Control Web Panel

WebPanel => E-Mail => Topic started by: anandmys on May 29, 2025, 06:14:49 AM

Title: ClamAV not working
Post by: anandmys on May 29, 2025, 06:14:49 AM

As mentioned in wiki at https://wiki.centos-webpanel.com/test-spamassassin-and-clamav

I am sending an email with content

Quote

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

I dont see any flagging in log.

Mail is also getting landed in inbox

What might have gone wrong?

I have built mail servers with ClamAV enabled

Any settings to be done as it is the case with SpamAssassin ?

Title: Re: ClamAV not working
Post by: cyberspace on May 29, 2025, 11:39:51 PM

Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)

Title: Re: ClamAV not working
Post by: Starburst on May 30, 2025, 03:24:31 AM

What OS was CWP installed on?

Title: Re: ClamAV not working
Post by: anandmys on May 30, 2025, 05:23:27 AM

Quote from: Starburst on May 30, 2025, 03:24:31 AM

What OS was CWP installed on?

CentOS elevated to Alma Linux 8.10

Title: Re: ClamAV not working
Post by: anandmys on May 30, 2025, 05:33:26 AM

Quote from: cyberspace on May 29, 2025, 11:39:51 PM

Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)

Title: Re: ClamAV not working
Post by: Starburst on May 30, 2025, 04:33:39 PM

Make sure all of ClamAV is installed, it won't hurt if it already is.

Code: [Select]

dnf install clamav* clamd
Then check with:

Code: [Select]

systemctl status clamd

Title: Re: ClamAV not working
Post by: anandmys on May 31, 2025, 06:46:26 AM

Quote from: Starburst on May 30, 2025, 04:33:39 PM

Make sure all of ClamAV is installed, it won't hurt if it already is.

Code: [Select]

dnf install clamav* clamd
Then check with:

Code: [Select]

systemctl status clamd

Quote

[root@server ~]# systemctl status clamd
● clamd.service - clamd scanner () daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2025-05-30 16:36:59 +09; 23h ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
 Main PID: 1558721 (clamd)
    Tasks: 2 (limit: 36141)
   Memory: 1.3G
   CGroup: /system.slice/clamd.service
           └─1558721 /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes

May 31 14:52:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 14:52:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:02:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:02:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:12:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:12:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:22:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:22:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:32:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:32:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.

Test sending the mail with code. Still not working

Title: Re: ClamAV not working
Post by: anandmys on May 31, 2025, 06:47:47 AM

Quote from: cyberspace on May 29, 2025, 11:39:51 PM

Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)

ClamAV is up and running

No mention of ClamAV in headers

Sending from gmail

Title: Re: ClamAV not working
Post by: anandmys on May 31, 2025, 07:47:54 AM

ClamAV can be used to scan files.

Only incoming/ outgoig emails are not being scanned by ClamAV

Title: Re: ClamAV not working
Post by: overseer on May 31, 2025, 01:54:57 PM

https://www.linux.com/training-tutorials/using-clamav-kill-viruses-postfix/ (https://www.linux.com/training-tutorials/using-clamav-kill-viruses-postfix/)

You can also make use of postfix's built-in header checks to reject bad attachments. Since the ransomware outbreaks of the last decade or more, I've even had to block .zip files to prevent users from shooting themselves in the foot by opening zipped bad attachments:

Quote

Mime Header Checks

In the mime_header_checks file, you will place a restriction for any file extensions that you do not want to have passing through your system. For example:

/name=[^>]*\.(bat|com|exe|dll|zip)/ REJECT

This will reject any messages that have attachments whose files end in .bat, .com, .exe, .dll, or .zip.