Re: [clamav-users] Encrypted Word doc/phishing attack

Wed, 05 Oct 2016 11:57:25 -0700 


Am 05.10.2016 um 20:52 schrieb Dennis Peterson:

On 10/5/16 11:37 AM, Alex wrote:

Can you explain how you configured systemd to start two instances of
the same clamd binary using different config files?


Create a second config file and give it a unique name or place it in a
different directory than the original. Edit the new file to change as
needed the tcpip port if used, or the socket name and location. Make any
other changes that accomplish what you need from the second instance. Be
especially attentive of log files, how they're created, how they're
managed, and how they're populated.

Edit your startup script to start a second instance (and to stop it) and
use the --config-file="xxxxx" for both instances where xxxx is the
appropriate name and path of your config files.

Make what ever changes are needed in your processes that call clam
services so that they call the correct instance.

You will have to modify  the freshclam script to send a reload command
to the second instance of clamd as well as the original instance



or better consider when is the right moment and just leave out the 
reload logic - we update signatures on a completly different machine and 
deploy them with rsync


i know the two points per hour when that happens


so i know when i have to schedule the reloads on the machines running 
clamd given that the signature update hardly exceeds 5 minutes

________________________________

/etc/crontab:
# Reload der ClamAV-Signaturen

28,58 * * * *                               root      /usr/bin/bash 
/usr/local/bin/reload-clamd.sh

________________________________

[root@mail-gw:/etc/systemd/system]$ cat /usr/local/bin/reload-clamd.sh
#!/usr/bin/bash

OLD_HASH=`sha512sum /tmp/clamd-sig-instance1-status.txt 2> /dev/null`
sha512sum /var/lib/clamav/* > /tmp/clamd-sig-instance1-status.txt
NEW_HASH=`sha512sum /tmp/clamd-sig-instance1-status.txt`
if [ "$OLD_HASH" != "$NEW_HASH" ]; then
 /usr/bin/systemctl condreload clamd.service
 sleep 15
fi

OLD_HASH=`sha512sum /tmp/clamd-sig-instance2-status.txt 2> /dev/null`
sha512sum /var/lib/clamav-spam/* > /tmp/clamd-sig-instance2-status.txt
NEW_HASH=`sha512sum /tmp/clamd-sig-instance2-status.txt`
if [ "$OLD_HASH" != "$NEW_HASH" ]; then
 /usr/bin/systemctl condreload clamd-sa.service
fi
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml






















					Reply via email to