On Wed, 28 Jan 2004, frank wrote:
> Just today I installed clamav and I'm having problems with it too. In my
> case, I finally tracked it down to SPF. The SPF plugin adds a
> "Received-SPF:" header to the top of the message and I believe clamav is
> choking on it because it wants to read a plain "Received:" header. I
> haven't checked clamav sources but experimentation shows this to be the
> case. I guess I could add an extra blank "Received:" inside the plugin
> code for a quick fix.
> So if at all possible, run and use clamd.
With Guillaume's post, I requested that he send the worm to me, to
see if it would get through my clamav setup. It was running with the
latest definitions, but failed to catch it.
On seeing the "clamdscan" vs "clamscan" in the discussion, I
switched to running it with clamd. Here's my /etc/clamav.conf file:
LocalSocket /tmp/clamd
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 20
MaxDirectoryRecursion 15
User clamav
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
I do not use SPF at all as all users send through their access
providers' SMTP boxes, not through my server, so the solution posted
previously should have no effect on my setup.
Previously, I noted that clamav was picking up a virus here and
there, but not very many. I haven't seen it pick up anything in a long
while, now, but I do know that MyDoom is still getting through. The clamav
plugin command line I use is the same that everyone else reported, whether
with clamdscan or clamscan (including the --mbox argument).
Any ideas why my setup is not catching this?
Thanks.
--
Roger Walker
"HIS Pain - OUR Gain"
