Ive got a new install of 3.2 latest on Debian 11 but it looks like ClamAV is not being called by RSpamd when checking mails. The envelope information in rspamd has no mention of Clam in the headers and EICAR test strings get through when emailed without issue. A ps list seems to show its running: Code: 0:27 /usr/sbin/clamd --foreground=true 492 ? Ss 0:00 /usr/bin/freshclam -d --foreground=true Clam and freshclam logs show updates working as normal and nothing else. antispam.conf in the rspamd folder has ClamAV selected Code: clamav { # If set force this action if any virus is found (default unset: no action is forced) #action = "reject"; # Scan mime_parts separately - otherwise the complete mail will be transferred to AV Scanner scan_mime_parts = true; # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity) scan_text_mime = true; scan_image_mime = true; # If `max_size` is set, messages > n bytes in size are not scanned max_size = 20000000; # symbol to add (add it to metric if you want non-zero weight) symbol = "CLAM_VIRUS"; # type of scanner: "clamav", "fprot", "sophos" or "savapi" type = "clamav"; # For "savapi" you must also specify the following variable #product_id = 12345; # You can enable logging for clean messages #log_clean = true; # servers to query (if port is unspecified, scanner-specific default is used) # can be specified multiple times to pool servers # can be set to a path to a unix socket # Enable this in local.d/antivirus.conf #servers = "127.0.0.1:3310"; servers = "/var/run/clamav/clamd.ctl"; # if `patterns` is specified virus name will be matched against provided regexes and the related # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. patterns { # symbol_name = "pattern"; JUST_EICAR = "^Eicar-Test-Signature$"; } patterns_fail { # symbol_name = "pattern"; CLAM_PROTOCOL_ERROR = '^unhandled response'; } # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned. whitelist = "/etc/rspamd/antivirus.wl"; Any idea how i can troubleshoot this and get it working?
What shows Code: systemctl status clamav-daemon.service You could start with the common issues script as always.
It seems to be running ok: Code: clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (running) since Thu 2022-11-03 12:27:02 UTC; 3min 49s ago Docs: man:clamd(8) man:clamd.conf(5) https://docs.clamav.net/ Process: 205725 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 205726 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Main PID: 205727 (clamd) Tasks: 2 (limit: 2340) Memory: 1.3G CPU: 27.630s CGroup: /system.slice/clamav-daemon.service └─205727 /usr/sbin/clamd --foreground=true Running manual scans of folders from the command line also seems to work. It just seems to not being called by redis/rspamd to run on incoming mails.
