test

Sun Java System Messaging Server 6.3 Administration Guide

14.6.4 Testing ClamAV

To test ClamAV, first set debug=1 in the clamav.opt file. (You do not have to turn on the channel-specific master_debug or slave_debug in the imta.cnf.) Then send a file attachment to a test user which contains the EICAR virus string (http://www.eicar.org/anti_virus_test_file.htm). This string is designed to trigger virus scanners to recognize an email as virus-infected without having an actual virus attached: 


X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Review the test logs. The msg-svr-base/data/log/tcp_local_slave.log* file should have lines similar to these:


10:39:00.85: ClamAV callout debugging enabled; 
config /opt/SUNWmsgsr/config/clamav.opt
10:39:00.85: IP address 127.0.0.1 specified 
10:39:00.85: Port 3310 selected 
10:39:00.85: Mode 1 selected 
10:39:00.85: Field "Virus-Test: " selected 
10:39:00.85: Verdict "" selected 
10:39:00.85: Initializing ClamAV message context
 ... 
10:39:00.85: Creating socket to connect to clamd server 
10:39:00.85: Binding clamd socket 
10:39:00.85: Connecting to clamd server 
10:39:00.85: Sending ClamAV STREAM request 
10:39:00.85: Retrieving ClamAV STREAM response 
10:39:00.85: STREAM response: PORT 2003 
10:39:00.85: Creating socket to connect to clamd server data port 
10:39:00.85: Binding clamd data socket 
10:39:00.85: Connecting to clamd server data port 
10:39:00.85: Sending ClamAV the message 
10:39:00.85: Closing ClamAV data connection 
10:39:00.85: Reading ClamAV result 
10:39:00.87: Result line: stream: Eicar-Test-Signature FOUND 
10:39:00.87: Scan result: Message is infected 
10:39:00.87: Verdict line: Virus-Test: True ; Eicar-Test-Signature 
10:39:00.87: Closing connection to ClamAV 
10:39:00.87: Mode 1 verdict of Virus-Test: True ; Eicar-Test-Signature 
10:39:00.87: Mode 1 verdict of Virus-Test: True ; Eicar-Test-Signature
 ... 
10:39:00.87: Freeing ClamAV message context

If your log file does not contain lines similar to these, or if clamd is not running, the following error message is returned in your SMTP dialog after the last period (.) is sent to the SMTP server:


452 4.4.5 Error writing message temporaries - Error 
connecting to ClamAV server