I only saw 2 rules in the logs,

missed one so clamd was kinda starting and dying, which produced the multi qq soft reject


so I just added all the log options in scan.conf, restarted clamd@scan.service (reloading is not enough)

check status of daemon and I caught the last signature that was remaining .. it only showed after I cleaned the 2 first ones

Just a stupid mistake, went too quick in analyzing the logs


All seems fine now, script is bullet proof :)


the scan.conf had limited logging compared to the "old" clamav.conf toaster

I didnt check that at first ..


All good, I will run that on the other servers now ..

Thank you





On 6/24/20 2:48 AM, Eric Broch wrote:

What'd you do to mitigate?


On 6/23/2020 6:47 PM, Philip Nix Guru wrote:

Hello

ok it was 3 signatures that seem to be faulty with clamav 0.102.3

EMAIL_Cryptowall.yar

peid.yar

rfxn.yara


Seems ok now ..

added debuging in scan.conf to check if all is running good


Next time I will do that in the day, not at night :)


Cheers

-P



On 6/24/20 1:49 AM, Philip Nix Guru wrote:

Hello

something weird, I dont have any files scanned by simscan anymore

all attachements are qq soft reject


nothing logged anymore in /var/log/wmail

like  /var/qmail/simscan/15929xxxx messages



On 6/24/20 1:04 AM, Eric Broch wrote:
A soft link is not okay?

# ls -l /var/run
lrwxrwxrwx. 1 root root 6 Aug  3  2015 /var/run -> ../run


---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to