Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: ElFroggio on January 15, 2015, 04:39:06 PM

Title: Clam problem
Post by: ElFroggio on January 15, 2015, 04:39:06 PM

I have sme9 current with the default install.

Every night at around 1:00am (default) clanscan, scans and occasionally it finds viruses.

Code: [Select]

/home/e-smith/files/users/kathy/Maildir/cur/1420715165.8233.ethelbert:2,: Win.Downloader.Drixed FOUND
/home/e-smith/files/users/kathy/Maildir/cur/1420715165.8233.ethelbert:2,: moved to '/var/spool/clamav/quarantine/1420715165.8233.ethelbert:2,'

----------- SCAN SUMMARY -----------
Known viruses: 3727547
Engine version: 0.98.5
Scanned directories: 409
Scanned files: 7110
Infected files: 1
Data scanned: 988.22 MB
Data read: 570.25 MB (ratio 1.73:1)
Time: 105.657 sec (1 m 45 s)

• Why didn't it catch the virus upon receiving the email?
• I have found: http://forums.contribs.org/index.php/topic,49499.0/all.html (http://forums.contribs.org/index.php/topic,49499.0/all.html) to perform hourly scans but this doesn't resolve the problem that clamd should have caught it upon receipt. Is there some setting that I have missed?

Code: [Select]

[root@ethelbert ~]# service clamd status
run: /service/clamd: (pid 3523) 531s, normally down; run: log: (pid 1276) 1458s
[root@ethelbert ~]# service freshclam status
run: /service/freshclam: (pid 2363) 1408s, normally down; run: log: (pid 1273) 1458s
[root@ethelbert ~]# service qpsmtpd status
run: /service/qpsmtpd: (pid 2517) 1408s, normally down; run: log: (pid 1265) 1459s
[root@ethelbert ~]# service sqpsmtpd status
run: /service/sqpsmtpd: (pid 2457) 1416s, normally down; run: log: (pid 1263) 1467s

and

Code: [Select]

[root@ethelbert ~]# config show clamd
clamd=service
    MemLimit=700000000
    status=enabled


Thanks

/Syv

Title: Re: Clam problem
Post by: TerryF on January 15, 2015, 09:23:25 PM

Perhaps the email was received with a virus that was yet to be included in clams db, after all it can't find a virus until it has an updated db with that virus's definition.

All anti virus progs are the same, the virus has to be active before they can be updated with its signature/definition to see it.

Title: Re: Clam problem
Post by: Knuddi on January 19, 2015, 10:10:57 AM

The virus was as I can see only added to Clam Jan 14th and the mail you scan arrived January 8th.

Title: Re: Clam problem
Post by: ElFroggio on January 19, 2015, 04:14:43 PM

Thanks

/Syv