I only saw 2 rules in the logs,
missed one so clamd was kinda starting and dying, which produced the
multi qq soft reject
so I just added all the log options in scan.conf, restarted
[email protected] (reloading is not enough)
check status of daemon and I caught the last signature that was
remaining .. it only showed after I cleaned the 2 first ones
Just a stupid mistake, went too quick in analyzing the logs
All seems fine now, script is bullet proof :)
the scan.conf had limited logging compared to the "old" clamav.conf toaster
I didnt check that at first ..
All good, I will run that on the other servers now ..
Thank you
On 6/24/20 2:48 AM, Eric Broch wrote:
What'd you do to mitigate?
On 6/23/2020 6:47 PM, Philip Nix Guru wrote:
Hello
ok it was 3 signatures that seem to be faulty with clamav 0.102.3
EMAIL_Cryptowall.yar
peid.yar
rfxn.yara
Seems ok now ..
added debuging in scan.conf to check if all is running good
Next time I will do that in the day, not at night :)
Cheers
-P
On 6/24/20 1:49 AM, Philip Nix Guru wrote:
Hello
something weird, I dont have any files scanned by simscan anymore
all attachements are qq soft reject
nothing logged anymore in /var/log/wmail
like /var/qmail/simscan/15929xxxx messages
On 6/24/20 1:04 AM, Eric Broch wrote:
A soft link is not okay?
# ls -l /var/run
lrwxrwxrwx. 1 root root 6 Aug 3 2015 /var/run -> ../run
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail:
[email protected]
