?
Solved

clamscan not working

Posted on 2016-08-02
2
Medium Priority
?
67 Views
Last Modified: 2016-08-23
I have clamscan running as a milter on sendmail 8.14.9 (linux slackware64 14.1). It catches some viruses. Here is the quarantine list for July:

> mailq -qQ
                /var/spool/mqueue (4 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
u6QA9hrW003379     9044 Tue Jul 26 06:09 <matkeson@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <matkeson@mydom.com>
                                         /var/spool/mail/allmail
u6QARSDn003827     9053 Tue Jul 26 06:27 <mfoley@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <mfoley@mydom.com>
                                         /var/spool/mail/spam
                                         /var/spool/mail/allmail

Open in new window


Only two quarantined. Yet when I run clamscan on the IMAP mail directory hierarchy lots more viruses are caught. Here is the list of mail message in July for which clamscan found infections:

-rw------- 1 matkeson users 54758 2016-07-06 10:09 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467814913.M678760P7497.mail,S\=54758,W\=55532:2,RS
-rw------- 1 matkeson users 54658 2016-07-06 10:21 /home/HPRS/matkeson/Maildir/.SENT/cur/1467814912.M565214P7497.mail,S\=54658,W\=55403:2,S
-rw------- 1 matkeson users 54522 2016-07-06 23:01 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892942.M133977P15668.mail,S\=54522,W\=55294:2,S
-rw------- 1 matkeson users 50755 2016-07-07 06:54 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892975.M200840P15668.mail,S\=50755,W\=51475:2,S
-rw------- 1 matkeson users 50764 2016-07-07 07:37 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467893010.M973935P15668.mail,S\=50764,W\=51485:2,S
-rw------- 1 matkeson users 55128 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892939.M966329P30833.mail,S\=55128,W\=55874:2,S
-rw------- 1 matkeson users 51168 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892975.M692804P30833.mail,S\=51168,W\=51863:2,S
-rw------- 1 matkeson users 51579 2016-07-07 08:03 /home/HPRS/matkeson/Maildir/.SENT/cur/1467893011.M46971P30833.mail,S\=51579,W\=52276:2,S

Open in new window


So, what's up? Why is the clamscan milter missing these? It could be new updated virus definitions that catch things when checked August 1st, that were not in the AV database in early july -- but I'm skeptical about that.

Ideas?
0
Comment
Question by:jmarkfoley
  • 2
2 Comments
 
LVL 11

Accepted Solution

by:
Scott Silva earned 2000 total points (awarded by participants)
ID: 41741079
Zero day viruses are pretty common, and clam is known to be a bit behind with database updates because of the volunteer basis. 20 days is a lifetime with the new email attacks going on every day.

It could also be something in your milter settings... What milter are you using?

Does it have a config file, or does it only run as is?
0
 
LVL 11

Expert Comment

by:Scott Silva
ID: 41766620
My answer was most appropriate with the proliferation of zero day viruses and the posters lack of follow up.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Cron is one of the most popular and basic utilities found on Unix systems. Combined with other tools, cron makes it exceptionally easy to automate a broad range of tasks on your server.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question