Sun Java System Messaging Server 6.3 管理指南

14.6.4 測試 ClamAV

若要測試 ClamAV,請先在 clamav.opt 檔案中設定 debug=1。(您不需要開啟 imta.cnf 中通道專屬的 master_debugslave_debug。) 接著傳送包含 EICAR 病毒字串的檔案附件給測試使用者 (http://www.eicar.org/anti_virus_test_file.htm)。此字串的設計目的在於觸發病毒掃描器以辨別感染病毒的電子郵件,而不需要附加實際病毒:


X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

檢閱測試記錄。msg-svr-base/data/log/tcp_local_slave.log* 檔案應該有些行類似於:


10:39:00.85: ClamAV callout debugging enabled; 
config /opt/SUNWmsgsr/config/clamav.opt
10:39:00.85: IP address 127.0.0.1 specified 
10:39:00.85: Port 3310 selected 
10:39:00.85: Mode 1 selected 
10:39:00.85: Field "Virus-Test: " selected 
10:39:00.85: Verdict "" selected 
10:39:00.85: Initializing ClamAV message context
 ... 
10:39:00.85: Creating socket to connect to clamd server 
10:39:00.85: Binding clamd socket 
10:39:00.85: Connecting to clamd server 
10:39:00.85: Sending ClamAV STREAM request 
10:39:00.85: Retrieving ClamAV STREAM response 
10:39:00.85: STREAM response: PORT 2003 
10:39:00.85: Creating socket to connect to clamd server data port 
10:39:00.85: Binding clamd data socket 
10:39:00.85: Connecting to clamd server data port 
10:39:00.85: Sending ClamAV the message 
10:39:00.85: Closing ClamAV data connection 
10:39:00.85: Reading ClamAV result 
10:39:00.87: Result line: stream: Eicar-Test-Signature FOUND 
10:39:00.87: Scan result: Message is infected 
10:39:00.87: Verdict line: Virus-Test: True ; Eicar-Test-Signature 
10:39:00.87: Closing connection to ClamAV 
10:39:00.87: Mode 1 verdict of Virus-Test: True ; Eicar-Test-Signature 
10:39:00.87: Mode 1 verdict of Virus-Test: True ; Eicar-Test-Signature
 ... 
10:39:00.87: Freeing ClamAV message context  

如果記錄檔不包含與以上類似的行,或尚未執行 clamd,則在最後一個小數點號 (.) 傳送至 SMTP 伺服器後,會在 SMTP 對話方塊中傳回如下錯誤訊息:


452 4.4.5 Error writing message temporaries - Error 
connecting to ClamAV server