[clamav-users] Howto quarantine emails? "ERROR: VirusEvent: fork failed."
Mathieu D.
mathieud at univ-jfc.fr
Tue Jan 3 09:25:54 UTC 2017
Hello,
I would like to keep emails detected as virus by ClamAV on the filesystem, in
order to be able to retrieve false-positive when users asks for them. After a
few days, a simple cronjob would remove them.
So I though that "VirusEvent" could be an appropriate way to do it. (Is there
any better way?)
I set the "VirusEvent" in the configuration file to :
VirusEvent /bin/run-parts --lsbsysinit /etc/clamav/virusevent.d/
While I am only debugging for the moment, the script `/etc/clamav/
virusevent.d/test.sh` (chmod'ed +s) contains this:
#!/bin/bash
echo "$(date) ClamAV found $CLAM_VIRUSEVENT_VIRUSNAME into
$CLAM_VIRUSEVENT_FILENAME" >> /tmp/clamav-found_virus.log
I also tried directly with this:
VirusEvent echo "%v" >> /tmp/clamav-found_virus.log
But all my tests fails. The /tmp.clamav-found_virus.log doesn't get anything,
while the logs only tells:
```
/var/spool/exim4/scan/1cO7Nt-0005Y4-A5/1cO7Nt-0005Y4-A5.eml:
Heuristics.Phishing.Email.SSL-Spoof(6ed8d5db7b0e9651be9a6d42befc69cb:46580)
FOUND
ERROR: VirusEvent: fork failed.
```
Do you have any idea why it doesn't work?
Best regards,
--
Mathieu
More information about the clamav-users
mailing list