Noob Clamav?

General Interworx Control Panel Info General Inquries
1

Turned on Clamav in Nodeworx. Does it insert header info or otherwise tell you it is working?

dave

2

You can check the log: /var/logs/clamav/clamd.log

I got a bunch of “Worm.SomeFool.P” lately.

3

Hi Justin,

Thanks for the reply. I did find what I needed in /var/log/clamav/clamd.log

I used the EICAR virus signature to test scanning inbound and outbound from a siteworx hosted site. It looks like outbound email from the siteworx hosted website is not getting scanned. However, inbound mail to that website is scanned.

dave

4

Dave, can you provide the details of how you determined inbound mail was not virus scanned? I’d like to try to reproduce that. In our tests inbound mail was definately scanned and dropped at the SMTP level.

Paul

5

Hi Paul,

Working on Saturday! You’re as bad as I am… :wink:

Anyway, here’s what I did:

  1. Downloaded EICAR.COM from http://www.eicar.org/anti_virus_test_file.htm

  2. Logged into http://www.websupplies.com:2080/horde/imp/
    (BTW is there a “prettier” way to get to email?)

  3. Composed a message to an email account that I keep that neither scans for viruses nor blocks spam.

  4. I attached EICAR.COM to this message and sent it.

  5. It came through unscathed to the destination account.

dave

6

Hi Paul,

A followup to my email. I do apologize for not reading your post more carefully. My testing indicated that outbound email was not being scanned.

Inbound viruses were absolutely detected and were bounced to the (normally forged) sender email address.

dave

7

Haha, I apologize for not reading your post more accurately :slight_smile:

What you’re seeing is mail that originates from the server itself (ie webmail) is not scanned. Mail sent from an off-server e-mail client will get scanned.

If you like you can also make webmail be scanned as well, by editing the /etc/tcprules.d/tcp.smtp

change the line:
127.:allow,RELAYCLIENT=""

to:
127.:allow,LANG=“en_US”,QMAILQUEUE="/var/qmail/bin/simscan",RELAYCLIENT=""

and then run
~vpopmail/bin/clearopensmtp

8

Would this force all outgoing mail to be scanned wether it was webmail or via outlook express or other mail client?

9

The line that starts with 127. handles mail that originates on the server itself (ie webmail).
The line that starts with
:allow
handles all other cases.

Paul