Clamav found no virus

[bsk]

hello,

i have installed clamav with the howto. When I send a test virus mail clamav cant find the virus. I believe clamav ist not configured right. The fatal log is emty.

Thanks for your help

[subir411]

Hi!

I see you have issues with clamav configuration. I would suggest you to do the following:

1. Enable audit logging for a Scalix service. You can find the audit log in /var/opt/scalix/logs folder. The steps to enable audit logging is given under testing section of the "Configuring ClamAV in a Scalix Environment (126746)" available in knowledge base.
2. Update clamav database using the command freshclam, please refer to man pages for detail.
3. Try attaching a test virus from the /usr/share/doc/clamav-0.88.2/test folder and see if the clam is able to detect the virus.

Please revert with the contents of file ALL-ROUTES.VIR file in the /var/opt/scalix/rules directory.

Thanks.

[bsk]

I think the problem is my clamd.conf. Can everbody post the importats steps to configure? The documentation isn´t very helpful for me.

My clamd.conf

Code: Select all

LogVerbose
PidFile /var/lib/clamav/clamd.pid
FixStaleSocket
TCPSocket 3310
TCPAddr 213.239.xxx.xxx
User vscan
Foreground


It is everything wrong?

[dkelly]

Why isn't the documentation helpful ? If there is something missing we need to know.

Code: Select all

User vscan

This tells me that you are using a SuSE installation. What we've seen in the past is that the vscan user isn't able to access Scalix files so you need to look specifically at the article "Configuring SpamAssassin on SuSE Systems (165119)" in the knowledgebase.

However, even if you followed the steps for the RedHat installation, you would have configured enough for the Service Router to abort on startup if the anti-virus configuration was incorrect.

If that didn't happen, this would mean that /var/opt/scalix/NN/s/rules/ALL-ROUTES.VIR (Scalix 11) or /var/opt/scalix/rules/ALL-ROUTES.VIR is not present, is not named correctly ( the name has to be all capital letters ) or does not have the correct permissions, i.e.

Code: Select all

-rw-r--r--  1 root   root      78 Oct 11  2004 ALL-ROUTES.VIR

Cheers

Dave

[bsk]

This tells me that you are using a SuSE installation. What we've seen in the past is that the vscan user isn't able to access Scalix files so you need to look specifically at the article "Configuring SpamAssassin on SuSE Systems (165119)" in the knowledgebase.

I dont understand why I should configure Spamassian? I use Mailwasher!

If that didn't happen, this would mean that /var/opt/scalix/NN/s/rules/ALL-ROUTES.VIR (Scalix 11) or /var/opt/scalix/rules/ALL-ROUTES.VIR is not present, is not named correctly ( the name has to be all capital letters ) or does not have the correct permissions, i.e.

Code: Select all

-rw-r--r--  1 root   root      78 Oct 11  2004 ALL-ROUTES.VIR

ALL-ROUTES.VIR have the right permissions





Another reason?

[bsk]

Nobody here, who can help me?

[dkelly]

I dont understand why I should configure Spamassian? I use Mailwasher!
ALL-ROUTES.VIR have the right permissions
Another reason?

You spotted my deliberate mistake. I was obviously talking about clamd and we do have a document in the knowledgebase about it

Do you also have omvscan.map in the same directory and did you use one of the test virus files that Subir detailed in his reply ?

Cheers

Dave