Just today I installed clamav and I'm having problems with it too. In my
case, I finally tracked it down to SPF. The SPF plugin adds a
"Received-SPF:" header to the top of the message and I believe clamav is
choking on it because it wants to read a plain "Received:" header. I
haven't checked clamav sources but experimentation shows this to be the
case. I guess I could add an extra blank "Received:" inside the plugin
code for a quick fix.
Yes, that works fine:
sub clam_scan {
my ($self, $transaction) = @_;
my ($temp_fh, $filename) = tempfile();
+ chmod 0640, $filename;
+ print $temp_fh "Received: blah blah blah\n";
print $temp_fh $transaction->header->as_string;
print $temp_fh "\n";
The chmod is so the clamd process (user clamav) can read the file. I added
clamav to the group that qpsmtpd is running as. There should probably be a
check of the existing header first and only print the extra header if
needed, but this fors fine in my specific setup.
-Frank
P.S. If your question was related to the 'clamdscan' vs 'clamscan', the
former is a client to the 'clamd' daemon and the latter is a stand-alone
scanner. Since today was my first day with clamav (and since I had so many
problems) I made up a bunch of tests and the numbers are impressive. There
were 16 emails in separate files. Used the same command line as the
plugin tho I don't think all of them do something for clamdscan, most of
its options are read by the daemon from /etc/clamav.conf:
clamscan --mbox --stdout -i --max-recursion=50 --disable-summary $filename
clamdscan --stdout -i --max-recursion=50 --disable-summary $filename
Results:
$ time ./test-clamscan.sh
8.97user 1.25system 0:10.25elapsed 99%CPU
$ time ./test-clamdscan.sh
0.02user 0.03system 0:00.17elapsed 28%CPU
Both commands correctly identify the 3 virus-laden email files but as you
can see the clamdscan test kicks ass. That 0.17 seconds was consistent.
So if at all possible, run and use clamd.
On Wed, 28 Jan 2004, Peter Eisch wrote:
#
# Okay, I'll bite...
#
# Andrew is running: /usr/local/bin/clamdscan
# Guillaume is running /usr/local/bin/clamscan
#
# The man page didn't help me...
#
# Hints?
#
#
#
# on 1/28/04 7:17 PM, Andrew Pam at [EMAIL PROTECTED] wrote:
#
# > On Wed, Jan 28, 2004 at 11:10:46AM -0500, Guillaume Filion wrote:
# >> Do any of you has been able to make the clamav plugin stop Worm.SCO.A? It
# >> seems to me there's something broken with the plugin...
# >
# > Working fine for me:
# >
# > 2004-01-29 12:07:48.075037500 28207 running plugin clamav
# > 2004-01-29 12:07:48.082549500 28207 clamav plugin: Running:
# > /usr/local/bin/clamdscan --stdout -i --mbox --max-recursion=50
# > --disable-summary /tmp/LfMyI02p5d 2>&1
# > 2004-01-29 12:07:48.125379500 28207 clamav plugin: clamscan results:
# > Worm.SCO.A
# > 2004-01-29 12:07:48.167261500 28207 clamav plugin: Virus(es) found
# >
# > Cheers,
# > Andrew
