Hi Dave, I am wondering what happens if you use clamdscan on your phish_test file?
Steve On Mon, Jan 26, 2015 at 7:42 AM, Dave McMurtrie <dav...@andrew.cmu.edu> wrote: > Hi, > > We've been running ClamAV successfully for years. Recently, I added a URL > to our local.gdb database to block a malicious URL. When I send a test > message containing this URL through an MX server, it does not detect the > URL: > > Jan 26 07:13:17 andrew-mx-t01 clamd[31673]: > /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-5.txt: OK > Jan 26 07:13:17 andrew-mx-t01 clamd[31673]: > /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-6.html: OK > > However, when I run clamscan against the exact same message on the same MX > server, it does successfully detect the URL: > > [root@andrew-mx-t01 phish]# clamscan ./phish_test.txt > ./phish_test.txt: Heuristics.Phishing.URL.Blacklisted FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 4835255 > Engine version: 0.98.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 10.179 sec (0 m 10 s) > > When I start clamd, I can see that it successfully loads the local.gdb > file, so I know that's not the issue. > > Any pointers on how to troubleshoot this? sysadmin via google has thus > far failed me. > > Thanks! > > Dave > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
