I got Clam running over the weekend as a basic daemon. Freshclam seems to be working. But I'm lost in trying to troubleshoot the problem below.
It appears that the problem is between Clamd and the milter. Clamdscan is placed in a cron that seems to run fine (it finds the test virus files). In following the milter instructions I think the socket is named wrong, but what do i know. Any ideas??? John /var/log/maillog output below: Jul 1 19:53:46 FAKESERVERNAME sendmail[14703]: starting daemon (8.12.8): [EMAIL PROTECTED]:00:00 Jul 1 19:53:46 FAKESERVERNAME sm-msp-queue[14712]: starting daemon (8.12.8): [EMAIL PROTECTED]:00:00 Jul 1 19:53:53 FAKESERVERNAME ipop3d[14720]: pop3 service init from 192.168.1.1 Jul 1 19:57:39 FAKESERVERNAME ipop3d[15020]: Login user=john host=[192.168.1.1] nmsgs=0/0 Jul 1 19:57:39 FAKESERVERNAME ipop3d[15020]: Logout user=john host=[192.168.1.1] nmsgs=0 ndele=0 Jul 1 19:57:53 FAKESERVERNAME ipop3d[15031]: pop3 service init from 192.168.1.1 Jul 1 19:57:54 FAKESERVERNAME ipop3d[15031]: Login user=kathy host=[192.168.1.1] nmsgs=0/0 Jul 1 19:57:54 FAKESERVERNAME ipop3d[15031]: Logout user=kathy host=[192.168.1.1] nmsgs=0 ndele=0 Jul 1 19:58:30 FAKESERVERNAME sendmail[14753]: h61NsTUw014753: Milter (clamav): timeout before data read Jul 1 19:58:30 FAKESERVERNAME sendmail[14753]: h61NsTUw014753: Milter (clamav): to error state Jul 1 19:58:30 FAKESERVERNAME sendmail[14753]: h61NsTUw014753: from=<[EMAIL PROTECTED]>, size=355, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=67.106.161.70.ptr.us.xo.net [67.106.161.70] Jul 1 19:58:30 FAKESERVERNAME sendmail[15060]: h61NsTUw014753: to=<[EMAIL PROTECTED]>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30572, dsn=2.0.0, stat=Sent Jul 1 20:00:00 FAKESERVERNAME ipop3d[15125]: pop3 service init from 192.168.1.99 Jul 1 20:00:00 FAKESERVERNAME ipop3d[15125]: Logout user=??? host=FAKESERVERNAME [192.168.1.99] Jul 1 20:06:05 FAKESERVERNAME sendmail[15487]: h62025Uw015487: Milter (clamav): timeout before data read Jul 1 20:06:05 FAKESERVERNAME sendmail[15487]: h62025Uw015487: Milter (clamav): to error state Jul 1 20:06:05 FAKESERVERNAME sendmail[15487]: h62025Uw015487: Milter (clamav): init failed to open Jul 1 20:06:05 FAKESERVERNAME sendmail[15487]: h62025Uw015487: Milter (clamav): to error state Jul 1 20:06:05 FAKESERVERNAME sendmail[15487]: h62025Uw015487: FAKESERVERNAME [192.168.1.99] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Startup process [EMAIL PROTECTED]:20:52 etc] rm /var/run/clamav.sock rm: remove socket `/var/run/clamav.sock'? y [EMAIL PROTECTED]:21:04 etc] clamd --config-file=/etc/clamav.conf [EMAIL PROTECTED]:21:10 etc] service clamav-milter.sh start Starting clamav-milter: [ OK ] [EMAIL PROTECTED]:21:16 etc] service sendmail start Starting sendmail: [ OK ] Starting sm-client: [ OK ] [EMAIL PROTECTED]:21:22 etc] ps -A | grep clam 17314 ? 00:00:00 clamd 17331 pts/1 00:00:00 clamav-milter sendmail.mc (yes i ran m4) dnl Start of ClamAV-Milter INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clamav') dnl End of ClamAV-Milter /etc/clamav.conf LogFile /var/log/clamd.log #LogFileUnlock #LogFileMaxSize 2M LogTime #LogSyslog LogVerbose PidFile /var/run/clamd.pid DataDirectory /usr/local/clamav/database LocalSocket /var/run/clamd.sock #TCPSocket 3310 #MaxConnectionQueueLength 30 StreamSaveToDisk #StreamMaxLength 10M MaxThreads 10 ThreadTimeout 5000 MaxDirectoryRecursion 30 FollowFileSymlinks ScanMail General System Details clamav ver: 0.60 sendmail ver: 8.12.8 redhat: v8.0 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
