RE: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
On Wed, May 18, 2005 03:56, Stefke wrote: > >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Ken Jones >> Sent: dinsdag 17 mei 2005 15:57 >> To: ClamAV users ML >> Subject: Re: [Clamav-users] Clam AV allows e-mail from >> www.webmail.us/testvirus through? >> > >> On my system, only #24 and #25 make it through ... both of >> which don't have a test virus in them :) >> >> -- >> Ken Jones >> >> > > What is stopping #5 & #17 in your configuration ? Is it clamd or > somethingelse ? My config : messagewall, clamdmail, clamd, spamd and > numbers 5,17, 24 and 25 are getting trough :-( > > Stefaan > > > > ___ > http://lurker.clamav.net/list/clamav-users.html > > Well, Here are the options I have set from clamd.conf: LogFile /var/adm/clamd/clamd.log LogFileMaxSize 2M LogTime LogSyslog LogFacility LOG_MAIL LogVerbose PidFile /var/run/clamd/clamd.pid TemporaryDirectory /tmp LocalSocket /var/run/clamd/clamd.sock FixStaleSocket MaxConnectionQueueLength 30 StreamMaxLength 20M User clamav ScanPE DetectBrokenExecutables ScanOLE2 ScanMail ScanHTML ScanArchive ScanRAR ArchiveMaxFileSize 15M ArchiveMaxRecursion 9 ArchiveMaxFiles 1500 ArchiveMaxCompressionRatio 300 ArchiveLimitMemoryUsage ArchiveBlockEncrypted As for my setup, sendmail / spamassassin / clamav - using clamav-milter. #5 and #17 (above) were caught by clam as virus'. -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ken Jones > Sent: dinsdag 17 mei 2005 15:57 > To: ClamAV users ML > Subject: Re: [Clamav-users] Clam AV allows e-mail from > www.webmail.us/testvirus through? > > On my system, only #24 and #25 make it through ... both of > which don't have a test virus in them :) > > -- > Ken Jones > What is stopping #5 & #17 in your configuration ? Is it clamd or somethingelse ? My config : messagewall, clamdmail, clamd, spamd and numbers 5,17, 24 and 25 are getting trough :-( Stefaan ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
On Tue, 2005-05-17 at 09:05 -0400, Douglas Ward wrote: > I have recently installed Clam AV 0.85 and have downloaded the latest > updates through freshclam. We are running this software on a new > e-mail gateway server built with Postfix and Mandrake LE2005. How is postfix calling clamav? The Mandriva postfix rpm allows for a content filter at port 10025. Are you using amavisd-new? Or are you using some other sort of milter-like configuration with postfix? -- Daniel J McDonald, CCIE # 2495, CNX Austin Energy [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
> On Tue, 2005-05-17 at 09:05 -0400, Douglas Ward wrote: > >> I have recently installed Clam AV 0.85 and have downloaded the latest >> updates through freshclam. We are running this software on a new e-mail >> gateway server built with Postfix and Mandrake LE2005. Please excuse my >> ignorance as I am very new to this product. My question is that with >> clamd running as a process and freshclam telling me that the latest >> updates are loaded the test viruses sent from webmail.us are being >> allowed through. I believe that clamav is working as numbers 1-3, >> 6-12, and 13 were all blocked but the rest of >> the 27 files were allowed through. Am I missing something? Shouldn't >> clamav have a better detection rate than that? Should I be restarting >> the clamd process every time freshclam updates? Everything starts >> properly with no errors in either clamd.log or freshclam.log. Shouldn't >> clamav be intercepting all virus messages passing through the gateway? >> There is no local delivery on this server - everything is relayed to >> four internal mail servers. I re-read the documentation, faq's, and >> mailling list archives and didn't see much of help. Any assistance >> anyone can provide would be most welcome. > On my system, only #24 and #25 make it through ... both of which don't have a test virus in them :) -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
On Tue, 2005-05-17 at 09:05 -0400, Douglas Ward wrote: > I have recently installed Clam AV 0.85 and have downloaded the latest updates > through freshclam. > We are running this software on a new e-mail gateway server built with > Postfix and Mandrake LE2005. > Please excuse my ignorance as I am very new to this product. My question is > that with clamd running as a process > and freshclam telling me that the latest updates are loaded the test viruses > sent from webmail.us are being > allowed through. I believe that clamav is working as numbers 1-3, 6-12, and > 13 were all blocked but the rest of > the 27 files were allowed through. Am I missing something? Shouldn't clamav > have a better detection rate than that? > Should I be restarting the clamd process every time freshclam updates? > Everything starts properly with no > errors in either clamd.log or freshclam.log. Shouldn't clamav be > intercepting all virus messages passing > through the gateway? There is no local delivery on this server - everything > is relayed to four internal > mail servers. I re-read the documentation, faq's, and mailling list archives > and didn't see much of help. > Any assistance anyone can provide would be most welcome. There is something wrong with your configuration. Probably something related to the way you have plugged clam and postfix together. -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
I have recently installed Clam AV 0.85 and have downloaded the latest updates through freshclam. We are running this software on a new e-mail gateway server built with Postfix and Mandrake LE2005. Please excuse my ignorance as I am very new to this product. My question is that with clamd running as a process and freshclam telling me that the latest updates are loaded the test viruses sent from webmail.us are being allowed through. I believe that clamav is working as numbers 1-3, 6-12, and 13 were all blocked but the rest of the 27 files were allowed through. Am I missing something? Shouldn't clamav have a better detection rate than that? Should I be restarting the clamd process every time freshclam updates? Everything starts properly with no errors in either clamd.log or freshclam.log. Shouldn't clamav be intercepting all virus messages passing through the gateway? There is no local delivery on this server - everything is relayed to four internal mail servers. I re-read the documentation, faq's, and mailling list archives and didn't see much of help. Any assistance anyone can provide would be most welcome. Douglas Ward Director of Information Technology NC Methodist Conference 1307 Glenwood Ave. Raleigh, NC 27605 Work: (919) 832-9560 ext. 227 Fax: (919) 834-7989 ___ http://lurker.clamav.net/list/clamav-users.html