clamav-milter is "sort of" ignoring the quarantine directory because it's creating the daily directories, I'm just not finding any files in them.
I've got two mail filtering gateways that both have the same versions of sendmail+clamav+clamav-milter+spamassassin, and as near as I can tell all of the config files are identical. For some reason, ONE of the scanning machines isn't leaving the caught viruses in my quarantine directory. When I started tracking down what was happening, I noticed that the $QUARANTINE/050826 (for example) directory is getting created, and the mtime on that directory even changes to when a virus was last caught. The virus email just isn't in that directory-- it's apparently being left in /var/tmp. The only difference that I can find between the two machines is that the machine that is misbehaving has /tmp and /var/tmp on different filesystems, and the machine that is doing what I want has /tmp and /var/tmp on the same filesystem. Has anybody else seen this? It seems to only have started for me with the most recent upgrade of clamav and clamav-milter. Working machine: [EMAIL PROTECTED] ~]# ls -al /etc/sysconfig/clam* /etc/rc.d/init.d/clam* /etc/clamd.conf /usr/sbin/clamav-milter -rw-r--r-- 1 root root 8156 Jul 25 02:05 /etc/clamd.conf -rwxr-xr-x 1 root root 1160 May 12 2004 /etc/rc.d/init.d/clamav-milter -rwxr-xr-x 1 root root 1046 May 12 2004 /etc/rc.d/init.d/clamd -rw-r--r-- 1 root root 308 Aug 26 17:45 /etc/sysconfig/clamav-milter -rwxr-xr-x 1 root root 111129 Jul 25 02:05 /usr/sbin/clamav-milter [EMAIL PROTECTED] ~]# md5sum /etc/sysconfig/clam* /etc/rc.d/init.d/clam* /etc/clamd.conf 1cf1ac87554941ee9a383c31a8d6fb58 /etc/sysconfig/clamav-milter ce00b19718a0df57c88bff097d7e0a84 /etc/rc.d/init.d/clamav-milter 11eae95b40949edffe783e4cbd1ffbbd /etc/rc.d/init.d/clamd c97858de2c7305183f337140210d8924 /etc/clamd.conf Not-working machine: [EMAIL PROTECTED] caught-viruses]# ls -al /etc/sysconfig/clam* /etc/rc.d/init.d/clam* /etc/clamd.conf /usr/sbin/clamav-milter; md5sum /etc/sysconfig/clam* /etc/rc.d/init.d/clam* /etc/clamd.conf -rw-r--r-- 1 root root 8156 Jul 25 02:05 /etc/clamd.conf -rwxr-xr-x 1 root root 1160 May 12 2004 /etc/rc.d/init.d/clamav-milter -rwxr-xr-x 1 root root 1046 May 12 2004 /etc/rc.d/init.d/clamd -rw-r--r-- 1 root root 308 Aug 25 15:11 /etc/sysconfig/clamav-milter -rwxr-xr-x 1 root root 111129 Jul 25 02:05 /usr/sbin/clamav-milter 1cf1ac87554941ee9a383c31a8d6fb58 /etc/sysconfig/clamav-milter ce00b19718a0df57c88bff097d7e0a84 /etc/rc.d/init.d/clamav-milter 11eae95b40949edffe783e4cbd1ffbbd /etc/rc.d/init.d/clamd c97858de2c7305183f337140210d8924 /etc/clamd.conf [EMAIL PROTECTED] caught-viruses]# clamd --version ClamAV 0.86.2/1041/Thu Aug 25 20:01:20 2005 [EMAIL PROTECTED] caught-viruses]# clamav-milter --version ClamAV version 0.86.2, clamav-milter version 0.86 [EMAIL PROTECTED] caught-viruses]# grep -i quarantine /etc/sysconfig/clam* /etc/rc.d/init.d/clam* /etc/clamd.conf /etc/sysconfig/clamav-milter: --quarantine-dir=/tmp/caught-viruses \ [EMAIL PROTECTED] caught-viruses]# ls -ld /tmp/caught-viruses/ drwx------ 5 clamav root 4096 Aug 26 02:02 /tmp/caught-viruses/ [EMAIL PROTECTED] caught-viruses]# grep clamav /etc/mail/sendmail.cf Xclmilter, S=local:/var/run/clamav/clamav-milter.sock, F=,T=S:4m;R:4m The ownership, perms, and sendmail.cf settings are the same on both machines. Any ideas as to what else I should be looking at? As I mentioned above, the only thing I can find different between the two systems is that the working machine has /var and /var/tmp on the same filesystem, and the non-working machine has them on two different filesystems. Thanks, -ron _______________________________________________ http://lurker.clamav.net/list/clamav-users.html