I'm experimenting a bit here and I have one box running Exim and another box
running clamav.
On the clamav box (F21) I've installed
exim-clamav-4.84-4.fc21.x86_64
clamav-lib-0.98.7-1.fc21.x86_64
clamav-server-0.98.7-1.fc21.x86_64
clamav-filesystem-0.98.7-1.fc21.noarch
clamav-0.98.7-1.fc21.x86_64
clamav-data-0.98.7-1.fc21.noarch
clamav-update-0.98.7-1.fc21.x86_64
I've updated the config files and everything runs fine. It found the test
virus eicar.com (as well as another test virus I'd forgotten about)
I then changed my exim.conf line from:
av_scanner = clamd:/var/run/clamd.exim/clamd.sock
to
av_scanner = clamd:10.1.1.226 3310
and restarted exim.
On the clam server I then got log entries appearing (I had already turned on
LogClean)
Mon Jul 27 12:30:46 2015 -> stream(10.5.1.3@1506): OK
Mon Jul 27 12:30:46 2015 -> stream(10.5.1.3@1928): OK
Mon Jul 27 12:30:46 2015 -> stream(10.5.1.3@1218): OK
Mon Jul 27 12:30:46 2015 -> stream(10.5.1.3@1608): OK
Mon Jul 27 12:30:48 2015 -> stream(10.5.1.3@1402): OK
Mon Jul 27 12:31:53 2015 -> stream(10.5.1.3@1432): OK
Mon Jul 27 12:32:01 2015 -> stream(10.5.1.3@1175): OK
Mon Jul 27 12:32:01 2015 -> stream(10.5.1.3@1784): OK
All looked fine until I then tried testing the mail server using the web page
at
http://www.aleph-tec.com/eicar/
I continued to get 'OK' log entries and the emails passed through.
Can anyone suggest where I look to see why Clam didn't detect the virus?
Cheers
