I upgraded to clamav 0.96.2. I had been sending e-mail from a home
account to work account to test clamav on the work server. Gmail will
automatically reject it. Verizon won't so I was working on the
assumption that verizon does not do anti-virus e-mail scanning. This
may be an invalid assumption. I am now avoiding using external
accounts for testing.
After upgrading to 0.96.2 it appeared that no e-mail with eicar test
virus are quarantined. Previously eicar.zip was quarantines.
I downgraded to clamav 0.96.1. Doesn't fix anything.
I added the following line to clamav-milter.conf
AddHeader Add
This does add the following lines to incoming messages
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.96.1 at myserver
So clamav-milter is interacting properly with sendmail.
Neither clamd.log not clamav-milter.log indicate that any virus scanning
is going on. Previously, clamav-milter.log would indicate that
eicar.zip had been detected, but did not log clean messages (despite the
"LogClean yes" entry in clamd.conf
You help is appreciated
Thanks
-------- Original Message --------
Subject: clamav-milter and eicar.com
Date: Thu, 12 Aug 2010 22:56:19 -0400
From: Gaiseric Vandal <gaiseric.van...@gmail.com>
To: <clamav-users@lists.clamav.net>
I have an opensolaris machine with Sendmail 8.14.3.
I have compiled clamav 0.96.1 (and just upgraded to 0.96.2)
./configure --prefix=/usr/local/clamav --enable-milter --with-user=smmsp
--with-group=smmsp
Smmsp is the sendmail submission user.
I turned on all the logging options I could find in clamd.conf and
clamav-milter.conf. This includes syslog. I have one machine on my
network that is the central syslog server for unix-type mail servers.
I added the following line to sendmail.mc as part of rebuilding
sendmail.cf
INPUT_MAIL_FILTER(`clamav',
`S=local:/var/spool/clamav/clamav-milter.socket, T=S:4m;R:4m')
You will noticed I excluded the F=T option- if the milter doesn't work I
don't want mail to be rejected- at least while I am working out the bugs.
I download several version of the eicar test virus from
http://www.eicar.org/anti_virus_test_file.htm.
Eicar.zip will get quarantined by clamav-milter. (mailq -qQ shows this as
well as the logs.) Eicar.com and eicar.com.txt are clearly being blocked
somehow but they aren't quarantined, aren't logged and aren't rejected
(as far as I can tell.) Not that I really mind viruses getting
rejected but I would like a log of what is going on. It does make me a
little nervous when e-mail just disappears and I do need to he ability to
check logs when legitimate e-mail seems to be getting lost.
Your help is appreciated
Thanks
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
