Re: [Clamav-users] clamav-milter verification

Wed, 19 Jan 2005 02:07:28 -0800 

On Tuesday 18 Jan 2005 22:05, Joe Polk wrote:
> Directory perms match. Here's the other:
> -rw-rw----    1 clamav   clamav          4 Jan 18 11:05 clamd.pid
> srwxrwxrwx    1 clamav   clamav          0 Jan 18 11:05 clamd.sock
> srwx------    1 clamav   clamav          0 Jan 18 15:09 clmilter.socket
>
> Should I be running freshclam as a daemon? There appear to be cron jobs
> enabled.

yes.

#!/bin/sh

COMMAND=$1

if [ "$COMMAND" == "start" ] ; then
    echo -n "Starting freshclam daemon ... "
    /usr/local/bin/freshclam -d
    echo " done."
    exit
elif [ "$COMMAND" == "stop" ] ; then
    echo -n "Stopping freshclam daemon ... "
    killall -TERM freshclam
    echo " done."
    exit
else
    echo "usage: $0 start|stop"
    exit
fi

you should also edit freshclam.conf to point to suitable servers, set the time 
interval and setup logging. Make it verbose to start with and check the logs 
to see if it's updating. You should see something like this:

Received signal 14, wake up
ClamAV update process started at Tue Jan 18 20:52:41 2005
main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
daily.cvd updated (version: 674, sigs: 459, f-level: 3, builder: acab)
Database updated (29545 signatures) from db.uk.clamav.net (84.18.202.162).



>
> --
> <<JAV>>
>
>
> ---------- Original Message -----------
> From: <[EMAIL PROTECTED]>
> To: "'ClamAV users ML'" <[email protected]>
> Sent: Tue, 18 Jan 2005 13:54:14 -0800
> Subject: RE: [Clamav-users] clamav-milter verification
>
> > Hello,
> >
> > Don't know if I could help, but I think I recall this error from the
> > permissions on the directory the file is in, or the permissions on
> > the file itself. I had this months ago when I was first setting up too.
> >
> > Directory Permission:
> > drwxr-xr-x    2 clamav   clamav       4096 Dec  7 12:26 clamav
> >
> > File Permissions:
> > -rw-rw----    1 clamav   clamav          4 Nov 20 14:05 clamd.pid
> > srwxrwxrwx    1 clamav   clamav          0 Nov 20 14:05 clamd.sock
> > srwx------    1 clamav   clamav          0 Dec  7 12:26 clmilter.sock
> > -rw-rw----    1 clamav   clamav          4 Nov 20 14:05 freshclam.pid
> >
> > Shawn
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Joe Polk
> > Sent: Tuesday, January 18, 2005 1:37 PM
> > To: ClamAV users ML
> > Subject: Re: [Clamav-users] clamav-milter verification
> >
> > [EMAIL PROTECTED] clamav]# ls -ld /var/run/clamav/
> > drwxr-xr-x    2 clamav   clamav       4096 Jan 18 15:09 /var/run/clamav/
> >
> > I got another one of those errors at 16:33. I think I get these when
> > clamav-milter is invoked. I sent myself 2 testviruses and I think
> > that triggered the last one maybe.
> >
> > --
> > <<JAV>>
> >
> > ---------- Original Message -----------
> > From: Nigel Horne <[EMAIL PROTECTED]>
> > To: ClamAV users ML <[email protected]>
> > Sent: Tue, 18 Jan 2005 21:35:10 +0000
> > Subject: Re: [Clamav-users] clamav-milter verification
> >
> > > On Tue, 2005-01-18 at 21:32, Joe Polk wrote:
> > > > After. I see a ton of them in there but they stop mysteriously at
> > > > 16:22:44.
> > >
> > > What happened at 16:22?
> > > What is the output of "ls -ld /var/run/clamav"?
> > >
> > > > --
> > > > <<JAV>>
> > > >
> > > >
> > > > ---------- Original Message -----------
> > > > From: Nigel Horne <[EMAIL PROTECTED]>
> > > > To: ClamAV users ML <[email protected]>
> > > > Sent: Tue, 18 Jan 2005 20:51:59 +0000
> > > > Subject: Re: [Clamav-users] clamav-milter verification
> > > >
> > > > > On Tue, 2005-01-18 at 20:41, Joe Polk wrote:
> > > > > > I'm seeing this in the maillog:
> > > > > > Jan 18 15:12:10 mail sendmail[6612]: j0IKCADB006612: Milter
> >
> > (clmilter): local
> >
> > > > > > socket name /var/run/clamav/clmilter.sock unsafe
> > > > > > Jan 18 15:12:10 mail sendmail[6612]: j0IKCADB006612: Milter
> >
> > (clmilter): to
> >
> > > > > > error state
> > > > >
> > > > > What is this output of "ls -ld /var/run/clamav"?
> > > > > Is this before or after you ensured that you've ensured that
> > > > > sendmail.mc and /etc/sysconfig/clamav-milter point to the same
> > > > > socket?
> > > > >
> > > > > > --
> > > > > > <<JAV>>
> > > > > >
> > > > > >
> > > > > > ---------- Original Message -----------
> > > > > > From: Nigel Horne <[EMAIL PROTECTED]>
> > > > > > To: ClamAV users ML <[email protected]>
> > > > > > Sent: Tue, 18 Jan 2005 19:49:02 +0000
> > > > > > Subject: Re: [Clamav-users] clamav-milter verification
> > > > > >
> > > > > > > On Tue, 2005-01-18 at 19:35, Joe Polk wrote:
> > > > > > > > Thanks, Nigel. Here's the info!
> > > > > > > >
> > > > > > > > > What version of clamav-milter? (clamav-milter --version)
> > > > > > > >
> > > > > > > >     ClamAV version 0.80, clamav-milter version 0.80j
> > > > > > > >
> > > > > > > > > Have you started clamav-milter? (ps -ef | fgrep clam)
> > > > > > > >
> > > > > > > >   clamav    4972     1  0 11:05 ?        00:00:00 clamd
> > > > > > > >   clamav    4997     1  0 11:05 ?        00:00:00
> > > > > > > > clamav-milter
> > > > > > > >
> > > > > > > > --config-file=/etc/clamd.conf --max-children=10 --force-scan
> >
> > --quiet
> >
> > > > > > > > --dont-log-clean --noreject -obl
> >
> > local:/var/run/clamav/clmilter.socket
> >
> > > > > > > 1) Please don't use the -b option
> > > > > > > 2) This local:/var/run/clamav/clmilter.socket doesn't match
> > > > > > > this from your sendmail.mc: S=local:/var/run/clmilter.sock.
> > > > > > > They need
> >
> > to
> >
> > > > > > > be the same.
> > > > > > >
> > > > > > > > > What's in the syslog?
> > > > > > > >
> > > > > > > >   Most of what I see are directory scans. I tried a manual
> > > > > > > > scan
> >
> > with
> >
> > > > clamdscan
> > > >
> > > > > > > > on my /var/spool/mail folder and it said it couldn't scan
> > > > > > > > some
> >
> > of the
> >
> > > > files. I
> > > >
> > > > > > > > put user clamav into the "mail" group hoping this would work,
> >
> > but it
> >
> > > > didn't
> > > >
> > > > > > > > appear to. I can't find anything in the logs indicating the
> >
> > milter is
> >
> > > > running,
> > > >
> > > > > > > > though.
> > > > > > > >
> > > > > > > > > What's in your sendmail.mc?
> > > > > > > >
> > > > > > > >   I added:
> > > > > > > >  
> > > > > > > > INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clmilter.sock,
> >
> > F=,
> >
> > > > > > T=S:4m;R:4m')d
> > > > > >
> > > > > > > > nl
> > > > > > > > define(`confINPUT_MAIL_FILTERS', `clmilter')
> > > > > > > >
> > > > > > > > <<JAV>>
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > > > > >
> > > > > > ------- End of Original Message -------
> > > > > >
> > > > > > _______________________________________________
> > > > > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > > > >
> > > > > _______________________________________________
> > > > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > > >
> > > > ------- End of Original Message -------
> > > >
> > > > _______________________________________________
> > > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >
> > > _______________________________________________
> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> > ------- End of Original Message -------
> >
> > _______________________________________________
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> > _______________________________________________
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
> ------- End of Original Message -------
>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

-- 
-----------------
Bob Hutchinson
Midwales dot com
-----------------
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Reply via email to