In the message dated: Tue, 20 Apr 2004 18:45:40 BST,
The pithy ruminations from Nigel Horne on
<Re: [Clamav-users] trouble with milter> were:
=>
=>
=> On Tuesday 20 Apr 2004 6:40 pm, you wrote:
=>
=> > Can you send me a copy? I just grabbed the "latest" cvs version, and it's
=> > got 0.70n, not "o".
=>
=> Attached 70.o with some features of 70.p which has yet to be checked in.
Thanks! Things are really getting
better.
That compiles and seems to run. It appears to drop infected mail, but
I'm not getting a copy to postmaster or to the quarantine address. Nothing is
logged in /var/log/clamav/*, and there's no log entry in the maillog showing
that the message was infected. The sendmail log shows:
---------------INFECTED MAIL------------------------
Apr 20 14:53:16 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:53:17 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: collect: premature EOM:
unexpected close
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: collect: unexpected close on
connection from localhost, sender=<[EMAIL PROTECTED]>
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: from=<[EMAIL PROTECTED]>,
size=203, class=0, nrcpts=1, proto=ESMTP, [EMAIL PROTECTED]
Apr 20 14:53:18 server1 clamav-milter[28718]: clamfi_close
------END OF INFECTED MAIL------------------------
Messages that do not have viruses are delivered correctly, and the sendmail
log shows:
----------------------CLEAN MESSAGE-------------------------------
Apr 20 14:59:29 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:59:30 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:59:29 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:59:30 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: from=<[EMAIL PROTECTED]>,
size=43, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, [EMAIL PROTECTED]
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eoh
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_envbody: 44 bytes
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eom
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eom: read stream: OK
Apr 20 14:59:31 server1 clamav-milter[28718]: i3KJxSED029627: clean message from
<[EMAIL PROTECTED]>
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: Milter add: header:
X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70o
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: Milter add: header:
X-Virus-Status: Clean
Apr 20 14:59:31 server1 sendmail[29638]: i3KJxSED029627: to=<[EMAIL PROTECTED]>,
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30452, dsn=2.0.0, stat=Sent
Apr 20 14:59:31 server1 sendmail[29638]: i3KJxSED029627: done; delay=00:00:01, ntries=1
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_close
-----------------END OF CLEAN MESSAGE-------------------------------
I'm running clamav-milter with the options:
--debug
--headers
--local
--outgoing
--max-children=10
--force-scan
[EMAIL PROTECTED]
[EMAIL PROTECTED]
local:/var/run/clamav/clamav-milter.sock
The clamav.conf file has:
LogFile /var/log/clamav/clamd.log
LogClean
LogSyslog
LogVerbose
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.socket
StreamSaveToDisk
StreamMaxLength 10M
MaxDirectoryRecursion 15
User clamav
ScanOLE2
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
ClamukoMaxFileSize 1M
ClamukoScanArchive
As I understand it, I should be getting a notice that a virus was detected
sent to "[EMAIL PROTECTED]", with the actual infected message forwared to
"[EMAIL PROTECTED]", and I'd expect some logging to
/var/log/clamav/clamd.log or the syslog.
Mark
=>
=> > Thanks,
=>
=> --
=> Nigel Horne. Arranger, Composer, Typesetter.
=> NJH Music, Barnsley, UK. ICQ#20252325
=> [EMAIL PROTECTED] http://www.bandsman.co.uk
=>
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
