Author: Marcin Mirosław Date: To: exim-users Subject: [exim] Misleading message "clamd: failed to connect to 127.0.0.1:
couldn't connect to any host: Connection refused" ?
Hi!
I have defined connection to av_scanner as below:
av_scanner = clamd:127.0.0.1 3310 : 192.168.254.10 3310
On localhost clamav is turned off. When I senr eixar test I got in
exim_main.log:
# exigrep 1X1cPB-0001CM-E1 /var/log/exim/exim_main.log
+++ 1X1cPB-0001CM-E1 has not completed +++
2014-06-30 16:18:01 1X1cPB-0001CM-E1 DKIM: d=cibet.pl s=120625
c=relaxed/relaxed a=rsa-sha256 [verification succeeded]
2014-06-30 16:18:01 1X1cPB-0001CM-E1 malware acl condition: clamd:
failed to connect to 127.0.0.1: couldn't connect to any host: Connection
refused
2014-06-30 16:19:01 1X1cPB-0001CM-E1 H=poczta3.cibet.pl
(poczta.cibet.pl) [77.252.119.98] I=[88.198.102.195]:25
X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256
F=<prvs=025879ac1c=XXXXXXX@???> rejected after DATA: Virus found /
znaleziono wirusa :Eicar-Test-Signature
In clamd.log on remote host I've got:
Mon Jun 30 16:18:01 2014 -> instream(local):
Eicar-Test-Signature(3cc1cc089e6737293a05a391d62a2a56:1676) FOUND
So message "couldn't connect to any host:" is a little misleading, exim
can connect to any host (but not to localhost).
Have you got any idea why clamd uses word "local" even when connection
is from remote host?
Regards,
Marcin
Exim version 4.83_RC2 #2 built 20-Jun-2014 13:15:47
Copyright (c) University of Cambridge, 1995 - 2014
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007
- 2014
Berkeley DB: Berkeley DB 4.8.30: (2013-10-04)
Support for: crypteq iconv() IPv6 OpenSSL Content_Scanning DKIM
Old_Demime OCSP Experimental_SRS Experimental_DSN
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz
dbmnz dsearch passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim/exim.conf