[BlueOnyx:25266] Re: 5209R/5210R: Clam AV and MariaDB updates available

[Michael Stauber]

Hi Dirk,

> After installing libprelude and llvm-libs the installation oft he new clamav
> package was successfull.
> It is now running.

Very well.

> But: Did you change anything in the logging of the clamav or the
> clamav-milter?

It logs into /var/log/maillog and as far as I can tell this is working.
Here is a quick test where I email the EICAR signature to "admin".
That's not a virus, but something all virus scanners detect and report:

[root at 5209r ~]# /usr/sbin/sendmail admin < /trunk/root/eicar.msg ; tail
-f /var/log/maillog
Dec 22 11:25:23 5209r milter-greylist: 1BMGPN7r012155: skipping greylist
because address 127.0.0.1 is whitelisted, (from=<root at 5209r.smd.net>,
rcpt=<admin at 5209r.smd.net>, addr=localhost[127.0.0.1]) ACL 100
Dec 22 11:25:23 5209r milter-geoip: WHOIS_INFO2: Domain of Sender's
Email-Address () real domain could not be determined. Ignoring.
Dec 22 11:25:24 5209r milter-geoip: Connect from root - 127.0.0.1 with
message for admin
Dec 22 11:25:24 5209r milter-geoip: No STMP-Auth used. Accepting email
root -> admin.
Dec 22 11:25:24 5209r milter-geoip: Email-Allowance-Check: ACCEPT
Dec 22 11:25:26 5209r sendmail[12155]: 1BMGPN7r012155:
from=<root at 5209r.smd.net>, size=1311, class=0, nrcpts=1,
msgid=<202112221625.1BMGPNXM012152 at 5209r.smd.net>, proto=ESMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Dec 22 11:25:26 5209r sendmail[12155]: 1BMGPN7r012155: Milter add:
header: X-Greylist: Sender IP whitelisted, not delayed by
milter-greylist-4.4.3 (5209r.smd.net [127.0.0.1]); Wed, 22 Dec 2021
11:25:26 -0500 (-05)
Dec 22 11:25:26 5209r clamd[22626]:
/tmp/clamav-664f41d1ebd9df982ae7ff05fa25dee5.tmp (deleted):
Eicar-Signature FOUND
Dec 22 11:25:26 5209r sendmail[12155]: 1BMGPN7r012155: milter=clamav,
quarantine=quarantined by clamav-milter

See the last line: Eicar-Signature FOUND

So I guess that's working.

-- 
With best regards

Michael Stauber