Author Topic: ClamAV not working  (Read 185 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
ClamAV not working
« on: May 29, 2025, 06:14:49 AM »
As mentioned in wiki at https://wiki.centos-webpanel.com/test-spamassassin-and-clamav

I am sending an email with content

Quote
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

I dont see any flagging in log.

Mail is also getting landed in inbox

What might have gone wrong?

I have built mail servers with ClamAV enabled

Any settings to be done as it is the case with SpamAssassin ?


Offline
***
Re: ClamAV not working
« Reply #1 on: May 29, 2025, 11:39:51 PM »
Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)

Offline
*****
Re: ClamAV not working
« Reply #2 on: May 30, 2025, 03:24:31 AM »
What OS was CWP installed on?

Offline
**
Re: ClamAV not working
« Reply #3 on: May 30, 2025, 05:23:27 AM »
What OS was CWP installed on?
CentOS elevated to Alma Linux 8.10

Offline
**
Re: ClamAV not working
« Reply #4 on: May 30, 2025, 05:33:26 AM »
Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)

Offline
*****
Re: ClamAV not working
« Reply #5 on: May 30, 2025, 04:33:39 PM »
Make sure all of ClamAV is installed, it won't hurt if it already is.

Code: [Select]
dnf install clamav* clamd
Then check with:
Code: [Select]
systemctl status clamd

Offline
**
Re: ClamAV not working
« Reply #6 on: May 31, 2025, 06:46:26 AM »
Make sure all of ClamAV is installed, it won't hurt if it already is.

Code: [Select]
dnf install clamav* clamd
Then check with:
Code: [Select]
systemctl status clamd


Quote
[root@server ~]# systemctl status clamd
● clamd.service - clamd scanner () daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2025-05-30 16:36:59 +09; 23h ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
 Main PID: 1558721 (clamd)
    Tasks: 2 (limit: 36141)
   Memory: 1.3G
   CGroup: /system.slice/clamd.service
           └─1558721 /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes

May 31 14:52:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 14:52:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:02:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:02:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:12:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:12:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:22:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:22:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:32:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.
May 31 15:32:52 server.my server.com clamd[1558721]: SelfCheck: Database status OK.

Test sending the mail with code. Still not working

Offline
**
Re: ClamAV not working
« Reply #7 on: May 31, 2025, 06:47:47 AM »
Check processes running on your server/vps and make sure ClamAV is up and working.

If ClamAV works then check the mail headers of the test email received by you.

Also, send test emails from a 3rd party server to your email address located at your CWP server. If you send emails locally (the sender and recipient are located at the same server then the mail could be delivered bypass ClamAV)

ClamAV is up and running

No mention of ClamAV in headers

Sending from gmail

Offline
**
Re: ClamAV not working
« Reply #8 on: May 31, 2025, 07:47:54 AM »
ClamAV can be used to scan files.

Only incoming/ outgoig emails are not being scanned by ClamAV

Offline
*****
Re: ClamAV not working
« Reply #9 on: May 31, 2025, 01:54:57 PM »
https://www.linux.com/training-tutorials/using-clamav-kill-viruses-postfix/

You can also make use of postfix's built-in header checks to reject bad attachments. Since the ransomware outbreaks of the last decade or more, I've even had to block .zip files to prevent users from shooting themselves in the foot by opening zipped bad attachments:
Quote
Mime Header Checks

In the mime_header_checks file, you will place a restriction for any file extensions that you do not want to have passing through your system. For example:

/name=[^>]*\.(bat|com|exe|dll|zip)/ REJECT

This will reject any messages that have attachments whose files end in .bat, .com, .exe, .dll, or .zip.
« Last Edit: May 31, 2025, 01:59:26 PM by overseer »