clamav not working

comeback

Verified User
Joined
Aug 21, 2012
Messages
34
Hello,

I speak French, sorry for my bad English.

I installed DirectAdmin on CentOS 6.3.

I want to install spammassain, and I do this command:

http://help.directadmin.com/item.php?id=370

In the end, I got this error message:

Code:
cli_loaddb(): No supported database files found in /usr/share/clamav

I reinstall with commands:

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clamav yes
./build clamav

This works, but when I test the site

http://www.emailsecuritycheck.net/index.html

I get all emails, clamav not working.

The email # 3 is recognized as spam.
Thank you for your help
 
Does all incoming mail have a virus attached? Has far as i understood it check attachment extension that should be blocked (.bat .exe).

Also, did you edit exim.conf to get integrated with clamav?

Regards
 
Thank you for your help.

I get the files.

I changed the exim.conf file.

I just have one question for this part:

Code:
check_message:
Because there was already
Code:
accept

I changed, as

Code:
check_message:
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = */defer_ok
deny message = This message contains an attachment of a type which we  do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
accept
 

When I test I get the zip file

For check if is working try read an email header and look for a line starting with:

X-Antivirus-Scanner:

For mail from, [email protected]:

Code:
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

For mail from, [email protected]:

Code:
X-Virus-Scanned: Debian amavisd-new at 5013.mail.vm.your-site.com
Code:
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

I put all the source, the important information Substitutes by XXX:

Code:
Return-path: <[email protected]>
Envelope-to: XXX
Delivery-date: Mon, 03 Sep 2012 12:56:17 +0200
Received: from mail by XXX with spam-scanned (Exim 4.76)
	(envelope-from <[email protected]>)
	id 1T8UKC-00035D-JP
	for XXX; Mon, 03 Sep 2012 12:56:17 +0200
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	XXX
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS
	autolearn=ham version=3.3.2
Received: from spammy.outbound.your-site.com ([205.233.73.28])
	by XXX with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.76)
	(envelope-from <[email protected]>)
	id 1T8UKC-000353-C3
	for XXX; Mon, 03 Sep 2012 12:56:12 +0200
Received: from bulk.outbound.your-site.com (unknown [10.1.18.241])
	by 5193.spammy.mail.your-site.com (Postfix) with ESMTP id 785FF244BB
	for <XXX>; Mon,  3 Sep 2012 06:56:08 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by 5243.bulk.mail.your-site.com (Postfix) with ESMTP id 7272924328
	for <XXX>; Mon,  3 Sep 2012 06:56:08 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at 5013.mail.vm.your-site.com
Received: from 1884.web.vm.your-site.com (5086.web.vm.your-site.com [10.1.5.86])
	by 5243.bulk.mail.your-site.com (Postfix) with ESMTP id 60CEF23765
	for <XXX>; Mon,  3 Sep 2012 06:56:08 -0400 (EDT)
Received: (from aleph@localhost)
	by 1884.web.vm.your-site.com (8.14.3/8.14.3/Submit) id q83Au8b5009220;
	Mon, 3 Sep 2012 06:56:08 -0400
Date: Mon, 3 Sep 2012 06:56:08 -0400
Message-Id: <[email protected]>
X-Authentication-Warning: 1884.web.vm.your-site.com: aleph set sender to [email protected] using -f
To: XXX
Subject: EICAR anti-virus test file:
X-PHP-Originating-Script: 30888:index.php
From: [email protected]
Reply-To: XXX
Errors-To: XXX
X-Mailer: PHP/5.3.2-1ubuntu4.17
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="eicar-test-file"
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

--eicar-test-file
Content-Type: text/plain; charset=us-ascii
 
I did receive the zip file too, but not the txt exe and bat, so, the antivirus is working for you as for me, but is not scanning inside the zip file.. didnt faced yet how to implement that :)

Regards
 
Thank you for your help, it is very nice.

I have a question, do not get an alert when clamav detects a virus?

How do we know it?
 
When there is a virus the email get rejected and never reach the inbox.

You should check the exim logs for see the rejected mails.

Regards
 
I do not know if this applies to zip files, but I had a moment this error message:

Code:
libclamav warning: cli_scanbzip: bzip2 support not compiled in
 
Yes is probably related, i think that maybe da staff should implement it in custombuild source compilation.

Regards

There is no solution ...

As you have noticed, I'm a beginner.

How to say this in DirectAdmin?

Can you do it, because I speak bad English?

thank you
 
I use CentOS 6.3, 64 bit.

I typed the following command

Code:
yum install bzip2-devel

It installed, and then I did

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clamav yes
./build clamav

I still get the zip files.
 
I'm sorry, I explained myself badly.

There is no error message.

I still get e-mails with zip files, because clamav does not analyze.

Thank you for your help.
 
Yes i did understand this and im in the same situation.

The steps i did suggest you was for this:

libclamav warning: cli_scanbzip: bzip2 support not compiled in

Regards
 
Hello,

If I use Debian instead of CentOS, is what I'm having the same problem?

thank you
 
Back
Top