ClamAV Troubleshooting

Anti-virus Testing

To test the virus filter, it is necessary to download the eicar test virus email and send it using the command below (Replacing emailonserver@example.com with a real email account on the server). If the Anti-virus is working correctly you will see it get blocked and it will be listed in the maillog and in Warden -> Logs -> Message Log.

Disable Greylisting

If greylisting is enabled then you must disable it on the recipient domain before running these tests.

/usr/local/psa/bin/grey_listing --update-domain example.com -status off

Centos / RHEL / CloudLinux / AlmaLinux

wget http://www.eicar.org/download/eicar.com.txt
echo "TEST MESSAGE w/ ATTACHMENT" | mail -S smtp=localhost -r sender@example.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com

Debian / Ubuntu

apt-get install s-nail
wget http://www.eicar.org/download/eicar.com.txt
echo "TEST MESSAGE w/ ATTACHMENT" | s-nail -S smtp=localhost -r sender@example.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com

ClamAV Tools

You can view the current ClamAV configuration using the following command:

clamconf

You can monitor the ClamAV daemon using the following command:

clamdtop

Restarting ClamAV

Centos / RHEL / CloudLinux / AlmaLinux

// restart clamav
systemctl restart clamd@scan

// restart freshclam (Centos /RHEL / Cloudlinux / AlmaLinux 8 only)
systemctl restart clamav-freshclam

Debian / Ubuntu

// restart clamav
systemctl restart clamav-daemon

// restart freshclam
systemctl restart clamav-freshclam

Debug

clamscan --debug 2>&1 /dev/null

Checking Signatures

clamscan --debug 2>&1 /dev/null | grep "loaded"