lee wrote:
> Hi,
>
> it seems that clamd is not scanning mails. I have:
>
>
> av_scanner = clamd:/var/run/clamav/clamd.ctl
>
> acl_check_data:
>
> # Deny if the message contains a virus. Before enabling this check,
> you
> # must install a virus scanner and set the av_scanner option above.
> #
> deny message = This message contains a virus ($malware_name).
> demime = *
> malware = */defer_ok
>
>
> Clamd is running, exim doesn't complain about it not being
> available. I don't see any indication in any of the logfiles that
> clamd is getting any mail to scan, and I can send eicar test files
> without them being detected, not even when the test string is plain in
> the body of the testmail. Scanning the file with clamscan detects the
> eicar test correctly.
>
> What am I missing? How can I see if exim actually feeds mail through
> clamd? Shouldn't there something about scanning activity show up in
> the logfiles?
>
Google will find you a malware test message you can send that harmlessly
triggers ClamAV.
If all else fails:
grep -r 'clamav' /var/log
and/or
grep -r 'ClamAV' /var/log
...will show you what it is logging, and where...
HTH
Bill