ClamAV not being used by rspamd?

Discussion in 'Installation/Configuration' started by WhitcombeRD, Nov 3, 2022.

  1. WhitcombeRD

    WhitcombeRD Member

    Ive got a new install of 3.2 latest on Debian 11 but it looks like ClamAV is not being called by RSpamd when checking mails.

    The envelope information in rspamd has no mention of Clam in the headers and EICAR test strings get through when emailed without issue.

    A ps list seems to show its running:

    0:27 /usr/sbin/clamd --foreground=true
        492 ?        Ss     0:00 /usr/bin/freshclam -d --foreground=true
    Clam and freshclam logs show updates working as normal and nothing else.
    antispam.conf in the rspamd folder has ClamAV selected

    clamav {
        # If set force this action if any virus is found (default unset: no action is forced)
        #action = "reject";
        # Scan mime_parts separately - otherwise the complete mail will be transferred to AV Scanner
        scan_mime_parts = true;
        # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity)
        scan_text_mime = true;
        scan_image_mime = true;
        # If `max_size` is set, messages > n bytes in size are not scanned
        max_size = 20000000;
        # symbol to add (add it to metric if you want non-zero weight)
        symbol = "CLAM_VIRUS";
        # type of scanner: "clamav", "fprot", "sophos" or "savapi"
        type = "clamav";
        # For "savapi" you must also specify the following variable
        #product_id = 12345;
        # You can enable logging for clean messages
        #log_clean = true;
        # servers to query (if port is unspecified, scanner-specific default is used)
        # can be specified multiple times to pool servers
        # can be set to a path to a unix socket
        # Enable this in local.d/antivirus.conf
        #servers = "";
        servers = "/var/run/clamav/clamd.ctl";
        # if `patterns` is specified virus name will be matched against provided regexes and the related
        # symbol will be yielded if a match is found. If no match is found, default symbol is yielded.
        patterns {
          # symbol_name = "pattern";
          JUST_EICAR = "^Eicar-Test-Signature$";
        patterns_fail {
          # symbol_name = "pattern";
          CLAM_PROTOCOL_ERROR = '^unhandled response';
        # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
        whitelist = "/etc/rspamd/antivirus.wl";
    Any idea how i can troubleshoot this and get it working?
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What shows
    systemctl status clamav-daemon.service
    You could start with the common issues script as always.
  3. WhitcombeRD

    WhitcombeRD Member

    It seems to be running ok:
     clamav-daemon.service - Clam AntiVirus userspace daemon
         Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
        Drop-In: /etc/systemd/system/clamav-daemon.service.d
         Active: active (running) since Thu 2022-11-03 12:27:02 UTC; 3min 49s ago
           Docs: man:clamd(8)
        Process: 205725 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
        Process: 205726 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
       Main PID: 205727 (clamd)
          Tasks: 2 (limit: 2340)
         Memory: 1.3G
            CPU: 27.630s
         CGroup: /system.slice/clamav-daemon.service
                 └─205727 /usr/sbin/clamd --foreground=true
    Running manual scans of folders from the command line also seems to work.

    It just seems to not being called by redis/rspamd to run on incoming mails.

Share This Page