Nigel,
I think I'm getting closer to finding the cause of this. Further testing shows that clamav-milter does not scan messages unless BOTH the -l and -o switches are added (or the -f switch).
This is regardless of whether the message is sent from the LAN or from an external host.
My tentative conclusion is that clamav-milter thinks:
1. Messages are being sent from the LAN (which makes sense, I guess, since they're actually coming from fetchmail via localhost); and
2. Messages are not being delivered locally (this makes no sense - the messages are being delivered to local mailboxes i.e. /var/mail/$USER .
Does that help?
Replies to your queries below - posting to gmane.comp.security.virus.clamav.user to workaround Hotmail!
Nigel Horne wrote:
Is clamd running? It's difficult to read your mail because you've sent from Hotmail which annoyingly puts HTML in e-mails, but it looks as though clamd is running OK. Try to clamdscan (note the d) a file.
% ps -awxU clamav
PID TT STAT TIME COMMAND
374 ?? Ss 0:00.03 /usr/local/bin/freshclam -d -p /var/clamav/freshclam.pid
403 ?? Ss 0:00.02 /usr/local/sbin/clamd
405 ?? Ss 0:00.14 /usr/local/sbin/clamav-milter --debug -c /etc/clamav.conf -AdNq local:/var/clamav/clmilter.sock
Are you running 0.75 or 0.80?
% /usr/local/sbin/clamd -V clamd / ClamAV version 0.75.1
What makes you believe that incoming messages aren't being scanned?
No X-Virus-Scanned: or X-Virus-Status: headers being added to messages and nothing logged to my /var/log/mail.log [apart from the 1 debugging message - clamfi_close].
Adding both the -l or -o switches [or -f] to clamav-milter results in mail being scanned [i.e. appropriate headers added and clamav-milter messages logged].
I notice no clamav-milter.pid, if you do ps is clamav-milter still running?
I've added --pidfile=/var/clamav/clmilter.pid to the command kicking off clamav-milter now, but from what I understand from my ps above it shouldn't make a difference in this case.
-Nigel
On Wednesday 29 Sep 2004 13:28, Damon McMahon wrote:
Nigel,
Sorry about that. The problem is that clamav-milter isn't scanning incoming mail. I want to configure it to scan mail that is passed to sendmail from fetchmail (running on the same host) to deliver to local mailboxes, but not scan outgoing mail.
I agree, the documentation implies that leaving off the -o -f and -l switches should achieve this, but for some reason it's just not scanning anything [see the bottom of the mail log below].
I confirm that clamav-milter does indeed scan mail if the -o or -l switch is used. How does clamav-milter determine what is incoming, what is outgoing and what is lan mail (and pardon my ignorance)? Is it my sendmail configuration, perhaps?
Cheers, Damon
----Original Message Follows---- From: Nigel Horne <[EMAIL PROTECTED]> Organization: NJH Music (bandsman.co.uk) To: [EMAIL PROTECTED] Date: Wed, 29 Sep 2004 08:24:47 +0100 Subject: [Clamav-users] Re: Clamav-users digest, Vol 1 #1033 - 11 msgs Reply-To: [EMAIL PROTECTED]
I can't remember the original problem, you've removed the history from this post that would have reminded me!
-Nigel
On Wednesday 29 Sep 2004 02:58, Damon McMahon wrote:
> Nigel,
>
> Thanks for your reply, and please accept my apologies for the woeful lack of
> detail in my first post.
>
> Here's how we kick off clamav:
>
> #!/bin/sh
> /usr/local/bin/freshclam -d -p /var/clamav/freshclam.pid
> /usr/local/sbin/clamd
> /usr/local/sbin/clamav-milter --debug -c /etc/clamav.conf -AdNq
> local:/var/clamav/clmilter.sock
>
> Note that I couldn't get clamav-milter to accept --dubug-level=n despite
> this being documented in the man page and building with
>
> % ./configure --enable-debug
>
> Here are the relevant run-time files:
>
> % ls -al /var/clamav
> drwx------ 6 clamav clamav 204 29 Sep 10:58 .
> drwxr-xr-x 22 root wheel 748 29 Sep 09:06 ..
> -rw-rw---- 1 clamav clamav 4 29 Sep 10:58 clamd.pid
> srwxrwxrwx 1 clamav clamav 0 29 Sep 10:58 clamd.sock
> srwx------ 1 clamav clamav 0 29 Sep 10:58 clmilter.sock
> -rw-rw---- 1 clamav clamav 4 29 Sep 10:58 freshclam.pid
>
> Here's my configuration customisations:
>
> % cat /etc/clamav.conf | grep -v # | grep -v '^$'
> LogSyslog
> LogFacility LOG_MAIL
> LogVerbose
> PidFile /var/clamav/clamd.pid
> LocalSocket /var/clamav/clamd.sock
> FixStaleSocket
> StreamSaveToDisk
> StreamMaxLength 10M
> MaxThreads 10
> MaxDirectoryRecursion 15
> User clamav
> ScanOLE2
> ScanMail
> ScanArchive
> ArchiveMaxFileSize 10M
> ArchiveMaxRecursion 5
> ArchiveMaxFiles 1000
> ArchiveMaxCompressionRatio 200
> ClamukoScanOnOpen
> ClamukoScanOnClose
> ClamukoScanOnExec
> ClamukoIncludePath /home
> ClamukoMaxFileSize 1M
> ClamukoScanArchive
>
> Here's the relevant snippet from my mail log showing the info you requested:
>
> Sep 29 10:57:31 localhost clamd[9693]: Daemon started.
> Sep 29 10:57:31 localhost clamd[9693]: clamd daemon 0.75.1 (OS: darwin7.5.0,
> ARCH: ppc, CPU: powerpc)
> Sep 29 10:57:31 localhost clamd[9693]: Log file size limited to 1048576
> bytes.
> Sep 29 10:57:31 localhost clamd[9693]: Verbose logging activated.
> Sep 29 10:57:31 localhost clamd[9693]: Running as user clamav (UID 30, GID
> 30)
> Sep 29 10:57:31 localhost clamd[9693]: Reading databases from
> /usr/local/share/clamav
> Sep 29 10:57:32 localhost clamd[9693]: Protecting against 24128 viruses.
> Sep 29 10:57:33 localhost clamd[9694]: Unix socket file
> /var/clamav/clamd.sock
> Sep 29 10:57:33 localhost clamd[9694]: Setting connection queue length to 15
> Sep 29 10:57:33 localhost clamd[9694]: Listening daemon: PID: 9694
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Archived file size limit set
> to 10485760 bytes.
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Recursion level limit set to
> 5.
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Files limit set to 1000.
> Sep 29 10:57:33 localhost clamd[9694]: Archive: Compression ratio limit set
> to 200.
> Sep 29 10:57:33 localhost clamd[9694]: Archive support enabled.
> Sep 29 10:57:33 localhost clamd[9694]: RAR support disabled.
> Sep 29 10:57:33 localhost clamd[9694]: Mail files support enabled.
> Sep 29 10:57:33 localhost clamd[9694]: OLE2 support enabled.
> Sep 29 10:57:33 localhost clamd[9694]: Self checking every 3600 seconds.
> Sep 29 10:58:53 localhost clamav-milter[9842]: Starting: clamd / ClamAV
> version 0.75.1, clamav-milter version 0.75c
> Sep 29 10:58:53 localhost clamav-milter[9842]: Started: clamd / ClamAV
> version 0.75.1, clamav-milter version 0.75c
> Sep 29 10:59:11 localhost sendmail[9864]: starting daemon (8.13.1):
> [EMAIL PROTECTED]:20:00
> Sep 29 10:59:11 localhost sendmail[9867]: starting daemon (8.13.1):
> [EMAIL PROTECTED]:20:00
> Sep 29 10:59:15 localhost fetchmail[9886]: starting fetchmail 6.2.5 daemon
> Sep 29 11:01:10 localhost fetchmail[9886]: 1 message for [EMAIL PROTECTED]
> at pop.my.mail.provider.net (773 octets).
> Sep 29 11:01:11 localhost fetchmail[9886]: reading message
> [EMAIL PROTECTED]@pop.my.mail.provider.net:1 of 1 (773 octets)
> Sep 29 11:01:11 localhost clamav-milter[9842]: clamfi_close
> Sep 29 11:01:11 localhost sendmail[9898]: i8T1VBd6009898:
> from=<[EMAIL PROTECTED]>, size=866, class=0, nrcpts=1,
> msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
> daemon=MTA, relay=localhost [127.0.0.1]
>
> If you need anything else let me know.
>
> Thanks again,
> Damon
>
> ----Original Message Follows----
> From: Nigel Horne &lt;[EMAIL PROTECTED]&gt;
> Organization: NJH Music (bandsman.co.uk)
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] fetchmail &amp; clamav-milter
> Date: Tue, 28 Sep 2004 08:12:09 +0100
> Reply-To: [EMAIL PROTECTED]
>
> [snip]
>
> Yes, don't use -l, -o or -f. What options are you using? What version of
> clamav-milter?
>
-- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk
Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
