I think this is working
At work, I use Thunderbird. We have an internal "corporate" mail
server and an external gateway mail server (running clamav) . I had
changed my SMTP configuration on Thunderbird to use the mail gateway to
try sending eicar via the gateway mail server. I have multiple
identities in thunderbird for the account (e.g.
gaiseric.van...@mydomain.com and gvan...@mydomain.com.) I needed to
configure the SMTP gateway for each identity as well even though mail
did seem to be getting routed via clamav anyway. (Although in hindsight
I think clamav was scanning stuff going to an archive site I was also
testing.)
It looks like verizon does scan some e-mail for viruses- eicar.com and
eicar.com.txt were apparently blocked with no notification when sent
from a verizon account. eicar.zip, when sent from verizon, was
delivered to my work account where clamav did quarantine it.
When I properly configured my mail client at work to send mail via our
gateway server, clamav does quaratine all tested eicar mail.
Is there an easy way to configure notification of quarantined mail - at
least to the system admin?
Thanks
On 08/16/2010 04:04 PM, Gaiseric Vandal wrote:
I upgraded to clamav 0.96.2. I had been sending e-mail from a home
account to work account to test clamav on the work server. Gmail
will automatically reject it. Verizon won't so I was working on the
assumption that verizon does not do anti-virus e-mail scanning. This
may be an invalid assumption. I am now avoiding using external
accounts for testing.
After upgrading to 0.96.2 it appeared that no e-mail with eicar test
virus are quarantined. Previously eicar.zip was quarantines.
I downgraded to clamav 0.96.1. Doesn't fix anything.
I added the following line to clamav-milter.conf
AddHeader Add
This does add the following lines to incoming messages
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.96.1 at myserver
So clamav-milter is interacting properly with sendmail.
Neither clamd.log not clamav-milter.log indicate that any virus
scanning is going on. Previously, clamav-milter.log would indicate
that eicar.zip had been detected, but did not log clean messages
(despite the "LogClean yes" entry in clamd.conf
You help is appreciated
Thanks
-------- Original Message --------
Subject: clamav-milter and eicar.com
Date: Thu, 12 Aug 2010 22:56:19 -0400
From: Gaiseric Vandal <gaiseric.van...@gmail.com>
To: <clamav-users@lists.clamav.net>
I have an opensolaris machine with Sendmail 8.14.3.
I have compiled clamav 0.96.1 (and just upgraded to 0.96.2)
./configure --prefix=/usr/local/clamav --enable-milter --with-user=smmsp
--with-group=smmsp
Smmsp is the sendmail submission user.
I turned on all the logging options I could find in clamd.conf and
clamav-milter.conf. This includes syslog. I have one machine on my
network that is the central syslog server for unix-type mail servers.
I added the following line to sendmail.mc as part of rebuilding
sendmail.cf
INPUT_MAIL_FILTER(`clamav',
`S=local:/var/spool/clamav/clamav-milter.socket, T=S:4m;R:4m')
You will noticed I excluded the F=T option- if the milter doesn't work I
don't want mail to be rejected- at least while I am working out the bugs.
I download several version of the eicar test virus from
http://www.eicar.org/anti_virus_test_file.htm.
Eicar.zip will get quarantined by clamav-milter. (mailq -qQ shows this as
well as the logs.) Eicar.com and eicar.com.txt are clearly being blocked
somehow but they aren't quarantined, aren't logged and aren't rejected
(as far as I can tell.) Not that I really mind viruses getting
rejected but I would like a log of what is going on. It does make me a
little nervous when e-mail just disappears and I do need to he ability to
check logs when legitimate e-mail seems to be getting lost.
Your help is appreciated
Thanks
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
