[snip]Thanks, Rene,
I recompiled normally... not in debug mode and seems to be working fine. I have a couple more question though... See below...
06:35:14.68 2 SMTPI-00007(cgr4u.com) [30014] received, 978 bytes
06:35:14.69 2 QUEUE([30014]) from <[EMAIL PROTECTED]>, 978 bytes (<[EMAIL PROTECTED]>)
06:35:14.69 1 ENQUEUERRULES [30014] rule(ClamAV) action #1: filter report: \nWARNING! Your message was infected by VIRUS:\nEicar-Test-Signature\n\nIt was rejected for delivery.\n\nAntiviral program output:
\n==================================================\n\t\tinfected: Eicar-Test-Signature\n=====
1) should I be getting the Action#1 Filter report. That seems like a lot of output.
No.
There's something wrong with this log: there is no "EXTFILTER(ClamAV)" messages. I only get those and none of the "ENQUEUERRULES"; you must have moved the default Message Enqueuer log level (I have it at Problems).
2) Enqueuer -- Server Rules failed.. Filter Rejected message.. What does that mean?
I think it means you configured CG differently. Your configuration was better before.
What I use is:
1. General -> Helpers - Use filter cgpav (enabled) - Log all info - Time-out disabled, Auto-restart disabled.
2. Rules - One rule defined, priority 10 (highest in case I put other rules). - Message size > 1K; message size < 2M - Action: ExternalFilter, Paramater: cgpav
With this setting I only get the EXTFILTER protocol messages, the ones that start with a sequence number followed by a command and parameter, the response from cgpav should be OK or DISCARD (see infected_action below) with an information line (that starts with *) reporting what virus was found, that is if cgpav is working, otherwise it will report ERROR or nothing and CG will retry.
3) Finally, I am recieving both a rejection message from my SMTP server and a rejection message from CGPAV. How can I eliminate one of them?
Change your cgpav.conf file, check the following settings:
infected_action = discard
antivirus_email = ... not used if infected_action is discard, otherwise this one and the options below become effective.
sender_notification = false
recipients_notification = false
postmaster_notification = false
...
and all the other notifications which by default have "false" or empty values.
Note is appears to be working though. I even get the following entry in the /var/log/mail...
Feb 8 06:35:14 DoodyEmail clamd[4094]: /var/CommuniGate/Queue/30014.msg: Eicar-Test-Signature FOUND
That's from clamd! Why did you set clamd to use the mail log? This message usually goes into the clamd.log, but it's OK if you want it there, I just use it different and disable it when everything is working.
Regards. -- René Berber _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
