Yes, I decided to go with EPEL ClamAV because I don't see a reason not to. It does the same thing with minor changes and someone else takes care of the RPMS. And, updates are faster.

Other than the name of the service only the below user/group changes take place.

chown clamscan:root /var/qmail/simscan
chown clamscan:root /var/qmail/bin/simscan
chown -R clamscan:clamscan /var/log/clamd
chown -R clamupdate:clamupdate /var/lib/clamav

The permissions do not change. I just put them in the script just to make sure after update.

The signature library after QMT clamav is removed has owner 46 group 46 which is the deleted clamav user and group. Scanning works just fine like this however I wanted things clean and changed user and group to clamupdate for those signatures.

I have tested this on several production machines and all seems to work well. I'd like to know if problems occur. If they do one could revert; however, I don't foresee any issues.


On 6/23/2020 2:14 PM, Philip Nix Guru wrote:


so that's the new way to go for clamav ?

Script for upgrade looks simple, I am not too fond of changing user and ownership (thank you epel)

if you use extra scripts for un official sigs it can lead to some problems ..

Who tested the move to epel clamav tree ?


On 6/23/20 5:01 PM, Eric Broch wrote:

On 6/22/2020 11:39 PM, ChandranManikandan wrote:
Hi Folks,

I received below two virus notifications in my logwatch report. How do I protect from virus protection? Eric: Any possible chances to update the latest clamav, have you upload the latest clamav epel.
Please assist me.

Some few spam emails with the same subject with different email addresses received everyday.
I have blocked on spamassassin and spamdyke. but still received.
Any further attacks happened.
I am running CSF & Fail2ban.
Anyone assist me.

 Viruses detected:

Email.Phishing.VOF1-6297424-0:                         1 Time(s)

Heuristics.Phishing.Email.SpoofedDomain:               3 Time(s)

 Virus database reloaded 2 time(s) (last time with 7343939 viruses)


Reply via email to