Re: Exiscan+clamav
On Tue, Nov 16, 2004 at 11:17:13AM -0600, Adam M Ryan wrote: > Thanks for all the replies. > > Yes Clamd is running: > > ps uaxww | grep clamav > clamav 53191 0.0 1.6 10576 8128 ?? Is8:48AM 0:00.00 > /usr/local/sbin/clamd > > > > I have also went ahead and changed the settings in clamd to log everything. > Still not seeing anything in the clamd log. Not sure what else I am > missing? I used clamscan on some test files and they seemed to get > deteceted without issue. Hmm. Have you got the correct path to the clamd socket in your exim config file? This seems the most likely fault now, if clamscan is running from the command line. You can check using sockstat: # sockstat -ul | grep clam clamav clamd 39547 4 stream /var/run/clamav/clamd Exim's log files, under /var/log/exim, may be a good place to look for a bit more detail about what's borking it. > Maybe a posting of your clamd.conf and exim.conf? Sure. Here is my clamd.conf (omitting all comment lines) LogFile /var/log/clamav/clamd.log LogTime LogVerbose PidFile /var/run/clamav/clamd.pid DatabaseDirectory /usr/local/share/clamav LocalSocket /var/run/clamav/clamd FixStaleSocket User clamav AllowSupplementaryGroups ScanMail ArchiveMaxRecursion 8 And the salient bits of my exim config file: av_scanner = clamd:/var/run/clamav/clamd acl_check_content: deny message = This message contains malware ($malware_name) demime = * malware = * The rest of the exim config is not relevant to this discussion. HTH Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgp1iTW5MvOr0.pgp Description: PGP signature
Re: Exiscan+clamav
Thanks for all the replies. Yes Clamd is running: ps uaxww | grep clamav clamav 53191 0.0 1.6 10576 8128 ?? Is8:48AM 0:00.00 /usr/local/sbin/clamd I have also went ahead and changed the settings in clamd to log everything. Still not seeing anything in the clamd log. Not sure what else I am missing? I used clamscan on some test files and they seemed to get deteceted without issue. Any other help? Maybe a posting of your clamd.conf and exim.conf? Thanks Adam --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 15, 2004 at 08:20:31PM -0600, Adam M Ryan wrote: > Right now I am using Exim 4.43 and clamav-0.80_1 both installed from port= s. > I am trying to get clamav to scan incoming email. I have altered my exim > configure file with the following: >=20 > av_scanner=3Dclamd:/var/run/clamav/clamd >=20 >=20 >=20 >deny message =3D This message contains malware ($malware_name) > demime =3D * > malware =3D * This is fine - exactly the settings I am using. > I have also double checked everything in > /usr/ports/mail/exim/files/POST-INSTALL-NOTES.clamd. >=20 > But I still can't get my emailed scanned by clamav. Someone else asked if clamd is really running. Have you edited the clamd conf file? The first item in the file needs to commented out to activate the config: # Comment or remove the line below. #Example It may be useful to turn on LogVerbose in clamd.conf too - it will log everything it scans, not just infected streams. Once you are happy it is working, you can disable LogVerbose to save your /var. > Does anyone have a working configure file that they could post? Your config is what is in the documentation and the default Exim configure file anyway. HTH Dan --=20 Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBmddzhvzwOpChvo8RAq+AAJ0VvDnFznA0ev/6qAAKDrf3v8AfxQCg0/6D 0IPEYfZKxEXw4ewdpifbWUA= =aIkv -END PGP SIGNATURE- --tThc/1wpZn/ma/RB-- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Exiscan+clamav
On Tue, Nov 16, 2004 at 10:33:24AM +, Daniel Bye wrote: > It may be useful to turn on LogVerbose in clamd.conf too - it will log > everything it scans, not just infected streams. Once you are happy it > is working, you can disable LogVerbose to save your /var. Gah! Sorry - this should read LogClean, not LogVerbose. (Of course, both may prove useful, but I meant LogClean.) Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpsaRxl9IEZT.pgp Description: PGP signature
Re: Exiscan+clamav
On Mon, Nov 15, 2004 at 08:20:31PM -0600, Adam M Ryan wrote: > Right now I am using Exim 4.43 and clamav-0.80_1 both installed from ports. > I am trying to get clamav to scan incoming email. I have altered my exim > configure file with the following: > > av_scanner=clamd:/var/run/clamav/clamd > > > >deny message = This message contains malware ($malware_name) > demime = * > malware = * This is fine - exactly the settings I am using. > I have also double checked everything in > /usr/ports/mail/exim/files/POST-INSTALL-NOTES.clamd. > > But I still can't get my emailed scanned by clamav. Someone else asked if clamd is really running. Have you edited the clamd conf file? The first item in the file needs to commented out to activate the config: # Comment or remove the line below. #Example It may be useful to turn on LogVerbose in clamd.conf too - it will log everything it scans, not just infected streams. Once you are happy it is working, you can disable LogVerbose to save your /var. > Does anyone have a working configure file that they could post? Your config is what is in the documentation and the default Exim configure file anyway. HTH Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpdBXit7Ww6i.pgp Description: PGP signature
Re: Exiscan+clamav
Adam I'm doing something similar, with SpamAssassin the loop too. I use MailScanner (www.mailscanner.info) to glue the MTA (exim), clam, Sophos and SpamAssassin together. Worth a look. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Adam M Ryan wrote: Right now I am using Exim 4.43 and clamav-0.80_1 both installed from ports. I am trying to get clamav to scan incoming email. I have altered my exim configure file with the following: av_scanner=clamd:/var/run/clamav/clamd deny message = This message contains malware ($malware_name) demime = * malware = * I have also double checked everything in /usr/ports/mail/exim/files/POST-INSTALL-NOTES.clamd. But I still can't get my emailed scanned by clamav. Does anyone have a working configure file that they could post? Below is my version: Thanks! Adam --- ## # Runtime configuration file for Exim # ## # This is a default configuration file which will operate correctly in # uncomplicated installations. Please see the manual for a complete list # of all the runtime configuration options that can be included in a # configuration file. There are many more than are mentioned here. The # manual is in the file doc/spec.txt in the Exim distribution as a plain # ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available # from the Exim ftp sites. The manual is also online at the Exim web sites. # This file is divided into several parts, all but the first of which are # headed by a line starting with the word "begin". Only those parts that # are required need to be present. Blank lines, and lines starting with # # are ignored. ### IMPORTANT ## IMPORTANT ### IMPORTANT ### # # # Whenever you change Exim's configuration file, you *must* remember to# # HUP the Exim daemon, because it will not pick up the new configuration # # until you do. However, any other Exim processes that are started, for# # example, a process started by an MUA in order to send a message, will# # see the new configuration as soon as it is in place. # # # # You do not need to HUP the daemon for changes in auxiliary files that# # are referenced from this file. They are read every time they are used. # # # # It is usually a good idea to test a new configuration for syntactic # # correctness before installing it (for example, by running the command# # "exim -C /config/file.new -bV"). # # # ### IMPORTANT ## IMPORTANT ### IMPORTANT ### ## #MAIN CONFIGURATION SETTINGS # ## # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the # uname() function is called to obtain the name. In many cases this does # the right thing and you need not set anything explicitly. # primary_hostname = # The next three settings create two lists of domains and one list of hosts. # These lists are referred to later in this configuration using the syntax # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They # are all colon-separated lists: domainlist local_domains = @ domainlist relay_to_domains = hostlist relay_from_hosts = localhost # Most straightforward access control requirements can be obtained by # appropriate settings of the above options. In more complicated situations, you # may need to modify the Access Control List (ACL) which appears later in this # file. # The first setting specifies your local domains, for example: # # domainlist local_domains = my.first.domain : my.second.domain # # You can use "@" to mean "the name of the local host", as in the default # setting above. This is the name that is specified by primary_hostname, # as specified above (or defaulted). If you do not want to do any local # deliveries, remove the "@" from the setting above. If you want to accept mail # addressed to your host's literal IP address, for example, mail addressed to # "[EMAIL PROTECTED]", you can add "@[]" as an item in the local domains # list. You also need to uncomment "allow_domain_literals" below. This is not # recommended for today's Internet. # The second setting specifies do
Re: Exiscan+clamav
Hello Ryan, Are you sure the clamd deamon is running ? On Mon, 15 Nov 2004 20:20:31 -0600 "Adam M Ryan" <[EMAIL PROTECTED]> wrote: > Right now I am using Exim 4.43 and clamav-0.80_1 both installed from ports. > I am trying to get clamav to scan incoming email. I have altered my exim > configure file with the following: > > av_scanner=clamd:/var/run/clamav/clamd > > > >deny message = This message contains malware ($malware_name) > demime = * > malware = * > > > I have also double checked everything in > /usr/ports/mail/exim/files/POST-INSTALL-NOTES.clamd. > > But I still can't get my emailed scanned by clamav. > > Does anyone have a working configure file that they could post? > > Below is my version: > > > Thanks! > > Adam > > > --- > > ## > # Runtime configuration file for Exim # > ## > > > # This is a default configuration file which will operate correctly in # > uncomplicated installations. Please see the manual for a complete list # of > all the runtime configuration options that can be included in a # > configuration file. There are many more than are mentioned here. The # > manual is in the file doc/spec.txt in the Exim distribution as a plain # > ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available # > from the Exim ftp sites. The manual is also online at the Exim web sites. > > > # This file is divided into several parts, all but the first of which are # > headed by a line starting with the word "begin". Only those parts that # are > required need to be present. Blank lines, and lines starting with # # are > ignored. > > > ### IMPORTANT ## IMPORTANT ### IMPORTANT ### > # # > # Whenever you change Exim's configuration file, you *must* remember to# > # HUP the Exim daemon, because it will not pick up the new configuration # > # until you do. However, any other Exim processes that are started, for# > # example, a process started by an MUA in order to send a message, will# > # see the new configuration as soon as it is in place. # > # # > # You do not need to HUP the daemon for changes in auxiliary files that# > # are referenced from this file. They are read every time they are used. # > # # > # It is usually a good idea to test a new configuration for syntactic # > # correctness before installing it (for example, by running the command# > # "exim -C /config/file.new -bV"). # > # # > ### IMPORTANT ## IMPORTANT ### IMPORTANT ### > > > > ## > #MAIN CONFIGURATION SETTINGS # > ## > > # Specify your host's canonical name here. This should normally be the fully > # qualified "official" name of your host. If this option is not set, the # > uname() function is called to obtain the name. In many cases this does # the > right thing and you need not set anything explicitly. > > # primary_hostname = > > > # The next three settings create two lists of domains and one list of hosts. > # These lists are referred to later in this configuration using the syntax # > +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They > # are all colon-separated lists: > > domainlist local_domains = @ > domainlist relay_to_domains = > hostlist relay_from_hosts = localhost > > # Most straightforward access control requirements can be obtained by # > appropriate settings of the above options. In more complicated situations, > you # may need to modify the Access Control List (ACL) which appears later > in this # file. > > # The first setting specifies your local domains, for example: > # > # domainlist local_domains = my.first.domain : my.second.domain > # > # You can use "@" to mean "the name of the local host", as in the default # > setting above. This is the name that is specified by primary_hostname, # as > specified above (or defaulted). If you do not want to do any local # > deliveries, remove the "@" from the setting above. If you want to accept > mail # addressed to your host's literal IP address, for example, mail > addressed to # "[EMAIL PROTECTED]", you can add "@[]" as an item in the > local domains # list. You also need to uncomment "allow_domain_literals" > below. This is not # recommended for tod