Malware ACL Condition: Clamd
I was working on another issue that required me to watch /var/log/exim_mainlog, and I saw a number of the following warnings:
malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): No such file or directory
Several months ago, I disabled clamd and unchecked monitoring for it in Service Manager, then uninstalled the ClamAV plugin (using cPanel -> Manage Plugins) because it was eating too much memory on our VPS, so I don't need clamd, and I'd like to get rid of the messages. I checked the Basic and Advanced Editor for the Exim configuration, and there don't appear to be any left-over entries in there for ClamAV. I re-started Exim just in case it hasn't been done since I removed ClamAV, but the warnings continue. I looked at /etc/exim.conf, and I found the following in there: av_scanner = clamd:/var/clamd
Since clamd is no longer in use, what is the best way to prevent the warnings that will persist through Exim restarts and updates? Do I just add a line in the Advanced Editor for av_scanner with a blank value? Delete the av_scanner line in /etc/exim.conf and restart Exim?
Several months ago, I disabled clamd and unchecked monitoring for it in Service Manager, then uninstalled the ClamAV plugin (using cPanel -> Manage Plugins) because it was eating too much memory on our VPS, so I don't need clamd, and I'd like to get rid of the messages. I checked the Basic and Advanced Editor for the Exim configuration, and there don't appear to be any left-over entries in there for ClamAV. I re-started Exim just in case it hasn't been done since I removed ClamAV, but the warnings continue. I looked at /etc/exim.conf, and I found the following in there: av_scanner = clamd:/var/clamd
Since clamd is no longer in use, what is the best way to prevent the warnings that will persist through Exim restarts and updates? Do I just add a line in the Advanced Editor for av_scanner with a blank value? Delete the av_scanner line in /etc/exim.conf and restart Exim?
-
Hello, The exim configuration file is built from the WHM configuration. The way to get a fresh configuration is to Backup and reset the configuration in WHM Home "Service Configuration "Exim Configuration Manager. There, you can backup your current configuration, then reset it to get a newly built configuration without unnecessary options. Documentation for this feature is available here: Exim Configuration Manager - Version 64 Documentation - cPanel Documentation 0 -
It sounds like an excellent way for me to screw up a working configuration of Exim, when all I really want is to get rid of the ClamAV warning. :) If I have a backup, I guess it's worth a try. 0 -
I found the options on the Reset tab of the Exim configuration manager to be daunting, so I took another look through the Basic and Advanced Editor for the Exim configuration, and I couldn't find where the av_scanner line in etc/exim.conf was being set, so that gave me an idea. After backing up my Exim configuration, I just saved the current Advanced configuration, then checked /etc/exim.conf again for the av_scanner line, and it was gone. I haven't seen any more of the warnings in /var/log/exim_mainlog, and I suspect this took care of the problem. I guess when it was installed, ClamAV added the av_scanner line to Exim, but didn't remove it when it was uninstalled. Re-saving the Advanced configuration saved all my current settings and left out the av_scanner line now that ClamAV has been removed. 0
Please sign in to leave a comment.
Comments
3 comments