Re: [Nolug] Mimedefang not stopping new virus

From: scotth_at_scottharney.com
Date: Tue, 03 Feb 2004 10:25:03 -0600
Message-ID: <87isio871c.fsf@minorthreat.local.lan>

"J. Kent Busbee, Jr." <buz@penwel.com> writes:

how often are you updating your clam database.

man freshclam.

> I have received the new MyDoom virus in email several times. MimeDefang
> is supposed to use the ClamAV scanner. I have run clamscan on the
> zipped file and it DOES detect it as a virus. So, why does not
> Mimedefang stop it?
>
> I've set mimedefang and clamd to run as user defang:
>
> root@pwweb /etc/mail/spamassassin# ps -auwx | grep defang
> root 30234 0.0 0.9 1072 540 p0 S+ 9:56AM 0:00.00 grep
> defang
> defang 10998 0.0 3.7 21544 2136 ?? Ss Thu02PM 0:28.70
> /usr/local/sbin/clamd
> defang 26780 0.0 0.4 1820 208 ?? I 10:17AM 0:00.29
> /usr/local/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mime
> defang 26782 0.0 27.4 24720 16132 ?? I 10:17AM 1:22.12
> /usr/bin/perl -w /usr/local/bin/mimedefang.pl -server
> defang 26792 0.0 0.9 1480 544 ?? S 10:17AM 0:05.87
> /usr/local/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -
> defang 26794 0.0 1.4 21792 816 ?? I 10:17AM 0:03.91
> /usr/bin/perl -w /usr/local/bin/mimedefang.pl -server
>
> <snip /usr/local/clamav.conf>
> # run compatible with MIMEDefang user
> User defang
> PidFile /var/spool/MIMEDefang/clamd.pid
> LocalSocket /var/spool/MIMEDefang/clamd.sock
> </snip>
>
> And Permissions:
> root@pwweb /var/spool/MIMEDefang# ls -al
> total 10
> drwx------ 2 defang defang 512 Feb 3 10:03 .
> drwxr-xr-x 14 root wheel 512 Oct 17 17:09 ..
> -rw-rw-rw- 1 defang defang 5 Jan 29 14:59 clamd.pid
> srwxrwxrwx 1 defang defang 0 Jan 29 14:59 clamd.sock
> -rw------- 1 defang defang 6 Feb 2 10:17
> mimedefang-multiplexor.pid
> srw------- 1 defang defang 0 Feb 2 10:17
> mimedefang-multiplexor.sock
> -rw------- 1 defang defang 6 Feb 2 10:17 mimedefang.pid
> srwx------ 1 defang defang 0 Feb 2 10:17 mimedefang.sock
>
> Versions:
> root@pwweb /var/spool/MIMEDefang# clamd -V
> clamd / ClamAV version 0.60
> root@pwweb /var/spool/MIMEDefang# mimedefang -V
> mimedefang: illegal option -- V
> mimedefang version 2.39
> root@pwweb /var/spool/MIMEDefang# uname -a
> FreeBSD pwweb.penwel.com 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Thu Apr 3
> 10:53:38 GMT 2003
> root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386
>
> Any Suggestions?
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
>

-- 
Scott Harney<scotth@scottharney.com>
"...and one script to rule them all."
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/03/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST