Hi I have just finished writing up my notes on clamd/clamdscan with qmail-scanner 1.16 for FreeBSD 5.1 which I have attached. I am going to try these details out on a FreeBSD 4.8 box soon.
HTH If I get positive feedback I may HTMLise it and put it up somewhere. Thanks --- Steve Crowder e-mail: steve (at) crowders (dot) org www: www.crowders.org PGP Fingerprint: 7AFA B1E3 C556 8393 E425 160F 943F F3B6 DA47 C49B -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Richard Lyszczek Sent: 28 August 2003 16:20 To: Nick Twaddell Cc: [EMAIL PROTECTED] Subject: Re: [Qmail-scanner-general]qmail-scanner not scanning attachments?? Quoting Nick Twaddell <[EMAIL PROTECTED]>: > I have clamd running as a daemon, and qmail-scanner detected clamuko > using the clamdscan binary. If i run clamdscan on the clamd test dir, > it finds the viruses. If i attach the test viruses to an email and send > them, it will not filter them. Am i missing a setting to filter > attachments?? > > Nick > > ----------------------------------------------------------- > Nick Twaddell > Web Space Solutions > Ph: (805) 704-4038 Fx: (805) 434-2477 > > I had that problem and fixed it by just specifying --scanners clamscan. It seems that clamdscan does not have permission to read the file when it is extracted into the /var/spool/qmailscan directory. You might want to check your debug log to confirm this is the reason ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
============================================================================================================================= Notes for installing clamav from FreeBSD ports /usr/ports/security/clamav on a system that has qmail-1.03 and qmail-scanner 1.16 These notes are aimed more specifically at getting clamd and clamdscan working together If you are happy just using clamscan in qmail-scanner and wasting lots of resource/memory via upping the softlimit to a ridiculous level then a lot of this does not apply to you :) Acknowledgements: Gleaned from reading various posts to the clamav-users mailing list many thanks to all who posted there. http://clamav.elektrapro.com/doc/FreeBSD-HowTo/qmail-scanner-how-to.html Thanks to Paul Hoadley & Eric Parsonage for this document I make no claims that this is a perfect solution but it worked for me after I had far too many problems with memory useage whilst using clamscan alone in qmail-scanners. clamav-0.60 worked "out of the box" for me with the most basic setup using the default settings and using the default user and group created as part of the install. It all started to go horribly wrong for me as soon as the virus databases were updated via the daemonised version of freshclam. YMMV... I was getting plenty of error messages like this: 28/08/2003 10:10:13:3361: --output of clamscan was: LibClamAV Error: cli_calloc(): Can't allocate memory (98 bytes). calloc_problem: Cannot allocate memory LibClamAV Error: readdb(): Malformed pattern line 8706 (file /usr/local/share/clamav/viruses.db). ERROR: Malformed database. -- 28/08/2003 10:10:13:3361: tempfail: X-Qmail-Scanner-1.16: clam_scanner: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 If you are getting similar permutations on this theme the clamd/clamdscan pairing may be the way to go for you. Author: Steve Crowder E-mail: steve (at) crowders (dot) org Date: 28/08/2003 ============================================================================================================================= Test/Victim machine FreeBSD 5.1 (fully patched) Edit /usr/ports/security/clamav/Makefile Change to this: CONFIGURE_ARGS= --prefix=${PREFIX} \ --disable-clamav \ --enable-bigstack \ --with-user=qmailq \ --with-group=qmail make make install make clean (whenever you are happy all is well and you dont need to read the documents that ship in the tarball any more) make install clean (for the impatient) ============================================================================================================================= clamd: touch /var/log/clamd.log chown qmailq:qmail /var/log/clamd.log chmod 644 /var/log/clamd.log Relevant additional entries in /etc/newsyslog.conf at your discretion Create a starup/shutdown script for the clad daemon in /usr/local/etc/rc.d/clamd.sh #!/bin/sh # # Startup / shutdown script for clamd (Clam Antivirus) # daemonised partner to clamdscan case "$1" in start) /usr/local/sbin/clamd echo -n ' clamd started' echo "" ;; stop) /usr/bin/killall clamd > /dev/null 2>&1 && echo -n ' clamd stopped' echo "" ;; *) echo "Usage: `basename $0` {start | stop}" exit 64 ;; esac chown root:wheel /usr/local/etc/rc.d/clamd.sh chmod 744 /usr/local/etc/rc.d/clamd.sh ============================================================================================================================= freshclam: touch /var/log/freshclam.log chown qmailq:qmail /var/log/freshclam.log chmod 644 /var/log/freshclam.log Relevant additional entries in /etc/newsyslog.conf at your discretion Create startup/shutdown script for the freshclam daemon in /usr/local/etc/rc.d/freshclam.sh #!/bin/sh # # Startup / shutdown script for freshclam (Clam Antivirus) # daemonised virus database updater case "$1" in start) /usr/local/bin/freshclam -d -c 2 -l /var/log/freshclam.log echo -n ' freshclam started' echo "" ;; stop) /usr/bin/killall freshclam > /dev/null 2>&1 && echo -n ' freshclam stopped' echo "" ;; *) echo "Usage: `basename $0` {start | stop}" exit 64 ;; esac chown root:wheel /usr/local/etc/rc.d/freshclam.sh chmod 744 /usr/local/etc/rc.d/freshclam.sh Don't like the daemonised version? - go set up a crontab ============================================================================================================================= Manually update the virus databases: freshclam Check for any errors. ============================================================================================================================= Set the correct permissions on the working directory /usr/local/share/clamav: chown qmailq:qmail /usr/local/share/clamav chmod +t /usr/local/share/clamav chown -R qmailq:qmail /usr/local/share/clamav/ ============================================================================================================================= Edit the clamd configuration file /usr/local/etc/clamav.conf: # Comment or remove the line below. #Example LogFile /var/log/clamd.log PidFile /tmp/clamd.pid DataDirectory /usr/local/share/clamav LocalSocket /var/spool/qmailscan/clamd User qmailq Other features comment out or add at your discretion ============================================================================================================================= Launch the freshclam daemon: /usr/local/etc/rc.d/freshclam.sh Check the log file /var/log/freshclam.log for any errors ============================================================================================================================= Start the clamd daemon and load the virus signatures into memory: /usr/local/etc/rc.d/clamd.sh Check the log file /var/log/clamd.log for any errors ============================================================================================================================= qmail-scanner-1.16: Configure and install qmail-scanner as you normally would do. After setting up you may have to manually edit this line: my $clamscan_binary='/usr/local/bin/clamscan'; to my $clamscan_binary='/usr/local/bin/clamdscan'; =============================================================================================================================
