On 5/4/2012 10:39 AM, Mr. Eddie Jackson wrote: > Please answer this simple basic newbie webmaster question. I have spent hous > and read the entire clamav manual and it is not answered. > > I simply need to know if clamav deletes or quarantines viruses it finds in a > default debian squeeze apache2 general web/mail/db etc server? > > I am seeing lots of viruses, trojans and mail viruses "FOUND" in the logs, > but no indication whatsoever that clamav (or amavis) is deleting or > quarantining them. > > When I look at /etc/clamav/, both the > > /onerrorexecute.d/ and the > > /virusevent.d/ sub-directories are empty. > > Is anything happening to the viruses that clamav (and amavis) is finding?
ClamAV is simply a scanner. It reports that a message contains a virus and that's all. Amavis is probably what is doing the quarantining or deleting. You would need to look at the Amavis settings to see what it is doing. I think it quarantines by default, but I'm not sure. If you are using Amavis, you should see something like this in the log: May 4 11:24:31 mailserver amavis[10587]: (10587-14) Blocked INFECTED (Sanesecurity.Spam.11428.Dom.UNOFFICIAL), AM-SOCK [::ffff:216.117.128.143] [216.117.128.143] <levitra-pro....@inacap.cl> -> <u...@example.com>, quarantine: virus-jq6q66j9SEuS, Queue-ID: 0015804D.4FA3F4AE.00004564, Message-ID: <004e01c4288f$3de11c91$f0b803cf@levitra-pro....@inacap.cl>, mail_id: jq6q66j9SEuS, Hits: -, 152 ms Try asking on the Amavis mailing list. They should be able to tell you where all the settings are. http://lists.amavis.org/cgi-bin/mailman/listinfo/amavis-users -- Bowie _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
