4

I decided to decrease the workload on my mail gateway by moving anti-virus processing to a separate server. I created the server, installed clamav-daemon on it, and tested it by running clamdscan from the mail gateway.

Satisfied, I then changed MailScanner as following:

Virus Scanners = clamd
Clamd Port = 3310
Clamd Socket = clamd server's IP address

I restarted mailscanner, and got the following result:

MailScanner[45946]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: No such file or directory. ERROR :: /var/spool/MailScanner/incoming/45946

Obviously, MailScanner is not sending the file to be scanned. Instead, it is just telling it to scan a file which, obviously, does not exist on clamd's server.

I find it difficult to believe using clamd in this manner with mailscanner is not possible at all. Rather, I suspect I'm missing something. So... is it possible? If so, what configuration am I missing?

Daniel C. Sobral
  • 5,563
  • 5
  • 32
  • 48
  • I think we need more information here. Clamd sits and listens for instructions on what files need to be scanned, that is the communication it receives via TCP. We need to know how it accesses the mail files to be scanned (ie: nfs share?) and what the permissions are, along with what the uid/gid for the clamav user is on both the machine running mailscanner, and the machine running clamav/clamd. My quick stab with info i have which I don't trust to put as an answer is either the absolute path of the file is different from clamd, or the perms are wrong – sandroid Nov 09 '11 at 19:51
  • @sandroid I expect the files to be _sent_ over TCP to clamd. At least, it certainly seemed to work using clamdscan. – Daniel C. Sobral Nov 09 '11 at 20:07

1 Answers1

0

You should probably leave defaults, i.e. for a program which is using clam to use default settings (local clamdscan).

Than, you need to configure clamd.conf on both scanning client and scanning server machines, the TCPSocket and TCPAddr parameters. Keep in mind that TCPAddr on scanning server should not be localhost/127.0.0.1 but it's externally reachable address.

Miloš Đakonović
  • 640
  • 3
  • 9
  • 28