My clamav is broken

jimp · April 27, 2006, 9:44pm

I attempted to upgrade clamav, and while it appeared to work fine, it turned out that emails from the outside were no longer making it in. Additionally, a web script that sends email from one domain could work, while the same script from another domain would not. Disabling SMTP scanning w/ clamav (from the NodeWorx UI) completely fixed the problem, but obviously I don’t wish to leave it disabled for long.

I’m hoping someone has been here before, and can tell me what rope I mistakenly cut through my actions.

Another hint:

# ls -l /var/lib/clamav/
-rw-r--r--  1 clamav clamav  284299 Apr 27 23:19 daily.cvd
-rw-r--r--  1    109    105  149286 Nov  3 23:58 daily.cvd.rpmsave
-rw-r--r--  1 clamav clamav 3950054 Apr 27 23:19 main.cvd
-rw-r--r--  1    109    105 2560365 Nov  3 23:58 main.cvd.rpmsave

New clamav:clamav == 323:323
Old clamav:clamav == 109:105

IWorx-Paul · April 27, 2006, 10:15pm

What did you do to perform the upgrade jimp?

Paul

jimp · April 28, 2006, 7:42am

Hi Paul,

I’m sorry, I should have explained [much] more. It was really not an upgrade. Unfortunately, I realized after the fact that what I did was probably not even necessary, but here is the story:

More and more spam was getting through to all mailboxes, so I checked to see if SpamAssassin was up-to-date. It was not, because of this thread: http://www.interworx.com/forums/showthread.php?t=913. I successfully removed the old and installed the new package. The spam level seems to be less today.

In the process of upgrading SpamAssassin, I noticed that ClamAV was a Red Hat package. Since our Red Hat entitlement expired recently, I figured that package was never going to update, and I should swap it out for the IWorx package. That was in effect a downgrade, but at the time I reasoned it was for the best. (I have since realized that Red Hat’s and IWorx’s packages have the same name, so a future upgrade probably would have worked fine.) After installing the IWorx clamav package, generally all mail from the outside, and even some internal mail, was not delivered. I disabled ClamAV and the pending emails started arriving. I next tried to install the CentOS4 clamav package (since we no longer have access to Red Hat’s), which successfully installed, but then emails quit being delivered again.

So my best guess is my system now has a broken link between the MTA and ClamAV, which I figured the RPM would have configured properly. Neither package results in a working system, however.

jimp · May 2, 2006, 2:17pm

Well, I fixed it. I reinstalled simscan and it started working again, although I’m not sure why. The three files provided by the simscan package were there before I reinstalled it.


# rpm -q --info simscan
...
Description :
Simscan is a simple program that enables qmail-smtpd
to reject viruses, spam, and attachments during the
SMTP conversation so the email never makes it into
your computers.

# rpm -q --list simscan
/var/qmail/bin/simscan
/var/qmail/bin/simscanmk
/var/qmail/simscan