Re: [Clamav-users] clamav-daemon didn't recognise attached virus

Thomas Herzog Thu, 22 Apr 2010 00:02:08 -0700

Rob MacGregor wrote:
> 
> On Thu, Apr 22, 2010 at 07:16, Thomas Herzog <thomas.her...@leoni.com>
> wrote:
>>
>> Thanks for your reply, just to get this right.
>> The virus is detected by the binaries clamdscan or clamscan, but not by
>> the
>> deamon called through amavis -> see the attachment of my first post.
> 
> Then you have a problem with the way Amavis is calling ClamAV.  The
> few lines in that log file aren't sufficient to identify the cause of
> the problem.
> 
> Amongst other things, check that you don't have multiple copies of
> ClamAV installed and that Amavis isn't running one while you're
> manually running a different one.
> 
> -- 
>                  Please keep list traffic on the list.
> 
> Rob MacGregor
>       Whoever fights monsters should see to it that in the process he
>         doesn't become a monster.                  Friedrich Nietzsche
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
> 
> 

Amavis seems to be calling the clam deamon, it finds also some other
exploits, viruses...
/var/log/clamav/clamav.log:
Thu Apr 22 08:15:07 2010 -> /tmp/UPS_invoice_4557.zip:
Suspect.Bredozip-zippwd-5 FOUND
Thu Apr 22 08:23:53 2010 ->
/var/lib/amavis/tmp/amavis-20100422T082307-19639/parts/p002:
Exploit.HTML.IFrame-8 FOUND
Thu Apr 22 08:23:53 2010 ->
/var/lib/amavis/tmp/amavis-20100422T082307-19639/parts/p003: Worm.NetSky-14
FOUND

Here you can see (UPS_invoice_4557.zip) was recognized with manually
scanning.

lxhv1m02:~# dpkg -l | grep clam
ii  clamav                            0.95.3+dfsg-1~volatile1 anti-virus
utility for Unix - command-line i
ii  clamav-base                       0.95.3+dfsg-1~volatile1 anti-virus
utility for Unix - base package
ii  clamav-daemon                     0.95.3+dfsg-1~volatile1 anti-virus
utility for Unix - scanner daemon
ii  clamav-freshclam                  0.95.3+dfsg-1~volatile1 anti-virus
utility for Unix - virus database
ii  libclamav6                        0.95.3+dfsg-1~volatile1 anti-virus
utility for Unix - library

lxhv1m02:~# ps -eaf| grep clam
clamav    2926     1  0  2009 ?        00:01:49 /usr/bin/freshclam -d
--quiet
clamav   16517     1  1 Apr21 ?        00:12:39 /usr/sbin/clamd
root     25902 23655  0 08:58 pts/1    00:00:00 grep clam

lxhv1m02:~# grep ctl /etc/amavis/conf.d/15-av_scanners
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],

lxhv1m02:~# grep ctl /etc/clamav/clamd.conf
LocalSocket /var/run/clamav/clamd.ctl

Looks good to me...any ideas left?

/Thomas


-- 
View this message in context: 
http://old.nabble.com/clamav-daemon-didn%27t-recognise-attached-virus-tp28288042p28324892.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-daemon didn't recognise attached virus

Reply via email to
