Discussion:
[newbie] - ClamAV doesn't seem to be doing anything...
Bernard T. Higonnet
2009-01-22 13:24:19 UTC
Permalink
System FreeBSD 7.0-RELEASE
Amavisd-new amavisd-new-2.6.1 (20080629), Unicode aware
ClamAV clamd daemon 0.94.2
freshclam daemon 0.94.2



3 machines are involved

192.168.3.102 postfix
192.168.3.103 clamd/freshclam
192.168.3.108 amavisd-new


From amavisd.conf

['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "192.168.3.103:3310"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

From clamd.log

TCP: Bound to port 3310

clamd log shows no activity at all after daemon start when the machine
was rebooted



maillogs for clam and amavisd machines show no interaction that I can
see. Postfix and amavisd seem to be communicating normally

TIA
Bernard Higonnet


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Mark Martinec
2009-01-23 18:50:33 UTC
Permalink
Bernard,
Post by Bernard T. Higonnet
System FreeBSD 7.0-RELEASE
Amavisd-new amavisd-new-2.6.1 (20080629), Unicode aware
ClamAV clamd daemon 0.94.2
freshclam daemon 0.94.2
3 machines are involved
192.168.3.102 postfix
192.168.3.103 clamd/freshclam
192.168.3.108 amavisd-new
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "192.168.3.103:3310"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
From clamd.log
TCP: Bound to port 3310
clamd log shows no activity at all after daemon start when the machine
was rebooted
maillogs for clam and amavisd machines show no interaction that I can
see. Postfix and amavisd seem to be communicating normally
Use tcpdump on 192.168.3.103, you should be able to see
connection attempts. Also the amavisd log should report
attempts to connect to a virus scanner.

But note one potentially fundamental problem here:
the CONTSCAN command passes a directory name to
the scanning host. Files are not transferred by amavisd,
just the name. The above setup could only work if
amavisd temporary directory is exported (e.g. through NFS)
to a scanning host and mount points arranged there so that
the scanning host actually sees files-to-be-scanned
at the indicated (through CONTSCAN) location.

Mark

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Loading...