Recently, we have been hit with a large amount of viruses that have not been detected by clam. However, they are now reported. So, would it be possible to rescan the entire message database overnight with clam? That is: /opt/store.
I want to get rid of any residual viruses that got past our filter because people are still opening week-old emails and getting infected.
Here's what I found when I ran the following:
Here's a snippet of what was found:
./clamscan -r -i -d /opt/zimbra/data/clamav/db /opt/zimbra/store/*
Would it cause corruption if I had clamscan just remove the infected messages? Anyone have experience with this?
/opt/zimbra/store/0/17/msg/3/13127-17639.msg: Email.Phishing.RB-3469 FOUND
/opt/zimbra/store/0/17/msg/3/12961-17451.msg: Email.Phishing.RB-3469 FOUND
/opt/zimbra/store/0/17/msg/3/13687-18288.msg: Trojan.Downloader.Agent-1297 FOUND
/opt/zimbra/store/0/17/msg/3/12776-17248.msg: Email.Phishing.Bank-72 FOUND
/opt/zimbra/store/0/17/msg/3/13757-18365.msg: Trojan.Downloader.Agent-1298 FOUND
/opt/zimbra/store/0/17/msg/3/13235-17757.msg: Trojan.Agent-57252 FOUND
One other question: Does anyone know how to find out what virus definitions that clam is using to scan the incoming emails with?
When I type zmclamdctl status, it gives no output.
One additional thing to note: I upgraded to 0.94.1 and pointed the symlink "clamav" to the directory that I placed in /opt/zimbra.