[Mimedefang] Problem running clamd but not clamscan
Scott Harris
mimedefang at pikecreek.com
Wed Jan 28 11:00:55 EST 2004
I've been debugging why I've not been catching the
new worm going around for the last day. This morning
I finally received a new message that passed through
my new configuration and was finally caught. What I
had to do in order to get it to scan is alter
mimedefang-filter and change the order of the calls to:
return message_contains_virus_clamav() if ($Features{'Virus:CLAMAV'});
return message_contains_virus_clamd() if ($Features{'Virus:CLAMD'});
After swapping the first two tests to appear as they
do now above, the very first virus with the myDoom
signature was caught. Why isn't clamd catching this?
Clamd was able to catch other virii if I send tests
from www.testvirus.org.
Configuration is sendmail 8.12.11 --> mimedefang 2.39 --> clamAV 0.65, SA
2.63
Clam is listening on a local socket, not tcp/ip.
Thanks for any help,
Scott
MIMEDefang version 2.39
HTML::Parser : yes
HTML::TokeParser : yes
HTMLCleaner : yes
Path:CONFDIR : yes (/etc/mail)
Path:QUARANTINEDIR : yes (/var/spool/MD-Quarantine)
Path:SENDMAIL : yes (/usr/sbin/sendmail)
Path:SPOOLDIR : yes (/var/spool/MIMEDefang)
SpamAssassin : yes
Unix::Syslog : yes
Virus:CLAMAV : yes (/usr/local/bin/clamscan)
Virus:CLAMD : yes (/usr/local/sbin/clamd)
IO::Socket : Version 1.27
MIME::Tools : Version 5.411
MIME::Words : Version 5.404
Digest::SHA1 : Version 2.04
Mail::SpamAssassin : Version 2.63
Anomy::HTMLCleaner : Version 1.24
File::Scan : missing
HTML::Parser : Version 3.31
HTML::TokeParser : Version 2.24
Unix::Syslog : Version 0.99
(Note: File::Scan is missing on purpose)
More information about the MIMEDefang
mailing list