ClaimAV not delete mail

K

koala04

Verified User
Joined
Jan 28, 2022
Messages
15
hi

i've installed claimAV , service il running but no mail is blocked, ether with eicar.txt attachments test file

i've tried also libraesva test and none of test files where blocked
 
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

if is this , yes
 
Try running this for ssh as root
Code: 
cd /usr/local/directadmin/custombuild
./build set_fastest
./build update
./build set clamav yes
./build set clamav_exim yes
./build clamav
./build eximconf
 
bdacus01 said:
Try running this for ssh as root
Code: 
cd /usr/local/directadmin/custombuild
./build set_fastest
./build update
./build set clamav yes
./build set clamav_exim yes
./build clamav
./build eximconf
Click to expand...
TY, but the result is same. claimav is enabled but not blocking none of test files. (and not marking in Object filed)
 
OS?
Custombuild version?
Is this a new or old build on the server?

What happens?
Code: 
systemctl start clamd
 
Centos, new installation
custombuld 2.0

systemctl start clamd report no errors

systemctl status clamd
clamd.service - Generic clamav scanner daemon
Loaded: loaded (/etc/systemd/system/clamd.service; enabled; vendor preset: d>
Active: active (running) since Fri 2022-02-18 05:13:14 EST; 6h ago
Process: 1391178 ExecStartPre=/bin/chown -R clamav:clamav /var/run/clamd (cod>
Process: 1391177 ExecStartPre=/bin/mkdir -p /var/run/clamd (code=exited, stat>
Main PID: 1391179 (clamd)
Tasks: 2 (limit: 23668)
Memory: 1.3G
CGroup: /system.slice/clamd.service
└─1391179 /usr/local/sbin/clamd --foreground=yes
 
Last edited:
bdacus01 said:
So what happens now if you send a test inbound?
Click to expand...
mail are delivered to mailbox with virus attached and no waring insered in object.
exactly as other legitimate mail

if i send eicar.com or eicar.com.txt (or any other virus/js/xls/script test file) test file, is delivered normaly
 
Did you update freshclam?
Code: 
freshclam

Did you restart exim as well?
Code: 
systemctl restart exim
 
You're right. I have clamav running doesn't do anything with it either.
That is odd. However it's known that Clamav is not the best virusscanner around, it does not detect everything.

However it does create an entry in the exim panic log.
Code: 
2022-02-19 14:53:20 1nLQAo-0002C1-5z malware acl condition: clamd  : unable to send file body to socket (127.0.0.1): Broken pipe
maybe you have this too.

I found this as a solution on the net:
To solve this, open your clamav.conf file (/etc/clamav.conf or find your location) and change value for StreamMaxLength according to your needs. Default value is 25M.
Click to expand...
In our case it's not clamav.conf but /etc/clamd.conf which can be changed. Use maybe 100M and don't forget to restart clamd, then try again.
 
I did have 1 file which had the subject changed by clamav so "**** virus" was added. But the rest was not detected by clamav. Only by my local scanner on the pc.
 
Richard G said:
You're right. I have clamav running doesn't do anything with it either.
That is odd. However it's known that Clamav is not the best virusscanner around, it does not detect everything.
Click to expand...
ty for testing,

only 1 consideration: if clamav dosen't delete a simple test file developed for be detected by all av for testing., what can do in real environment ?

eicar string is a simple text that all av should detect for test correct installation.
 
I don't have a clue. I also use Clamav, but it's well known that Clamav is not the best around. You might need to install some payed scanner (if possible) to get better results. But wouldn't know how to do or implement that.
We have a piece in our terms which says that mails are scanned for virus- and mailware, but we are not responsible for any harm passing our systems and all customers are responsible themselfs to have an up to date and proper working scanner on their devices.

Sounds hard, but protection options are limited and can best be done at the end user's device(s).
 
You must log in or register to reply here.
Back
Top