Hello !!
I have configured HAVP with clam scan engine. clamdscan is working fine. It detects viruses, based on command option, it is also able to move or delete them. But HAVP failed to detect some of them.
I am giving an example, respecting the Documentation page, I access
http://www.eicar.org/anti_virus_test_file.htm. eicar_com.zip (184 bytes) is detected by havp but it failed to detect eicarcom2.zip (308 bytes). However clamdscan detects eicarcom2.zip.
Now, my question is what may be the problem? How do I solve this?
Here, I am giving you some necessary log files....
## clamd.log - Truncated ##
+++ Started at Wed Oct 31 03:01:47 2007
clamd daemon 0.91.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user clamav (UID 1001, GID 1000)
Log file size limited to 1048576 bytes.
Reading databases from /var/log/clam
Not loading PUA signatures.
Loaded 162993 signatures.
Bound to tcp port 3310
Setting connection queue length to 15
Archive: Archived file size limit set to 10485760 bytes.
Archive: Recursion level limit set to 8.
Archive: Files limit set to 1000.
Archive: Compression ratio limit set to 250.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
Mail: Recursion level limit set to 64.
OLE2 support enabled.
PDF support disabled.
HTML support enabled.
Self checking every 1800 seconds.
Reading databases from /var/log/clam
Database correctly reloaded (163846 signatures)
SelfCheck: Database status OK.
##################
## freshclam.log #####
ClamAV update process started at Sat Nov 3 15:32:31 2007
main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
nonblock_recv: recv timing out (30 secs)
database.clamav.net
Downloading daily-4652.cdiff [100%]
Downloading daily-4653.cdiff [100%]
Downloading daily-4654.cdiff [100%]
Downloading daily-4655.cdiff [100%]
Downloading daily-4656.cdiff [100%]
Downloading daily-4657.cdiff [100%]
Downloading daily-4658.cdiff [100%]
Downloading daily-4659.cdiff [100%]
Downloading daily-4660.cdiff [100%]
Downloading daily-4661.cdiff [100%]
Downloading daily-4662.cdiff [100%]
Downloading daily-4663.cdiff [100%]
Downloading daily-4664.cdiff [100%]
Downloading daily-4665.cdiff [100%]
Downloading daily-4666.cdiff [100%]
daily.inc updated (version: 4666, sigs: 30683, f-level: 21, builder: ccordes)
Database updated (163846 signatures) from database.clamav.net (IP: 100.100.6.15)
Clamd successfully notified about the update.
#########################
### havp error.log ###########
31/10/2007 23:56:04 === Starting HAVP Version: 0.86
31/10/2007 23:56:04 Change to user havp
31/10/2007 23:56:04 Change to group havp
31/10/2007 23:56:04 --- Initializing ClamAV Library Scanner
31/10/2007 23:56:04 ClamAV: Using database directory: /var/log/clam
31/10/2007 23:56:06 ClamAV: Loaded 163120 signatures (engine 0.91.2)
31/10/2007 23:56:06 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
31/10/2007 23:56:06 --- Initializing Clamd Socket Scanner
31/10/2007 23:56:06 Clamd Socket Scanner passed EICAR virus test (Eicar-Test-Signature)
31/10/2007 23:56:06 --- All scanners initialized
31/10/2007 23:56:06 Process ID: 12282
03/11/2007 15:57:12 ClamAV: Reloaded 163846 signatures (engine 0.91.2)
########################
### havp access log - truncated ####
03/11/2007 15:36:56 127.0.0.1 GET 200
http://www.eicar.org/download/eicar.com.txt 394+68 VIRUS ClamAV: Eicar-Test-Signature, Clamd: Eicar-Test-Signature
03/11/2007 15:36:59 127.0.0.1 GET 200
http://www.eicar.org/download/eicar_com.zip 400+184 VIRUS ClamAV: Eicar-Test-Signature, Clamd: Eicar-Test-Signature
03/11/2007 15:37:02 127.0.0.1 GET 304
http://www.eicar.org/download/eicarcom2.zip 291+0 OK
###############
Please tell me why havp fails to detect eicarcom2.zip, where clamd detect it as a virus?
