From owner-freebsd-questions@FreeBSD.ORG Tue Nov 16 17:56:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5007416A4CE for ; Tue, 16 Nov 2004 17:56:42 +0000 (GMT) Received: from catflap.slightlystrange.org (cpc2-cmbg1-3-0-cust94.cmbg.cable.ntl.com [213.107.104.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id B00F743D49 for ; Tue, 16 Nov 2004 17:56:41 +0000 (GMT) (envelope-from danielby@slightlystrange.org) Received: from danielby by catflap.slightlystrange.org with local (Exim 4.43 (FreeBSD)) id 1CU7ZI-0009ao-CG for freebsd-questions@FreeBSD.ORG; Tue, 16 Nov 2004 17:56:40 +0000 Date: Tue, 16 Nov 2004 17:56:40 +0000 From: Daniel Bye To: freebsd-questions@FreeBSD.ORG Message-ID: <20041116175640.GA36502@catflap.slightlystrange.org> Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20041116171715.EC66343D2D@mx1.FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="r5Pyd7+fXNt84Ff3" Content-Disposition: inline In-Reply-To: <20041116171715.EC66343D2D@mx1.FreeBSD.org> User-Agent: Mutt/1.4.2.1i Subject: Re: Exiscan+clamav X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 17:56:42 -0000 --r5Pyd7+fXNt84Ff3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 16, 2004 at 11:17:13AM -0600, Adam M Ryan wrote: > Thanks for all the replies. >=20 > Yes Clamd is running: >=20 > ps uaxww | grep clamav > clamav 53191 0.0 1.6 10576 8128 ?? Is 8:48AM 0:00.00 > /usr/local/sbin/clamd >=20 >=20 >=20 > I have also went ahead and changed the settings in clamd to log everythin= g. > Still not seeing anything in the clamd log. Not sure what else I am > missing? I used clamscan on some test files and they seemed to get > deteceted without issue. Hmm. Have you got the correct path to the clamd socket in your exim config file? This seems the most likely fault now, if clamscan is running from the command line. You can check using sockstat: # sockstat -ul | grep clam clamav clamd 39547 4 stream /var/run/clamav/clamd Exim's log files, under /var/log/exim, may be a good place to look for a=20 bit more detail about what's borking it. > Maybe a posting of your clamd.conf and exim.conf? Sure. Here is my clamd.conf (omitting all comment lines) LogFile /var/log/clamav/clamd.log LogTime LogVerbose PidFile /var/run/clamav/clamd.pid DatabaseDirectory /usr/local/share/clamav LocalSocket /var/run/clamav/clamd FixStaleSocket User clamav AllowSupplementaryGroups ScanMail ArchiveMaxRecursion 8 And the salient bits of my exim config file: av_scanner =3D clamd:/var/run/clamav/clamd acl_check_content: deny message =3D This message contains malware ($malware_name) demime =3D * malware =3D * The rest of the exim config is not relevant to this discussion. HTH Dan --=20 Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --r5Pyd7+fXNt84Ff3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBmj9XhvzwOpChvo8RAsNtAJoDUiNT/zsoTLNWfaeh1jk+LQB0pwCeKNKN GdYjEFMQmnRceGFgarfzMsE= =YQFp -----END PGP SIGNATURE----- --r5Pyd7+fXNt84Ff3--