[clamav-users] clamscan detects, but clamd doesn't
Steven Morgan
smorgan at sourcefire.com
Mon Jan 26 16:24:27 UTC 2015
Hi Dave,
I am wondering what happens if you use clamdscan on your phish_test file?
Steve
On Mon, Jan 26, 2015 at 7:42 AM, Dave McMurtrie <dave64 at andrew.cmu.edu>
wrote:
> Hi,
>
> We've been running ClamAV successfully for years. Recently, I added a URL
> to our local.gdb database to block a malicious URL. When I send a test
> message containing this URL through an MX server, it does not detect the
> URL:
>
> Jan 26 07:13:17 andrew-mx-t01 clamd[31673]:
> /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-5.txt: OK
> Jan 26 07:13:17 andrew-mx-t01 clamd[31673]:
> /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-6.html: OK
>
> However, when I run clamscan against the exact same message on the same MX
> server, it does successfully detect the URL:
>
> [root at andrew-mx-t01 phish]# clamscan ./phish_test.txt
> ./phish_test.txt: Heuristics.Phishing.URL.Blacklisted FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 4835255
> Engine version: 0.98.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 10.179 sec (0 m 10 s)
>
> When I start clamd, I can see that it successfully loads the local.gdb
> file, so I know that's not the issue.
>
> Any pointers on how to troubleshoot this? sysadmin via google has thus
> far failed me.
>
> Thanks!
>
> Dave
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list