[clamav-users] Basic newbie question
Please answer this simple basic newbie webmaster question. I have spent hous and read the entire clamav manual and it is not answered. I simply need to know if clamav deletes or quarantines viruses it finds in a default debian squeeze apache2 general web/mail/db etc server? I am seeing lots of viruses, trojans and mail viruses FOUND in the logs, but no indication whatsoever that clamav (or amavis) is deleting or quarantining them. When I look at /etc/clamav/, both the /onerrorexecute.d/ and the /virusevent.d/ sub-directories are empty. Is anything happening to the viruses that clamav (and amavis) is finding? Thank you. Newbie webmaster who can't afford a real one. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Basic newbie question
On 5/4/2012 10:39 AM, Mr. Eddie Jackson wrote: Please answer this simple basic newbie webmaster question. I have spent hous and read the entire clamav manual and it is not answered. I simply need to know if clamav deletes or quarantines viruses it finds in a default debian squeeze apache2 general web/mail/db etc server? I am seeing lots of viruses, trojans and mail viruses FOUND in the logs, but no indication whatsoever that clamav (or amavis) is deleting or quarantining them. When I look at /etc/clamav/, both the /onerrorexecute.d/ and the /virusevent.d/ sub-directories are empty. Is anything happening to the viruses that clamav (and amavis) is finding? ClamAV is simply a scanner. It reports that a message contains a virus and that's all. Amavis is probably what is doing the quarantining or deleting. You would need to look at the Amavis settings to see what it is doing. I think it quarantines by default, but I'm not sure. If you are using Amavis, you should see something like this in the log: May 4 11:24:31 mailserver amavis[10587]: (10587-14) Blocked INFECTED (Sanesecurity.Spam.11428.Dom.UNOFFICIAL), AM-SOCK [:::216.117.128.143] [216.117.128.143] levitra-pro@inacap.cl - u...@example.com, quarantine: virus-jq6q66j9SEuS, Queue-ID: 0015804D.4FA3F4AE.4564, Message-ID: 004e01c4288f$3de11c91$f0b803cf@levitra-pro@inacap.cl, mail_id: jq6q66j9SEuS, Hits: -, 152 ms Try asking on the Amavis mailing list. They should be able to tell you where all the settings are. http://lists.amavis.org/cgi-bin/mailman/listinfo/amavis-users -- Bowie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Basic newbie question
Hi Eddie, I'm not running debian squeeze but, from your question, I guess you are using clamav for scanning emails with the help of amavis. So it is not a question of scanning files and directories on the disk. In this case (emails), it is probably in the amavis configuration that you will find your answer: clamav just tells the file is infected and amavis decides what to do with it and with the email. Look for instance at the following page: http://www200.pair.com/mecham/spam/amavisd- settings.html HTH Pierre On 4 May 2012 at 7:39, Mr. Eddie Jackson wrote: Please answer this simple basic newbie webmaster question. I have spent hous and read the entire clamav manual and it is not answered. I simply need to know if clamav deletes or quarantines viruses it finds in a default debian squeeze apache2 general web/mail/db etc server? I am seeing lots of viruses, trojans and mail viruses FOUND in the logs, but no indication whatsoever that clamav (or amavis) is deleting or quarantining them. When I look at /etc/clamav/, both the /onerrorexecute.d/ and the /virusevent.d/ sub-directories are empty. Is anything happening to the viruses that clamav (and amavis) is finding? Thank you. Newbie webmaster who can't afford a real one. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Basic newbie question
On Fri, May 04, 2012 at 07:39:39AM -0700, Mr. Eddie Jackson wrote: Is anything happening to the viruses that clamav (and amavis) is finding? If you set Amavis to quarantine them, look into Amavis' home (in Debian it is /var/lib/amavis). gc :-) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml