On 11/24/06, Dennis Peterson <[EMAIL PROTECTED]> wrote:
Jon Smith wrote: > On 11/24/06, Dennis Peterson <[EMAIL PROTECTED]> wrote: >> >> Jon Smith wrote: >> > clamav-milter starts without any warnings/errors. The >> /var/log/clamd.milter >> > log file is completely empty. Permissions are correct, I can su to >> clamilt >> > user and write to the file. Messages are be relayed but not tagged or >> > apparently even processed by clamav-milter. >> > >> > Nothing interesting in /var/log/messages or /var/log/maillog, just >> sendmail >> > relaying messages (nothing about clam at all). >> > >> >> Your lsof doesn't show any sendmail attachment to the socket. Your data >> dumps don't show any sendmail.cf information. Did you configure your >> sendmail.mc file (or what ever yours is called) to use the clamav >> milter? If not then sendmail won't attempt to use it. >> >> dp >> > > Thanks for the quick response, I really appreciate it! > >> From my original message: > > [root@<hostname> ~]# grep clam /etc/mail/sendmail.cf > XClamav, S=local:/var/run/clamav-milter/clamav.sock, F=, T=S:4m;R:4m > > Also worth noting from my original message: > [root@<hostname> ~]# /usr/lib/sendmail -d0 < /dev/null | grep MILTER > MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET > NETINET6 > > So, yes, sendmail is compiled (by the Fedora folks, not me, I'm trying > to do > this all the "Fedora Way"(tm) instead of compiling it all from source) with > libmilter support, and configured to talk to clamav-milter over a socket. > Also, the sockets must be in agreeance with clamav-milter config, > because if > they're mismatched clamav-milter will attempt to start, then complain about > a mismatched sendmail.cf socket path and exit. > > And I noticed that sendmail also wasn't listening on the socket, definitely > seemed odd to me. Just not sure *why* it's not listening. Sorry - I completely missed that. I use Solaris so am not sure of this but: Does your netstat show you unix sockets? If so it should indicate the clamav socket. (I have Fedora running in a VM on my Mac and just tried it and it does show them). Try setting the sendmail loglevel and milter loglevel to 21 (for this trivial change the sendmail.cf file can be directly edited). Sendmail has to be stopped and started. This loglevel is quite verbose and should present a lot of milter info if it's working. You'll have to telnet to your sendmail server to get it to open the socket and that likely was not done in your earlier scan. I think clamav's milter can also do logging - I don't use it so am just guessing.
Dennis, thanks again for your response. I definitely appreciate your input. Per my original e-mail, which is really "wordy" so I apologize, clamav-milter is not logging *at all* to the log file specified in milter.conf. I've enabled LogVerbose as well as LogClean in the config, still, nothing in the logs. I've verified that this log file is writable by the clamilt user (that clamav-milter is running as). Here's the relevant netstat: [root@<hostname> ~]# netstat -pa | grep STREAM | grep clam unix 2 [ ACC ] STREAM LISTENING 102720 18015/clamav-milter /var/run/clamav-milter/clamav.sock My next step was to bump up the sendmail logging, so I'll go ahead and give it a shot. Thanks again, Dennis! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
