Re: [Clamav-users] Clamd + Exim
On Wed, 2005-05-04 at 10:56 +0200, David Peall wrote: Hi All I'm having a problem with the new Sober.P/O/Q whatever. I'm running mostly Exim 4.43 and clamd 0.84. Clamd starting up with my options: Wed May 4 09:57:56 2005 - clamd daemon 0.84 (OS: freebsd4.8, ARCH: i386, CPU: i386) Wed May 4 09:57:56 2005 - Log file size limited to 10485760 bytes. Wed May 4 09:57:56 2005 - Verbose logging activated. Wed May 4 09:57:56 2005 - Running as user exim (UID 1001, GID 1001) Wed May 4 09:57:56 2005 - Reading databases from /usr/local/share/clamav Wed May 4 09:57:57 2005 - Protecting against 30801 viruses. Wed May 4 09:57:57 2005 - Unix socket file /var/run/clamav/clamd Wed May 4 09:57:57 2005 - Setting connection queue length to 15 Wed May 4 09:57:57 2005 - Listening daemon: PID: 7488 Wed May 4 09:57:57 2005 - Archive: Archived file size limit set to 10485760 bytes. Wed May 4 09:57:57 2005 - Archive: Recursion level limit set to 8. Wed May 4 09:57:57 2005 - Archive: Files limit set to 1000. Wed May 4 09:57:57 2005 - Archive: Compression ratio limit set to 250. Wed May 4 09:57:57 2005 - Archive support enabled. Wed May 4 09:57:57 2005 - Archive: RAR support disabled. Wed May 4 09:57:57 2005 - Portable Executable support enabled. Wed May 4 09:57:57 2005 - Detection of broken executables enabled. Wed May 4 09:57:57 2005 - Mail files support enabled. Wed May 4 09:57:57 2005 - OLE2 support enabled. Wed May 4 09:57:57 2005 - HTML support enabled. Wed May 4 09:57:57 2005 - Self checking every 1800 seconds. Does not collect any Sober.P at all! But does see Worm.Mydoom.J and others. Now if I run clamscan on the email spools : Worm.Sober.P FOUND Worm.Sober.P FOUND Worm.Sober.P FOUND ... .. . --- SCAN SUMMARY --- Known viruses: 34149 Engine version: 0.84 Scanned directories: 860 Scanned files: 96660 Infected files: 268 Any Ideas ? What if you run clamdscan? Cheers Mike -- | Mike Grice Broadband Solutions for | Systems Engineer Home Business @ | PlusNet plc. www.plus.net + - PlusNet - The smarter way to broadband -- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Clamd + Exim
What if you run clamdscan? # clamdscan /usr/home/david/viruses/D.0IQD /usr/home/david/viruses/D.0IQD: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.465 sec (0 m 0 s) # clamscan /usr/home/david/viruses/D.0IQD /usr/home/david/viruses/D.0IQD: Worm.Sober.P FOUND --- SCAN SUMMARY --- Known viruses: 34149 Engine version: 0.84 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.05 MB Time: 1.655 sec (0 m 1 s) Hmmm looks like clamd is broken ? David Peall :: Systems Administrator e-Schools' Network :: http://www.esn.org.za/ Phone +27 (021) 674-9140 ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Clamd + Exim
Ok have fixed the problem. I had to add the folling to freshclam.conf DatabaseDirectory ? Pointing to the wrong place. NotifyClamd ? Not restarting Clamd. Really stupid mistakes! Thanks for your help. David Peall :: Systems Administrator e-Schools' Network :: http://www.esn.org.za/ Phone +27 (021) 674-9140 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamd + Exim. Support relay or not ?
On Tue, 20 Apr 2004 16:36:16 +0400 =?windows-1251?Q?=CC=E8=F5=E0=E8=EB?= wrote: Hello, htllp me please Does ClamAV supports mail server which relays mail ? I mean mail not to localhost but to other MTA's ? I've installed Exim+eciscan and ClamAV all log information is ok for example: Tue Apr 20 16:16:05 2004 - +++ Started at Tue Apr 20 16:16:05 2004 Tue Apr 20 16:16:05 2004 - Log file size limited to 2097152 bytes. Tue Apr 20 16:16:05 2004 - Verbose logging activated. Tue Apr 20 16:16:05 2004 - Running as user clamav (UID 1003, GID 1003) Tue Apr 20 16:16:05 2004 - Reading databases from /usr/local/share/clamav Tue Apr 20 16:16:06 2004 - Protecting against 21157 viruses. Tue Apr 20 16:16:06 2004 - Bound to address 127.0.0.1 on port 3310 Tue Apr 20 16:16:06 2004 - Setting connection queue length to 15 Tue Apr 20 16:16:06 2004 - Listening daemon: PID: 149 Tue Apr 20 16:16:06 2004 - Maximal number of threads: 20 Tue Apr 20 16:16:06 2004 - Archive: Archived file size limit set to 10485760 bytes. Tue Apr 20 16:16:06 2004 - Archive: Recursion level limit set to 5. Tue Apr 20 16:16:06 2004 - Archive: Files limit set to 1000. Tue Apr 20 16:16:06 2004 - Archive: Compression ratio limit set to 200. Tue Apr 20 16:16:06 2004 - Archive support enabled. Tue Apr 20 16:16:06 2004 - RAR support enabled. Tue Apr 20 16:16:06 2004 - Mail files support enabled. Tue Apr 20 16:16:06 2004 - Self checking every 3600 seconds. Tue Apr 20 16:16:06 2004 - Timeout set to 180 seconds. Tue Apr 20 16:16:06 2004 - SelfCheck: Database status OK. Tue Apr 20 16:16:06 2004 - SelfCheck: Integrity OK But it DOES NOT see any virus in the attachment! Maybe you haven't configured exim to call clamd ? You should show us your ACLs from the exim configuration. --Frank Elsner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users