Dear all, Please help.
I have the following combination : Fedora 14, postfix 2.7.5-1, MailScanner 4.84.3, ClamAV 0.97.3 ClamAV is working fine from command line, also from wrapper, and is seen in lint : ****** ]# MailScanner --lint Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 869 hostnames from the phishing whitelist Read 3961 hostnames from the phishing blacklists Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 0 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 0 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.84.3) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 3 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting 1.message: Eicar-Test-Signature-1 FOUND ./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist ********** It sees EICAR test that is in a test file in one of the folders. Also (EICAR test file is in /nalog3/test file) : ******* # /usr/lib/MailScanner/clamav-wrapper /usr /nalog3 /nalog3/test: Eicar-Test-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 1073808 Engine version: 0.97.3 Scanned directories: 1 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 6.220 sec (0 m 6 s) *********** But when I send a EICAR in a mail through the server, it does not get detected. Here is the output from /var/log/maillog (relevant part) : .. Nov 18 10:30:35 mail MailScanner[13028]: MailScanner E-Mail Virus Scanner version 4.84.3 starting... Nov 18 10:38:05 mail MailScanner[13263]: MailScanner E-Mail Virus Scanner version 4.84.3 starting... .. Nov 18 10:41:59 mail MailScanner[10164]: New Batch: Scanning 1 messages, 707 bytes Nov 18 10:41:59 mail MailScanner[10164]: Virus and Content Scanning: Starting .. Nov 18 10:42:17 mail MailScanner[10164]: Uninfected: Delivered 1 messages ... Please help. I have no more ideas (and yes, I have been scouring forums and Internet.). Best regards, Velda -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
