Solved

clamscan not working

Posted on 2016-08-02
2
31 Views
Last Modified: 2016-08-23
I have clamscan running as a milter on sendmail 8.14.9 (linux slackware64 14.1). It catches some viruses. Here is the quarantine list for July:

> mailq -qQ
                /var/spool/mqueue (4 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
u6QA9hrW003379     9044 Tue Jul 26 06:09 <matkeson@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <matkeson@mydom.com>
                                         /var/spool/mail/allmail
u6QARSDn003827     9053 Tue Jul 26 06:27 <mfoley@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <mfoley@mydom.com>
                                         /var/spool/mail/spam
                                         /var/spool/mail/allmail

Open in new window


Only two quarantined. Yet when I run clamscan on the IMAP mail directory hierarchy lots more viruses are caught. Here is the list of mail message in July for which clamscan found infections:

-rw------- 1 matkeson users 54758 2016-07-06 10:09 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467814913.M678760P7497.mail,S\=54758,W\=55532:2,RS
-rw------- 1 matkeson users 54658 2016-07-06 10:21 /home/HPRS/matkeson/Maildir/.SENT/cur/1467814912.M565214P7497.mail,S\=54658,W\=55403:2,S
-rw------- 1 matkeson users 54522 2016-07-06 23:01 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892942.M133977P15668.mail,S\=54522,W\=55294:2,S
-rw------- 1 matkeson users 50755 2016-07-07 06:54 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892975.M200840P15668.mail,S\=50755,W\=51475:2,S
-rw------- 1 matkeson users 50764 2016-07-07 07:37 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467893010.M973935P15668.mail,S\=50764,W\=51485:2,S
-rw------- 1 matkeson users 55128 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892939.M966329P30833.mail,S\=55128,W\=55874:2,S
-rw------- 1 matkeson users 51168 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892975.M692804P30833.mail,S\=51168,W\=51863:2,S
-rw------- 1 matkeson users 51579 2016-07-07 08:03 /home/HPRS/matkeson/Maildir/.SENT/cur/1467893011.M46971P30833.mail,S\=51579,W\=52276:2,S

Open in new window


So, what's up? Why is the clamscan milter missing these? It could be new updated virus definitions that catch things when checked August 1st, that were not in the AV database in early july -- but I'm skeptical about that.

Ideas?
0
Comment
Question by:jmarkfoley
  • 2
2 Comments
 
LVL 10

Accepted Solution

by:
Scott Silva earned 500 total points (awarded by participants)
ID: 41741079
Zero day viruses are pretty common, and clam is known to be a bit behind with database updates because of the volunteer basis. 20 days is a lifetime with the new email attacks going on every day.

It could also be something in your milter settings... What milter are you using?

Does it have a config file, or does it only run as is?
0
 
LVL 10

Expert Comment

by:Scott Silva
ID: 41766620
My answer was most appropriate with the proliferation of zero day viruses and the posters lack of follow up.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question