Need help getting clamav to scan scalix

[hikenboots]

I have set up clamav but cannot get it to scan the Scalix system. Below is the configuration: Any help is really appreciated.

Per http://www.clamav.net/binary.html#pagestart:
http://crash.fce.vutbr.cz/crash-hat/4/clamav/, I installed:
[root@hq ~]# rpm -qa | grep clam
clamav-data-0.88.2-1.fc4
clamav-server-0.88.2-1
clamav-0.88.2-1

[root@hq ~]# service clamd start
[root@hq ~]# chkconfig clamd on

clamdscan will find an eicar test viirus file in a directory successfully.

Next, from Knowlegebase, I followed "Installing Clamav in a scalix environment".
/var/opt/scalix/rules/ALL-ROUTES.VIR reads:
VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=!ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was fuond in your message. It was successfully cleaned and sent to the recipient. However we highly recommend that you install or update your virus protection software and scan your computer for viruses."

/var/opt/scalix/rules/ndninfo.txt reads:
A virus was found in your message. The virus could not be cleaned and thus the message was not sent to the recipient. We highly recommend that you install or update your virus protection software and scan your computer for viruses.

/var/opt/scalix/rules/omvscan.map owned by root, chmod 555

I added clamav to scalix group per page 4 of the knowlegebase article.
[root@hq ~]# cat /etc/group | grep clamav
scalix:x:101:clamav
clamav:x:103:

I sent an EICAR test virus files both inbound and from my email account and nothing is being scanned/caught.

/var/opt/scalix/logs/audit logs as such:
routing
time 1148419528 Tue May 23 16:25:28 2006 -300
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
subject FW:
ua-message-id F91D40C1F2E16E43A04B840CFD134947031C8B(a)MERCYMAIL.xxxxxx.Local
mta-message-id F91D40C1F2E16E43A04B840CFD134947031C8B(a)MERCYMAIL.xxxxxx.Local
originator johnf / internet DDT1=RFC-822; DDV1=johnx@sa-xxxxxxxx.org;
part-size 365
part-type 1166 DISTRIBUTION LIST
part-size 300
part-type 1167 TEXT
part-size 1318
part-type 2133 HTML
part-size 2743
part-type 1744 JPEG (Joint PhotoGraphics Group)
part-size 2235
part-type 0 BINARY FILE
recipient-to John L. Fxxxxx Jr.. / hq, harxxxxxxx/CN=John Fxxxxx
ack-req 0 none
queue LOCAL
max-nest-depth 1
message-size 11108
part-count 5
delivered-count 1

[ScalixSupport]

Have you restarted the Service Router ?

Cheers

Dave

[hikenboots]

Have you restarted the Service Router ?

Cheers

Dave

Yes. I have also gone so far as to reboot the server.

Also, I added echo "it ran">/clam.txt to /var/opt/scalix/rules/omvscan.map to see if it ever gets called. It does not. I'm not familiar with how this file fits in but I'm sure that its not being run after a reboot or after a mail is sent/received. I hope that this helps, let me know what logs, etc I can provide: help is really appreciated.

[ScalixSupport]

Hi. How did you create the ALL-ROUTES.VIR file? Can you open it with vi and check that it's not a DOS file? The same goes for the ndninfo.txt file.

Thanks,
Rachel

[hikenboots]

Hi. How did you create the ALL-ROUTES.VIR file? Can you open it with vi and check that it's not a DOS file? The same goes for the ndninfo.txt file.

Thanks,
Rachel

Ah Ha! Thanks Rachel. There was an invisible character on the end of /var/opt/scalix/rules/ndninfo.txt which showed as /var/opt/scalix/rules/ndninfo.txt\ when I used the tab key to autocomplete the filename. Thats a first for me. I renamed it to /var/opt/scalix/rules/ndninfo.txt and it works like a charm.

Awesome tech support by the way!

Thanks, John