Seem to have lost connection to Clamav

I hope this message makes sense.

I re-built my server using Suse 11.1 + Sendmail Apache Mysql Clamav and freshclam plus of course Webmin / Virtualmin GPL.

Made sure my templates where correct in Virtualmin, re-loaded the backedup virtual servers using restore. So far so good and everything seemed to be working OK. Spamassassin and Clamav where writting the correct header info into email.

I then had to make some changes in Sendmail (using Webmin) and now I seem to have lost the connection from Sendmail to Clamav. (Had the famous virus "you have an ecard from a friend" (twice) come through) to my local machine.

I checked the heaaders in the email and Spamassassin is checking correctly but no virus checks at all.

I looked at the logs for Clamav and I am up todate and freshclams is working correctly.

Can anyone point me in the right direction so I can get this working again? I’ve tried toggling on and off in Virtualmin but that didn’t seem to get it working either. (It does tell me the clamav server is running.

Nigel.

Howdy,

Are you sure that the "Virus filtering" feature is enabled in System Settings -> Features and Plugins?

Also, be sure that it’s enabled for your Virtual Server, in Edit Virtual Server -> Enabled Features -> Virus filtering enabled.

If you look in the log file (which is /var/log/clamav/clamav.log), do you see anything in there that suggests it’s running?

You might try sending yourself the eicar test virus to see if it catches that:

http://www.eicar.org/anti_virus_test_file.htm

The log files for both Clamav and Freshclams indicate that it is running. Clamav is doing it’s self-check and has time stamps from a little earlier today. (Freshclams checking twice daily).

The feature is enabled in both the global and the individual virtual servers.

Hence my confusion.

The only real chances I’ve made to the initial setup were all in Sendmail (I had to add the Domain setting to get HELO working correctly).

I seemed to have lost something somewhere, probably my sanity as in truth I am no sysadmin person. Just a photographer who likes running his own web / email server.

Well, I’m kind of curious – if you send your self that eicar test virus mentioned above, does anything show up in the Clam logs?

Also, you said you’re seeing x-spam lines in your email headers?
-Eric

Also check the procmail.log. I kinda suspect maybe something went awry in the procmailrc.

Joe / Andrey,

Thanks very much for your time and help. I’ve just finished double checking all the settings, at the time still no joy.

I then did a server re-boot. Now Clamav has kicked in and did find the test virus all OK. Messages in both clamav.log and procmail.log. Email deleted at the server.

I’m running Suse and I’m thinking that Yast might have interfered. That program and Webmin / Virtualmin are not good friends at all! (Yast keeps sticking it’s nose in where it’s nose does not belong and there’s no way of getting rid of it that I can find.)

Take good care,

Nigel.

Awesome. Thanks for the update.

Yeah, I was pretty deeply disappointed by yast when I dug into it a while back (we used to have installer support for SUSE, but we only ever had two or three SUSE users, so it just wasn’t worth the huge amount of effort). It just assumes that yast is the only thing ever modifying the system, and happily overwrites things that you do manually or that other tools do. It’s just downright user-hostile from that perspective, and I have a hard time trusting it.

SUSE is a pretty nice system, in general, but YAST is really bad news. It really needs a lot of work on being polite to others.