Tom Ray [Lists] wrote: > René Berber wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Tom Ray [Lists] wrote: >> >> >> >>> Jonathan Armitage wrote: >>> >>> >>>> Tom Ray [Lists] wrote: >>>> >>>> >>>> >>>>> 2007-08-03 14:18:15 1IH1j5-0001xW-ED malware acl condition: clamd: >>>>> ClamAV returned /var/spool/exim/scan/1IH1j5-0001xW-ED: lstat() failed. >>>>> ERROR >>>>> 2007-08-03 14:18:15 1IH1j5-0001xW-ED H=rv-out-0910.google.com >>>>> [209.85.198.189] F=<[EMAIL PROTECTED]> temporarily rejected after DATA >>>>> >>>>> >>>>> >>>> Are you running clamd as the same user that runs Exim? If not, this >>>> could be a permissions problem on the directories. >>>> >>>> >>>> >>> No, I'm starting it as root but then /tmp/clamd.socket is owned by >>> >>> >> - --------------------------------------------^^^^^^^^^^^^ >> >> So it is /tmp/clamd or /tmp/clamd.socket? Does exim.conf has the same socket >> file as clamd.conf? >> >> > I start clamd with /usr/local/clamav/sbin/clamd --debug > > Clamd.conf has User Exim and LocalSocket /tmp/clamd.socket > > Exim.conf has av_scanner: clamd:/tmp/clamd.socket with the ACL > > acl_check_data: > > # Deny if the message contains a virus. Before enabling this check, you > # must install a virus scanner and set the av_scanner option above. > # > deny malware = * > message = This message contains a virus ($malware_name). > > warn message = X-antivirus-Scanner: Clean Mail > > # Accept the message. > > accept > > >> >> >>> clamav:aclamav I changed it to exim in the conf file and restarted. I >>> uncommented the Malware acl in exim and I'm not having delivery problems >>> anymore with it but I don't see it scanning. >>> >>> >> Doesn't make sense, if clamd is running as root then it has access to the >> spool. >> But your error message is clearly a permission access error, clamd is >> telling >> you it can't read the file exim told it to read. >> - -- >> René Berber >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (Cygwin) >> >> iD8DBQFGs4UAL3NNweKTRgwRCGf2AJ0YjCSckF2pEkoNmOL/h46E1NrP4ACgk8Yl >> 9Z34HAMTZfSPX+bQxq8u6JA= >> =dCsQ >> -----END PGP SIGNATURE----- >> Alright, so I changed the User in clamd.conf to root and everything is running great. It scans the attachments now. I know have two questions:
1) How do I have it scan for people using SMTP_AUTH or mail being sent by the machine? Or does that happen automatically? 2) How do I outright block certain extensions? Should I used the old demime ACL for that? Or is there a better way? Thanks! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
