[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vps-mail] clamav (from ports) seems to have stopped working
- Subject: Re: [vps-mail] clamav (from ports) seems to have stopped working
- From: "Bennett Lanford" <ben@xxxxxxxxxxxxx>
- Date: Thu, 22 Apr 2004 21:12:56 -0000
Bill Wilson <bwilson@xxxxxxx> said:
> Hi.
>
> I am noticing a lot of virus mail over the last week, and clamav is no
> longer catching any virus mail now. ps aux shows clamd and freshclam
> running.
>
> I installed this from ports. My questions are:
>
> How do I know clamav is running properly?
Check your /var/log/maillog file (I assume you're on VPS2?) for mention of
clamav-milter.
When a virus-free e-mail is filtered, I generally see a line something like:
============================================================
Apr 22 14:51:32 mail sm-mta[54643]: i3MKpV8o054643: Milter add: header:
X-Virus-Scanned: ClamAV version 'clamd / ClamAV version 0.65', clamav-milter
version '0.60p'
============================================================
(Yeah, I know--I need to upgrade my version ...)
When a virus is intercepted, the following lines appear in my maillog:
=================================================================
Apr 22 00:03:36 mail clamav-milter[66452]: Intercepted virus from
<hot_gurl1602@xxxxxxxxxxx> to <webmaster@xxxxxxxxxxxxxxxxx>
Apr 22 00:03:36 mail sm-mta[2572]: i3M634Gq002572: milter=clmilter,
reject=550 5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com
Apr 22 00:03:36 mail sm-mta[2572]: i3M634Gq002572: Milter: data, reject=550
5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com
Apr 22 00:03:36 mail sm-mta[2572]: i3M634Gq002572:
to=<webmaster@xxxxxxxxxxxxx>, delay=00:00:21, pri=54277, stat=Virus detected
by ClamAV - http://clamav.elektrapro.com
==================================================================
> How do I restart it?
I find that my clamav-milter "goes flakey" every week or so. Whenever it
does, I generally over-react and just reboot my VPS (typing "reboot" as
root). I've tried restarting the clamav daemon, the clamav-milter daemon, the
freshclam daemon and the sendmail daemons, but invariably one of them is
wedged (somehow), so I just reboot.
Fortunately, a VPS2 reboot is *very* quick. This instability (?) of
clamav-milter may be viewed by some as a reason to stick with
procmail-controlled virus scanning, but I like being able to reject
virus-laden incoming mail during the SMTP conversation--before is takes up
residence on my server.
I gather that the clamav and clamav-milter developers are quite active, and
am hopeful that stability will improve soon.
> Are their any log files showing clamav activities?
On my server, the clam logs are in the /var/log directory. The amount of
logging and location of logs is specified in /usr/local/etc/clamav.conf on my
VPS2.
> Why is freshclam running continually? ( I thought it ran from the cron
> periodically)
I think freshclam was changed recently to give you two options: you can now
run it either as a daemon (telling it how many times per day to update--via
a startup option) or as a crontab entry (or both, I suppose).
--
Bennett Lanford
ben@xxxxxxxxxxxxx
======================================================================
This is <vps-mail@xxxxxxxxxxxx> <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).
Main Index |
Thread Index