I just did a fresh install on Postfix, Amavisd-new, & Clamav on Debian. Now everything works great however I attempted to send a test virus from my new Postfix install running Clamd to this Gmail account and I never saw any sign emailed to me that a "virus was detected" from Clamav. I don't understand why. The message was never relayed to its final destination (this Gmail address) but I don't understand what happened. I checked my /var/log/mail.log to see if it reported anything strange about the message and I found the following:
Jun 24 10:08:13 ham amavis[2663]: (02663-04) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20090623T190508-02663 Jun 24 10:08:13 ham postfix/smtp[7337]: 39CEF51B12: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=0.05/0.01/0/1.3, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451-4.5.0 Error in processing, id=02663-04, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0x24739e8) unexpected , output="/var/lib/amavis/tmp/amavis-20090623T190508-02663/parts: lstat() failed: Permission denied. ERROR 451-4.5.0 " at (eval 86) line 527.; ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 1, output="WARNING: Ignoring deprecated option --disable-summary 451-4.5.0 LibClamAV Warning: *********************************************************** 451-4.5.0 LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** 451-4.5.0 LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq *** 451-4.5.0 LibClamAV Warning: *********************************************************** 451-4.5.0 /var/lib/amavis/tmp/amavis-20090623T190508-02663/parts/p001: OK 451-4.5.0 /var/lib/amavis/tmp/amavis-20090623T190508-02663/parts/p005: Eicar-Test-Signature FOUND 451-4.5.0 451-4.5.0 ----------- SCAN SUMMARY ----------- 451-4.5.0 Known viruses: 575374 451-4.5.0 Engine version: 0.95.1 451-4.5.0 Scanned directories: 1 451-4.5.0 Scanned files: 2 451-4.5.0 Infected files: 1 451-4.5.0 Data scanned: 0.00 MB 451-4.5.0 Data read: 0.00 MB (ratio 0.00:1) 451 4.5.0 Time: 1.151 sec (0 m 1 s)" at (eval 86) line 527. (in reply to end of DATA command)) *************END************ Did I configure something wrong in ClamAV? I show the clamav-daemon is running however it's not configured or working right it seems. I normally expect to get an email back to me when I try and send this that says something like the following: A virus was found: Eicar-Test-Signature Scanner detecting a virus: ClamAV-clamd Content type: Virus Internal reference code for the message is 29980-15/CfkTsWN4wm5S First upstream SMTP client IP address: [10.1.1.204] tunafish.domain.us According to a 'Received:' trace, the message originated at: [10.1.1.204], [10.1.1.204] tunafish.domain.us [10.1.1.204] Return-Path: <[email protected]> User-Agent: Thunderbird 2.0.0.21 (X11/20090409) Message-ID: <[email protected]> Subject: Data The message has been quarantined as: virus-CfkTsWN4wm5S Notification to sender will not be mailed. The message WAS NOT relayed to: <[email protected]>: 250 2.7.0 Ok, discarded, id=29980-15 - VIRUS: Eicar-Test-Signature Virus scanner output: p005: Eicar-Test-Signature FOUND _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
