On 01/26/2008 04:08 AM, Sandy Drobic wrote:
Now you get off you lazy butt and see for yourself how clam-av and amavisd-new are configured. (^-^)
egrep -v "^#" /etc/clamd.conf | egrep -v "^$" LogTime yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid # Same localSocket as in /etc/amavisd.conf! LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan Foreground no ScanOLE2 yes ScanPDF yes ScanMail yes PhishingSignatures yes PhishingScanURLs yes
Some important parts of /etc/amavisd.conf: $daemon_user = 'vscan'; # yes, same user as clamd! $daemon_group = 'vscan'; @av_scanners = ( ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', ['antivir'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], ); @av_scanners_backup = ( ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], qr/Infection: (.+)/ ], ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], '-i1 -xp {}', [0,10,15], [5,20,21,25], qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], );
Check that clamd actually is running: rcclamd status and is set to start at boot: chkconfig clamd on
and finally, that you call fresh-clam from cron.
Interesting. I never noticed before that the default amavisd setup is to NOT use clamd as a primary antivirus scanner (but antivir is). Mine sees antivir as primary and clamscan as secondary. So the problem for the OP is he only has clamav installed and no primary (by default). I assume he could correct the socket path and uncomment the section for clamd to allow it to work as a primary scanner. Best I assume would be to install a primary scanner from the offering in amavisd.conf, and leave clamscan as a secondary. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org