[Mimedefang] Problem running clamd but not clamscan

Scott Harris mimedefang at pikecreek.com
Wed Jan 28 11:00:55 EST 2004


I've been debugging why I've not been catching the 
new worm going around for the last day.  This morning 
I finally received a new message that passed through 
my new configuration and was finally caught.  What I 
had to do in order to get it to scan is alter 
mimedefang-filter and change the order of the calls to:

    return message_contains_virus_clamav()   if ($Features{'Virus:CLAMAV'});
    return message_contains_virus_clamd()    if ($Features{'Virus:CLAMD'});

After swapping the first two tests to appear as they 
do now above, the very first virus with the myDoom 
signature was caught.  Why isn't clamd catching this?  
Clamd was able to catch other virii if I send tests 
from www.testvirus.org.

Configuration is sendmail 8.12.11 --> mimedefang 2.39 --> clamAV 0.65, SA
2.63
Clam is listening on a local socket, not tcp/ip.

Thanks for any help,

Scott


MIMEDefang version 2.39

HTML::Parser                  : yes
HTML::TokeParser              : yes
HTMLCleaner                   : yes
Path:CONFDIR                  : yes (/etc/mail)
Path:QUARANTINEDIR            : yes (/var/spool/MD-Quarantine)
Path:SENDMAIL                 : yes (/usr/sbin/sendmail)
Path:SPOOLDIR                 : yes (/var/spool/MIMEDefang)
SpamAssassin                  : yes
Unix::Syslog                  : yes
Virus:CLAMAV                  : yes (/usr/local/bin/clamscan)
Virus:CLAMD                   : yes (/usr/local/sbin/clamd)

IO::Socket                    : Version 1.27
MIME::Tools                   : Version 5.411 
MIME::Words                   : Version 5.404 
Digest::SHA1                  : Version 2.04
Mail::SpamAssassin            : Version 2.63
Anomy::HTMLCleaner            : Version 1.24
File::Scan                    : missing
HTML::Parser                  : Version 3.31
HTML::TokeParser              : Version 2.24
Unix::Syslog                  : Version 0.99

(Note: File::Scan is missing on purpose)



More information about the MIMEDefang mailing list