ClamAV not scanning email

6 posts / 0 new
Topic locked
Last post
#1 Tue, 04/13/2010 - 09:26
hmbl programmer

ClamAV not scanning email

I am using Virtualmin and have it set up to have Postfix scan incoming emails with ClamAV (using clamdscan) and delete any emails which contain a virus. However when I email myself the EICAR test string, it comes through just fine. I know ClamAV will report this file as a virus. How can I troubleshoot this / what could be wrong?

Tue, 04/13/2010 - 09:51
andreychek

Howdy,

You may want to start by looking in the logfiles for any signs of trouble.

Look at the email and procmail logs around the time you think ClamAV should have kicked in... those are /var/log/procmail, and then either /var/log/mail.log or /var/log/maillog (depending on your distro).

Also, make sure that in Edit Virtual Server, the "Virus Filtering" feature is enabled for that domain.

-Eric

Tue, 04/13/2010 - 09:59
hmbl programmer

"Virus Filtering" is enabled.

Procmail.log doesn't show much of interest:

From josh@gitlin.name  Tue Apr 13 10:51:37 2010
Subject: Test 5
  Folder: /home/gitlin.name/homes/josh/Maildir/new/1271170297.9115_0.w     1644
Time:1271170297 From:josh@gitlin.name To:josh@gitlin.name User:josh-gitlin.name Size:1693 Dest:/home/gitlin.name/homes/josh/Maildir/new/1271170297.9115_0.workingman.digitalfruition.com Mode:None

Nor does maillog:

Apr 13 10:51:37 workingman postfix/smtpd[9083]: 1FB231213B4: client=cpe-065-190-021-110.nc.res.rr.com[65.190.21.110], sasl_method=PLAIN, sasl_username=josh-gitlin.name
Apr 13 10:51:37 workingman postfix/cleanup[9086]: 1FB231213B4: message-id=<4BC4860E.9080608@gitlin.name>
Apr 13 10:51:37 workingman postfix/qmgr[10917]: 1FB231213B4: from=<josh@gitlin.name>, size=1569, nrcpt=1 (queue active)
Apr 13 10:51:37 workingman postfix/smtpd[9083]: disconnect from cpe-065-190-021-110.nc.res.rr.com[65.190.21.110]
Apr 13 10:51:37 workingman postfix/local[9087]: 1FB231213B4: to=<josh-gitlin.name@workingman.digitalfruition.com>, orig_to=<josh@gitlin.name>, relay=local, delay=0.83, delays=0.5/0/0/0.32, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)

I suppose what they both do show is no indication that clamdscan nor spamc are running on these emails...

Tue, 04/13/2010 - 10:32
andreychek

If you look at your email headers, are you seeing any that begin with "X-Spam-Status"?

Tue, 04/13/2010 - 11:21
hmbl programmer

Nope, no X-Spam-Status nor X-Spam-Score headers. So SpamAssassin isn't scanning the emails...

Tue, 04/13/2010 - 14:48
hmbl programmer

I killed /usr/libexec/webmin/virtual-server/lookup-domain-daemon.pl and restarted it, and that seems to have solved my issue... I'll keep an eye out and see if this happens again.

Topic locked