Hi,
I've got a problem with my exim/clamd setup when I upgrade from 0.80rc2 to 0.
80rc3. I'm using exim 4.30 on SuSE 9.1 and have configured the malware acl to
use clamd on 127.0.0.1 3310 *however* when I upgrade to 0.80rc3 all mail is
being temporarily rejected with the following error being logged:
2004-10-03 18:05:28 1CE9nc-0006IK-5I malware acl condition: clamd: unable to
read from socket (No such file or directory)
2004-10-03 18:05:28 1CE9nc-0006IK-5I H=smtp5.uk1.bibliotech.net [212.57.34.104]
F=<[EMAIL PROTECTED]> temporarily rejected after DATA
Both exim and clam configs are unchanged during the upgrade (I've double checked
the clam config to be sure) and netstat says clamd is listening on port 3310
(dyna-access)
infinity:/var/log/exim # netstat -ap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 *:imaps *:* LISTEN
4740/xinetd
tcp 0 0 *:pop3s *:* LISTEN
4740/xinetd
tcp 0 0 localhost:10024 *:* LISTEN
4536/amavisd (maste
tcp 0 0 *:netbios-ssn *:* LISTEN
4758/smbd
tcp 0 0 localhost:dyna-access *:* LISTEN
1823/clamd
clam config with comments stripped:
LogFile /var/log/clamd.log
LogFileMaxSize 0
LogTime
LogSyslog
LogVerbose
PidFile /var/clamd/clamd.pid
TCPSocket 3310
TCPAddr 127.0.0.1
MaxThreads 10
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 50M
ArchiveMaxRecursion 0
ArchiveMaxFiles 0
ArchiveLimitMemoryUsage
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
ClamukoMaxFileSize 50M
ClamukoScanArchive
Relevent portions of exim config:
# The following ACL entry is used if you want to do content scanning with the
# exiscan-acl patch. When you uncomment this line, you must also review the
# acl_check_content entry in the ACL section further below.
acl_smtp_data = acl_check_content
# This configuration variable defines the virus scanner that is used with
# the 'malware' ACL condition of the exiscan acl-patch. If you do not use
# virus scanning, leave it commented. Please read doc/exiscan-acl-readme.txt
# for a list of supported scanners.
av_scanner = clamd:127.0.0.1 3310
[SNIP]
acl_check_content:
# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension
($found_extension)
demime = scr:vbs:bat:lnk:pif:vbe:wsf:wsh:shs:jse
# Reject virus infested messages.
# Scan mail with Clam
deny message = This message contains a virus or other harmful content:
$malware_name
demime = *
malware = *
# Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide
settings
# (user "nobody"), no matter if over threshold or not.
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
# Add X-Spam-Flag if spam is over system-wide threshold
warn message = X-Spam-Flag: YES
spam = nobody
# Reject spam messages with score over 15, using an extra condition.
deny message = This message gave a high spam score ($spam_score points).
Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{150}{1}{0}}
# finally accept all the rest
accept
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
