>
> I just did a fresh install on Postfix, Amavisd-new, & Clamav on
> Debian. Now everything works great however I attempted to send a test
> virus from my new Postfix install running Clamd to this Gmail account
> and I never saw any sign emailed to me that a "virus was detected"
> from Clamav. I don't understand why. The message was never relayed to
> its final destination (this Gmail address) but I don't understand what
> happened. I checked my /var/log/mail.log to see if it reported
> anything strange about the message and I found the following:
>
> Jun 24 10:08:13 ham postfix/smtp[7337]: 39CEF51B12:
> to=<carloswill@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024,
> delay=1.3, delays=0.05/0.01/0/1.3, dsn=4.5.0, status=deferred (host
> 127.0.0.1[127.0.0.1] said: 451-4.5.0 Error in processing, id=02663-04,
> virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd
> av-scanner FAILED: CODE(0x24739e8) unexpected ,
> output="/var/lib/amavis/tmp/amavis-20090623T190508-02663/parts:
> lstat() failed: Permission denied. ERROR 451-4.5.0 " at (eval 86) line
> 527.; ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected
> exit 1, output="WARNING: Ignoring deprecated option --disable-summary
> 451-4.5.0 LibClamAV Warning:
> *********************************************************** 451-4.5.0
> LibClamAV Warning: *** This version of the ClamAV engine is outdated.
> *** 451-4.5.0 LibClamAV Warning: *** DON'T PANIC! Read
> http://www.clamav.net/support/faq *** 451-4.5.0 LibClamAV Warning:
> *********************************************************** 451-4.5.0
> /var/lib/amavis/tmp/amavis-20090623T190508-02663/parts/p001: OK
> 451-4.5.0 /var/lib/amavis/tmp/amavis-20090623T190508-02663/parts/p005:
> Eicar-Test-Signature FOUND 451-4.5.0 451-4.5.0 ----------- SCAN
> SUMMARY ----------- 451-4.5.0 Known viruses: 575374 451-4.5.0 Engine
> version: 0.95.1 451-4.5.0 Scanned directories: 1 451-4.5.0 Scanned
> files: 2 451-4.5.0 Infected files: 1 451-4.5.0 Data scanned: 0.00 MB
> 451-4.5.0 Data read: 0.00 MB (ratio 0.00:1) 451 4.5.0 Time: 1.151 sec
> (0 m 1 s)" at (eval 86) line 527. (in reply to end of DATA command))
>
> *************END************
Hi,
first, you have to configure amavis not to use clamscan, but the daemon "clamd". This way you save the long startup times of clamav for each mail, and amavis no longer gets confused by these "outdated" messages, which occur from time to time whenever a new clamav release is out but hasn't been released for debian yet.
When installing clamav-daemon, please read README.Debian in /usr/share/doc/clamav-daemon carefully. By default clamd runs as user "clamav", which has no access rights to /var/lib/amavis/... .
Sorry for not having a howto url at hand ;-)
Thomas
--
Thomas Lamy Ingolstadt Online GmbH Thomas.Lamy@IN-Online.net
Fon: +49 841 95 11 041 Fax: +49 841 95 11 071 Web: www.in-online.net
Pflichtangaben lt. §35a GmbHG:
Ingolstadt Online GmbH, Bahnhofstrasse 8, 85051 Ingolstadt Geschäftsführer Gerhard Mayer
HR Ingolstadt Nr. 1950 Steuernummer 124/129/30752 Umsatzsteuer-ID: DE179321207
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
(text/plain)