The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamAV

Discussion in 'E-mail Discussions' started by keat63, Jul 14, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Today, my internal UTM has detected 5 Virus. One of which was an email Virus.
    I'm assuming the possibility that the other four were the same.
    I have ClamAV on my server, does ClamAV do any live virus scanning ?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I checked the settings in Exim Config, and they are switched on.
    The only thing i don't have employed is a daily cron job, as i run a check manually.

    In the event that ClamAV found a virus in an email, what would it do ?
    I don't recall seeing anything that would indicate it ever caught a virus.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can search /var/log/exim_rejectlog to see ClamAV activity for Exim. EX:

    Code:
    zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*
    Thank you.
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I ran that command, but nothing was revealed.
    I'm having a serious AV malfunction at the moment.

    It seems that ClamAV is either not scanning emails or not detecting virus.
    and today I've discovered that my UTM has a bug with POP3 AV.

    So I'm having to rely on client AV and user intuition.
    Unfortunately i can dismiss the latter.

    Do i need to resort to MailScanner ?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible that ClamAV has yet to detect a virus. You can send a test email with the EICAR signature to verify it's working as intended:

    http://www.eicar.org/86-0-Intended-use.html

    Thank you.
     
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm even struggling with this.

    My firewall won't allow access to the link you sent, so I connected via my phone.
    However, the AV on my phone detected the test file as a virus and wouldn't let me download it.

    Turning off AV on my phone allowed the file download, so now i try to send it to myself via Gmail.
    Only Gmail detects it as a virus so sending fails.

    and running " zgrep -Hn "This message contains a virus or other harmful content" /var/log/exim_rejectlog*"

    still fails to display anything, so I can only assume that in the 6 months i've had ClamV installed, it's failed to detect a single virus.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You could try sending it through another email provider or your ISP in a third-party email client such as Thunderbird.

    Thank you.
     
Loading...

Share This Page