From clamav-users-bounces@lists.clamav.net Wed Jun 24 16:39:49 2009 Return-Path: X-Original-To: list@tad.clamav.net Delivered-To: list@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iTjRMuNw4wk4; Wed, 24 Jun 2009 16:39:48 +0200 (CEST) Received: from tad.clamav.net (localhost.localdomain [127.0.0.1]) by tad.clamav.net (Postfix) with ESMTP id 1441B16C03A; Wed, 24 Jun 2009 16:39:43 +0200 (CEST) X-Original-To: clamav-users@tad.clamav.net Delivered-To: clamav-users@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GJ6a6KYJk91l for ; Wed, 24 Jun 2009 16:39:40 +0200 (CEST) Received: from mail.in-online.net (mail.in-online.net [213.217.10.10]) by tad.clamav.net (Postfix) with ESMTP id 4AB6A16C01B for ; Wed, 24 Jun 2009 16:39:40 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.in-online.net Received: from mail.in-online.net ([127.0.0.1]) by localhost (mail.in-online.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gn5vSdNdrNkr for ; Wed, 24 Jun 2009 16:39:32 +0200 (CEST) Received: from exchange.in-online.net (exchange.in-online.net [213.217.12.30]) by mail.in-online.net (Postfix) with ESMTP id 16AC81C19BDD for ; Wed, 24 Jun 2009 16:39:32 +0200 (CEST) Received: from server1.iol.local ([213.217.12.25]) by exchange.in-online.net with Microsoft SMTPSVC(6.0.3790.3959); Wed, 24 Jun 2009 16:39:31 +0200 MIME-Version: 1.0 Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Wed, 24 Jun 2009 16:39:31 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [Clamav-users] Problems Detecting Known Viruses Thread-Index: Acn018sce5zDV9J0S2acurZE1nupCAAASxcg From: "Thomas Lamy" To: "ClamAV users ML" X-OriginalArrivalTime: 24 Jun 2009 14:39:31.0839 (UTC) FILETIME=[95FF58F0:01C9F4D9] Subject: Re: [Clamav-users] Problems Detecting Known Viruses X-BeenThere: clamav-users@lists.clamav.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: ClamAV users ML List-Id: ClamAV users ML List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: clamav-users-bounces@lists.clamav.net Errors-To: clamav-users-bounces@lists.clamav.net > = > I just did a fresh install on Postfix, Amavisd-new, & Clamav on > Debian. Now everything works great however I attempted to send a test > virus from my new Postfix install running Clamd to this Gmail account > and I never saw any sign emailed to me that a "virus was detected" > from Clamav. I don't understand why. The message was never relayed to > its final destination (this Gmail address) but I don't understand what > happened. I checked my /var/log/mail.log to see if it reported > anything strange about the message and I found the following: > = > Jun 24 10:08:13 ham postfix/smtp[7337]: 39CEF51B12: > to=3D, relay=3D127.0.0.1[127.0.0.1]:10024, > delay=3D1.3, delays=3D0.05/0.01/0/1.3, dsn=3D4.5.0, status=3Ddeferred (ho= st > 127.0.0.1[127.0.0.1] said: 451-4.5.0 Error in processing, id=3D02663-04, > virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd > av-scanner FAILED: CODE(0x24739e8) unexpected , > output=3D"/var/lib/amavis/tmp/amavis-20090623T190508-02663/parts: > lstat() failed: Permission denied. ERROR 451-4.5.0 " at (eval 86) line > 527.; ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected > exit 1, output=3D"WARNING: Ignoring deprecated option --disable-summary > 451-4.5.0 LibClamAV Warning: > *********************************************************** 451-4.5.0 > LibClamAV Warning: *** This version of the ClamAV engine is outdated. > *** 451-4.5.0 LibClamAV Warning: *** DON'T PANIC! Read > http://www.clamav.net/support/faq *** 451-4.5.0 LibClamAV Warning: > *********************************************************** 451-4.5.0 > /var/lib/amavis/tmp/amavis-20090623T190508-02663/parts/p001: OK > 451-4.5.0 /var/lib/amavis/tmp/amavis-20090623T190508-02663/parts/p005: > Eicar-Test-Signature FOUND 451-4.5.0 451-4.5.0 ----------- SCAN > SUMMARY ----------- 451-4.5.0 Known viruses: 575374 451-4.5.0 Engine > version: 0.95.1 451-4.5.0 Scanned directories: 1 451-4.5.0 Scanned > files: 2 451-4.5.0 Infected files: 1 451-4.5.0 Data scanned: 0.00 MB > 451-4.5.0 Data read: 0.00 MB (ratio 0.00:1) 451 4.5.0 Time: 1.151 sec > (0 m 1 s)" at (eval 86) line 527. (in reply to end of DATA command)) > = > *************END************ Hi, first, you have to configure amavis not to use clamscan, but the daemon "cl= amd". This way you save the long startup times of clamav for each mail, and= amavis no longer gets confused by these "outdated" messages, which occur f= rom time to time whenever a new clamav release is out but hasn't been relea= sed for debian yet. When installing clamav-daemon, please read README.Debian in /usr/share/doc/= clamav-daemon carefully. By default clamd runs as user "clamav", which has = no access rights to /var/lib/amavis/... . = Sorry for not having a howto url at hand ;-) Thomas -- = Thomas Lamy Ingolstadt Online GmbH Thomas.Lamy@IN-Online.net Fon: +49 841 95 11 041 Fax: +49 841 95 11 071 Web: www.in-online.net Pflichtangaben lt. =A735a GmbHG: Ingolstadt Online GmbH, Bahnhofstrasse 8, 85051 Ingolstadt Gesch=E4ftsf= =FChrer Gerhard Mayer HR Ingolstadt Nr. 1950 Steuernummer 124/129/30752 Umsatzsteuer-= ID: DE179321207 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml