ClamAV SMTP Scanning (possibly) not working

Hi guys,

This could be a bug, or it could be me doing something wrong. Hopefully someone can point me in the right direction.

Despite having SMTP Virus Scanning enabled, a considerable amount of virus .zip, .doc and .xls mail attachments are still being delivered. I’ve even forwarded myself archives that a non-Interworx installation of ClamAV has quarantined, and these have also been delivered with no questions asked.

Is there a log (or other source of evidence) that I can check to verify the ClamAV is actually scanning the emails?

My current settings are as follows:

• ClamAV Status: Running
• SMTP Virus Scanning: Enabled
• SpamAssassin Enabled in SiteWorx
• Virus definitions are up to date

Am I missing something?

Hi sim79

Do you mind me asking what size of files you emailed.

I’m suspecting that their bigger then the scan size and therefore the scan is bypassed.

There are online test websites which will email through eicar files, which should be detected.

If I’m correct, you will need to increase the scan file size and perhaps pack levels.

I’m sorry if I’m wrong

Many thanks

John

Hi John,

Thanks for the quick response.

The attachments were only a few kilobytes, so it wasn’t that they were exceeding the maximum file size.

In any case, I’ve tried a few online EICAR tests, as you suggested, and ClamAV picked up the emails they sent and prevented them from being delivered, so I guess things are generally working after all.

Thanks for your help, John.

Hi sim79

If you want to try and tweak clam settings, you should be able to change settings directly from /etc/clamd.conf.

Please remember though, you change at your own risk and please remember to restart clam for changes to be implemented.

I would advise you make a copy of clamd.conf if your going to test.

I hope it helps and sorry, I’m not sure if IW directly makes any changes to these settings

Many thanks

John