Simon, > I looked at scoring for an email on an SA installation and noticed > differences between hand scanning with spamc and scanning with spamd. My > manually scanned email hit CLAMAV sane security, (ignore Bayes because > the user had Bayes process this and then asked me about this), whilst > this spamd delivered message did not hit CLAMAV_SANE The local.cf had a > timeout of 250 seconds (default is 300). The clamav logs did not record > any connection from SA during the spamd scan, yet did record a > connection from spamc when I manually scanned the message so I think > spamd skipped clamav scans.
> I'd be really grateful if you could tell me where I could start looking > so that I can work out why CLAMAV did not get read/called. > Running on Debian 6 / SpamAssassin 3.3.2 Start looking by enabling debugging in spamd. Assuming the ClamAVPlugin from SpamAssassin Wiki is used, you could selectively enable just its debug area in spamd: --debug=ClamAV The first suspect would be access rights to the clamd socket vs. the UID under which a spamd child process is running. Mark
