Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

clamscan not working

Posted on 2016-08-02
2
Medium Priority
?
62 Views
Last Modified: 2016-08-23
I have clamscan running as a milter on sendmail 8.14.9 (linux slackware64 14.1). It catches some viruses. Here is the quarantine list for July:

> mailq -qQ
                /var/spool/mqueue (4 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
u6QA9hrW003379     9044 Tue Jul 26 06:09 <matkeson@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <matkeson@mydom.com>
                                         /var/spool/mail/allmail
u6QARSDn003827     9053 Tue Jul 26 06:27 <mfoley@mydom.com>
     QUARANTINE: quarantined by clamav-milter
                                         <mfoley@mydom.com>
                                         /var/spool/mail/spam
                                         /var/spool/mail/allmail

Open in new window


Only two quarantined. Yet when I run clamscan on the IMAP mail directory hierarchy lots more viruses are caught. Here is the list of mail message in July for which clamscan found infections:

-rw------- 1 matkeson users 54758 2016-07-06 10:09 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467814913.M678760P7497.mail,S\=54758,W\=55532:2,RS
-rw------- 1 matkeson users 54658 2016-07-06 10:21 /home/HPRS/matkeson/Maildir/.SENT/cur/1467814912.M565214P7497.mail,S\=54658,W\=55403:2,S
-rw------- 1 matkeson users 54522 2016-07-06 23:01 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892942.M133977P15668.mail,S\=54522,W\=55294:2,S
-rw------- 1 matkeson users 50755 2016-07-07 06:54 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467892975.M200840P15668.mail,S\=50755,W\=51475:2,S
-rw------- 1 matkeson users 50764 2016-07-07 07:37 /home/HPRS/matkeson/Maildir/.Deleted\ Items/cur/1467893010.M973935P15668.mail,S\=50764,W\=51485:2,S
-rw------- 1 matkeson users 55128 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892939.M966329P30833.mail,S\=55128,W\=55874:2,S
-rw------- 1 matkeson users 51168 2016-07-07 08:02 /home/HPRS/matkeson/Maildir/.SENT/cur/1467892975.M692804P30833.mail,S\=51168,W\=51863:2,S
-rw------- 1 matkeson users 51579 2016-07-07 08:03 /home/HPRS/matkeson/Maildir/.SENT/cur/1467893011.M46971P30833.mail,S\=51579,W\=52276:2,S

Open in new window


So, what's up? Why is the clamscan milter missing these? It could be new updated virus definitions that catch things when checked August 1st, that were not in the AV database in early july -- but I'm skeptical about that.

Ideas?
0
Comment
Question by:jmarkfoley
  • 2
2 Comments
 
LVL 11

Accepted Solution

by:
Scott Silva earned 2000 total points (awarded by participants)
ID: 41741079
Zero day viruses are pretty common, and clam is known to be a bit behind with database updates because of the volunteer basis. 20 days is a lifetime with the new email attacks going on every day.

It could also be something in your milter settings... What milter are you using?

Does it have a config file, or does it only run as is?
0
 
LVL 11

Expert Comment

by:Scott Silva
ID: 41766620
My answer was most appropriate with the proliferation of zero day viruses and the posters lack of follow up.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question