I recently installed ClavAV on my FreeBSD 5.4 system. I am running
Sendmail as my MTA.
Clam seems to be working fine except for one small thing.
First, this is the entry I have in my /etc/rc.conf file for Clam.
clamav_clamd_enable="YES" # Enable ClamAV
clamav_freshclam_enable="YES" # Enable auto updater for AV
clamav_milter_enable="YES" # Enable the mail AV scanner
clamav_milter_socket="/var/run/clamav/clmilter.sock" # Clam Milter socket
clamav_milter_flags="--postmaster-only --local --outgoing --max-children=50
--quarantine dir=/var/mail/quarantine --timeout=0" # Clam milter settings
Each directive is on one separate line although it might not look like
it here.
This is a sample of the notices I receive when a virus is detected.
The message k0JAB7nO094434 sent from <[EMAIL PROTECTED]> to
<[EMAIL PROTECTED]>
contained HTML.Phishing.Pay-6 and has not been delivered.
The message in question has been quarantined as
/var/tmp//clamav-48b75ba8e9a0d2da/msg.8LUShP
First, you will notice that there are two "//" in the path. I do not
understand why. Second, although the directory entry does exist, it is
empty. The file mentioned is present in the
/var/mail/quarantine/060119/k0JAB7nO094434.HTML.Phishing.Pay-6 directory.
However, there does not appear to be anything attached to the file. It
is very simple HTML code.
My question is why is the /var/tmp/* directory being created if it is
empty? Why the double '//' in the path? Also, shouldn't the file with
the virus actually have something attached to it. Most of the time on
WinXP machines anyway, there is a file attachment of some kind, although
I guess that is not a requirement.
I am just curious as to whether I have this who thing configured
correctly.
Ciao
--
Gerard Seibert
[EMAIL PROTECTED]
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
