>> As far as I understand, clamd is called in the "local_scan" part, but >> when runnig with -d+deliver, I get the following: >> calling local_scan(); timeout=300 >> local_scan() returned 0 NULL >> >> >> any ideas? >> >> > > Well - that debug AFAIK doesn't submit a 'known infected' message to be > scanned, > so a null return may be OK. Not my area of expertise.
I'm submitting the eicar test virus. When submitting it to another of my mailservers the other server replies "virus", so the message should be detected. > > Anyway - that isn't how I would test. > > Instead; > > 1) Check 'top' or 'ps' to see if clamd has *continued to run* after being > started. You may find something in ~/log/messages, ~/log/maillog (or > wherever...) that shows it started up, then died for lack of, for example, > privs > to write its logs, read its DB, chdir, etc. >From ps -ef: ------------------------ clamexim 20343 1 0 Aug24 ? 00:00:00 clamd.exim -c /etc/clamd.d/exim.conf ------------------------ so it is running. looking at the log: ------------------------ [EMAIL PROTECTED] log]# cat clamd.exim Thu Aug 24 22:53:29 2006 -> +++ Started at Thu Aug 24 22:53:29 2006 Thu Aug 24 22:53:29 2006 -> clamd daemon 0.88.4 (OS: linux-gnu, ARCH: i386, CPU: i386) Thu Aug 24 22:53:29 2006 -> Log file size limited to 1048576 bytes. Thu Aug 24 22:53:29 2006 -> Running as user clamexim (UID 100, GID 93) Thu Aug 24 22:53:29 2006 -> Reading databases from /var/lib/clamav Thu Aug 24 22:53:31 2006 -> Protecting against 66700 viruses. Thu Aug 24 22:53:31 2006 -> Unix socket file /var/run/clamd.exim/clamd.sock Thu Aug 24 22:53:31 2006 -> Setting connection queue length to 15 Thu Aug 24 22:53:31 2006 -> Archive: Archived file size limit set to 10485760 bytes. Thu Aug 24 22:53:31 2006 -> Archive: Recursion level limit set to 8. Thu Aug 24 22:53:31 2006 -> Archive: Files limit set to 1000. Thu Aug 24 22:53:31 2006 -> Archive: Compression ratio limit set to 250. Thu Aug 24 22:53:31 2006 -> Archive support enabled. Thu Aug 24 22:53:31 2006 -> Archive: RAR support disabled. Thu Aug 24 22:53:31 2006 -> Portable Executable support enabled. Thu Aug 24 22:53:31 2006 -> Mail files support enabled. Thu Aug 24 22:53:31 2006 -> OLE2 support enabled. Thu Aug 24 22:53:31 2006 -> HTML support enabled. Thu Aug 24 22:53:31 2006 -> Self checking every 1800 seconds. [EMAIL PROTECTED] log]# ------------------------ it looks like it's running, but it has not done anything since I started it. > > 2) Once you are sure it is staying alive, try turning up your logging > verbosity > and send in a known-bad message message. Look at wherever clamd is logging > as > well as in Exim's logs. I've tried this a couple of times. Exim is logging the message as "local delivery": ------------------------ 2006-08-25 08:03:34 1GGUn0-0001gU-8n <= [EMAIL PROTECTED] U=root P=local S=355 2006-08-25 08:03:34 1GGUn0-0001gU-8n => jostein <[EMAIL PROTECTED]> R=localuser T=local_delivery 2006-08-25 08:03:34 1GGUn0-0001gU-8n Completed ------------------------ but there is no change in the clamd.exim log > > The most common problem we had when we first started using Exim with clamd > was > that of clamd not having rightd to all the resources it needed to stay on > its feet. > > Second most common was when we used to start Exim before clamd and SA were > available. Mere nuisance, fixed by sequencing the startups. > clamd and SA is started before exim. But as far as I can see, neither clamd nor SA is called when submitting a message. Trying to run "exim -d [EMAIL PROTECTED] < eicar.com" I get among others the following: --------------------- Exim version 4.62 uid=0 gid=0 pid=6478 D=fbb95cfd Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (March 24, 2006) Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers OpenSSL Content_Scanning Old_Demime Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 nisplus passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect * snip * skipping ACL configuration - not needed * snip * -------------------------- does any of this give you a hint why it's not working for me? As I mentioned in the first e-mail, I installed exim on fc5 using the precompiled rpm's, but as far as I've understood, they have been compiled to support clamd and sa... thank's for you help! - asbjørn -- -------------------------------------------------- Asbjørn Høiland Aarrestad [EMAIL PROTECTED] http://asbjorn.aarrestad.com/ -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
