On Thursday 13 April 2006 9:48 am, Nigel Horne wrote:
> Greg McCarthy wrote:
> > I've setup clamav which seems to be working well. One thing I've
> > noticed is that when the postmaster receives a message that a virus
> > was quarantine, in the email is says:
> >
> > "The message in question has been quarantined as
> > /var/tmp/clamav/clamav-a19f2b85ad7c9978/msg.P1bOPB"
> >
> > I am however running the clamav-milter with
> > --quarantine-dir=/var/mail/quarantine
> > and the files are being quarantined in the correct location. The
> > /var/tmp/clamav/clamav-a19f2b85ad7c9978 directory does exist, but its
> > empty.
> >
> > I've noticed in the clamd.conf file:
> > TemporaryDirectory /var/tmp/clamav
> >
> > Is this is why the mail contains the incorrect location? Should it
> > correspond to the location specified in the milter?
>
> What does the syslog say?
>
> > Thanks
> > Greg
>
> -Nigel
This is due to the notification being sent before the virus is moved to the
quarantine location. The action of moving the file updates the filename; the
notification sees the original filename.
Patch below moves the quarantining to before the notification
Simon
--- clamav-0.88/clamav-milter/clamav-milter.c.orig 2005-10-25
22:40:59.000000000 +0100
+++ clamav-0.88/clamav-milter/clamav-milter.c 2006-01-10 22:26:13.000000000
+0000
@@ -2851,6 +2851,10 @@
smfi_addheader(ctx, "X-Virus-Status", buf);
}
+ if(quarantine_dir) {
+ qfile(privdata, sendmailId, virusname);
+ }
+
if(use_syslog) {
/*
* Setup err as a list of recipients
@@ -3017,8 +3021,6 @@
}
if(quarantine_dir) {
- qfile(privdata, sendmailId, virusname);
-
/*
* Cleanup filename here otherwise clamfi_free() will
* delete the file that we wish to keep because it
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
