The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware ACL Condition: Clamd

Discussion in 'E-mail Discussions' started by linux4me2, May 16, 2017.

  1. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    148
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I was working on another issue that required me to watch /var/log/exim_mainlog, and I saw a number of the following warnings:
    Several months ago, I disabled clamd and unchecked monitoring for it in Service Manager, then uninstalled the ClamAV plugin (using cPanel -> Manage Plugins) because it was eating too much memory on our VPS, so I don't need clamd, and I'd like to get rid of the messages.

    I checked the Basic and Advanced Editor for the Exim configuration, and there don't appear to be any left-over entries in there for ClamAV. I re-started Exim just in case it hasn't been done since I removed ClamAV, but the warnings continue.

    I looked at /etc/exim.conf, and I found the following in there:
    Since clamd is no longer in use, what is the best way to prevent the warnings that will persist through Exim restarts and updates? Do I just add a line in the Advanced Editor for av_scanner with a blank value? Delete the av_scanner line in /etc/exim.conf and restart Exim?
     
  2. cPanelJasonT

    cPanelJasonT Level 2 Technical Analyst
    Staff Member

    Joined:
    Oct 21, 2014
    Messages:
    55
    Likes Received:
    6
    Trophy Points:
    83
    cPanel Access Level:
    Root Administrator
    Hello,
    The exim configuration file is built from the WHM configuration. The way to get a fresh configuration is to Backup and reset the configuration in WHM Home »Service Configuration »Exim Configuration Manager. There, you can backup your current configuration, then reset it to get a newly built configuration without unnecessary options.

    Documentation for this feature is available here:
    Exim Configuration Manager - Version 64 Documentation - cPanel Documentation
     
    linux4me2 likes this.
  3. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    148
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    It sounds like an excellent way for me to screw up a working configuration of Exim, when all I really want is to get rid of the ClamAV warning. :)

    If I have a backup, I guess it's worth a try.
     
  4. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    148
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I found the options on the Reset tab of the Exim configuration manager to be daunting, so I took another look through the Basic and Advanced Editor for the Exim configuration, and I couldn't find where the av_scanner line in etc/exim.conf was being set, so that gave me an idea.

    After backing up my Exim configuration, I just saved the current Advanced configuration, then checked /etc/exim.conf again for the av_scanner line, and it was gone. I haven't seen any more of the warnings in /var/log/exim_mainlog, and I suspect this took care of the problem. I guess when it was installed, ClamAV added the av_scanner line to Exim, but didn't remove it when it was uninstalled. Re-saving the Advanced configuration saved all my current settings and left out the av_scanner line now that ClamAV has been removed.
     
Loading...

Share This Page