[Nolug] Mimedefang not stopping new virus

From: J. Kent Busbee, Jr. <buz_at_penwel.com>
Date: Tue, 3 Feb 2004 10:08:59 -0600
Message-ID: <000201c3ea70$089b0640$3204a8c0@penwel.com>

I have received the new MyDoom virus in email several times. MimeDefang
is supposed to use the ClamAV scanner. I have run clamscan on the
zipped file and it DOES detect it as a virus. So, why does not
Mimedefang stop it?

I've set mimedefang and clamd to run as user defang:

root@pwweb /etc/mail/spamassassin# ps -auwx | grep defang
root 30234 0.0 0.9 1072 540 p0 S+ 9:56AM 0:00.00 grep
defang
defang 10998 0.0 3.7 21544 2136 ?? Ss Thu02PM 0:28.70
/usr/local/sbin/clamd
defang 26780 0.0 0.4 1820 208 ?? I 10:17AM 0:00.29
/usr/local/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mime
defang 26782 0.0 27.4 24720 16132 ?? I 10:17AM 1:22.12
/usr/bin/perl -w /usr/local/bin/mimedefang.pl -server
defang 26792 0.0 0.9 1480 544 ?? S 10:17AM 0:05.87
/usr/local/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -
defang 26794 0.0 1.4 21792 816 ?? I 10:17AM 0:03.91
/usr/bin/perl -w /usr/local/bin/mimedefang.pl -server

<snip /usr/local/clamav.conf>
# run compatible with MIMEDefang user
User defang
PidFile /var/spool/MIMEDefang/clamd.pid
LocalSocket /var/spool/MIMEDefang/clamd.sock
</snip>

And Permissions:
root@pwweb /var/spool/MIMEDefang# ls -al
total 10
drwx------ 2 defang defang 512 Feb 3 10:03 .
drwxr-xr-x 14 root wheel 512 Oct 17 17:09 ..
-rw-rw-rw- 1 defang defang 5 Jan 29 14:59 clamd.pid
srwxrwxrwx 1 defang defang 0 Jan 29 14:59 clamd.sock
-rw------- 1 defang defang 6 Feb 2 10:17
mimedefang-multiplexor.pid
srw------- 1 defang defang 0 Feb 2 10:17
mimedefang-multiplexor.sock
-rw------- 1 defang defang 6 Feb 2 10:17 mimedefang.pid
srwx------ 1 defang defang 0 Feb 2 10:17 mimedefang.sock

Versions:
root@pwweb /var/spool/MIMEDefang# clamd -V
clamd / ClamAV version 0.60
root@pwweb /var/spool/MIMEDefang# mimedefang -V
mimedefang: illegal option -- V
mimedefang version 2.39
root@pwweb /var/spool/MIMEDefang# uname -a
FreeBSD pwweb.penwel.com 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Thu Apr 3
10:53:38 GMT 2003
root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386

Any Suggestions?

___________________
Nolug mailing list
nolug@nolug.org
Received on 02/03/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST