The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamAV is not disinfecting mails

Discussion in 'E-mail Discussions' started by Kent Brockman, Jan 25, 2011.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi there. I'm testing clam and noticed that when running the scan from the cpanel, and given that I purposedly sent several mails with the Eicar Test attached, I found that clamAV is detecting those mails as infected, but it is unable to disinfect (delete the attachment) or destroy (delete) those mails. Is this normal as these are Eicar Tests? or should I be worried about the impossibility to sanitize really infected mails in the future? May be this behaviour be due to a permissions issue? (clam can read, but cannot write)

    I'm running the last Stable cPanel with the last Clam from the plugin manager, on a CentOS 4 VPS.
     
  2. LinuxTechie

    LinuxTechie Well-Known Member

    Joined:
    Jan 22, 2011
    Messages:
    502
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi Kent,

    Clamscan will only list the files infected in the clamscan log. There are no options to auto destroy the vulnerable files. I thinks you should give a try on Linux Malware Detect. We can quarantine the vulnerable files using this. Please have a look at the URL given below as a reference.

    http://forums.cpanel.net/f77/linux-malware-detect-lmd-intro-howto-157194.html

    One limitation of this security feature is that there is no plugin available in cPanel for this and you need to perform this via SSH.
    Still I thinks you should give a try!
     
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, but I'm talking about the Clam Scan icon present in every cPanel account control panel. It allows you to scan the entire public_html dir or scan the allocated emails. when it detects infections, shows you a list with possible actions: disinfect, destroy, quarantine, ignore. The first two ones, appear to be correctly done after being selected, but a new scan will show the same infections again: clam is not disinfecting anything.

    In the other hand, I sent emails with the Eicar test attached and they get to the inbox without even being noticed by clam.
     
  4. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...

Share This Page