[clamav-users] clamscan detects, but clamd doesn't

Dave McMurtrie dave64 at andrew.cmu.edu
Mon Jan 26 16:31:56 UTC 2015 

Hi Steve,

Thanks for the suggestion.  I didn't know clamdscan existed.  Indeed, that seems to work also:

[root at andrew-mx-t01 phish]# clamdscan ./phish_test.txt 
./phish_test.txt: Heuristics.Phishing.URL.Blacklisted FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.017 sec (0 m 0 s)


Is there a way to configure clamd to do debug-level logging like you can do with clamscan?

Thanks!

Dave

________________________________________
From: clamav-users [clamav-users-bounces at lists.clamav.net] on behalf of Steven Morgan [smorgan at sourcefire.com]
Sent: Monday, January 26, 2015 11:24 AM
To: ClamAV users ML
Subject: Re: [clamav-users] clamscan detects, but clamd doesn't

Hi Dave,

I am wondering what happens if you use clamdscan on your phish_test file?

Steve


On Mon, Jan 26, 2015 at 7:42 AM, Dave McMurtrie <dave64 at andrew.cmu.edu>
wrote:

> Hi,
>
> We've been running ClamAV successfully for years.  Recently, I added a URL
> to our local.gdb database to block a malicious URL.  When I send a test
> message containing this URL through an MX server, it does not detect the
> URL:
>
> Jan 26 07:13:17 andrew-mx-t01 clamd[31673]:
> /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-5.txt: OK
> Jan 26 07:13:17 andrew-mx-t01 clamd[31673]:
> /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-6.html: OK
>
> However, when I run clamscan against the exact same message on the same MX
> server, it does successfully detect the URL:
>
> [root at andrew-mx-t01 phish]# clamscan ./phish_test.txt
> ./phish_test.txt: Heuristics.Phishing.URL.Blacklisted FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 4835255
> Engine version: 0.98.1
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 10.179 sec (0 m 10 s)
>
> When I start clamd, I can see that it successfully loads the local.gdb
> file, so I know that's not the issue.
>
> Any pointers on how to troubleshoot this?  sysadmin via google has thus
> far failed me.
>
> Thanks!
>
> Dave
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list