« previous next »
Pages: [1]

Author Topic: ClamAV not working  (Read 185 times)

0 Members and 1 Guest are viewing this topic.

Offline
anandmys
**
ClamAV not working
« on: May 29, 2025, 06:14:49 AM »
As mentioned in wiki at https://wiki.centos-webpanel.com/test-spamassassin-and-clamav

I am sending an email with content

Quote
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

I dont see any flagging in log.

Mail is also getting landed in inbox

What might have gone wrong?

I have built mail servers with ClamAV enabled

Any settings to be done as it is the case with SpamAssassin ?

Logged
Offline
cyberspace
***
Re: ClamAV not working
« Reply #1 on: May 29, 2025, 11:39:51 PM »
Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)
Logged
Offline
Starburst
*****
Re: ClamAV not working
« Reply #2 on: May 30, 2025, 03:24:31 AM »
What OS was CWP installed on?
Logged
Offline
anandmys
**
Re: ClamAV not working
« Reply #3 on: May 30, 2025, 05:23:27 AM »
Quote from: Starburst on May 30, 2025, 03:24:31 AM
What OS was CWP installed on?
CentOS elevated to Alma Linux 8.10
Logged
Offline
anandmys
**
Re: ClamAV not working
« Reply #4 on: May 30, 2025, 05:33:26 AM »
Quote from: cyberspace on May 29, 2025, 11:39:51 PM
Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)
Logged
Offline
Starburst
*****
Re: ClamAV not working
« Reply #5 on: May 30, 2025, 04:33:39 PM »
Make sure all of ClamAV is installed, it won't hurt if it already is.

Code: [Select]
dnf install clamav* clamd
Then check with:
Code: [Select]
systemctl status clamd
Logged
Offline
anandmys
**
Re: ClamAV not working
« Reply #6 on: May 31, 2025, 06:46:26 AM »
Quote from: Starburst on May 30, 2025, 04:33:39 PM
Make sure all of ClamAV is installed, it won't hurt if it already is.

Code: [Select]
dnf install clamav* clamd
Then check with:
Code: [Select]
systemctl status clamd


Quote
[root@server ~]# systemctl status clamd
● clamd.service - clamd scanner () daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2025-05-30 16:36:59 +09; 23h ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
 Main PID: 1558721 (clamd)
    Tasks: 2 (limit: 36141)
   Memory: 1.3G
   CGroup: /system.slice/clamd.service
           └─1558721 /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes

May 31 14:52:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 14:52:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:02:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:02:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:12:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:12:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:22:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:22:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:32:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:32:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.

Test sending the mail with code. Still not working
Logged
Offline
anandmys
**
Re: ClamAV not working
« Reply #7 on: May 31, 2025, 06:47:47 AM »
Quote from: cyberspace on May 29, 2025, 11:39:51 PM
Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)

ClamAV is up and running

No mention of ClamAV in headers

Sending from gmail
Logged
Offline
anandmys
**
Re: ClamAV not working
« Reply #8 on: May 31, 2025, 07:47:54 AM »
ClamAV can be used to scan files.

Only incoming/ outgoig emails are not being scanned by ClamAV
Logged
Offline
overseer
*****
Re: ClamAV not working
« Reply #9 on: May 31, 2025, 01:54:57 PM »
https://www.linux.com/training-tutorials/using-clamav-kill-viruses-postfix/

You can also make use of postfix's built-in header checks to reject bad attachments. Since the ransomware outbreaks of the last decade or more, I've even had to block .zip files to prevent users from shooting themselves in the foot by opening zipped bad attachments:
Quote
Mime Header Checks

In the mime_header_checks file, you will place a restriction for any file extensions that you do not want to have passing through your system. For example:

/name=[^>]*\.(bat|com|exe|dll|zip)/ REJECT

This will reject any messages that have attachments whose files end in .bat, .com, .exe, .dll, or .zip.
« Last Edit: May 31, 2025, 01:59:26 PM by overseer »
Logged
Pages: [1]
« previous next »