Re: Clamav - kłopot...

[Mikołaj Menke <clauz@pf.pl>]

Dnia 2004-11-28 10:13 użytkownik Jacek Politowski napisał :

> O, to zupełnie inne doświadczenia niż moje.
> Clamd u mnie skanuje bez problemu.
>
> I jakoś nie za bardzo chce mi się wierzyć w to, że ,,wszystko
> wyglądało ok'' - coś musiało wyglądać nie ,,ok'', choćby paniclog
> exima, albo clamd.log.
>  

Nie wierzysz? Proszę bardzo:

   miki@menek:~$ /usr/bin/clamscan --mbox --block-encrypted 
/usr/local/share/eicar/eicar.com.txt
   /usr/local/share/eicar/eicar.com.txt: Eicar-Test-Signature FOUND
  
   ----------- SCAN SUMMARY -----------
   Known viruses: 27566
   Scanned directories: 0
   Scanned files: 1
   Infected files: 1
   Data scanned: 0.00 MB
   I/O buffer size: 131072 bytes
   Time: 1.624 sec (0 m 1 s)
   miki@menek:~$ /usr/bin/clamdscan --mbox --block-encrypted 
/usr/local/share/eicar/eicar.com.txt
   WARNING: Ignoring option -m (--mbox): please edit clamd.conf instead.
   WARNING: Ignoring option --block-encrypted: please edit clamd.conf 
instead.
   /usr/local/share/eicar/eicar.com.txt: Eicar-Test-Signature FOUND
  
   ----------- SCAN SUMMARY -----------
   Infected files: 1
   Time: 0.019 sec (0 m 0 s)

Konfiguracja antywirusa w exim4.conf:

   av_scanner = cmdline:/usr/bin/clamscan --mbox --block-encrypted 
%s:FOUND:.{1,} (.*) FOUND

i efekt:

   miki@menek:~$ telnet menek.one.pl 25
   Trying 81.219.150.155...
   Connected to menek.one.pl.
   Escape character is '^]'.  
   220 menek.one.pl ESMTP Sun, 28 Nov 2004 18:59:49 +0100
   ehlo menek
   250-menek.one.pl Hello menek.one.pl [81.219.150.155]
   250-SIZE 52428800
   250-PIPELINING
   250-AUTH PLAIN LOGIN
   250-STARTTLS
   250 HELP
   mail from:jakis@adres
   250 OK
   rcpt to:inny@adres
   250 Accepted
   data
   354 Enter message, ending with "." on a line by itself
   From:jakis@adres
   To:inny@adres
   EICAR-STANDARD-ANTIVIRUS-TEST-FILE
   .
   550-This message contains a virus or other harmful content
   550 (Eicar-Test-Signature)

Jak widać działa.
Teraz clamd:

   av_scanner = cmdline:/usr/bin/clamdscan --mbox --block-encrypted 
%s:FOUND:.{1,} (.*) FOUND

i efekt:

   miki@menek:~$ telnet menek.one.pl 25
   Trying 81.219.150.155...
   Connected to menek.one.pl.
   Escape character is '^]'.
   220 menek.one.pl ESMTP Sun, 28 Nov 2004 18:52:54 +0100  
   ehlo menek
   250-menek.one.pl Hello menek.one.pl [81.219.150.155]
   250-SIZE 52428800
   250-PIPELINING
   250-AUTH PLAIN LOGIN
   250-STARTTLS
   250 HELP
   mail from:jakis@adres
   250 OK
   rcpt to:inny@adres
   250 Accepted
   data
   354 Enter message, ending with "." on a line by itself
   From:jakis@adres
   To:inny@adres
   EICAR-STANDARD-ANTIVIRUS-TEST-FILE
   .
   250 OK id=1CYTFa-0003rB-27

I poszedł mail!
A teraz jeszcze logi:
exim4/mainlog:
   clamd:
   2004-11-28 18:54:37 1CYTFa-0003rB-27 <= jakis@adres H=menek.one.pl 
(menek) [81.219.150.155] P=esmtp S=281
   2004-11-28 18:54:37 1CYTFa-0003rB-27 => inny <inny@adres> 
R=local_user T=mail_spool
   2004-11-28 18:54:37 1CYTFa-0003rB-27 Completed
   clam:
   2004-11-28 19:00:26 1CYTLG-0003wR-DO H=menek.one.pl (menek) 
[81.219.150.155] F=<jakis@adres> rejected after DATA: This message 
contains a virus or other harmful content (Eicar-Test-Signature)
exim4/paniclog jest pusty od kilku miesięcy
clamav-daemon.log:
   Sun Nov 28 18:50:09 2004 -> SelfCheck: Database status OK.
   Sun Nov 28 18:50:10 2004 -> /usr/local/share/eicar/eicar.com.txt: 
Eicar-Test-Signature FOUND
To wynik skanowania z shella.
Pozdrawiam.

--
http://www.miki.z.pl miki(AT)z.pl
Gadu-gadu: 2128279 Mobile: +48607345846 IRC: `miki`
Linux Registered User # 285966
"Put some excitement between your legs - ride a bike!"