Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
Ryan Moore wrote: The sock file was defined with one name in sendmail.mc and another in the configuration file for the milter itself. I made them the same and sendmail is happy. so what's supposed to happen when it detects a virus? When I send myself a message with eicar.com attached, this header gets added, but nothing is done: X-Virus-Scanned: clamd / ClamAV version 0.70rc, clamav-milter version 0.70 clamav-milter is started with these parms: /usr/sbin/clamav-milter -lo --max-children=10 --force-scan --quiet --dont-log-clean --server=localhost local:/var/run/clamav/clamav-milter.sock You probably want the -b option to reject the DATA phase of the SMTP session if the milter detects a virus. No you dont need '-b option'. Petr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
Steven Stern wrote: so what's supposed to happen when it detects a virus? When I send myself a message with eicar.com attached, this header gets added, but nothing is done: What does it mean nothing is done exactly? Tha mail is delivered to recipient or is it rejected? X-Virus-Scanned: clamd / ClamAV version 0.70rc, clamav-milter version 0.70 Be sure your virus db is up to date by running freshclam. Petr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
You probably want the -b option to reject the DATA phase of the SMTP session if the milter detects a virus. Using the -b option is not recommended. -Nigel --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
On Mon, 22 Mar 2004 16:33:36 +0100, KriĀtof Petr [EMAIL PROTECTED] wrote: Be sure your virus db is up to date by running freshclam. Petr crontab -l [snip] 17 */4 * * * /usr/bin/freshclam --quiet -l /var/log/clam-update.log -- Steve --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
You probably want the -b option to reject the DATA phase of the SMTP session if the milter detects a virus. No you dont need '-b option'. I'm new to Clamav but from the manpage it looks like -N would be more appropriate. If I understand everything correctly then -b will bounce the message with virus to the sender. Given the high amount of spoofed senders this isn't a smart move since you may bounce a virus to a person who is not infected (yet). -N, --noreject This option causes clamav-milter to silently discard such messages. See man clamav-milter for more information. It has been written for a good reason. B. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
I am an idiot. The sock file was defined with one name in sendmail.mc and another in the configuration file for the milter itself. I made them the same and sendmail is happy. so what's supposed to happen when it detects a virus? When I send myself a message with eicar.com attached, this header gets added, but nothing is done: X-Virus-Scanned: clamd / ClamAV version 0.70rc, clamav-milter version 0.70 clamav-milter is started with these parms: /usr/sbin/clamav-milter -lo --max-children=10 --force-scan --quiet --dont-log-clean --server=localhost local:/var/run/clamav/clamav-milter.sock -- Steve --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
On Fri, 19 Mar 2004 17:51:11 -0500, Ryan Moore [EMAIL PROTECTED] wrote: You probably want the -b option to reject the DATA phase of the SMTP session if the milter detects a virus. I added the -b option to clamav-milter. As root, i typed cat eircar.com | mail steve -s test Sendmail didn't like it. There's got to be more to it, I think. Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJw020091: from=root, size=97, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSR020093: from=[EMAIL PROTECTED], size=398, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=ciscy.sterndata.com [127.0.0.1] Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSR020093: Milter: data, reject=550 5.7.1 Virus detected by ClamAV - http://www.clamav.net OK, the milter sets the 550 code Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSR020093: to=[EMAIL PROTECTED], delay=00:00:00, pri=30398, stat=Virus detected by ClamAV - http://www.clamav.net Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJw020091: to=steve, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30097, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJw020091: i2JNlWJx020091: DSN: Service unavailable Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWST020093: from=, size=2019, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=ciscy.sterndata.com [127.0.0.1] Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWST020093: Milter: data, reject=550 5.7.1 Virus detected by ClamAV - http://www.clamav.net Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWST020093: to=[EMAIL PROTECTED], delay=00:00:00, pri=32019, stat=Virus detected by ClamAV - http://www.clamav.net Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31121, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: i2JNlWK0020091: return to sender: Service unavailable but sendmail doesn't know what to do with it but we can see the virus file contines to get passed around, getting passed through the milter again Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSV020093: from=, size=3690, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=ciscy.sterndata.com [127.0.0.1] Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSV020093: Milter: data, reject=550 5.7.1 Virus detected by ClamAV - http://www.clamav.net Mar 19 17:47:32 ciscy sendmail[20093]: i2JNlWSV020093: to=[EMAIL PROTECTED], delay=00:00:00, pri=33690, stat=Virus detected by ClamAV - http://www.clamav.net Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWK0020091: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32145, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service unavailable Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: Losing ./qfi2JNlWJx020091: savemail panic Mar 19 17:47:32 ciscy sendmail[20091]: i2JNlWJx020091: SYSERR(root): savemail: cannot save rejected email anywhere *** and it's gone -- Steve --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail: clmilter.sock is unsafe: I AM AN IDIOT
Steven Stern wrote: On Fri, 19 Mar 2004 17:55:03 -0600, Steven Stern [EMAIL PROTECTED] wrote: It works appropriately if the mail comes from an external server. I'm leaving -b in place and will see how it goes for a while. -- Steve Yea thats how we do it here, I wasn't thinking mail being delivered locally (or how it would handle that). Our sendmail box is just a relay gateway for a few rbls and milters before being passed onto spamassassin/amavisd and a pop3 server. -- Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users