Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ClamAV

Discussion in 'E-mail Discussion' started by keat63, Jul 14, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,030
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Today, my internal UTM has detected 5 Virus. One of which was an email Virus.
    I'm assuming the possibility that the other four were the same.
    I have ClamAV on my server, does ClamAV do any live virus scanning ?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,030
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I checked the settings in Exim Config, and they are switched on.
    The only thing i don't have employed is a daily cron job, as i run a check manually.

    In the event that ClamAV found a virus in an email, what would it do ?
    I don't recall seeing anything that would indicate it ever caught a virus.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,937
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    You can search /var/log/exim_rejectlog to see ClamAV activity for Exim. EX:

    Code:
    zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,030
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I ran that command, but nothing was revealed.
    I'm having a serious AV malfunction at the moment.

    It seems that ClamAV is either not scanning emails or not detecting virus.
    and today I've discovered that my UTM has a bug with POP3 AV.

    So I'm having to rely on client AV and user intuition.
    Unfortunately i can dismiss the latter.

    Do i need to resort to MailScanner ?
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,937
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's possible that ClamAV has yet to detect a virus. You can send a test email with the EICAR signature to verify it's working as intended:

    http://www.eicar.org/86-0-Intended-use.html

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,030
    Likes Received:
    47
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I'm even struggling with this.

    My firewall won't allow access to the link you sent, so I connected via my phone.
    However, the AV on my phone detected the test file as a virus and wouldn't let me download it.

    Turning off AV on my phone allowed the file download, so now i try to send it to myself via Gmail.
    Only Gmail detects it as a virus so sending fails.

    and running " zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*"

    still fails to display anything, so I can only assume that in the 6 months i've had ClamV installed, it's failed to detect a single virus.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,937
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You could try sending it through another email provider or your ISP in a third-party email client such as Thunderbird.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice