Re: lamAV doesn't seem to pick up viruses

I'm not sure what your problem is. I run clamav (0.67) and it runs well. 
In fact it has been beating Norton and RAV in database updates for the 
last few weeks of outbreaks. Not sure why you can't find all viruses. Do 
you have zlib libraries loaded? Clamd isn't perfect yet (what scanner 
is) but it isn't bad in my opin.

I also run clamdscan, from config/plugins (clamnav /usr/bin/clamdscan). 
Works just fine for me.

I think the most obvious problem you may have overlooked is that if you 
don't uncomment line 57 (return (DENY, "Virus Found: $output");) of the 
clamav plugin (v0.27) the only thing the plugin will do is add a header 
to the mail message of X-Virus-Found=Yes. This doesn't do much if your 
mail client isn't setup to filter this header.

Your MaxThreads in your clamav.conf file needs to be => qmail's 
concurrencyincoming file or any simultaneous SMTP sessions over your 
MaxThreads won't invoke clam.

Eric

Reuven M. Lerner wrote:

> After installing qpsmtpd 0.27.1 on my server, I decided that it was 
> also time to install clamav, and remove incoming and outgoing viruses 
> from my system.  But for reasons that are beyond me, clamav fails to 
> discover the viruses when invoked via the qpsmtpd plugin.
>
> I read through the archives from this list, and I believe that I have 
> changed the configuration enough to avoid the most obvious problems.  
> And yet, I continue to receive viruses in my inbox at an alarming 
> rate.  (I'm running Linux, but my wife is running Windows.  And I host 
> several e-mail lists on my server, and want to remove any viruses that 
> people might send, accidentally or purposely, to those lists.)
>
> My configuration file (/usr/local/etc/clamav.conf) mostly follows the 
> defaults, but with a few minor changes:
>
>    LogFile /tmp/clamd.log
>    LogFileMaxSize 2M
>    LogTime
>    LogVerbose
>    LocalSocket /tmp/clamd
>     FixStaleSocket
>    MaxConnectionQueueLength 30
>    MaxThreads 10
>    ThreadTimeout 500
>    MaxDirectoryRecursion 15
>    FollowDirectorySymlinks
>    FollowFileSymlinks
>    SelfCheck 600
>    User smtpd
>    AllowSupplementaryGroups
>    Debug
>    ScanMail
>    ScanArchive
>    ScanRAR
>    ArchiveMaxFileSize 20M
>    ArchiveMaxRecursion 5
>    ArchiveMaxFiles 1000
>    ArchiveMaxCompressionRatio 200
>    ClamukoScanOnOpen
>    ClamukoScanOnClose
>    ClamukoScanOnExec
>    ClamukoIncludePath /home
>    ClamukoMaxFileSize 1M
>    ClamukoScanArchive
>
> As you can see in the above configuration, I now run clamav as the 
> "smtpd" user.  Running it as "clamav" meant that clamd couldn't read 
> the tempfiles
> that qpsmtpd had created.
>
> I am also running clamd (the clamav daemon) in the background.  I 
> changed the plugin to use clamdscan instead of clamscan, to take 
> advantage of the daemon.  Unfortunately, I get the same results with 
> clamscan and clamdscan -- oodles of false negatives, and not a single 
> incoming virus picked up.
>
> I played with the clamav plugin a bit, going so far as to comment out 
> the call to "unlink" from the temporary files.  When I run clamdscan 
> from the command line, it correctly identifies most (but not all) of 
> the files that have viruses embedded in them.  Indeed, the fact that 
> clamav seems to be missing many of the infected files even when I run 
> it from the command line makes me wonder if the problem is with my 
> configuration of clamd, my invocation of clamscan/clamdscan, or with 
> the plugin.
>
> I'm sure that I am missing something obvious -- probably having to do 
> with clamav, but perhaps in the qpsmtpd plugin.  Any and all help will 
> be appreciated.  If people want to e-mail me private directions on 
> what I should do, that'll be fine; if and when I get things working, 
> I'll submit some documentation that can be included as POD in the 
> plugin so that others don't have to deal with this issue.
>
> Thanks in advance for any suggestions people might have!
>
>
> Reuven
>
>
>
>

• Re: lamAV doesn't seem to pick up viruses by Reuven M. Lerner
• lamAV doesn't seem to pick up viruses by Reuven M. Lerner
• Re: lamAV doesn't seem to pick up viruses by Guillaume Filion
• Re: lamAV doesn't seem to pick up viruses by Eric Smoker
• Re: lamAV doesn't seem to pick up viruses by Robert Spier
• Re: lamAV doesn't seem to pick up viruses by Matt Sergeant
• Re: lamAV doesn't seem to pick up viruses by Robert Spier
• lamAV doesn't seem to pick up viruses by Reuven M. Lerner
• Re: lamAV doesn't seem to pick up viruses by Shad Lords
• Re: lamAV doesn't seem to pick up viruses by Burt
• clamAV and mbox format (was Re: lamAV doesn't seem to pick up viruses) by Charlie Brady
• Re: clamAV and mbox format (was Re: lamAV doesn't seem to pick up viruses) by Burt
• Re: lamAV doesn't seem to pick up viruses by Eric Smoker
• Re: lamAV doesn't seem to pick up viruses by Skaag Argonius
• Re: lamAV doesn't seem to pick up viruses by Skaag Argonius