The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Clamav + Exiscan Allowing Viruses through - for you as well probably

Discussion in 'General Discussion' started by mydomain, Dec 10, 2004.

  1. mydomain

    mydomain Well-Known Member

    Joined:
    Aug 10, 2003
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    We have clamav installed through the WHM option for clamavconnector. We have spamassassin running alongside it with razor agents, DCC, rules du jour, HELO checks etc etc.

    I am slightly worried here as we have several customers reporting viruses getting through CLAMAV scanning. We know clamd is running as tailing the mainlog for exim shows it is working for things such as eicar and some other viruses however if the SoberI worm code is contained within a batch file zipped up or within the email and sent then the server will just happily allow it through. ClamAV does not pick this up and does not appear to be able to decode the content.

    Has anyone else experienced this and can you suggest where to go from here or what to do.
     
  2. mydomain

    mydomain Well-Known Member

    Joined:
    Aug 10, 2003
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    Me again...

    Just to add as found something else out.... Our implementation allows the user to run clamAV scan on their home directory, mail files, web root etc from within their cPanel area. If you manually scan the mail files using clamav then it picks up the virus:

    Worm.Sober.I

    Why is clamav not picking the infected mail up at the mail gateway level? Would really appreciate some help with this.
     
  3. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Have you asked cpanel, or opened up a ticket? I would like to know the solution as well :)
     
  4. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Any chance you've rolled back a previous exim.conf or any other exim config file from a backup previous to installing clam ? Have you double checked the configuration settings to make sure everything is still in place ? Perhaps try uninstalling the plugin then re-installing it to see if that sorts it out ? If so, its probably the config got lost somewhere.
     
  5. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    I believe in the config file comments there is some explanation about why some archives can't be scanned. It has something to do with licensing.
     
  6. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    clamavconnector by default is not set to scan archives, you have to set it to do that yourself.
     
  7. mydomain

    mydomain Well-Known Member

    Joined:
    Aug 10, 2003
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    It wasnt happening for just archive files (zip/rar) so it wasnt that and it was configured to scan archives anyway.

    We resolved this some time ago now after a reinstall of all the components we put on there so the thread can be closed. Thanks for your ideas and for responding.
     
Loading...

Share This Page