Results 1 to 5 of 5

Thread: Not sure ClamAV is working

  1. #1
    carnold is offline Advanced Member
    Join Date
    Jul 2007
    Posts
    227
    Rep Power
    8

    Default Not sure ClamAV is working

    Installed the 5.0 beta1 OSS on SLES10 and all is working except ClamAV. The reason i say except is because all the "xyz has sent you a postcard" viruses are not getting tagged as a virus. The clamav log from /opt/zimbra/log/clamav.log does not show any errors and states the selfcheck DB was successful. In the /var/log/messages log shows that antivirus is running. As i said, all the "postcard" viruses have not been tagged as such. All arrive in users inbox. how do i correct this?

    Chris

  2. #2
    carnold is offline Advanced Member
    Join Date
    Jul 2007
    Posts
    227
    Rep Power
    8

    Default

    No one has replied so i assume this is something i am overlooking? I have edited /opt/zimbra/clamav/clamd.conf to my taste but when i run anything in /opt/zimbra/clamav/bin, i get this:
    ERROR: Please edit the example config file /opt/zimbra/clamav-0.90.2/etc/clamd.conf.
    Can't parse /opt/zimbra/clamav-0.90.2/etc/clamd.conf

    ERROR: Please edit the example config file /opt/zimbra/clamav-0.90.2/etc/freshclam.conf.
    Can't parse /opt/zimbra/clamav-0.90.2/etc/freshclam.conf

    Why do i want to edit the sample file? and notice i was not even editing in the clamav-0.90.2 folder. and is the Clamav DB path /var/lib/clamav? Or is different with zimbra?

    [EDIT] Found the correct file, i think, to edit. It is in /opt/zimbra/conf/ but how do i restart clamd?[/EDIT]
    Last edited by carnold; 07-29-2007 at 01:34 PM.

  3. #3
    SpEnTBoY is offline Advanced Member
    Join Date
    Mar 2007
    Location
    Regina, Sask.
    Posts
    215
    Rep Power
    8

    Default

    Quote Originally Posted by carnold View Post
    No one has replied so i assume this is something i am overlooking? I have edited /opt/zimbra/clamav/clamd.conf to my taste but when i run anything in /opt/zimbra/clamav/bin, i get this:
    ERROR: Please edit the example config file /opt/zimbra/clamav-0.90.2/etc/clamd.conf.
    Can't parse /opt/zimbra/clamav-0.90.2/etc/clamd.conf

    ERROR: Please edit the example config file /opt/zimbra/clamav-0.90.2/etc/freshclam.conf.
    Can't parse /opt/zimbra/clamav-0.90.2/etc/freshclam.conf

    Why do i want to edit the sample file? and notice i was not even editing in the clamav-0.90.2 folder. and is the Clamav DB path /var/lib/clamav? Or is different with zimbra?

    [EDIT] Found the correct file, i think, to edit. It is in /opt/zimbra/conf/ but how do i restart clamd?[/EDIT]
    to restart I think all you need to do (as zimbra) is:

    $ zmclamdctl start

    or restart.

  4. #4
    fatalwishes's Avatar
    fatalwishes is offline New Member
    Join Date
    Aug 2007
    Location
    Fort Worth
    Posts
    4
    Rep Power
    8

    Default

    Quote Originally Posted by carnold View Post
    Installed the 5.0 beta1 OSS on SLES10 and all is working except ClamAV. The reason i say except is because all the "xyz has sent you a postcard" viruses are not getting tagged as a virus. The clamav log from /opt/zimbra/log/clamav.log does not show any errors and states the selfcheck DB was successful. In the /var/log/messages log shows that antivirus is running. As i said, all the "postcard" viruses have not been tagged as such. All arrive in users inbox. how do i correct this?

    Chris
    That is because the actual virus is not in the email. Clicking the link in the email allows you to download the virus wich is usually labeled "postcard.exe" and that happens in your browser, not your email client or inside of zimbra so clamav will not detect it. You will need a live scanner on your system that tracks dowloaded viruses off the internet to catch the postcard viruses.

    Clamwin will detect it on a scan but if the user has already opened it...its too late.

    If you are getting the actual virus in the emails, setup your banned attachments list to not allow ".exe" and they won't get through.

  5. #5
    carnold is offline Advanced Member
    Join Date
    Jul 2007
    Posts
    227
    Rep Power
    8

    Default

    Quote Originally Posted by fatalwishes View Post
    That is because the actual virus is not in the email. Clicking the link in the email allows you to download the virus wich is usually labeled "postcard.exe" and that happens in your browser, not your email client or inside of zimbra so clamav will not detect it. You will need a live scanner on your system that tracks dowloaded viruses off the internet to catch the postcard viruses.

    Clamwin will detect it on a scan but if the user has already opened it...its too late.

    If you are getting the actual virus in the emails, setup your banned attachments list to not allow ".exe" and they won't get through.
    When we used another email app and clamav (clamav was not "built-in" to this email app) clamav detected these "postcard" emails as viruses. Why will Zimbra, which uses clamav, not detect these as viruses? I know i could block exe's but but past use of clamav stripped the virus and tagged it as a virus. How do i config zimbra/clamav to do this?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Howto: Update ClamAV
    By unilogic in forum Administrators
    Replies: 9
    Last Post: 12-12-2007, 05:28 AM
  2. Outdated ClamAV warning in log
    By emx in forum Installation
    Replies: 1
    Last Post: 07-16-2007, 11:07 AM
  3. Replies: 2
    Last Post: 07-13-2007, 06:25 AM
  4. help for clamav outdated
    By newvision in forum Administrators
    Replies: 3
    Last Post: 02-16-2007, 09:14 PM
  5. Replies: 2
    Last Post: 03-15-2006, 09:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •