Hello,
I'm new to clamav. I'm running exim 4.66 and clamav (ClamAV 0.88.7/2487/Wed
Jan 24 10:53:17 2007). There are two issues at hand;
1) clam is not returning the name! of virus it caught in mails. Exim
has a $malware_name variable which should have it, which is coming up as
empty in exim rejectlog
2) Below, I have copied some sample log entries I found in exim
rejectlog. Is this normal output?
Here is my exim.conf;
------------------------------------------
av_scanner = clamd:/var/run/clamav/clamd
# Reject all messages infected with any virus
deny message = This email is infected with ($malware_name). Please check
the system for infection.
warn message = X-Virus-Scanner: ClamAV on $primary_hostname
demime = *
malware = */defer_ok
# Now accept all
accept
Sample 1 from log;
------------------------------
2007-01-25 04:09:25 1HA0bk-000Dbi-H4 H=(static-66-13-44-10.bdsl.verizon.net)
[66.13.44.10] F=<[EMAIL PROTECTED]> rejected after DATA: This email is
infected with (). Please check the system for infection.
Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from [66.13.44.10] (helo=static-66-13-44-10.bdsl.verizon.net)
by my.production-server.com with smtp (Exim 4.66 (FreeBSD))
(envelope-from <[EMAIL PROTECTED]>)
id 1HA0bk-000Dbi-H4
for [EMAIL PROTECTED]; Thu, 25 Jan 2007
04:09:25 -0500
P Received: from veivya ([151.49.43.128]) by
static-66-13-44-10.bdsl.verizon.net with Microsoft SMTPSVC(5.0.2195.4905);
Thu, 25 Jan 2007 03:07:19 -0600
I Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 25 Jan 2007 03:07:19 -0600
F From: Kirk <[EMAIL PROTECTED]>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
T To: [EMAIL PROTECTED]
Subject: IT Conversations adds value by collecting good content together
andmaking it easy for listeners to find things they like.
Content-Type: multipart/related;
boundary="------------040608090804040707090206"
Sample 2 from log;
------------------------------
2007-01-25 04:10:47 1HA0d5-000Dcb-3D H=(iaetc.com) [218.148.3.228] F=<
[EMAIL PROTECTED]> rejected after DATA: This email is infected with ().
Please check the system for infection.
Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from [218.148.3.228] (helo=iaetc.com)
by my.production-server.com with smtp (Exim 4.66 (FreeBSD))
(envelope-from <[EMAIL PROTECTED]>)
id 1HA0d5-000Dcb-3D
for [EMAIL PROTECTED]; Thu, 25 Jan 2007 04:10:47 -0500
I Message-ID: <[EMAIL PROTECTED]>
R Reply-To: "Jeri Clough" <[EMAIL PROTECTED]>
F From: "Jeri Clough" <[EMAIL PROTECTED]>
T To: "Henryk Hendrick" <[EMAIL PROTECTED]>
Subject: Re: my EDavowa
Date: Thu, 25 Jan 2007 18:07:22 +0900
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Sample 3 from log;
-------------------------------
2007-01-25 04:10:49 1HA0d7-000Dcd-BR H=([195.95.215.209]) [195.95.215.209]
F=<[EMAIL PROTECTED]> rejected after DATA: This email is infected with
(). Please check the system for infection.
Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from [195.95.215.209]
by my.production-server.com with esmtp (Exim 4.66 (FreeBSD))
(envelope-from <[EMAIL PROTECTED]>)
id 1HA0d7-000Dcd-BR
for [EMAIL PROTECTED];
Thu, 25 Jan 2007 04:10:49 -0500
F From: "Toys READER" <[EMAIL PROTECTED]>
T To: [EMAIL PROTECTED]
Subject: All you favorite games
Date: Thu, 25 Jan 2007 12:10:35 -0300
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0005_01C74079.D1D02C90"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcdAedHQnawnt7meT2y+dVznY/695A==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
I Message-Id: [EMAIL PROTECTED]
Are these log outputs normal for clamav?
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
