-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It appeared that everything was working OK, but this is appearing in my debug log for Q-S:
Wed, 27 Oct 2004 10:20:57 PDT:70411: run /usr/local/bin/clamdscan - --verbose --no-summary /usr/local/qmailscan/tmp/arthur.silvertree.org109889765750670411 2>&1 Wed, 27 Oct 2004 10:20:57 PDT:70411: --output of clamdscan was: - -- Wed, 27 Oct 2004 10:20:57 PDT:70411: error_condition: X-Qmail-Scanner-1.24: clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status -1/16777215
In /var/log/clamav/clamd.log:
Wed Oct 27 10:06:41 2004 -> +++ Started at Wed Oct 27 10:06:41 2004 Wed Oct 27 10:06:41 2004 -> clamd daemon 0.80 (OS: freebsd4.9, ARCH: i386, CPU: i386) Wed Oct 27 10:06:41 2004 -> Log file size limited to 2097152 bytes. Wed Oct 27 10:06:41 2004 -> Verbose logging activated. Wed Oct 27 10:06:41 2004 -> Running as user qscand (UID 98, GID 98) Wed Oct 27 10:06:41 2004 -> Reading databases from /usr/local/share/clamav Wed Oct 27 10:06:42 2004 -> Protecting against 25750 viruses. Wed Oct 27 10:06:42 2004 -> Unix socket file /var/run/clamav/clamd Wed Oct 27 10:06:42 2004 -> Setting connection queue length to 15 Wed Oct 27 10:06:42 2004 -> Listening daemon: PID: 70085 Wed Oct 27 10:06:42 2004 -> Archive: Archived file size limit set to 10485760 bytes. Wed Oct 27 10:06:42 2004 -> Archive: Recursion level limit set to 5. Wed Oct 27 10:06:42 2004 -> Archive: Files limit set to 1000. Wed Oct 27 10:06:42 2004 -> Archive: Compression ratio limit set to 250. Wed Oct 27 10:06:42 2004 -> Archive support enabled. Wed Oct 27 10:06:42 2004 -> Archive: RAR support disabled. Wed Oct 27 10:06:42 2004 -> Portable Executable support enabled. Wed Oct 27 10:06:42 2004 -> Mail files support enabled. Wed Oct 27 10:06:42 2004 -> OLE2 support enabled. Wed Oct 27 10:06:42 2004 -> HTML support enabled. Wed Oct 27 10:06:42 2004 -> Self checking every 1800 seconds.
When I do the test installation shell script it appears that clamd is running fine:
This is the Q-S debug log:
Wed, 27 Oct 2004 10:27:53 PDT:70651: --output of clamdscan was: /usr/local/qmailscan/tmp/arthur.silvertree.org109889807350670651/sneaky.txt: Eic ar-Test-Signature FOUND /usr/local/qmailscan/tmp/arthur.silvertree.org109889807350670651/orig-arthur.sil vertree.org109889807350670651: Eicar-Test-Signature FOUND - --
This is from clamd.log Wed Oct 27 10:27:53 2004 -> /usr/local/qmailscan/tmp/arthur.silvertree.org109889807350670651/orig-arthur.silvertree.org109889807350670651: Eicar-Test-Signature FOUND
I guess my primary concern is that I do not see any indication that it's actually scanning a file on incoming.
As a point of interest I e-mailed my self two zip files:
One contained the mydoom virus (test.scr) contained in test.zip.
The other contained a PDF file zipped (pdf.zip).
With qmail-scanner using clamdscan, both zip files were not delivered. I'm guessing it's because clamd didn't say they were clean.
So, where did I go wrong here? - -- PGP Key: http://archon.silvertree.org/pgp.txt
Fingerprint: E799 F032 BD9A 66B8 2930 AE2B E742 0B78 BADB 8E11
"Compassion and retribution are two sides of the same coin. Necessity dictates on what side the coin will fall." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBf+C9tLi+Rdj/cPMRArgIAJ90r6J65BhZOTZzh8Jaqgd6yfkyKwCfeLAG LzrGQydomlNHRvlgDcQ4z38= =c7R7 -----END PGP SIGNATURE-----
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
