Message Source and Clam AV

paul_NZ

79
+0/-0

For email messages received when I had SME 6 with sme.swerts-knudsen.dk ClamAV contrib installed the message source ocntained a line

X-Virus-Scanned: by amavis-ng-0.1.6.4-03dc on mrc01.mrcomputer.co.nz

now with a fresh install of SME 7 fully updated to the latest updates (including those released in just last day or two) there is no such line in the message source.

My question is does that mean ClamAV is stilling working correctly and this line is not being added (by design) in the message source or do I have another problem?

Cheers

Logged

mmccarn

2,657
+10/-0

Message Source and Clam AV

« Reply #1 on: May 19, 2007, 04:14:29 PM »

SME 7 is using the qpsmtpd plugin /usr/share/qpsmtpd/plugins/virus/clamav for virus scanning. This plugin does not add an 'X-Virus-Scanned...' header.

You can verify that virus scanning is working by looking at /var/log/qpsmtpd/current; any email with a virus should generate a line containing both 'clamav' and 'DENY', so grep -h clamav.*DENY /var/log/qpsmtpd/* | tai64nlocal | less will scan all of your qpsmtpd logs, extract lines about messages with viruses, and format the timestamp for humans...

The 'clamdscan' plugin for qpsmtpd does output an 'X-Virus-Scanned' header; I don't know why SME uses the 'clamav' plugin and not 'clamdscan'. You may be able to template your qpsmtpd plugins files to use clamdscan instead of clamav with no problems (or there may be some reason that this just doesn't work on SME...)

You can install Brian Read's 'mailstats' contrib to get daily emails summarizing your mail server activity. He's just announced a new version here: http://forums.contribs.org/index.php?topic=36567.0

If you decide to start digging into the qpsmtpd logs to figure out what's up, you may want to read up on the qpsmtpd log files and the tools for analyzing them:
- http://forums.contribs.org/index.php?topic=36655.0
- http://forums.contribs.org/index.php?topic=34071.0

Logged

JonB

351
+0/-0

Message Source and Clam AV

« Reply #2 on: May 19, 2007, 05:12:40 PM »

I added the following to the clamav plugin /usr/share/qpsmtpd/virus/clamav

Code: [Select]

$transaction->header->add( 'X-Virus-Checked',
        "Checked by ClamAV on " . $self->qp->config("me") );

I did this almost a year ago and it has withstood all the updates updates.

Jon

Logged

...

paul_NZ

79
+0/-0

Message Source and Clam AV

« Reply #3 on: May 19, 2007, 10:23:12 PM »

Quote from: "JonB"

Code: [Select]
$transaction->header->add( 'X-Virus-Checked', "Checked by ClamAV on " . $self->qp->config("me") );

Thanks Jon ... is there a particular position that you placed this line of code?

Logged

paul_NZ

79
+0/-0

Message Source and Clam AV

« Reply #4 on: May 19, 2007, 10:28:11 PM »

Quote from: "mmccarn"

You can verify that virus scanning is working by looking at /var/log/qpsmtpd/current; any email with a virus should generate a line containing both 'clamav' and 'DENY', so grep -h clamav.*DENY /var/log/qpsmtpd/* | tai64nlocal | less will scan all of your qpsmtpd logs, extract lines about messages with viruses, and format the timestamp for humans...

Hey thanks for this and yes I can see that all is well ... cheers

Logged