[Mimedefang] [OT] clamd doesn't recognize virus
Paul Murphy
pjm at ousekjarr.org
Wed Sep 21 11:45:09 EDT 2005
Marco,
> I'm using clam 0.87 with mimedefang 2.51.
> This morning a virus has been slipped through MD.
> This is the output from clamdscan:
> /tmp/photo.zip: OK
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 0.143 sec (0 m 0 s)
>
> and this is the output from clamscan:
>
> photo.zip: Trojan.W32.PWS.Prostor.A FOUND
Two possibles:
1. Your freshclam updates are failing to notify clamd that there are newer
files available - kill clamd and restart it, then use clamdscan again to
verify that it finds the virus.
2. clamd is not configured to scan inside ZIP files - ensure that your
clamd.conf file contains:
ScanArchive
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
or some such sensible settings for your system. I believe clamscan has ZIP
support enabled by default, while clamdscan has it disabled by default.
Best Wishes,
Paul.
More information about the MIMEDefang
mailing list