In the message dated: Tue, 20 Apr 2004 18:45:40 BST,
The pithy ruminations from Nigel Horne on 
<Re: [Clamav-users] trouble with milter> were:
=> 
=> 
=> On Tuesday 20 Apr 2004 6:40 pm, you wrote:
=> 
=> > Can you send me a copy? I just grabbed the "latest" cvs version, and it's
=> > got 0.70n, not "o".
=> 
=> Attached 70.o with some features of 70.p which has yet to be checked in.

Thanks! Things are really getting 
better.

That compiles and seems to run. It appears to drop infected mail, but
I'm not getting a copy to postmaster or to the quarantine address. Nothing is
logged in /var/log/clamav/*, and there's no log entry in the maillog showing
that the message was infected. The sendmail log shows:

---------------INFECTED MAIL------------------------
Apr 20 14:53:16 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:53:17 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: collect: premature EOM: 
unexpected close
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: collect: unexpected close on 
connection from localhost, sender=<[EMAIL PROTECTED]>
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: from=<[EMAIL PROTECTED]>, 
size=203, class=0, nrcpts=1, proto=ESMTP, [EMAIL PROTECTED]
Apr 20 14:53:18 server1 clamav-milter[28718]: clamfi_close
------END OF INFECTED MAIL------------------------


Messages that do not have viruses are delivered correctly, and the sendmail
log shows:
----------------------CLEAN MESSAGE-------------------------------
Apr 20 14:59:29 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:59:30 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:59:29 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:59:30 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: from=<[EMAIL PROTECTED]>, 
size=43, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, [EMAIL PROTECTED]
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eoh
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_envbody: 44 bytes
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eom
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eom: read stream: OK
Apr 20 14:59:31 server1 clamav-milter[28718]: i3KJxSED029627: clean message from 
<[EMAIL PROTECTED]>
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: Milter add: header: 
X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70o
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: Milter add: header: 
X-Virus-Status: Clean
Apr 20 14:59:31 server1 sendmail[29638]: i3KJxSED029627: to=<[EMAIL PROTECTED]>, 
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30452, dsn=2.0.0, stat=Sent
Apr 20 14:59:31 server1 sendmail[29638]: i3KJxSED029627: done; delay=00:00:01, ntries=1
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_close
-----------------END OF CLEAN MESSAGE-------------------------------


I'm running clamav-milter with the options:

        --debug
        --headers
        --local
        --outgoing
        --max-children=10
        --force-scan
        [EMAIL PROTECTED]
        [EMAIL PROTECTED]
        local:/var/run/clamav/clamav-milter.sock

The clamav.conf file has:
        LogFile /var/log/clamav/clamd.log
        LogClean
        LogSyslog
        LogVerbose
        PidFile /var/run/clamav/clamd.pid
        DatabaseDirectory /var/lib/clamav
        LocalSocket /var/run/clamav/clamd.socket
        StreamSaveToDisk
        StreamMaxLength 10M
        MaxDirectoryRecursion 15
        User clamav
        ScanOLE2
        ScanMail
        ScanArchive
        ArchiveMaxFileSize 10M
        ArchiveMaxRecursion 5
        ArchiveMaxFiles 1000
        ArchiveMaxCompressionRatio 200
        ClamukoScanOnOpen
        ClamukoScanOnClose
        ClamukoScanOnExec
        ClamukoIncludePath /home
        ClamukoMaxFileSize 1M
        ClamukoScanArchive

As I understand it, I should be getting a notice that a virus was detected
sent to "[EMAIL PROTECTED]", with the actual infected message forwared to
"[EMAIL PROTECTED]", and I'd expect some logging to
/var/log/clamav/clamd.log or the syslog.

Mark

=> 
=> > Thanks,
=> 
=> -- 
=> Nigel Horne. Arranger, Composer, Typesetter.
=> NJH Music, Barnsley, UK.  ICQ#20252325
=> [EMAIL PROTECTED] http://www.bandsman.co.uk
=> 




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to