Re: ClamAV plugin and SpamAssassin (UPDATE)

Thu, 09 Jun 2016 06:52:23 -0700 


Am 09.06.2016 um 15:10 schrieb Bill Cole:

stream(127.0.0.1@1858): OK.


That should have been your strongest clue: "stream(127.0.0.1@1858)" is
clearly describing a connection via TCP on localhost, not a socket node
in the filesystem



i doubt that anything is "clearly" in that context - look in the log 
below the stream(127.0.0.1@whatever) is the ClamAV plugin and the fd[10] 
the instance for spamass-milter



well, i can assure you that there is no clamd listening on any tcp 
socket and the plugin (clamav.pm) has


$CLAMD_SOCK = "/run/clamd/clamd-sa.sock";
________________________________________

[root@mail-gw:/etc/mail/spamassassin]$ /usr/bin/netstat -l | grep clamd

unix  2      [ ACC ]     STREAM     LISTENING     15491 
/run/clamd/clamd-sa.sock
unix  2      [ ACC ]     STREAM     LISTENING     15607 
/run/clamd/clamd.sock


[root@mail-gw:~]$ netstat -l
Aktive Internetverbindungen (Nur Server)

Proto Recv-Q Send-Q Local Address           Foreign Address 
State       PID/Program name
tcp        0      0 0.0.0.0:1022            0.0.0.0:* 
LISTEN      924/sshd
tcp        0      0 127.0.0.1:53            0.0.0.0:* 
LISTEN      568/unbound
tcp        0      0 0.0.0.0:25              0.0.0.0:* 
LISTEN      1172/master
udp        0      0 127.0.0.1:1053          0.0.0.0:* 
       539/rbldnsd
udp        0      0 127.0.0.1:53            0.0.0.0:* 
       568/unbound

________________________________________


Wed Jun  8 12:37:11 2016 -> stream(127.0.0.1@30673): 
Sanesecurity.Foxhole.Zip_doc_js.UNOFFICIAL(b134748340843f45f05834abc70090c8:12148) 
FOUND
Wed Jun  8 13:04:33 2016 -> stream(127.0.0.1@30474): 
Sanesecurity.Lott.2077.UNOFFICIAL(61be6c9adbeda2292ae17f93d5d47572:4508) 
FOUND
Wed Jun  8 13:32:28 2016 -> fd[10]: 
Heuristics.Phishing.Email.SSL-Spoof(1fd881bcb9815929f2a6a9e4c1ea6411:28247) 
FOUND
Wed Jun  8 14:06:07 2016 -> stream(127.0.0.1@30406): 
Sanesecurity.Foxhole.Zip_jar.UNOFFICIAL(e64d96d05211a64898e778e274f76895:199882) 
FOUND
Wed Jun  8 15:21:34 2016 -> stream(127.0.0.1@30921): 
Porcupine.Junk.36964.UNOFFICIAL(b38616606dcc3b4f3cff53736d881b68:2328) FOUND
Wed Jun  8 15:50:47 2016 -> stream(127.0.0.1@31192): 
Heuristics.OLE2.ContainsMacros(e21cf41fd946b09130c04f7c811ac25a:205430) 
FOUND
Wed Jun  8 16:22:34 2016 -> stream(127.0.0.1@30987): 
Sanesecurity.Junk.9646.UNOFFICIAL(1626a010cbb6f967b989b0bcb99d14cd:7168) 
FOUND





Attachment:
signature.asc

Description: OpenPGP digital signature























					Reply via email to