I also run clamdscan, from config/plugins (clamnav /usr/bin/clamdscan). Works just fine for me.
I think the most obvious problem you may have overlooked is that if you don't uncomment line 57 (return (DENY, "Virus Found: $output");) of the clamav plugin (v0.27) the only thing the plugin will do is add a header to the mail message of X-Virus-Found=Yes. This doesn't do much if your mail client isn't setup to filter this header.
Your MaxThreads in your clamav.conf file needs to be => qmail's concurrencyincoming file or any simultaneous SMTP sessions over your MaxThreads won't invoke clam.
Eric
Reuven M. Lerner wrote:
After installing qpsmtpd 0.27.1 on my server, I decided that it was also time to install clamav, and remove incoming and outgoing viruses from my system. But for reasons that are beyond me, clamav fails to discover the viruses when invoked via the qpsmtpd plugin.
I read through the archives from this list, and I believe that I have changed the configuration enough to avoid the most obvious problems. And yet, I continue to receive viruses in my inbox at an alarming rate. (I'm running Linux, but my wife is running Windows. And I host several e-mail lists on my server, and want to remove any viruses that people might send, accidentally or purposely, to those lists.)
My configuration file (/usr/local/etc/clamav.conf) mostly follows the defaults, but with a few minor changes:
LogFile /tmp/clamd.log LogFileMaxSize 2M LogTime LogVerbose LocalSocket /tmp/clamd FixStaleSocket MaxConnectionQueueLength 30 MaxThreads 10 ThreadTimeout 500 MaxDirectoryRecursion 15 FollowDirectorySymlinks FollowFileSymlinks SelfCheck 600 User smtpd AllowSupplementaryGroups Debug ScanMail ScanArchive ScanRAR ArchiveMaxFileSize 20M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxCompressionRatio 200 ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec ClamukoIncludePath /home ClamukoMaxFileSize 1M ClamukoScanArchive
As you can see in the above configuration, I now run clamav as the "smtpd" user. Running it as "clamav" meant that clamd couldn't read the tempfiles
that qpsmtpd had created.
I am also running clamd (the clamav daemon) in the background. I changed the plugin to use clamdscan instead of clamscan, to take advantage of the daemon. Unfortunately, I get the same results with clamscan and clamdscan -- oodles of false negatives, and not a single incoming virus picked up.
I played with the clamav plugin a bit, going so far as to comment out the call to "unlink" from the temporary files. When I run clamdscan from the command line, it correctly identifies most (but not all) of the files that have viruses embedded in them. Indeed, the fact that clamav seems to be missing many of the infected files even when I run it from the command line makes me wonder if the problem is with my configuration of clamd, my invocation of clamscan/clamdscan, or with the plugin.
I'm sure that I am missing something obvious -- probably having to do with clamav, but perhaps in the qpsmtpd plugin. Any and all help will be appreciated. If people want to e-mail me private directions on what I should do, that'll be fine; if and when I get things working, I'll submit some documentation that can be included as POD in the plugin so that others don't have to deal with this issue.
Thanks in advance for any suggestions people might have!
Reuven
