Purtroppo tutti e 2 gli antivirus che sto usando non mi filtrano le e-mail: clamAV e Panda.
Non quale sia il problema: non riconoscono le e-mail con il virus (EICAR.COM) allegato. Per loro è una e-mail normale.
Ecco il maillog:
Jun 21 16:20:25 principal amavisd[1493]: starting. amavis 0.3.12 Sun May 25 07:20:37 CEST 2003
Jun 21 16:20:25 principal amavisd[1493]: Extracting mime components
Jun 21 16:20:26 principal amavisd[1493]: Level: 1, parts: 1
Jun 21 16:20:26 principal amavisd[1493]: Archive nesting depth: 0
Jun 21 16:20:27 principal amavisd[1493]: File-type of msg-1493-1.txt: ASCII text
Jun 21 16:20:27 principal amavisd[1493]: msg-1493-1.txt is atomic
Jun 21 16:20:27 principal amavisd[1493]: Using clamav
Jun 21 16:20:34 principal amavisd[1493]: /var/amavis/amavis-01551740/parts/msg-1493-1.txt: OK ----------- SCAN SUMMARY ----------- Known viruses: 7286 Scanned directories: 1 Scanned files: 1 Infected files: 0 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 5.187 sec (0 m 5 s)
Jun 21 16:20:34 principal amavisd[1493]: Using clamd
Jun 21 16:20:34 principal amavisd[1493]: Virus scanner failure: Clamd - can't connect to daemon
Jun 21 16:20:34 principal amavisd[1493]: Using /usr/bin/pavcl
Jun 21 16:20:44 principal amavisd[1493]: Gracias por seleccionar Panda Antivirus. Esta versión es SHAREWARE y exclusiva para propósitos de evaluación. Puede ser utilizada durante 30 días para determinar si reune los requisitos que Vd. necesita. Pasado este plazo, deberá comprarlo o borrarlo de su PC. CENTRAL Panda Software Buenos Aires 12 48001 BILBAO Tfno. 34-94-425 11 00 FAX 34-94-424 46 97 E-mail [EMAIL PROTECTED] (C) Panda Software International 2001 Pulse una tecla para continuar...^@ Panda Antivirus For Linux 6.0, Panda Software 1989-2000 Nº de virus y mutaciones detectables: 57582 Ultima revisión del fichero de virus: 14/03/2001 /var/amavis/amavis-01551740/parts/msg-1493-1.txt Tiempo empleado en el análisis......: 0:00'00" Número de ficheros analizados.......: 1 Número de ficheros infectados.......: 0 Copyright Panda Software ^[
Jun 21 16:20:46 principal postfix/smtpd[1600]: connect from localhost.localdomain[127.0.0.1]
Jun 21 16:20:48 principal postfix/smtpd[1600]: C325DA9BF: client=localhost.localdomain[127.0.0.1]
Jun 21 16:20:49 principal postfix/cleanup[1480]: C325DA9BF: message-id=<[EMAIL PROTECTED]>
Jun 21 16:20:49 principal postfix/smtpd[1600]: disconnect from localhost.localdomain[127.0.0.1]
Jun 21 16:20:49 principal amavisd[1493]: do_exit:436 - ending execution with 0
Jun 21 16:20:51 principal postfix/qmgr[1133]: C325DA9BF: from=<[EMAIL PROTECTED]>, size=678, nrcpt=1 (queue active)
Jun 21 16:20:53 principal postfix/pipe[1489]: C2D2AA9B9: to=<[EMAIL PROTECTED]>, orig_to=<root>, relay=vscan, delay=49, status=sent (principal.corallo.it)
Jun 21 16:20:54 principal postfix/local[1606]: C325DA9BF: to=<[EMAIL PROTECTED]>, relay=local, delay=5, status=deferred (SOFT BOUNCE - can't create user output file. Command output: procmail: Couldn't create "/var/spool/mail/nobody" procmail: Lock failure on "/var/spool/mail/nobody.lock" procmail: Error while writing to "/var/spool/mail/nobody" )
Jun 21 16:25:22 principal postfix/smtpd[1959]: connect from principal.corallo.it[192.168.0.1]
Jun 21 16:25:23 principal postfix/smtpd[1959]: CF0D2A9B9: client=principal.corallo.it[192.168.0.1]
Jun 21 16:25:23 principal postfix/cleanup[1973]: CF0D2A9B9: message-id=<[EMAIL PROTECTED]>
Jun 21 16:25:23 principal postfix/smtpd[1959]: disconnect from principal.corallo.it[192.168.0.1]
Jun 21 16:25:23 principal postfix/qmgr[1133]: CF0D2A9B9: from=<[EMAIL PROTECTED]>, size=1302, nrcpt=1 (queue active)
Jun 21 16:25:47 principal amavisd[1989]: starting. amavis 0.3.12 Sun May 25 07:20:37 CEST 2003
Jun 21 16:25:47 principal amavisd[1989]: Extracting mime components
Jun 21 16:25:48 principal amavisd[1989]: Level: 1, parts: 2
Jun 21 16:25:48 principal amavisd[1989]: Archive nesting depth: 0
Jun 21 16:25:48 principal amavisd[1989]: File-type of msg-1989-1.txt: ASCII text
Jun 21 16:25:48 principal amavisd[1989]: msg-1989-1.txt is atomic
Jun 21 16:25:49 principal amavisd[1989]: File-type of msg-1989-2.EXE: ASCII text
Jun 21 16:25:49 principal amavisd[1989]: msg-1989-2.EXE is atomic
Jun 21 16:25:49 principal amavisd[1989]: Using clamav
Jun 21 16:25:56 principal amavisd[1989]: /var/amavis/amavis-05373364/parts/msg-1989-1.txt: OK /var/amavis/amavis-05373364/parts/msg-1989-2.EXE: OK ----------- SCAN SUMMARY ----------- Known viruses: 7286 Scanned directories: 1 Scanned files: 2 Infected files: 0 Data scanned: 0.00 Mb I/O buffer size: 131072 bytes Time: 6.484 sec (0 m 6 s)
Jun 21 16:25:56 principal amavisd[1989]: Using clamd
Jun 21 16:25:56 principal amavisd[1989]: Virus scanner failure: Clamd - can't connect to daemon
Jun 21 16:25:56 principal amavisd[1989]: Using /usr/bin/pavcl
Jun 21 16:26:08 principal amavisd[1989]: Gracias por seleccionar Panda Antivirus. Esta versión es SHAREWARE y exclusiva para propósitos de evaluación. Puede ser utilizada durante 30 días para determinar si reune los requisitos que Vd. necesita. Pasado este plazo, deberá comprarlo o borrarlo de su PC. CENTRAL Panda Software Buenos Aires 12 48001 BILBAO Tfno. 34-94-425 11 00 FAX 34-94-424 46 97 E-mail [EMAIL PROTECTED] (C) Panda Software International 2001 Pulse una tecla para continuar...^@ Panda Antivirus For Linux 6.0, Panda Software 1989-2000 Nº de virus y mutaciones detectables: 57582 Ultima revisión del fichero de virus: 14/03/2001 /var/amavis/amavis-05373364/parts/msg-1989-1.txt2.EXE Tiempo empleado en el análisis......: 0:00'00" Número de ficheros analizados.......: 2 Número de ficheros infectados.......: 0 Copyright Panda Software ^[
Jun 21 16:26:10 principal postfix/smtpd[2243]: connect from localhost.localdomain[127.0.0.1]
Jun 21 16:26:10 principal postfix/smtpd[2243]: 7C691A9C0: client=localhost.localdomain[127.0.0.1]
Jun 21 16:26:10 principal postfix/cleanup[1973]: 7C691A9C0: message-id=<[EMAIL PROTECTED]>
Jun 21 16:26:11 principal postfix/smtpd[2243]: disconnect from localhost.localdomain[127.0.0.1]
Jun 21 16:26:11 principal amavisd[1989]: do_exit:436 - ending execution with 0
Jun 21 16:26:11 principal postfix/pipe[1987]: CF0D2A9B9: to=<[EMAIL PROTECTED]>, relay=vscan, delay=48, status=sent (principal.corallo.it)
Jun 21 16:26:12 principal postfix/qmgr[1133]: 7C691A9C0: from=<[EMAIL PROTECTED]>, size=1528, nrcpt=1 (queue active)
Jun 21 16:26:13 principal postfix/local[2265]: 7C691A9C0: to=<[EMAIL PROTECTED]>, relay=local, delay=3, status=sent ("|/usr/bin/procmail")
giu 21 16:28:57 principal amavisd[4524]: starting. amavis 0.3.12 Sun May 25 07:20:37 CEST 2003
Jun 21 16:29:05 principal ipop3d[4730]: pop3 service init from 192.168.0.1
Jun 21 16:29:06 principal ipop3d[4730]: Login user=postfix host=principal.corallo.it [192.168.0.1] nmsgs=0/0
Jun 21 16:29:07 principal ipop3d[4730]: Logout user=postfix host=principal.corallo.it [192.168.0.1] nmsgs=0 ndele=0
Jun 21 16:29:07 principal ipop3d[4762]: pop3 service init from 192.168.0.1
Jun 21 16:29:07 principal ipop3d[4762]: Login user=portatile host=principal.corallo.it [192.168.0.1] nmsgs=1/1
Jun 21 16:29:08 principal ipop3d[4762]: Logout user=portatile host=principal.corallo.it [192.168.0.1] nmsgs=0 ndele=1
Jun 21 16:29:08 principal ipop3d[4774]: pop3 service init from 192.168.0.1
Jun 21 16:29:09 principal ipop3d[4774]: Login user=ale host=principal.corallo.it [192.168.0.1] nmsgs=0/0
Jun 21 16:29:09 principal ipop3d[4774]: Logout user=ale host=principal.corallo.it [192.168.0.1] nmsgs=0 ndele=0
e il clamav.conf: ## ## Example config file for the Clam AV daemon ## Please read the clamav.conf(5) manual before editing this file. ##
# Comment or remove the line below. #Example # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /tmp/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. LogFileMaxSize 2M # Enable verbose logging. #LogVerbose # Log time with an each message. LogTime # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamd.pid # Path to a directory containing .db files. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # it depends on installation options). #DataDirectory /var/lib/clamav
# The daemon works in local or network mode. Currently the local mode is # recommended for security reasons. # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. LocalSocket /tmp/clamd # TCP port address. #TCPSocket 3310 # Maximum length the queue of pending connections may grow to. # Default is 15. #MaxConnectionQueueLength 30 # Maximal number of a threads running at the same time. # Default is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server machine. #MaxThreads 10 # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. #ThreadTimeout 500 # Maximal depth the directories are scanned at. MaxDirectoryRecursion 15 # Follow a directory symlinks. # SECURITY HINT: You should have enabled directory recursion limit to # avoid potential problems. #FollowDirectorySymlinks # Follow regular file symlinks. #FollowFileSymlinks # Do internal checks (eg. check the integrity of the database structures) # By default clamd checks itself every 3600 seconds (1 hour). #SelfCheck 600 # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. #User clamav # Don't fork into background. Useful in debugging. #Foreground
## ## Archive support ##
# Comment this line to disable scanning of the archives. ScanArchive # Options below protect your system against Denial of Service attacks # with archive bombs. # Files in archives larger than this limit won't be scanned. # Value of 0 disables the limit. # WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR # archives are decompressed to the memory. That's why never disable # this limit (but you may increase it of course!) ArchiveMaxFileSize 10M # Archives are scanned recursively - e.g. if Zip archive contains RAR file, # the RAR file will be decompressed, too (but only if recursion limit is set # at least to 1). With this option you may set the recursion level. # Value of 0 disables the limit. ArchiveMaxRecursion 5 # Number of files to be scanned within archive. # Value of 0 disables the limit. ArchiveMaxFiles 1000 ## ## Clamuko settings ## WARNING: This is experimental software. It is very likely it will hang ## up your system !!! ## # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. #ClamukoScanOnLine # Set access mask for Clamuko. ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec # Set the include paths (all files in them will be scanned). You can have # multiple ClamukoIncludePath options, but each directory must be added # in a seperate option. All subdirectories are scanned, too. ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. #ClamukoExcludePath /home/guru # Limit the file size to be scanned (probably you don't want to scan your movie # files ;)) # Value of 0 disables the limit. ClamukoMaxFileSize 5M # Enable archive support. It uses the limits from clamd section. # (This option doesn't depend on ScanArchive, you can have archive support # in clamd disabled). ClamukoScanArchive
Mi sapreste dire in cosa sbaglio?
Grazie
Claudio
