clamav - Does it actually work?

CamerMan

Registered
Apr 3, 2008
2
0
51
I attempting to use WHM/cpanel as an offering for our VPS servers. One of the key things we are looking for is anti-virus for incoming email.

I searched the forums and found out the clamav can be installed in the cpanel->manage plugins section, which I did.

I then went to plugins->configure ClamAV scanner, and enabled all the options, including "scan mail".

To test clamav, I uploaded a virus test file from "http://www.eicar.org/anti_virus_test_file.htm" and uploaded to a site on the server. When I scan this folder in the sites cpanel, under "Virus scanne", it fails to detect the file. I also sent the file in an email attachment, but when using "scan mail" it fails to detect the file again.

Is there a better way to test that its working? Or is more configuration needed?

Im using cPanel 11.24.5-S38506 - WHM 11.24.2 - X 3.9 on CENTOS 5.4
 

d_t

Well-Known Member
Sep 20, 2003
245
3
168
Bucharest
If you install clamavconnector from WHM Plugins section then you have clamav integrated with exim mail server. Try to restart exim to see if it also restart clamavd. It should detect and block EICAR test virus.
 

CamerMan

Registered
Apr 3, 2008
2
0
51
After some more testing, it appears that emails containing the anti-virus test file in an executable or the executable in a zip file are not being delievered, so perhaps it is removing them.

However the text file version of the test file is not being detected or removed.

Is there way to check to see if clamav did in fact remove the emails containing the executables?