lamAV doesn't seem to pick up viruses

Mon, 15 Mar 2004 13:36:02 -0800

After installing qpsmtpd 0.27.1 on my server, I decided that it was also time to install clamav, and remove incoming and outgoing viruses from my system. But for reasons that are beyond me, clamav fails to discover the viruses when invoked via the qpsmtpd plugin.

I read through the archives from this list, and I believe that I have changed the configuration enough to avoid the most obvious problems. And yet, I continue to receive viruses in my inbox at an alarming rate. (I'm running Linux, but my wife is running Windows. And I host several e-mail lists on my server, and want to remove any viruses that people might send, accidentally or purposely, to those lists.)

My configuration file (/usr/local/etc/clamav.conf) mostly follows the defaults, but with a few minor changes:

   LogFile /tmp/clamd.log
   LogFileMaxSize 2M
   LogTime
   LogVerbose
   LocalSocket /tmp/clamd
    FixStaleSocket
   MaxConnectionQueueLength 30
   MaxThreads 10
   ThreadTimeout 500
   MaxDirectoryRecursion 15
   FollowDirectorySymlinks
   FollowFileSymlinks
   SelfCheck 600
   User smtpd
   AllowSupplementaryGroups
   Debug
   ScanMail
   ScanArchive
   ScanRAR
   ArchiveMaxFileSize 20M
   ArchiveMaxRecursion 5
   ArchiveMaxFiles 1000
   ArchiveMaxCompressionRatio 200
   ClamukoScanOnOpen
   ClamukoScanOnClose
   ClamukoScanOnExec
   ClamukoIncludePath /home
   ClamukoMaxFileSize 1M
   ClamukoScanArchive

As you can see in the above configuration, I now run clamav as the "smtpd" user. Running it as "clamav" meant that clamd couldn't read the tempfiles
that qpsmtpd had created.

I am also running clamd (the clamav daemon) in the background. I changed the plugin to use clamdscan instead of clamscan, to take advantage of the daemon. Unfortunately, I get the same results with clamscan and clamdscan -- oodles of false negatives, and not a single incoming virus picked up.

I played with the clamav plugin a bit, going so far as to comment out the call to "unlink" from the temporary files. When I run clamdscan from the command line, it correctly identifies most (but not all) of the files that have viruses embedded in them. Indeed, the fact that clamav seems to be missing many of the infected files even when I run it from the command line makes me wonder if the problem is with my configuration of clamd, my invocation of clamscan/clamdscan, or with the plugin.

I'm sure that I am missing something obvious -- probably having to do with clamav, but perhaps in the qpsmtpd plugin. Any and all help will be appreciated. If people want to e-mail me private directions on what I should do, that'll be fine; if and when I get things working, I'll submit some documentation that can be included as POD in the plugin so that others don't have to deal with this issue.

Thanks in advance for any suggestions people might have!


Reuven

Reply via email to