14.6.4 测试 ClamAV
要测试 ClamAV,请首先在 clamav.opt 文件中设置 debug=1。(您不必在 imta.cnf. 中打开特定于通道的 master_debug 或 slave_debug)然后,向测试用户发送一个包含 EICAR 病毒字符串的文件附件 (http://www.eicar.org/anti_virus_test_file.htm)。此字符串用于触发病毒扫描程序在没有附加实际病毒的情况下识别已感染病毒的电子邮件:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* |
查看测试日志。msg-svr-base/data/log/tcp_local_slave.log* 文件应具有类似以下内容的行:
10:39:00.85: ClamAV callout debugging enabled; config /opt/SUNWmsgsr/config/clamav.opt 10:39:00.85: IP address 127.0.0.1 specified 10:39:00.85: Port 3310 selected 10:39:00.85: Mode 1 selected 10:39:00.85: Field "Virus-Test: " selected 10:39:00.85: Verdict "" selected 10:39:00.85: Initializing ClamAV message context ... 10:39:00.85: Creating socket to connect to clamd server 10:39:00.85: Binding clamd socket 10:39:00.85: Connecting to clamd server 10:39:00.85: Sending ClamAV STREAM request 10:39:00.85: Retrieving ClamAV STREAM response 10:39:00.85: STREAM response: PORT 2003 10:39:00.85: Creating socket to connect to clamd server data port 10:39:00.85: Binding clamd data socket 10:39:00.85: Connecting to clamd server data port 10:39:00.85: Sending ClamAV the message 10:39:00.85: Closing ClamAV data connection 10:39:00.85: Reading ClamAV result 10:39:00.87: Result line: stream: Eicar-Test-Signature FOUND 10:39:00.87: Scan result: Message is infected 10:39:00.87: Verdict line: Virus-Test: True ; Eicar-Test-Signature 10:39:00.87: Closing connection to ClamAV 10:39:00.87: Mode 1 verdict of Virus-Test: True ; Eicar-Test-Signature 10:39:00.87: Mode 1 verdict of Virus-Test: True ; Eicar-Test-Signature ... 10:39:00.87: Freeing ClamAV message context |
如果日志文件中不包含类似以上内容的行,或者 clamd 未运行,则将最后的句点 (.) 发送到 SMTP 服务器后,SMTP 对话框中将返回以下错误消息:
452 4.4.5 Error writing message temporaries - Error connecting to ClamAV server |
- © 2010, Oracle Corporation and/or its affiliates