Hello

sure, that's fine, I used your script on a very busy production server, all went fine

I just had to make a little change for compatibility with some of my scripts


I d suggest one thing, in scan.conf


PidFile /run/clamd.scan/clamd.pid

LocalSocket /run/clamd.scan/clamd.sock


I did change that to /var/run/clamd.scan/clamd.pid|clamd.sock


I changed it to keep it compatible with


 extremeshok <https://github.com/extremeshok> / *clamav-unofficial-sigs
 <https://github.com/extremeshok/clamav-unofficial-sigs>*


Regards

-Philip


On 6/23/20 11:33 PM, Eric Broch wrote:

Philip,

Yes, I decided to go with EPEL ClamAV because I don't see a reason not to. It does the same thing with minor changes and someone else takes care of the RPMS. And, updates are faster.

Other than the name of the service only the below user/group changes take place.

chown clamscan:root /var/qmail/simscan
chown clamscan:root /var/qmail/bin/simscan
chown -R clamscan:clamscan /var/log/clamd
chown -R clamupdate:clamupdate /var/lib/clamav

The permissions do not change. I just put them in the script just to make sure after update.

The signature library after QMT clamav is removed has owner 46 group 46 which is the deleted clamav user and group. Scanning works just fine like this however I wanted things clean and changed user and group to clamupdate for those signatures.

I have tested this on several production machines and all seems to work well. I'd like to know if problems occur. If they do one could revert; however, I don't foresee any issues.

Eric


On 6/23/2020 2:14 PM, Philip Nix Guru wrote:

Hello

so that's the new way to go for clamav ?

Script for upgrade looks simple, I am not too fond of changing user and ownership (thank you epel)

if you use extra scripts for un official sigs it can lead to some problems ..

Who tested the move to epel clamav tree ?


Regards



On 6/23/20 5:01 PM, Eric Broch wrote:

https://www.qmailtoaster.org/qttoepelclam.html

On 6/22/2020 11:39 PM, ChandranManikandan wrote:
Hi Folks,

I received below two virus notifications in my logwatch report. How do I protect from virus protection? Eric: Any possible chances to update the latest clamav, have you upload the latest clamav epel.
Please assist me.

Some few spam emails with the same subject with different email addresses received everyday.
I have blocked on spamassassin and spamdyke. but still received.
Any further attacks happened.
I am running CSF & Fail2ban.
Anyone assist me.

 Viruses detected:

Email.Phishing.VOF1-6297424-0: 1 Time(s)

Heuristics.Phishing.Email.SpoofedDomain: 3 Time(s)

 Virus database reloaded 2 time(s) (last time with 7343939 viruses)


--
*/Regards,
Manikandan.C
/*

Reply via email to