Page 1 of 2 12 LastLast
Results 1 to 20 of 21

Thread: clamav not working

  1. #1
    Join Date
    Aug 2012
    Posts
    34

    clamav not working

    Hello,

    I speak French, sorry for my bad English.

    I installed DirectAdmin on CentOS 6.3.

    I want to install spammassain, and I do this command:

    http://help.directadmin.com/item.php?id=370

    In the end, I got this error message:

    Code:
    cli_loaddb(): No supported database files found in /usr/share/clamav
    I reinstall with commands:

    Code:
    cd /usr/local/directadmin/custombuild
    ./build update
    ./build set clamav yes
    ./build clamav
    This works, but when I test the site

    http://www.emailsecuritycheck.net/index.html

    I get all emails, clamav not working.

    The email # 3 is recognized as spam.
    Thank you for your help

  2. #2
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Does all incoming mail have a virus attached? Has far as i understood it check attachment extension that should be blocked (.bat .exe).

    Also, did you edit exim.conf to get integrated with clamav?

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  3. #3
    Join Date
    Aug 2012
    Posts
    34
    Thank you for your help.

    I get the files.

    I changed the exim.conf file.

    I just have one question for this part:

    Code:
    check_message:
    Because there was already
    Code:
    accept
    I changed, as

    Code:
    check_message:
    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = */defer_ok
    deny message = This message contains an attachment of a type which we  do not accept (.$found_extension)
    demime = bat:com:pif:prf:scr:vbs
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
    accept

  4. #4
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    This seems to be correct.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  5. #5
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    For check if is working try read an email header and look for a line starting with:

    X-Antivirus-Scanner:

    Also, you should try this: http://www.aleph-tec.com/eicar/index.php

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  6. #6
    Join Date
    Aug 2012
    Posts
    34
    Quote Originally Posted by SeLLeRoNe View Post
    Also, you should try this: http://www.aleph-tec.com/eicar/index.php

    Regards
    When I test I get the zip file

    Quote Originally Posted by SeLLeRoNe View Post
    For check if is working try read an email header and look for a line starting with:

    X-Antivirus-Scanner:
    For mail from, securitycheck@emailsecuritycheck.net:

    Code:
    X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
    For mail from, eicar@aleph-tec.com:

    Code:
    X-Virus-Scanned: Debian amavisd-new at 5013.mail.vm.your-site.com
    Code:
    X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
    I put all the source, the important information Substitutes by XXX:

    Code:
    Return-path: <eicar@aleph-tec.com>
    Envelope-to: XXX
    Delivery-date: Mon, 03 Sep 2012 12:56:17 +0200
    Received: from mail by XXX with spam-scanned (Exim 4.76)
    	(envelope-from <eicar@aleph-tec.com>)
    	id 1T8UKC-00035D-JP
    	for XXX; Mon, 03 Sep 2012 12:56:17 +0200
    X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
    	XXX
    X-Spam-Level: 
    X-Spam-Status: No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS
    	autolearn=ham version=3.3.2
    Received: from spammy.outbound.your-site.com ([205.233.73.28])
    	by XXX with esmtps (TLSv1:AES256-SHA:256)
    	(Exim 4.76)
    	(envelope-from <eicar@aleph-tec.com>)
    	id 1T8UKC-000353-C3
    	for XXX; Mon, 03 Sep 2012 12:56:12 +0200
    Received: from bulk.outbound.your-site.com (unknown [10.1.18.241])
    	by 5193.spammy.mail.your-site.com (Postfix) with ESMTP id 785FF244BB
    	for <XXX>; Mon,  3 Sep 2012 06:56:08 -0400 (EDT)
    Received: from localhost (localhost [127.0.0.1])
    	by 5243.bulk.mail.your-site.com (Postfix) with ESMTP id 7272924328
    	for <XXX>; Mon,  3 Sep 2012 06:56:08 -0400 (EDT)
    X-Virus-Scanned: Debian amavisd-new at 5013.mail.vm.your-site.com
    Received: from 1884.web.vm.your-site.com (5086.web.vm.your-site.com [10.1.5.86])
    	by 5243.bulk.mail.your-site.com (Postfix) with ESMTP id 60CEF23765
    	for <XXX>; Mon,  3 Sep 2012 06:56:08 -0400 (EDT)
    Received: (from aleph@localhost)
    	by 1884.web.vm.your-site.com (8.14.3/8.14.3/Submit) id q83Au8b5009220;
    	Mon, 3 Sep 2012 06:56:08 -0400
    Date: Mon, 3 Sep 2012 06:56:08 -0400
    Message-Id: <201209031056.q83Au8b5009220@1884.web.vm.your-site.com>
    X-Authentication-Warning: 1884.web.vm.your-site.com: aleph set sender to eicar@aleph-tec.com using -f
    To: XXX
    Subject: EICAR anti-virus test file:
    X-PHP-Originating-Script: 30888:index.php
    From: eicar@aleph-tec.com
    Reply-To: XXX
    Errors-To: XXX
    X-Mailer: PHP/5.3.2-1ubuntu4.17
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
            boundary="eicar-test-file"
    X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
    
    --eicar-test-file
    Content-Type: text/plain; charset=us-ascii

  7. #7
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    I did receive the zip file too, but not the txt exe and bat, so, the antivirus is working for you as for me, but is not scanning inside the zip file.. didnt faced yet how to implement that

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  8. #8
    Join Date
    Aug 2012
    Posts
    34
    Thank you for your help, it is very nice.

    I have a question, do not get an alert when clamav detects a virus?

    How do we know it?

  9. #9
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    When there is a virus the email get rejected and never reach the inbox.

    You should check the exim logs for see the rejected mails.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  10. #10
    Join Date
    Aug 2012
    Posts
    34
    I do not know if this applies to zip files, but I had a moment this error message:

    Code:
    libclamav warning: cli_scanbzip: bzip2 support not compiled in

  11. #11
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Yes is probably related, i think that maybe da staff should implement it in custombuild source compilation.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  12. #12
    Join Date
    Aug 2012
    Posts
    34
    Quote Originally Posted by SeLLeRoNe View Post
    Yes is probably related, i think that maybe da staff should implement it in custombuild source compilation.

    Regards
    There is no solution ...

    As you have noticed, I'm a beginner.

    How to say this in DirectAdmin?

    Can you do it, because I speak bad English?

    thank you

  13. #13
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Try install bzip2-devel package and recompile clamav from custombuild.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  14. #14
    Join Date
    Aug 2012
    Posts
    34
    This does not work.

    Thank you for your help

  15. #15
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    What do you mean with "does not work"? What OS are you using? Package name may be different from OS to OS.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  16. #16
    Join Date
    Aug 2012
    Posts
    34
    I use CentOS 6.3, 64 bit.

    I typed the following command

    Code:
    yum install bzip2-devel
    It installed, and then I did

    Code:
    cd /usr/local/directadmin/custombuild
    ./build update
    ./build set clamav yes
    ./build clamav
    I still get the zip files.

  17. #17
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    I see about the zip file in email, but what about the error you posted?

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  18. #18
    Join Date
    Aug 2012
    Posts
    34
    I'm sorry, I explained myself badly.

    There is no error message.

    I still get e-mails with zip files, because clamav does not analyze.

    Thank you for your help.

  19. #19
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Yes i did understand this and im in the same situation.

    The steps i did suggest you was for this:

    libclamav warning: cli_scanbzip: bzip2 support not compiled in

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  20. #20
    Join Date
    Aug 2012
    Posts
    34
    Hello,

    If I use Debian instead of CentOS, is what I'm having the same problem?

    thank you

Similar Threads

  1. [Clamav-announce] announcing ClamAV 0.96.2
    By Meesterlijk in forum 3rd Party Software Version Updates
    Replies: 0
    Last Post: 08-12-2010, 12:17 PM
  2. [Clamav-announce] announcing ClamAV 0.95
    By Meesterlijk in forum 3rd Party Software Version Updates
    Replies: 10
    Last Post: 04-16-2010, 09:44 AM
  3. [Clamav-announce] announcing ClamAV 0.93.3
    By CoolZero in forum Required Software Version Updates
    Replies: 1
    Last Post: 07-08-2008, 01:08 AM
  4. [Clamav-announce] announcing ClamAV 0.93rc1
    By CoolZero in forum Required Software Version Updates
    Replies: 0
    Last Post: 03-04-2008, 03:43 AM
  5. Replies: 1
    Last Post: 11-23-2004, 07:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •