If your policy permits it, the next steps I would take would be:
1. Enable the "-D" option in MIMEDefang to leave the spool directories in
place after scanning, so that you have an example to work with. Restart
MIMEDefang to make this active. You only need to have this enabled until you
have processed 3-4 messages, rather than storing everything.
2. "su - -s /bin/sh clamscan" and then "cd /var/spool/MIMEDefang"
3. Inspect the permissions on the spool folders to ensure that the group
access is present:
total 104
drwxr-x---. 23 defang defang 4096 Nov 24 09:40 .
drwxr-xr-x. 17 root root 4096 Nov 5 2016 ..
srw-rw----. 1 defang defang 0 Oct 31 12:03 clamd.sock
drwxr-x---. 4 defang defang 4096 Nov 24 07:55
mdefang-vAO7tER3031965
drwxr-x---. 4 defang defang 4096 Nov 24 07:57
mdefang-vAO7vcqG032097
drwxr-x---. 4 defang defang 4096 Nov 24 08:01
mdefang-vAO802P1032251
4. Also verify here that the clamd.sock socket file is present, and is
writable by MIMEDefang, otherwise the request to scan the file cannot be sent.
If it does not exist in this folder, how does MIMEDefang find it? Hint - line
174 of /usr/bin/mimedefang.pl:
$ClamdSock = '/var/spool/MIMEDefang/clamd.sock';
5. Try to "cd" into one of the folders as clamscan, and see what happens. If
it works, the group memberships and spool folder permissions are correct. Run
clamscan on the INPUTMSG file, and also on Work/* to confirm that they can be
scanned.
If all of this works, and yet it still doesn't want to play from MIMEDefang,
I'm stumped.
Paul.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
