-----Original Message----- From: clamav-users-boun...@lists.clamav.net [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Matus UHLAR - fantomas Sent: Tuesday, September 22, 2009 7:43 AM To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] Zip attachment detected by clamscan but not clamd
On 21.09.09 14:44, Eric Swanson wrote: > I am running clamav 0.95.2 with mimedefang 2.64 and sendmail 8.14.3 on > Solaris 10. I am finding that messages with the following are not being > detected by clamd, but are detected by clamscan as > Trojan.Downloader-77566. > However, clamd (invoked from mimedefang) does not seem to pick this up at > all. Other similar trojans such as Email.Trojan.GZC are being detected by > clamd. Freshclam is updating the database normally. Any ideas why clamd > would miss something that clamscan detects? clamd is invoked from mimedefang? clamd should run as a daemon. Isn't that clamdscan? Try running clamdscan. And then, find out if clamd is allowed to open the file you want to scan. clamd must have permissions to open the file, which usually means that you have to add it to group mimedefang is running under and set AllowSupplementaryGroups to true. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are... _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml I stated the mimedefang-clamd operation poorly. Yes, clamd is running as a daemon, and mimedefang is aware of clamd and feeds messages to the clamd socket. Here are the results of clamscan and clamdscan: bash-3.2# clamscan ENTIRE_MESSAGE ENTIRE_MESSAGE: Trojan.Downloader-77566 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 623523 Engine version: 0.95.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.01 MB Data read: 0.01 MB (ratio 1.50:1) Time: 4.655 sec (0 m 4 s) bash-3.2# clamdscan -v ENTIRE_MESSAGE /var/spool/MD-Quarantine/qdir-2009-09-21-17.00.38-001/ENTIRE_MESSAGE: OK ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.048 sec (0 m 0 s) Other Trojans are being detected by clamd successfully. The problem appears to be with detection of Trojan.Downloader-77566 specifically. -Eric Swanson _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
