Is ClamAV scanning emails?

Hi there,

I have seen several posts regarding clamav and I am very confused.

I want to confirm whether clamav is properly installed and running on my system. How can I do this?
Note that I don’t have the clamav server enabled at all times as this is low-volume system.

Should the incoming emails contain an X-antivirus header informing the reader that email was in fact scanned?
I am not getting such a header in my emails (Spamassassin however is working fine).

++++++++++++++++++++++++++
My Clamav software:

rpm -qa | grep clam

clamav-filesystem-0.97.2-1.vm.el5
clamav-data-0.97.2-1.vm.el5
clamav-0.97.2-1.vm.el5
clamav-server-0.97.2-1.vm.el5
clamav-lib-0.97.2-1.vm.el5
clamav-update-0.97.2-1.vm.el5
clamav-server-sysv-0.97.2-1.vm.el5
++++++++++++++++++++++++++

While watching the maillog I don’t see anything that relate to ClamAv during an incoming email.
Any ideas?

Thank you

Anyone please?

I’m not aware of any headers added by ClamAV.

If in Virtualmin, the domain has the “Virus Scanning” feature enabled, it should be scanning for viruses.

If you’d like to test that it’s working, you could always send the EICAR test virus to one of your accounts. That’s available here:

http://eicar.org/85-0-Download.html

Hi there and thank you for the reply.
It seems that sending the eicar test from another system does not come so I presume it gets deleted automatically.
The antivirus settings are of course enabled on the mailbox checked.
Why however am I getting the following message on my logwatch?

--------------------- clam-update Begin ------------------------

The ClamAV update process (freshclam daemon) was not running!
If you no longer wish to run freshclam, deleting the freshclam.log
file will suppress this error message.

---------------------- clam-update End -------------------------

I checked the freshclam.log and it seems like it works ok:

Wed Sep 21 07:06:06 2011 -> --------------------------------------
Wed Sep 21 07:06:06 2011 -> Current working dir is /var/lib/clamav
Wed Sep 21 07:06:06 2011 -> Max retries == 5
Wed Sep 21 07:06:06 2011 -> ClamAV update process started at Wed Sep 21 07:06:06 2011
Wed Sep 21 07:06:06 2011 -> Using IPv6 aware code
Wed Sep 21 07:06:06 2011 -> Querying current.cvd.clamav.net
Wed Sep 21 07:06:06 2011 -> TTL: 189
Wed Sep 21 07:06:06 2011 -> Software version from DNS: 0.97.2
Wed Sep 21 07:06:06 2011 -> main.cvd version from DNS: 53
Wed Sep 21 07:06:06 2011 -> main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
Wed Sep 21 07:06:06 2011 -> daily.cvd version from DNS: 13650
Wed Sep 21 07:06:06 2011 -> daily.cld is up to date (version: 13650, sigs: 194548, f-level: 60, builder: guitar)
Wed Sep 21 07:06:06 2011 -> bytecode.cvd version from DNS: 144
Wed Sep 21 07:06:06 2011 -> bytecode.cvd is up to date (version: 144, sigs: 41, f-level: 60, builder: edwin)
Wed Sep 21 10:06:07 2011 -> --------------------------------------
Wed Sep 21 10:06:07 2011 -> Current working dir is /var/lib/clamav
Wed Sep 21 10:06:07 2011 -> Max retries == 5
Wed Sep 21 10:06:07 2011 -> ClamAV update process started at Wed Sep 21 10:06:07 2011
Wed Sep 21 10:06:07 2011 -> Using IPv6 aware code
Wed Sep 21 10:06:07 2011 -> Querying current.cvd.clamav.net
Wed Sep 21 10:06:07 2011 -> TTL: 300
Wed Sep 21 10:06:07 2011 -> Software version from DNS: 0.97.2
Wed Sep 21 10:06:07 2011 -> main.cvd version from DNS: 53
Wed Sep 21 10:06:07 2011 -> main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
Wed Sep 21 10:06:07 2011 -> daily.cvd version from DNS: 13650
Wed Sep 21 10:06:07 2011 -> daily.cld is up to date (version: 13650, sigs: 194548, f-level: 60, builder: guitar)
Wed Sep 21 10:06:07 2011 -> bytecode.cvd version from DNS: 144
Wed Sep 21 10:06:07 2011 -> bytecode.cvd is up to date (version: 144, sigs: 41, f-level: 60, builder: edwin)

Any ideas?
Thank you

Yup, it does look like it’s running just fine! I’m not sure why you’d be getting messages that suggest otherwise :slight_smile:

Seeing as freshclam has updated files even today, I think it’s safe to ignore that message.

-Eric