On Thursday 19 Jan 2006 21:14, Gerard Seibert wrote: > I recently installed ClavAV on my FreeBSD 5.4 system. I am running > Sendmail as my MTA. > > Clam seems to be working fine except for one small thing. > > First, this is the entry I have in my /etc/rc.conf file for Clam. > > clamav_clamd_enable="YES" # Enable ClamAV > clamav_freshclam_enable="YES" # Enable auto updater for AV > clamav_milter_enable="YES" # Enable the mail AV scanner > clamav_milter_socket="/var/run/clamav/clmilter.sock" # Clam Milter > socket clamav_milter_flags="--postmaster-only --local --outgoing > --max-children=50 --quarantine dir=/var/mail/quarantine --timeout=0" # > Clam milter settings > > Each directive is on one separate line although it might not look like > it here. > > This is a sample of the notices I receive when a virus is detected. > > The message k0JAB7nO094434 sent from > <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> > contained HTML.Phishing.Pay-6 and has not been delivered. > > The message in question has been quarantined as > /var/tmp//clamav-48b75ba8e9a0d2da/msg.8LUShP > > > First, you will notice that there are two "//" in the path. I do not > understand why. Second, although the directory entry does exist, it is > empty. The file mentioned is present in the > /var/mail/quarantine/060119/k0JAB7nO094434.HTML.Phishing.Pay-6 directory. > However, there does not appear to be anything attached to the file. It > is very simple HTML code.
Not sure if this will work, but have a look in your clamd.conf and look for the TemporaryDirectory directive and set it without the trailing / Unix filesystems are mostly tolerant of double slashes, so it's unlikely to cause a problem. phishing emails are not strictly speaking viruses, just a pain, only dangerous to those who believe them. Hence no attachments. > > My question is why is the /var/tmp/* directory being created if it is > empty? Why the double '//' in the path? Also, shouldn't the file with > the virus actually have something attached to it. Most of the time on > WinXP machines anyway, there is a file attachment of some kind, although > I guess that is not a requirement. The file most probably was there but only for a few milliseconds, when it got moved to its final location in your quarantine. Remember to delete them from time to time ;-) > > I am just curious as to whether I have this who thing configured > correctly. run man clamd.conf from the command line and you will learn more about the configuration of clamav. Also man freshclam.conf HTH -- ----------------- Bob Hutchinson Midwales dot com ----------------- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
