On Sun, Nov 16, 2008 at 03:54:40PM -0800, Brent Jones wrote: > Make sure you use freshclam to update definitions.
They are updated every hour: -------------------------------------- Received signal: wake up ClamAV update process started at Sun Nov 16 20:22:51 2008 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.94 Recommended version: 0.94.1 DON'T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven) Downloading daily-8637.cdiff [100%] Downloading daily-8638.cdiff [100%] Downloading daily-8639.cdiff [100%] Downloading daily-8640.cdiff [100%] Downloading daily-8641.cdiff [100%] daily.cld updated (version: 8641, sigs: 26112, f-level: 35, builder: guitar) Database updated (464084 signatures) from db.local.clamav.net (IP: 65.120.238.5) Clamd successfully notified about the update. -------------------------------------- > Also make sure that path is correct. Which path? > Turn on "Log Clean Messages" in Clamd so you can see if it thinks > the messages are clean. Hm, I turned it on and sent test mails, but still nothing shows up. /var/log/clamav/clamav.log: Sun Nov 16 20:59:39 2008 -> +++ Started at Sun Nov 16 20:59:39 2008 Sun Nov 16 20:59:39 2008 -> clamd daemon 0.94 (OS: linux-gnu, ARCH: i386, CPU: i486) Sun Nov 16 20:59:39 2008 -> Log file size limit disabled. Sun Nov 16 20:59:39 2008 -> Reading databases from /var/lib/clamav Sun Nov 16 20:59:39 2008 -> Not loading PUA signatures. Sun Nov 16 20:59:40 2008 -> Loaded 463728 signatures. Sun Nov 16 20:59:40 2008 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Sun Nov 16 20:59:40 2008 -> LOCAL: Setting connection queue length to 15 Sun Nov 16 20:59:40 2008 -> Listening daemon: PID: 32226 Sun Nov 16 20:59:40 2008 -> Limits: Global size limit set to 104857600bytes. Sun Nov 16 20:59:40 2008 -> Limits: File size limit set to 26214400bytes. Sun Nov 16 20:59:40 2008 -> Limits: Recursion level limit set to 16. Sun Nov 16 20:59:40 2008 -> Limits: Files limit set to 10000. Sun Nov 16 20:59:40 2008 -> Archive support enabled. Sun Nov 16 20:59:40 2008 -> Algorithmic detection enabled. Sun Nov 16 20:59:40 2008 -> Portable Executable support enabled. Sun Nov 16 20:59:40 2008 -> ELF support enabled. Sun Nov 16 20:59:40 2008 -> Mail files support enabled. Sun Nov 16 20:59:40 2008 -> OLE2 support enabled. Sun Nov 16 20:59:40 2008 -> PDF support disabled. Sun Nov 16 20:59:40 2008 -> HTML support enabled. Sun Nov 16 20:59:40 2008 -> Heuristic: precedence enabled Sun Nov 16 20:59:40 2008 -> Self checking every 3600 seconds. That's all there always is in this log. /var/log/exim4/mainlog: 2008-11-16 21:00:59 1L1uMF-0008OB-R6 <= [EMAIL PROTECTED] U=lee P=local S=603 [EMAIL PROTECTED] 2008-11-16 21:00:59 1L1uMF-0008OB-R6 => lee <[EMAIL PROTECTED]> R=localuser T=local_delivery 2008-11-16 21:00:59 1L1uMF-0008OB-R6 Completed 2008-11-16 21:04:49 1L1uPx-0008Od-Q4 <= [EMAIL PROTECTED] U=lee P=local S=652 [EMAIL PROTECTED] 2008-11-16 21:04:49 1L1uPx-0008Od-Q4 => lee <[EMAIL PROTECTED]> R=localuser T=local_delivery 2008-11-16 21:04:49 1L1uPx-0008Od-Q4 Completed These are two test mails I sent after restarting clamd with "LogClean = yes". The second one had the eicar test signature in the mail body. Both were delivered. When clamav isn't reachable (like wrong socket or clamav not the Debian-exim group), exim complains that the virus scanner doesn't work. Meanwhile, I found an entry in /var/log/exim4/reject.log: 2008-11-16 08:58:36 1L1j5A-0006Yb-0c H=mi-ob.rzone.de [81.169.146.145] F=<[EMAIL PROTECTED]> rejected after DATA: This message contains a virus (Phishing.Heuristics.Email.SpoofedDomain). Envelope-from: <[EMAIL PROTECTED]> Envelope-to: <[EMAIL PROTECTED]> P Received: from mi-ob.rzone.de ([81.169.146.145]) by cat.rubenette.is-a-geek.com with esmtp (Exim 4.69) (envelope-from <[EMAIL PROTECTED]>) id 1L1j5A-0006Yb-0c for [EMAIL PROTECTED]; Sun, 16 Nov 2008 08:58:36 -0600 X-RZG-FWD-BY: [EMAIL PROTECTED] P Received: from localhost (client mail forwarder) by mailin.webmailer.de (christine mi31) (RZmta 17.20) for <[EMAIL PROTECTED]>; Sun, 16 Nov 2008 15:58:35 +0100 (MET) X-RZG-CLASS-ID: mi T To: undisclosed-recipients:; P Received: from mail.hertz.at ([88.116.226.98]) by mailin.webmailer.de (christine mi31) (RZmta 17.20) with ESMTP id x030d8kAGEdQrB for <[EMAIL PROTECTED]>; Sun, 16 Nov 2008 15:58:35 +0100 (MET) P Received: from User ([10.7.44.19] unverified) by mail.hertz.at with Microsoft SMTPSVC(5.0.2195.6713); Sun, 16 Nov 2008 15:50:59 +0100 P Received: from User ([79.123.190.1] helo=User) by mail.hertz.at; 16 Nov 2008 15:52:27 +0100 F From: "PayPal"<[EMAIL PROTECTED]> Subject: Multiple Password Failures - Wrong Login Attempts Date: Sun, 16 Nov 2008 17:17:35 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 B Bcc: * Return-Path: [EMAIL PROTECTED] I Message-ID: <[EMAIL PROTECTED]> X-OriginalArrivalTime: 16 Nov 2008 14:50:59.0677 (UTC) FILETIME=[BD1A18D0:01C947FA] And in mainlog: 2008-11-16 08:58:36 1L1j5A-0006Yb-0c H=mi-ob.rzone.de [81.169.146.145] F=<[EMAIL PROTECTED]> rejected after DATA: This message contains a virus (Phishing.Heuristics.Email.SpoofedDomain). That is the only one there regarding a virus, though I sent quite a number of eicar tests. Any idea what might be wrong or how to figure out what's going on? Is clamd not supposed to detect eicar test files? I couldn't find something else to test with. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
