Nigel,
Sorry about that. The problem is that clamav-milter isn't scanning incoming mail. I want to configure it to scan mail that is passed to sendmail from fetchmail (running on the same host) to deliver to local mailboxes, but not scan outgoing mail.
I agree, the documentation implies that leaving off the -o -f and -l switches should achieve this, but for some reason it's just not scanning anything [see the bottom of the mail log below].
I confirm that clamav-milter does indeed scan mail if the -o or -l switch is used. How does clamav-milter determine what is incoming, what is outgoing and what is lan mail (and pardon my ignorance)? Is it my sendmail configuration, perhaps?
Cheers, Damon
----Original Message Follows---- From: Nigel Horne <[EMAIL PROTECTED]> Organization: NJH Music (bandsman.co.uk) To: [EMAIL PROTECTED] Date: Wed, 29 Sep 2004 08:24:47 +0100 Subject: [Clamav-users] Re: Clamav-users digest, Vol 1 #1033 - 11 msgs Reply-To: [EMAIL PROTECTED]
I can't remember the original problem, you've removed the history from this post that would have reminded me!
-Nigel
On Wednesday 29 Sep 2004 02:58, Damon McMahon wrote:
> Nigel,
>
> Thanks for your reply, and please accept my apologies for the woeful lack of
> detail in my first post.
>
> Here's how we kick off clamav:
>
> #!/bin/sh
> /usr/local/bin/freshclam -d -p /var/clamav/freshclam.pid
> /usr/local/sbin/clamd
> /usr/local/sbin/clamav-milter --debug -c /etc/clamav.conf -AdNq
> local:/var/clamav/clmilter.sock
>
> Note that I couldn't get clamav-milter to accept --dubug-level=n despite
> this being documented in the man page and building with
>
> % ./configure --enable-debug
>
> Here are the relevant run-time files:
>
> % ls -al /var/clamav
> drwx------ 6 clamav clamav 204 29 Sep 10:58 .
> drwxr-xr-x 22 root wheel 748 29 Sep 09:06 ..
> -rw-rw---- 1 clamav clamav 4 29 Sep 10:58 clamd.pid
> srwxrwxrwx 1 clamav clamav 0 29 Sep 10:58 clamd.sock
> srwx------ 1 clamav clamav 0 29 Sep 10:58 clmilter.sock
> -rw-rw---- 1 clamav clamav 4 29 Sep 10:58 freshclam.pid
>
> Here's my configuration customisations:
>
> % cat /etc/clamav.conf | grep -v # | grep -v '^$'
> LogSyslog
> LogFacility LOG_MAIL
> LogVerbose
> PidFile /var/clamav/clamd.pid
> LocalSocket /var/clamav/clamd.sock
> FixStaleSocket
> StreamSaveToDisk
> StreamMaxLength 10M
> MaxThreads 10
> MaxDirectoryRecursion 15
> User clamav
> ScanOLE2
> ScanMail
> ScanArchive
> ArchiveMaxFileSize 10M
> ArchiveMaxRecursion 5
> ArchiveMaxFiles 1000
> ArchiveMaxCompressionRatio 200
> ClamukoScanOnOpen
> ClamukoScanOnClose
> ClamukoScanOnExec
> ClamukoIncludePath /home
> ClamukoMaxFileSize 1M
> ClamukoScanArchive
>
> Here's the relevant snippet from my mail log showing the info you requested:
>
> Sep 29 10:57:31 localhost clamd[9693]: Daemon started.
> Sep 29 10:57:31 localhost clamd[9693]: clamd daemon 0.75.1 (OS: darwin7.5.0,
> ARCH: ppc, CPU: powerpc)
> Sep 29 10:57:31 localhost clamd[9693]: Log file size limited to 1048576
> bytes.
> Sep 29 10:57:31 localhost clamd[9693]: Verbose logging activated.
> Sep 29 10:57:31 localhost clamd[9693]: Running as user clamav (UID 30, GID
> 30)
> Sep 29 10:57:31 localhost clamd[9693]: Reading databases from
> /usr/local/share/clamav
> Sep 29 10:57:32 localhost clamd[9693]: Protecting against 24128 viruses.
> Sep 29 10:57:33 localhost clamd[9694]: Unix socket file
> /var/clamav/clamd.sock
> Sep 29 10:57:33 localhost clamd[9694]: Setting connection queue length to 15
> Sep 29 10:57:33 localhost clamd[9694]: Listening daemon: PID: 9694
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Archived file size limit set
> to 10485760 bytes.
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Recursion level limit set to
> 5.
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Files limit set to 1000.
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Compression ratio limit set
> to 200.
> Sep 29 10:57:33 localhost clamd[9694]: Archive support enabled.
> Sep 29 10:57:33 localhost clamd[9694]: RAR support disabled.
> Sep 29 10:57:33 localhost clamd[9694]: Mail files support enabled.
> Sep 29 10:57:33 localhost clamd[9694]: OLE2 support enabled.
> Sep 29 10:57:33 localhost clamd[9694]: Self checking every 3600 seconds.
> Sep 29 10:58:53 localhost clamav-milter[9842]: Starting: clamd / ClamAV
> version 0.75.1, clamav-milter version 0.75c
> Sep 29 10:58:53 localhost clamav-milter[9842]: Started: clamd / ClamAV
> version 0.75.1, clamav-milter version 0.75c
> Sep 29 10:59:11 localhost sendmail[9864]: starting daemon (8.13.1):
> [EMAIL PROTECTED]:20:00
> Sep 29 10:59:11 localhost sendmail[9867]: starting daemon (8.13.1):
> [EMAIL PROTECTED]:20:00
> Sep 29 10:59:15 localhost fetchmail[9886]: starting fetchmail 6.2.5 daemon
> Sep 29 11:01:10 localhost fetchmail[9886]: 1 message for [EMAIL PROTECTED]
> at pop.my.mail.provider.net (773 octets).
> Sep 29 11:01:11 localhost fetchmail[9886]: reading message
> [EMAIL PROTECTED]@pop.my.mail.provider.net:1 of 1 (773 octets)
> Sep 29 11:01:11 localhost clamav-milter[9842]: clamfi_close
> Sep 29 11:01:11 localhost sendmail[9898]: i8T1VBd6009898:
> from=<[EMAIL PROTECTED]>, size=866, class=0, nrcpts=1,
> msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
> daemon=MTA, relay=localhost [127.0.0.1]
>
> If you need anything else let me know.
>
> Thanks again,
> Damon
>
> ----Original Message Follows----
> From: Nigel Horne &lt;[EMAIL PROTECTED]&gt;
> Organization: NJH Music (bandsman.co.uk)
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] fetchmail &amp; clamav-milter
> Date: Tue, 28 Sep 2004 08:12:09 +0100
> Reply-To: [EMAIL PROTECTED]
>
> [snip]
>
> Yes, don't use -l, -o or -f. What options are you using? What version of
> clamav-milter?
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how to
> get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
-- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk
_________________________________________________________________
Discover how everyone & everything in our world's connected: http://www.onebigvillage.com.au?&obv1=hotmail
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
