> Hello - Fresh newbie meat here for the first time - Be gentle please... > > I'm using procmail to call clamassassin, which calls clamscan. I'm > getting X- headers added by clamav, but I'm not detecting the EICAR > string in emails. I'm using ClamAV v0.73 obtained and installed via the > Debian Sid distro. I have several questions: > > 1. If I run clamscan from the console in the directory containing the > EICAR string, it -IS- properly detected. Why is it not being detected > in email? I read somewhere that email scanning has to be enabled in > clamav.conf - but I don't even have that file! Whywouldn't I? I did > run the config script. In /etc/clamav, I have freshclam.conf, but not > clamav.conf, and I don't find it elsewhere on the system.
clamav.conf is used by clamd for configuration parameters. Try running clamscan --mbox to get the detection. It _may_ not work because of the definition of EICAR, which IIRC is fairly strict and has the "virus" starting at the very beginning of the file. It should work with clamscan --mbox with EICAR attached, as opposed to being in the body of the message. > 2. I don't seem to have anything related to clamd - Why? How to run > clamd? My system has no knowledge of clamd or clamdscan. Differences > between running clamd vs clamscan? I have a low volume machine. Clamd is probably not necessary on a low-volume machine, but it allows faster scanning through local Unix sockets, or for shared scanning via TCP sockets. You should be ok to run clamscan --mbox; if you notice a slowdown in mail, look for .deb's with clamd (assuming that, like some distributions, they have been separately packaged.) > Thanks a bunch - Anxious to get it going! - John Good luck! --Seth ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
