[Mimedefang] [OT] clamd doesn't recognize virus

Paul Murphy pjm at ousekjarr.org
Wed Sep 21 11:45:09 EDT 2005


Marco,

> I'm using clam 0.87 with mimedefang 2.51.
> This morning a virus has been slipped through MD.
> This is the output from clamdscan:
> /tmp/photo.zip: OK
> 
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.143 sec (0 m 0 s)
> 
> and this is the output from clamscan:
> 
> photo.zip: Trojan.W32.PWS.Prostor.A FOUND

Two possibles:

1.  Your freshclam updates are failing to notify clamd that there are newer
files available - kill clamd and restart it, then use clamdscan again to
verify that it finds the virus.

2.  clamd is not configured to scan inside ZIP files - ensure that your
clamd.conf file contains:
	ScanArchive
	ArchiveMaxRecursion 5
	ArchiveMaxFiles 1000
	ArchiveMaxFileSize 10M
or some such sensible settings for your system.  I believe clamscan has ZIP
support enabled by default, while clamdscan has it disabled by default.

Best Wishes,

Paul.




More information about the MIMEDefang mailing list