[clamav-users] clamscan detects, but clamd doesn't

Steven Morgan smorgan at sourcefire.com
Mon Jan 26 16:39:53 UTC 2015 

Yes, you can enable debugging in clamd by uncommenting the following line
in you clamd.conf:

#Debug yes

I usually run clamd in foreground when debugging. This is done by
uncommenting:

#Foreground yes

Steve


On Mon, Jan 26, 2015 at 11:31 AM, Dave McMurtrie <dave64 at andrew.cmu.edu>
wrote:

> Hi Steve,
>
> Thanks for the suggestion.  I didn't know clamdscan existed.  Indeed, that
> seems to work also:
>
> [root at andrew-mx-t01 phish]# clamdscan ./phish_test.txt
> ./phish_test.txt: Heuristics.Phishing.URL.Blacklisted FOUND
>
> ----------- SCAN SUMMARY -----------
> Infected files: 1
> Time: 0.017 sec (0 m 0 s)
>
>
> Is there a way to configure clamd to do debug-level logging like you can
> do with clamscan?
>
> Thanks!
>
> Dave
>
> ________________________________________
> From: clamav-users [clamav-users-bounces at lists.clamav.net] on behalf of
> Steven Morgan [smorgan at sourcefire.com]
> Sent: Monday, January 26, 2015 11:24 AM
> To: ClamAV users ML
> Subject: Re: [clamav-users] clamscan detects, but clamd doesn't
>
> Hi Dave,
>
> I am wondering what happens if you use clamdscan on your phish_test file?
>
> Steve
>
>
> On Mon, Jan 26, 2015 at 7:42 AM, Dave McMurtrie <dave64 at andrew.cmu.edu>
> wrote:
>
> > Hi,
> >
> > We've been running ClamAV successfully for years.  Recently, I added a
> URL
> > to our local.gdb database to block a malicious URL.  When I send a test
> > message containing this URL through an MX server, it does not detect the
> > URL:
> >
> > Jan 26 07:13:17 andrew-mx-t01 clamd[31673]:
> > /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-5.txt:
> OK
> > Jan 26 07:13:17 andrew-mx-t01 clamd[31673]:
> > /var/spool/mqueue/mxmilter/mdefang-t0QCDGNx031682/Work/msg-31460-6.html:
> OK
> >
> > However, when I run clamscan against the exact same message on the same
> MX
> > server, it does successfully detect the URL:
> >
> > [root at andrew-mx-t01 phish]# clamscan ./phish_test.txt
> > ./phish_test.txt: Heuristics.Phishing.URL.Blacklisted FOUND
> >
> > ----------- SCAN SUMMARY -----------
> > Known viruses: 4835255
> > Engine version: 0.98.1
> > Scanned directories: 0
> > Scanned files: 1
> > Infected files: 1
> > Data scanned: 0.00 MB
> > Data read: 0.00 MB (ratio 0.00:1)
> > Time: 10.179 sec (0 m 10 s)
> >
> > When I start clamd, I can see that it successfully loads the local.gdb
> > file, so I know that's not the issue.
> >
> > Any pointers on how to troubleshoot this?  sysadmin via google has thus
> > far failed me.
> >
> > Thanks!
> >
> > Dave
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

More information about the clamav-users mailing list