Solved

clamscan not working

Posted on 2016-08-02
2
35 Views
Last Modified: 2016-08-23
I have clamscan running as a milter on sendmail 8.14.9 (linux slackware64 14.1). It catches some viruses. Here is the quarantine list for July:

> mailq -qQ
                /var/spool/mqueue (4 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
u6QA9hrW003379     9044 Tue Jul 26 06:09 <matkeson@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <matkeson@mydom.com>
                                         /var/spool/mail/allmail
u6QARSDn003827     9053 Tue Jul 26 06:27 <mfoley@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <mfoley@mydom.com>
                                         /var/spool/mail/spam
                                         /var/spool/mail/allmail

Open in new window


Only two quarantined. Yet when I run clamscan on the IMAP mail directory hierarchy lots more viruses are caught. Here is the list of mail message in July for which clamscan found infections:

-rw------- 1 matkeson users 54758 2016-07-06 10:09 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467814913.M678760P7497.mail,S\=54758,W\=55532:2,RS
-rw------- 1 matkeson users 54658 2016-07-06 10:21 /home/HPRS/matkeson/Maildir/.SENT/cur/1467814912.M565214P7497.mail,S\=54658,W\=55403:2,S
-rw------- 1 matkeson users 54522 2016-07-06 23:01 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892942.M133977P15668.mail,S\=54522,W\=55294:2,S
-rw------- 1 matkeson users 50755 2016-07-07 06:54 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892975.M200840P15668.mail,S\=50755,W\=51475:2,S
-rw------- 1 matkeson users 50764 2016-07-07 07:37 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467893010.M973935P15668.mail,S\=50764,W\=51485:2,S
-rw------- 1 matkeson users 55128 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892939.M966329P30833.mail,S\=55128,W\=55874:2,S
-rw------- 1 matkeson users 51168 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892975.M692804P30833.mail,S\=51168,W\=51863:2,S
-rw------- 1 matkeson users 51579 2016-07-07 08:03 /home/HPRS/matkeson/Maildir/.SENT/cur/1467893011.M46971P30833.mail,S\=51579,W\=52276:2,S

Open in new window


So, what's up? Why is the clamscan milter missing these? It could be new updated virus definitions that catch things when checked August 1st, that were not in the AV database in early july -- but I'm skeptical about that.

Ideas?
0
Comment
Question by:jmarkfoley
  • 2
2 Comments
 
LVL 10

Accepted Solution

by:
Scott Silva earned 500 total points (awarded by participants)
ID: 41741079
Zero day viruses are pretty common, and clam is known to be a bit behind with database updates because of the volunteer basis. 20 days is a lifetime with the new email attacks going on every day.

It could also be something in your milter settings... What milter are you using?

Does it have a config file, or does it only run as is?
0
 
LVL 10

Expert Comment

by:Scott Silva
ID: 41766620
My answer was most appropriate with the proliferation of zero day viruses and the posters lack of follow up.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question