S      0:00  \_ spamd child
> 24078 ?        S      0:00  \_ spamd child
> 24079 ?        S      0:00  \_ spamd child
> 24080 ?        S      0:00  \_ spamd child
> 24081 ?        S      0:00  \_ spamd child
> 24082 ?        S      0:00  \_ spamd child
> 24083 ?        S      0:00  \_ spamd child
> 24084 ?        S      0:00  \_ spamd child
> 24085 ?        S      0:00  \_ spamd child
> 24067 ?        S      0:08 /usr/sbin/exim4 -bd -q30m
> 24870 ?        S      0:00 /usr/sbin/clamd

>
> Well, I don't understand why clamav doesn't do any scan. I have
> nothing in clamav.log
> Tue Mar 1 12:01:56 2005 -> clamd daemon 0.83 (OS: linux-gnu, ARCH:
> i386, CPU: i386)
> Tue Mar 1 12:01:56 2005 -> Log file size limit disabled.
> Tue Mar 1 12:01:56 2005 -> Running as user clamav (UID 103, GID 103)
> Tue Mar 1 12:01:56 2005 -> Reading databases from /var/lib/clamav
> Tue Mar 1 12:01:57 2005 -> Protecting against 31060 viruses.
> Tue Mar 1 12:01:57 2005 -> Unix socket file /var/run/clamav/clamd.ctl
> Tue Mar 1 12:01:57 2005 -> Setting connection queue length to 15
> Tue Mar 1 12:01:57 2005 -> Archive: Archived file size limit set to
> 10485760 bytes.
>
> That's all...
>
> Sorry for this mail, but I must be in production next week.
>
> Thank you.
>
> Franck
>



--
Simon Windsor

Eml: simon.windsor@???
Tel: 01454 617689
Mob: 07960 321599