clamav functionality

Discussion in 'Technical' started by domino, Aug 20, 2005.

  1. domino

    domino New Member

    I went over to http://www.webmail.us/testvirus and sent myself some eicar. I received the tests but some tests may have gotten though and some derivery errors also occured which i would like to resolve.

    Mail Delivery error:

    From: Mail Delivery System
    Subject: Undelivered Mail Returned to Sender
    Tests that went undetected:

    Test #5: EICAR virus sent using BinHex encoding (this is a rarely used Macintosh mail format)

    Test #15: No information because a resident AV (NOD32) caught it even though I turn it off.

    Test #16: EICAR virus hidden using the "CR Vulnerability" *

    Test #18: EICAR virus within ZIP file hidden using the "Blank Folding Vulnerability"

    Test #23: (Non-Virus): Test for the "Partial (Fragmented) Vulnerability". This does not include the EICAR virus, however your mail server should still block this since a virus can use this technique to break itself into multiple emails, bypassing virus scanners, and reassembling itself in your inbox. **

    Test #24: (Non-Virus): Attachment with a CLSID extension which may hide the real file extension. This does not include the EICAR virus, however your mail server should still block this since the CLSID technique can be used to hide the true extension of a malicious file. ***

    The "Undelivered Mail" is most important to me since it uses alot of resources and it will also solve some Undelivered Mail errors not related to the above tests. However i'm a bit conserned about the other tests that got though.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The clamAV antivirus is called trough the trashscan scrpt (also part of the ClamAV project):

    /home/admispconfig/ispconfig/tools/clamav/bin/trashscan

    The Template for trashscan is here:

    /root/ispconfig/isp/conf/trashscan.master
     
  3. domino

    domino New Member

    Thanks till, I've looked through the files you ponted to and I don't think I should touch them. I don't see any reason to. I was just wondering why I keep getting this message..
    Unless I missed an email setting somewhere, all my log emails either get forwarded to my real domain email, or configured to send directly to my real domain email. In all likelyhood, I didn't set something to be forwarded to my real email. It's just I can't pinpoint where it could be.
     
  4. falko

    falko Super Moderator Howtoforge Staff

    You could do a
    Code:
    dig linux.domain.com
    to find out if your system resolves that domain.
     
  5. domino

    domino New Member

    Yes, I have done that and the system resolves to the correct domain. I bet there is a setting somewhere that I haven't seen that will change the default root email to another user email on the system.
     
  6. teleriddler

    teleriddler New Member

    Admin account for site, only one exhibitng same mail problem

    After reading through the thread here I am experiencing the same problem. All my other accounts for this domain work fine with mail from internal and external addresses. Disabling antivirus through the user's interface in ISPConfig fixed the "No Sender" "No Subject" problem.

    The only thing different with this account is that it is the admin account for the domain. I am wondering if this is a bug, since the admin account mail is handled differently that the others.

    So to recap, I have a domain with all mail working for all users except the admin account. Mail comes in with "No Sender" "No Subject" when antivirus is enabled through the admin users' ISPConfig interface. I have mailscan, spam and antivirus enabled for all users working perfectly. For the admin account I have mailscan and spam turned on and mail comes through. As soon as antivirus is turned on I start to experience the same problems.

    Any thoughts?

    TeleRiddler
     
    Last edited: Feb 17, 2006

Share This Page