[BlueOnyx:25267] Re: 5209R/5210R: Clam AV and MariaDB updates available

Dirk Estenfeld dirk.estenfeld at blackpoint.de
Wed Dec 22 11:46:17 -05 2021 

Hello Michael,

yes if there is a finding a message in the /var/log/maillog is  popping up:

Dec 22 17:42:36 ser clamd[19780]: /tmp/clamav-20aae553a095c4121b63afea426f3c0c.tmp (deleted): Eicar-Signature FOUND
Dec 22 17:42:36 ser sendmail[9184]: 1BMGgZLq009184: milter=clamav, quarantine=quarantined by clamav-milter

However until the new version an "Milter add: header: X-Virus-Scanned" for every scanned email was also present in the log. This I cannot see any longer.

Best regards,
Dirk
 

 
blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel 

-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael Stauber
Gesendet: Mittwoch, 22. Dezember 2021 17:28
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:25266] Re: 5209R/5210R: Clam AV and MariaDB updates available

Hi Dirk,

> After installing libprelude and llvm-libs the installation oft he new clamav
> package was successfull.
> It is now running.

Very well.

> But: Did you change anything in the logging of the clamav or the
> clamav-milter?

It logs into /var/log/maillog and as far as I can tell this is working.
Here is a quick test where I email the EICAR signature to "admin".
That's not a virus, but something all virus scanners detect and report:

[root at 5209r ~]# /usr/sbin/sendmail admin < /trunk/root/eicar.msg ; tail
-f /var/log/maillog
Dec 22 11:25:23 5209r milter-greylist: 1BMGPN7r012155: skipping greylist
because address 127.0.0.1 is whitelisted, (from=<root at 5209r.smd.net>,
rcpt=<admin at 5209r.smd.net>, addr=localhost[127.0.0.1]) ACL 100
Dec 22 11:25:23 5209r milter-geoip: WHOIS_INFO2: Domain of Sender's
Email-Address () real domain could not be determined. Ignoring.
Dec 22 11:25:24 5209r milter-geoip: Connect from root - 127.0.0.1 with
message for admin
Dec 22 11:25:24 5209r milter-geoip: No STMP-Auth used. Accepting email
root -> admin.
Dec 22 11:25:24 5209r milter-geoip: Email-Allowance-Check: ACCEPT
Dec 22 11:25:26 5209r sendmail[12155]: 1BMGPN7r012155:
from=<root at 5209r.smd.net>, size=1311, class=0, nrcpts=1,
msgid=<202112221625.1BMGPNXM012152 at 5209r.smd.net>, proto=ESMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Dec 22 11:25:26 5209r sendmail[12155]: 1BMGPN7r012155: Milter add:
header: X-Greylist: Sender IP whitelisted, not delayed by
milter-greylist-4.4.3 (5209r.smd.net [127.0.0.1]); Wed, 22 Dec 2021
11:25:26 -0500 (-05)
Dec 22 11:25:26 5209r clamd[22626]:
/tmp/clamav-664f41d1ebd9df982ae7ff05fa25dee5.tmp (deleted):
Eicar-Signature FOUND
Dec 22 11:25:26 5209r sendmail[12155]: 1BMGPN7r012155: milter=clamav,
quarantine=quarantined by clamav-milter

See the last line: Eicar-Signature FOUND

So I guess that's working.

-- 
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list