ClamAV-milter

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ClamAV-milter

@lbutlr
Trying to configure clamav-milter with postfix-current-3.4.20181105,5 under FreeBSD 11.2-RELEASE, but I’ve missed something since no mail is actually getting processed by ClamAV-milter, including the EICAR test mails which sail through without triggering anything.

I’ve tried to provide everything that could be relevant (mostly in an effort to re-examine everything) but at this point I’m stumped.


smtpd_milters =
    unix:/var/run/spamass-milter.sock,
    unix:/var/run/clamav/clmilter.sock

 # sockstat | grep milter
root     spamass-mi 24145 4  stream /var/run/spamass-milter.sock
clamav   clamav-mil 59293 3  stream /var/run/clamav/clmilter.sock

 # gnc /usr/local/etc/clamav-milter.conf
MilterSocket /var/run/clamav/clmilter.sock
FixStaleSocket yes
User clamav
PidFile /var/run/clamav/clamav-milter.pid
ClamdSocket unix:/var/run/clamav/clamd.sock
OnInfected Quarantine
LogFile /tmp/clamav-milter.log
LogFileUnlock yes
LogFileMaxSize 20M
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes

 # clamscan -I eicar.txt
eicar.txt: Eicar-Test-Signature FOUND

 # psa clamav
clamav   56889   0.0 14.3 553736 505868  -  Is   Sun17       4:03.54 /usr/local/sbin/clamd
clamav   57990   0.0  0.1  12268   5280  -  Is   Sun17       0:28.11 /usr/local/bin/freshclam --daemon -p /var/run/clamav/freshclam.pid
clamav   59293   0.0  0.1  24444   4540  -  Ss   Sun17       0:02.39 /usr/local/sbin/clamav-milter -c /usr/local/etc/clamav-milter.conf

# ls -lsR /var/run/clamav/
total 48
8 drwxr-x---   3 clamav  postfix   512 Nov 28 08:57 .
8 drwxr-xr-x  15 root    wheel    1024 Nov 28 09:11 ..
8 -rw-rw-r--  1 clamav  clamav    6 Nov 25 17:44 clamav-milter.pid
8 -rw-rw-r--  1 clamav  clamav    6 Nov 25 17:44 clamd.pid
0 srw-rw-rw-  1 clamav  clamav    0 Nov 25 17:44 clamd.sock
0 srwxrwxrwx  1 clamav  clamav    0 Nov 25 17:44 clmilter.sock
8 -rw-rw----  1 clamav  clamav    6 Nov 25 17:44 freshclam.pid
8 drwx------  2 clamav  clamav  512 Nov 24 11:57 quarantine

/var/run/clamav/quarantine:
total 0

 # tail clamav/clamd.log clamav/freshclam.log
==> clamav/clamd.log <==
Wed Nov 28 07:47:29 2018 -> Database correctly reloaded (6722408 signatures)
Wed Nov 28 07:57:53 2018 -> SelfCheck: Database status OK.
Wed Nov 28 08:08:30 2018 -> SelfCheck: Database status OK.
Wed Nov 28 08:21:53 2018 -> SelfCheck: Database status OK.
Wed Nov 28 08:33:50 2018 -> SelfCheck: Database status OK.
Wed Nov 28 08:44:55 2018 -> SelfCheck: Database status OK.
Wed Nov 28 08:55:38 2018 -> SelfCheck: Database status OK.
Wed Nov 28 09:06:16 2018 -> SelfCheck: Database status OK.
Wed Nov 28 09:16:44 2018 -> SelfCheck: Database status OK.
Wed Nov 28 09:28:14 2018 -> SelfCheck: Database status OK.

==> clamav/freshclam.log <==
--------------------------------------
Received signal: wake up
ClamAV update process started at Wed Nov 28 07:47:03 2018
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25161.cdiff [100%]
daily.cld updated (version: 25161, sigs: 2163162, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
Database updated (6729502 signatures) from database.clamav.net (IP: 104.16.185.138)
Clamd successfully notified about the update.
———————————————————

There is nothing in any other logs about clamav.

So it seems like it is installed and running. Freshclam has updated successfully.

--
"How good bad music and bad reasons sound when we march against an
enemy." -  Friedrich Nietzsche

===
function psa () {
  ps auxww | grep -i $* | grep -v grep
}
alias gnc='grep -v "^\($\|#\|\/\)" '