Hey, I'm running the latest subversion release of clamav (devel-r4964M) to filter mail using clamav-milter to sendmail 8.14.3. I've just installed the sanesecurity sigs and restarted clamd/clamav/sendmail, just to be sure.
Using the test sigs ( test 2 and 3 as I don't have an html-based mail client handy just now ), neither of them have been picked up. Any ideas? Steve. Here's the relevant logs I can think of: 1. mail log for one of the messages Mar 20 09:28:53 vps163 sendmail[31827]: AUTH=server, relay=me [1.2.3.4] (may be forged), authid=steve, mech=PLAIN, bits=0 Mar 20 09:28:54 vps163 sendmail[31827]: n2JKSrkx031827: from=<st...@greengecko.co.nz>, size=510, class=0, nrcpts=1, msgid=<20090320092848.7557fb84.st...@greengecko.co.nz>, proto=ESMTP, daemon=MTA, relay=me [1.2.3.4] (may be forged) Mar 20 09:28:54 vps163 sendmail[31827]: n2JKSrkx031827: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=greengecko.co.nz;\n\ts=server; t=1237494534; bh=1Qd8MDmVLxpc4oaZsyFIi4v+a1a2AGke++iHYJXa\n\teU8=; h=Date:From:To:Subject:Message-Id:Mime-Version:Content-Type:\n\t Content-Transfer-Encoding; b=wNu3086nk/oCDOjeNa+I6sJo1vmEEuppEtqH2\n\tPUkmDMYTFIab3LNq4eQrSgeDwtpWiDwzUhqdk6slSpD2PujMXlJa+GVZ4n/OHY8V9GE\n\t98uRT3otYhDJ7DTYlPwPppvY Mar 20 09:28:54 vps163 sendmail[31827]: n2JKSrkx031827: Milter change (add): header: X-Virus-Scanned: clamav-milter devel-r4964M at server.greengecko.co.nz Mar 20 09:28:54 vps163 sendmail[31827]: n2JKSrkx031827: Milter change (add): header: X-Virus-Status: Clean Mar 20 09:28:54 vps163 sendmail[31843]: n2JKSrkx031827: to=<st...@greengecko.co.nz>, ctladdr=<st...@greengecko.co.nz> (1018/1018), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31237, dsn=2.0.0, stat=Sent 2. unofficial-clam-sigs.log Mar 20 09:17:42 INFO - Script was run manually Mar 20 09:17:42 INFO - ClamD is running Mar 20 09:17:43 INFO - SaneSecurity mirror site used: patroklos.noc.ntua.g 147.102.222.21 147.102.222.211 Mar 20 09:18:13 INFO - Testing updated database file: phish.ndb Mar 20 09:18:13 WARNING - SaneSecurity GPG Signature test FAILED on phish.ndb database - SKIPPING Mar 20 09:18:13 INFO - Testing updated database file: scam.ndb Mar 20 09:18:13 INFO - SaneSecurity GPG Signature tested good on scam.ndb database Mar 20 09:18:13 INFO - Clamscan reports scam.ndb database integrity tested good Mar 20 09:18:13 INFO - Successfully updated SaneSecurity production database file: scam.ndb [and all the others were loaded successfully except for the phish.ndb above] 3. clamd.log Fri Mar 20 09:26:55 2009 -> +++ Started at Fri Mar 20 09:26:55 2009 Fri Mar 20 09:26:55 2009 -> clamd daemon devel-r4964M (OS: linux-gnu, ARCH: i386, CPU: i686) Fri Mar 20 09:26:55 2009 -> Running as user clamav (UID 1000, GID 108) Fri Mar 20 09:26:55 2009 -> Log file size limited to 1048576 bytes. Fri Mar 20 09:26:55 2009 -> Reading databases from /var/lib/clamav Fri Mar 20 09:26:55 2009 -> Not loading PUA signatures. Fri Mar 20 09:26:56 2009 -> Loaded 675944 signatures. Fri Mar 20 09:26:56 2009 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock Fri Mar 20 09:26:56 2009 -> LOCAL: Setting connection queue length to 15 Fri Mar 20 09:26:56 2009 -> Limits: Global size limit set to 104857600 bytes. Fri Mar 20 09:26:56 2009 -> Limits: File size limit set to 26214400 bytes. Fri Mar 20 09:26:56 2009 -> Limits: Recursion level limit set to 16. Fri Mar 20 09:26:56 2009 -> Limits: Files limit set to 10000. Fri Mar 20 09:26:56 2009 -> Archive support enabled. Fri Mar 20 09:26:56 2009 -> Algorithmic detection enabled. Fri Mar 20 09:26:56 2009 -> Portable Executable support enabled. Fri Mar 20 09:26:56 2009 -> ELF support enabled. Fri Mar 20 09:26:56 2009 -> Mail files support enabled. Fri Mar 20 09:26:56 2009 -> OLE2 support enabled. Fri Mar 20 09:26:56 2009 -> PDF support enabled. Fri Mar 20 09:26:56 2009 -> HTML support enabled. Fri Mar 20 09:26:56 2009 -> Self checking every 600 seconds. Fri Mar 20 09:26:56 2009 -> Listening daemon: PID: 26554 [debug code on startup registered the new database files] as an example, here's the debug code for a single email: Fri Mar 20 09:35:29 2009 -> Received POLLIN|POLLHUP on fd 5 Fri Mar 20 09:35:29 2009 -> Got new connection, FD 10 Fri Mar 20 09:35:29 2009 -> Received POLLIN|POLLHUP on fd 6 Fri Mar 20 09:35:29 2009 -> fds_poll_recv: timeout after 5 seconds Fri Mar 20 09:35:29 2009 -> Received POLLIN|POLLHUP on fd 10 Fri Mar 20 09:35:29 2009 -> Receveived a file descriptor: 11 Fri Mar 20 09:35:29 2009 -> got command FILDES (7, 11), argument: Fri Mar 20 09:35:29 2009 -> RECVTH: FILDES command complete Fri Mar 20 09:35:29 2009 -> mode -> MODE_WAITREPLY Fri Mar 20 09:35:29 2009 -> Breaking command loop, mode is no longer MODE_COMMAND Fri Mar 20 09:35:29 2009 -> Consumed entire command Fri Mar 20 09:35:29 2009 -> Number of file descriptors polled: 1 fds Fri Mar 20 09:35:29 2009 -> fds_poll_recv: timeout after 600 seconds Fri Mar 20 09:35:29 2009 -> THRMGR: queue crossed low threshold -> signaling Fri Mar 20 09:35:29 2009 -> Closed fd 11 Fri Mar 20 09:35:29 2009 -> Finished scanthread Fri Mar 20 09:35:29 2009 -> Scanthread: connection shut down (FD 10) Fri Mar 20 09:35:29 2009 -> THRMGR: queue crossed low threshold -> signaling clamav-milter.log has nothing but a startup message. -- Steve Holdoway <st...@greengecko.co.nz> http://www.greengecko.co.nz _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
