I am using Virtualmin and have it set up to have Postfix scan incoming emails with ClamAV (using clamdscan) and delete any emails which contain a virus. However when I email myself the EICAR test string, it comes through just fine. I know ClamAV will report this file as a virus. How can I troubleshoot this / what could be wrong?
Howdy,
You may want to start by looking in the logfiles for any signs of trouble.
Look at the email and procmail logs around the time you think ClamAV should have kicked in… those are /var/log/procmail, and then either /var/log/mail.log or /var/log/maillog (depending on your distro).
Also, make sure that in Edit Virtual Server, the “Virus Filtering” feature is enabled for that domain.
-Eric
“Virus Filtering” is enabled.
Procmail.log doesn’t show much of interest:
From josh@gitlin.name Tue Apr 13 10:51:37 2010
Subject: Test 5
Folder: /home/gitlin.name/homes/josh/Maildir/new/1271170297.9115_0.w 1644
Time:1271170297 From:josh@gitlin.name To:josh@gitlin.name User:josh-gitlin.name Size:1693 Dest:/home/gitlin.name/homes/josh/Maildir/new/1271170297.9115_0.workingman.digitalfruition.com Mode:None
Nor does maillog:
Apr 13 10:51:37 workingman postfix/smtpd[9083]: 1FB231213B4: client=cpe-065-190-021-110.nc.res.rr.com[65.190.21.110], sasl_method=PLAIN, sasl_username=josh-gitlin.name
Apr 13 10:51:37 workingman postfix/cleanup[9086]: 1FB231213B4: message-id=<4BC4860E.9080608@gitlin.name>
Apr 13 10:51:37 workingman postfix/qmgr[10917]: 1FB231213B4: from=, size=1569, nrcpt=1 (queue active)
Apr 13 10:51:37 workingman postfix/smtpd[9083]: disconnect from cpe-065-190-021-110.nc.res.rr.com[65.190.21.110]
Apr 13 10:51:37 workingman postfix/local[9087]: 1FB231213B4: to=, orig_to=, relay=local, delay=0.83, delays=0.5/0/0/0.32, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
I suppose what they both do show is no indication that clamdscan nor spamc are running on these emails…
If you look at your email headers, are you seeing any that begin with “X-Spam-Status”?
Nope, no X-Spam-Status nor X-Spam-Score headers. So SpamAssassin isn’t scanning the emails…
I killed /usr/libexec/webmin/virtual-server/lookup-domain-daemon.pl and restarted it, and that seems to have solved my issue… I’ll keep an eye out and see if this happens again.