Solved

clamscan not working

Posted on 2016-08-02
2
48 Views
Last Modified: 2016-08-23
I have clamscan running as a milter on sendmail 8.14.9 (linux slackware64 14.1). It catches some viruses. Here is the quarantine list for July:

> mailq -qQ
                /var/spool/mqueue (4 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
u6QA9hrW003379     9044 Tue Jul 26 06:09 <matkeson@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <matkeson@mydom.com>
                                         /var/spool/mail/allmail
u6QARSDn003827     9053 Tue Jul 26 06:27 <mfoley@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <mfoley@mydom.com>
                                         /var/spool/mail/spam
                                         /var/spool/mail/allmail

Open in new window


Only two quarantined. Yet when I run clamscan on the IMAP mail directory hierarchy lots more viruses are caught. Here is the list of mail message in July for which clamscan found infections:

-rw------- 1 matkeson users 54758 2016-07-06 10:09 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467814913.M678760P7497.mail,S\=54758,W\=55532:2,RS
-rw------- 1 matkeson users 54658 2016-07-06 10:21 /home/HPRS/matkeson/Maildir/.SENT/cur/1467814912.M565214P7497.mail,S\=54658,W\=55403:2,S
-rw------- 1 matkeson users 54522 2016-07-06 23:01 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892942.M133977P15668.mail,S\=54522,W\=55294:2,S
-rw------- 1 matkeson users 50755 2016-07-07 06:54 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892975.M200840P15668.mail,S\=50755,W\=51475:2,S
-rw------- 1 matkeson users 50764 2016-07-07 07:37 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467893010.M973935P15668.mail,S\=50764,W\=51485:2,S
-rw------- 1 matkeson users 55128 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892939.M966329P30833.mail,S\=55128,W\=55874:2,S
-rw------- 1 matkeson users 51168 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892975.M692804P30833.mail,S\=51168,W\=51863:2,S
-rw------- 1 matkeson users 51579 2016-07-07 08:03 /home/HPRS/matkeson/Maildir/.SENT/cur/1467893011.M46971P30833.mail,S\=51579,W\=52276:2,S

Open in new window


So, what's up? Why is the clamscan milter missing these? It could be new updated virus definitions that catch things when checked August 1st, that were not in the AV database in early july -- but I'm skeptical about that.

Ideas?
0
Comment
Question by:jmarkfoley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 10

Accepted Solution

by:
Scott Silva earned 500 total points (awarded by participants)
ID: 41741079
Zero day viruses are pretty common, and clam is known to be a bit behind with database updates because of the volunteer basis. 20 days is a lifetime with the new email attacks going on every day.

It could also be something in your milter settings... What milter are you using?

Does it have a config file, or does it only run as is?
0
 
LVL 10

Expert Comment

by:Scott Silva
ID: 41766620
My answer was most appropriate with the proliferation of zero day viruses and the posters lack of follow up.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question