[Clamav-users] Re: clamav is not returning virus name to exim

Fri, 26 Jan 2007 21:17:01 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Haris Khan wrote:

> I'm new to clamav. I'm running exim 4.66 and clamav (ClamAV 0.88.7/2487/Wed
> Jan 24 10:53:17 2007). There are two issues at hand;
> 
> 1)       clam is not returning the name! of virus it caught in mails. Exim
> has a $malware_name variable which should have it, which is coming up as
> empty in exim rejectlog
> 2)       Below, I have copied some sample log entries I found in exim
> rejectlog. Is this normal output?

No.  I'm not an exim expert but...

> Here is my exim.conf;
> ------------------------------------------
> 
> av_scanner = clamd:/var/run/clamav/clamd
> 
> # Reject all messages infected with any virus
>  deny message = This email is infected with ($malware_name). Please check
> the system for infection.
>  warn message = X-Virus-Scanner: ClamAV on $primary_hostname

This probably should be:

        warn add_header = X-Virus-Scanner: ClamAV on $primary_hostname

but I don't think message + warn will/should fire together.

>        demime = *
>       malware = */defer_ok

I don't use the above two, instead only:

        deny    malware   = *

> # Now accept all
>  accept
> 
> 
> Sample 1 from log;
> ------------------------------
> 
> 2007-01-25 04:09:25 1HA0bk-000Dbi-H4
> H=(static-66-13-44-10.bdsl.verizon.net)
> [66.13.44.10] F=<[EMAIL PROTECTED]> rejected after DATA: This email is
> infected with (). Please check the system for infection.
...

> Are these log outputs normal for clamav?

I get lines like this:

2007-01-14 14:48:51 JBVLTF-000260-61 H=black [192.168.10.2] F=<[EMAIL 
PROTECTED]>
rejected after DATA: This message contains a virus
(Email.Spam.Gen041.Sanesecurity.06121902).

The only real difference is that "*/defer_ok", but I don't know what it does or
if that is the problem.  Could be something else, like restarting the server
after changing the configuration, or that I'm using Exim 4.63 .
- --
René Berber
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFuuADL3NNweKTRgwRAoVJAKDgic0eX/MBDd5kagCp/AzGt74GfgCgniFD
SIM7hOmHgZGXOfSXWnrcBEY=
=RtBI
-----END PGP SIGNATURE-----

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to