Hi, We've been running ClamAV successfully for years. Recently, I added a URL to our local.gdb database to block a malicious URL. When I send a test message containing this URL through an MX server, it does not detect the URL:
Jan 26 07:13:17 andrew-mx-t01 clamd[31673]: /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-5.txt: OK Jan 26 07:13:17 andrew-mx-t01 clamd[31673]: /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-6.html: OK However, when I run clamscan against the exact same message on the same MX server, it does successfully detect the URL: [root@andrew-mx-t01 phish]# clamscan ./phish_test.txt ./phish_test.txt: Heuristics.Phishing.URL.Blacklisted FOUND ----------- SCAN SUMMARY ----------- Known viruses: 4835255 Engine version: 0.98.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 10.179 sec (0 m 10 s) When I start clamd, I can see that it successfully loads the local.gdb file, so I know that's not the issue. Any pointers on how to troubleshoot this? sysadmin via google has thus far failed me. Thanks! Dave _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
