ClamAV

Raphael Vallazza Wed, 31 Jan 2007 07:49:58 -0800

Hi,

did someone have this problem with Endian Firewall 2.1?


Bye,
Raphael


Steffen Schmidt schrieb:

Hi Mike,
this was the missing piece to locate the problem.
I followed your advice and tried.....

[EMAIL PROTECTED]:~ # freshclam
ClamAV update process started at Mon Dec 11 09:54:45 2006
main.cvd is up to date (version: 41, sigs: 73809, f-level: 10, builder:
tkojm)
Downloading daily.cvd [*]
daily.cvd updated (version: 2314, sigs: 6689, f-level: 9, builder: ccordes)
Database updated (80498 signatures) from db.local.clamav.net (IP:
89.149.194.18)
ERROR: Parse error at line 24: Option ArchiveMaxRecursion requires numerical
argument.
ERROR: Clamd was NOT notified: Can't find or parse configuration file
/etc/clamav/clamd.conf
[EMAIL PROTECTED]:~ #

After this, i found out that clamav was not configured and the values for...

ArchiveMaxFileSize 15M
ArchiveMaxRecursion 9
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 300

... where missing. After completion of these values averything works
perfect.

Thank you very much. Perfect help. Great!!!!!

Steffen

-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:efw-user-
[EMAIL PROTECTED] Im Auftrag von Mike Tremaine
Gesendet: Sonntag, 10. Dezember 2006 16:06
An: [email protected]
Betreff: Re: [Efw-user] WG: P3Scan/Spamd/ClamAV

Steffen Schmidt wrote:

Dec  7 19:40:16 Firewall p3scan[6968]: ERR: We can't say if it is a
virus! So we have to give the cli

ent the mail! You should check your configuration/system

Dec  7 19:40:16 Firewall p3scan[6968]: ERR: Scanner returned unexpected
error code. You should check

your configuration/system.

It sounds like ClamAV is having a problem. First have you upgrade to the
lastest ClamAV version that I posted? If not then do this first. Then as
root
type "freshclam" to make the database is updated and everything looks ok.
Next
you test the basic scanner by doing something like

[EMAIL PROTECTED]:~ # clamscan /root/
/root/.bash_history: OK
/root/efw-hosts_fill.sh: OK
/root/host-fill.sh: OK
/root/zombie.log: OK
/root/test.pl: OK
/root/frox_check.sh: OK

----------- SCAN SUMMARY -----------
Known viruses: 80339
Engine version: 0.88.6
Scanned directories: 1
Scanned files: 6
Infected files: 0
Data scanned: 0.01 MB
Time: 1.591 sec (0 m 1 s)


This will just scan the /root home dir for viruses.

If it does that ok then make the the clamd is running you can get the PID
from
/var/run/clamav like so

[EMAIL PROTECTED]:~ # ps `cat /var/run/clamav/clamd.pid`
   PID TTY      STAT   TIME COMMAND
27905 ?        Ss    90:00 /usr/sbin/clamd

Or good old grep

[EMAIL PROTECTED]:~ # ps -ef | grep clamd
clamav   27905     1  0 Oct27 ?        01:30:00 /usr/sbin/clamd
root     30623 30571  0 07:04 pts/2    00:00:00 grep clamd

Last check the ClamAV logs "tail /var/log/clamav/clamd.log"

Post back anything that seems to be broken and I might be able to make a
better
guess.

-Mike

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user



--

:: e n d i a n
:: open source - open minds

:: raphael vallazza
:: phone +39 0471 631763  :: fax +39 0471 631764
:: http://www.endian.it   :: raphael (AT) endian.it

begin:vcard
fn:Raphael Vallazza
n:Vallazza;Raphael
org:Endian GmbH/SRL
adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
email;internet:[EMAIL PROTECTED]
tel;work:+39 0471 631763
tel;fax:+39 0471 631764
x-mozilla-html:FALSE
url:http://www.endian.it
version:2.1
end:vcard

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user

Re: [Efw-user] WG: P3Scan/Spamd/ClamAV

Reply via email to