So I checked maillog again and somehow I missed this but there's countless log entries pertaining to the message loop:
Jan 25 13:01:29 efaserv MailScanner[9710]: Virus Scanning: Found 1 viruses
Jan 25 13:01:29 efaserv MailScanner[9710]: Spam Checks: Starting
Jan 25 13:01:29 efaserv MailScanner[9710]: Deleted 1 messages from processing-database
Jan 25 13:01:29 efaserv MailScanner[9710]: MailWatch: Logging message 252FC100061.A0789 to SQL
Jan 25 13:01:29 efaserv MailScanner[9710]: New Batch: Scanning 1 messages, 958 bytes
Jan 25 13:01:29 efaserv MailScanner[9710]: Virus and Content Scanning: Starting
Jan 25 13:01:29 efaserv MailScanner[9710]: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Jan 25 13:01:29 efaserv MailScanner[9710]: Virus Scanning: Clamd found 1 infections
Jan 25 13:01:29 efaserv MailScanner[9710]: Virus Scanning: No virus scanners worked, so message batch was abandoned and retried!
There's a few posts on this forum about the same issue (I found a fix which I've yet to implement
viewtopic.php?t=3128 ) and I'm wondering what's the deal? What are yara rules, why are they broken on a fresh hyperv install, and what are the drawbacks of disabling them?
Thanks community!
Edit: And if I try to restart clamd, this is what I get:
Starting Clam AntiVirus Daemon: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe"
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules.
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them