Re: [qmailtoaster] protect virus

Tue, 23 Jun 2020 14:34:32 -0700 

Philip,
Yes, I decided to go with EPEL ClamAV because I don't see a reason not to. It does the same thing with minor changes and someone else takes care of the RPMS. And, updates are faster. 


Other than the name of the service only the below user/group changes 
take place.


chown clamscan:root /var/qmail/simscan
chown clamscan:root /var/qmail/bin/simscan
chown -R clamscan:clamscan /var/log/clamd
chown -R clamupdate:clamupdate /var/lib/clamav


The permissions do not change. I just put them in the script just to 
make sure after update.



The signature library after QMT clamav is removed has owner 46 group 46 
which is the deleted clamav user and group. Scanning works just fine 
like this however I wanted things clean and changed user and group to 
clamupdate for those signatures.



I have tested this on several production machines and all seems to work 
well. I'd like to know if problems occur. If they do one could revert; 
however, I don't foresee any issues.


Eric


On 6/23/2020 2:14 PM, Philip Nix Guru wrote:


Hello

so that's the new way to go for clamav ?


Script for upgrade looks simple, I am not too fond of changing user 
and ownership (thank you epel)



if you use extra scripts for un official sigs it can lead to some 
problems ..


Who tested the move to epel clamav tree ?


Regards



On 6/23/20 5:01 PM, Eric Broch wrote:


https://www.qmailtoaster.org/qttoepelclam.html

On 6/22/2020 11:39 PM, ChandranManikandan wrote:

Hi Folks,


I received below two virus notifications in my logwatch report. How 
do I protect from virus protection?
Eric: Any possible chances to update the latest clamav, have you 
upload the latest clamav epel.

Please assist me.


Some few spam emails with the same subject with different email 
addresses received everyday.

I have blocked on spamassassin and spamdyke. but still received.
Any further attacks happened.
I am running CSF & Fail2ban.
Anyone assist me.

 Viruses detected:

Email.Phishing.VOF1-6297424-0:                         1 Time(s)

Heuristics.Phishing.Email.SpoofedDomain:               3 Time(s)

 Virus database reloaded 2 time(s) (last time with 7343939 viruses)


--
*/Regards,
Manikandan.C
/*






















					Reply via email to