Clamd

E

eistek

Member
Dec 24, 2020
30
2
8
Turkey
I am new to proxmox mail gateway.
I have just installed proxmox from iso to virtual machine. Everything is look ok.

When i send EICAR test files to my email address. attached files passing from gateway.

/var/log/clamav/clamav.log file is empty

ps aux shows clamd is working .
root@pmx:~# ps aux |grep clamd
clamav 920 0.1 35.5 1790488 1433784 ? Ssl Dec23 0:40 /usr/sbin/clamd.
Promox filters are as default

there are nothing in mail.log about clam
root@pmx:~# cat /var/log/mail.log |grep clam
root@pmx:~#

What i need to check ? DO i need enable something?
 
This is what i see from tracking center. There nothing about clam


Dec 23 23:19:02 pmx postfix/smtpd[8847]: connect from batch.outbound.your-site.com[205.233.73.32]
Dec 23 23:19:03 pmx postfix/smtpd[8847]: D52F3341E4D: client=batch.outbound.your-site.com[205.233.73.32]
Dec 23 23:19:04 pmx postfix/cleanup[8852]: D52F3341E4D: message-id=<202012232018.0BNKItSi157415@9cdd9cea763b.web.vm.your-site.com>
Dec 23 23:19:04 pmx postfix/qmgr[5868]: D52F3341E4D: from=<eicar@aleph-tec.com>, size=2704, nrcpt=1 (queue active)
Dec 23 23:19:04 pmx postfix/smtpd[8847]: disconnect from batch.outbound.your-site.com[205.233.73.32] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 23 23:19:04 pmx pmg-smtp-filter[7242]: 341EE85FE3A63810F97: new mail message-id=<202012232018.0BNKItSi157415@9cdd9cea763b.web.vm.your-site.com>#012
Dec 23 23:19:09 pmx pmg-smtp-filter[7242]: 341EE85FE3A63810F97: SA score=0/5 time=5.781 bayes=undefined autolearn=ham autolearn_force=no hits=AWL(0.222),KAM_DMARC_STATUS(0.01),RCVD_IN_DNSWL_BLOCKED(0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),URIBL_BLOCKED(0.001)
Dec 23 23:19:09 pmx pmg-smtp-filter[7242]: 341EE85FE3A63810F97: adding disclaimer failed (rule: Balkan_Disclaimer)
Dec 23 23:19:09 pmx postfix/smtpd[8883]: connect from localhost.localdomain[127.0.0.1]
Dec 23 23:19:09 pmx postfix/smtpd[8883]: E8D43341EEA: client=localhost.localdomain[127.0.0.1], orig_client=batch.outbound.your-site.com[205.233.73.32]
Dec 23 23:19:09 pmx postfix/cleanup[8852]: E8D43341EEA: message-id=<202012232018.0BNKItSi157415@9cdd9cea763b.web.vm.your-site.com>
Dec 23 23:19:09 pmx postfix/qmgr[5868]: E8D43341EEA: from=<eicar@aleph-tec.com>, size=3616, nrcpt=1 (queue active)
Dec 23 23:19:09 pmx postfix/smtpd[8883]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Dec 23 23:19:09 pmx pmg-smtp-filter[7242]: 341EE85FE3A63810F97: accept mail to <test@blabla.com.tr> (E8D43341EEA) (rule: default-accept)
Dec 23 23:19:09 pmx pmg-smtp-filter[7242]: 341EE85FE3A63810F97: processing time: 5.898 seconds (5.781, 0.053, 0)
Dec 23 23:19:09 pmx postfix/lmtp[8853]: D52F3341E4D: to=<test@blabla.com.tr>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.7, delays=0.8/0/0.01/5.9, dsn=2.5.0, status=sent (250 2.5.0 OK (341EE85FE3A63810F97))
Dec 23 23:19:09 pmx postfix/qmgr[5868]: D52F3341E4D: removed
Dec 23 23:19:10 pmx postfix/smtp[8884]: E8D43341EEA: to=<test@blabla.com.tr>, relay=188.132.217.107[188.132.217.107]:25, delay=0.12, delays=0.01/0/0/0.1, dsn=2.0.0, status=sent (250 Requested mail action okay, completed)
Dec 23 23:19:10 pmx postfix/qmgr[5868]: E8D43341EEA: removed
 
What kind of EICAR mail is that? Does it contain:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Or is it Some kind of splittet/multipart Eicar?
 
dietmar said:
What kind of EICAR mail is that? Does it contain:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Or is it Some kind of splittet/multipart Eicar?
Click to expand...
I am sending from here.
http://www.aleph-tec.com/eicar/

it is sending following files in seperate emails. Mails passing from my gateway. Kaspesrsky is deleting all on my client side
icar.com
eicar.com.txt
eicar_com.zip
eicarcom2.zip (double zip compressed eicar.com)
eicarpasswd.zip (new! - zip compressed eicar.com with password)
eicarpasswdocr.zip (new! - zip compressed eicar.com with password in image file)
 
I have also used followig web page to send infected test emails

https://docs.libraesva.com/email-security-tester/

It is sending 15 separate infected email. 14 passed from my gateway :(
and 1 of them is quarantined by gateway

root@pmx:~# cat /var/log/mail.log |grep clam
Dec 24 12:01:52 pmx pmg-smtp-filter[10666]: 341F075FE45900020E3: virus detected: Eicar-Signature (clamav)
root@pmx:~#


Kaspersky found all at client side
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back