Re: [clamav-users] No such file or directory + after milter-reject
Hello I found the issue ... wau this was tricky apt-get purge --remove clamav clamav-base clamav-daemon clamav-freshclam clamav-milter libclamav9:amd64 apt-get install clamav-daemon clamav-freshclam clamav-milter /etc/systemd/system/clamav-daemon.socket.d/extend.conf [Socket] ListenStream=127.0.0.1:3310 And now the port 3310 are ready Fri Mar 6 00:45:35 2020 -> TCP: Received AF_INET SOCK_STREAM socket from systemd. But please what would mean this ??? " unreasonable packet length", and "read error" Mar 6 00:52:32 mail postfix/smtps/smtpd[20006]: warning: milter inet:[127.0.0.1]:3310: unreasonable packet length: 1431194446 > 1073741823 Mar 6 00:52:32 mail postfix/smtps/smtpd[20006]: warning: milter inet:[127.0.0.1]:3310: read error in initial handshake Thanks for our possible update. -Ursprüngliche Nachricht- Von: G.W. Haywood Gesendet: Freitag, 6. März 2020 00:47 An: mauri...@caloro.ch; ClamAV users ML Betreff: Re: [clamav-users] No such file or directory + after milter-reject Hi there, On Thu, 5 Mar 2020, mauri via clamav-users wrote: > I try now this way. but also no chance... for any help, thanks ... > Main.cf - Postfix I can't help you with Postfix configuration I'm afraid, but you'll probably need to check that you have it right. > cat clamav-milter.conf > > MilterSocket "inet:7357@localhost" > ClamdSocket "tcp:127.0.0.1:3310" Remove the quotes. > FixStaleSocket true Useless directive - applies to Unix sockets. > cat clamd.conf > ... > LocalSocket /var/run/clamav/clamd.ctl > FixStaleSocket true > LocalSocketGroup clamav > LocalSocketMode 666 > ... I've never actually checked, but I'd be surprised if you can use _both_ a local (Unix) socket _and_ a TCP socket for clamd, and since you appear to have configured the milter for TCP then I think you should remove all these local socket directives. But you might be better off using Unix (local) sockets. I do not like the use of the word 'local' applied to sockets, I think it's confusing, but we have what we have. > TCPSocket "3310" > TCPAddr "localhost" Remove the quotes. Have you checked that clamav-milter and clamd actually start and continue to run? Do you know how to do that? -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No such file or directory + after milter-reject
Hi there, On Thu, 5 Mar 2020, mauri via clamav-users wrote: I try now this way. but also no chance... for any help, thanks ... Main.cf - Postfix I can't help you with Postfix configuration I'm afraid, but you'll probably need to check that you have it right. cat clamav-milter.conf MilterSocket "inet:7357@localhost" ClamdSocket "tcp:127.0.0.1:3310" Remove the quotes. FixStaleSocket true Useless directive - applies to Unix sockets. cat clamd.conf ... LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 ... I've never actually checked, but I'd be surprised if you can use _both_ a local (Unix) socket _and_ a TCP socket for clamd, and since you appear to have configured the milter for TCP then I think you should remove all these local socket directives. But you might be better off using Unix (local) sockets. I do not like the use of the word 'local' applied to sockets, I think it's confusing, but we have what we have. TCPSocket "3310" TCPAddr "localhost" Remove the quotes. Have you checked that clamav-milter and clamd actually start and continue to run? Do you know how to do that? -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No such file or directory + after milter-reject
Hello I try now this way. but also no chance... for any help, thanks But the error styl persist: 23:05:00 mail postfix/cleanup[6087]: 24741405D0: milter-reject: END-OF-MESSAGE from pub158181113102.dh-hfc.g.c[xxx.xxx.xxx.xxx]: 4.7.1 Service unavailable - try again later; from= to= Main.cf - Postfix # Milter Sttings # # milter_clamav = inet:[127.0.0.1]:7357 milter_default_action = accept milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_protocol = 6 non_smtpd_milters = $milter_opendkim smtpd_milters = $milter_clamav,$milter_opendkim,$milter_opendmarc cat clamav-milter.conf MilterSocket "inet:7357@localhost" ClamdSocket "tcp:127.0.0.1:3310" FixStaleSocket true User clamav ReadTimeout 120 Foreground false PidFile /var/run/clamav/clamav-milter.pid OnClean Accept OnInfected Quarantine OnFail Defer AddHeader Replace LogSyslog false LogFacility LOG_LOCAL6 LogVerbose false LogInfected Off LogClean Off LogRotate true MaxFileSize 25M SupportMultipleRecipients false TemporaryDirectory /tmp LogFile /var/log/clamav/clamav-milter.log LogTime true LogFileUnlock false LogFileMaxSize 1M MilterSocketGroup disabled MilterSocketMode disabled cat clamd.conf #Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 TCPSocket "3310" TCPAddr "localhost" # TemporaryDirectory is not set to its default /tmp here to make overriding # the default with environment variables TMPDIR/TMP/TEMP possible User clamav ScanMail true ScanArchive true ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks false ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 LogSyslog false LogRotate true LogFacility LOG_LOCAL6 LogClean false LogVerbose false PreludeEnable no PreludeAnalyzerName ClamAV DatabaseDirectory /var/lib/clamav OfficialDatabaseOnly false ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Multiple Clam Daemons on a single system
Hi there, On Thu, 5 Mar 2020, Ashish Poddar via clamav-users wrote: We have a situation where we run a clamav daemon to scan files on a system. However, in the process, we only use about 10% CPU in the system. We would naturally like to increase this number. We were thus trying to come up with a way to scan multiple files in parallel on the same system. My crystal ball is a little bit foggy this afternoon, you might want to be more forthcoming about your system. Sometimes that way you will get more useful ideas in the replies to your questions. I suspect that the simplest way to increase your 10% CPU number is to find _another_ number (probably one which you have not yet measured) and then find ways to reduce that. Suggestions might be file I/O transfer rates, latencies/access times/fragmentation, cache hit rates, memory bandwith, swap (if any) stats, interrupt service stats. I'm quite sure there will be many others. None of them is particularly relevant to clamd processes specifically. I do not understand why you would want to increase CPU utilization, most of the time I'm trying to find ways to reduce it. If you just mean that you want to make your filesystem scans complete more quickly, then perhaps, instead of what you have actually said, you should say that. Is there a way we can spawn multiple clam daemons to do this? It is not clear to me that your suggested solution will have the desired effect, but yes, you can run multiple clamd daemons, and indeed I do routinely do that - but not for reasons like yours. I am aware of the multiscan mode in clamdscan but I want each scan to be a separate process so as to not increase the overall scan time of any one file. Is there a way to do this? Perhaps you can explain this to me more fully so that I can be sure that I understand what you want to do. If I do understand, it is not clear to me that causing each scan to be in a separate _process_ will have the desired effect (it might do the opposite of what you hope). It will likely be in a separate thread in any case. Have you read through the example clamd configuration file in the distribution? Or are there any other alternatives to tackle this situation? I think you will first need to do some instrumentation on your systems to establish what they are doing, and what they are capable of doing. This is my first time posting to this mailing list. I apologize if I made any violations while using the mailing list. I wouldn't claim any violation of etiquette, but if you can give us more information and clearer, reasoned statements of your requirements that would help us to help you. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Multiple Clam Daemons on a single system
> On Mar 5, 2020, at 05:09, Ashish Poddar via clamav-users > wrote: > > > Hi all, > > We have a situation where we run a clamav daemon to scan files on a system. > However, in the process, we only use about 10% CPU in the system. We would > naturally like to increase this number. We were thus trying to come up with a > way to scan multiple files in parallel on the same system. Is there a way we > can spawn multiple clam daemons to do this? In short, yes. You can run multiple ClamAV daemons. Simply launch each daemon with a different config file for each daemon and then you can have clamdscan processes talking to each of those daemons. At a minimum, you would want to use different sockets for the daemons to listen on. You could set up each daemon to use smaller virus database sets, but that really only impacts the speed at which the daemon reloads when there are database changes. Are you trying to reduce the time that it takes to scan your entire system? Or is there some other reason that you are looking to run multiple daemons? “Increasing CPU usage” isn’t generally one of the things people look to do just because it’s low. > I am aware of the multiscan mode in clamdscan but I want each scan to be a > separate process so as to not increase the overall scan time of any one file. > Is there a way to do this? Or are there any other alternatives to tackle this > situation? Running multiple clamdscan processes doesn’t require multiple clamd daemons to be running. You can run multiple clamdscan processes against a single clamd daemon and it will just spawn more threads to do the scanning. So, for example, you can have a separate clamdscan process working each user’s home directory in parallel and they should all be able to talk to a single clamd daemon. —Maarten ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Multiple Clam Daemons on a single system
On 05/03/2020 12:26, Matus UHLAR - fantomas wrote: > On 05.03.20 15:38, Ashish Poddar via clamav-users wrote: >> We have a situation where we run a clamav daemon to scan files on a >> system. > > how? > >> However, in the process, we only use about 10% CPU in the system. We >> would >> naturally like to increase this number. We were thus trying to come up >> with >> a way to scan multiple files in parallel on the same system. Is there >> a way >> we can spawn multiple clam daemons to do this? > > afaik single clamav daemon is able to scan multiple files in parallel. > >> I am aware of the multiscan mode in clamdscan but I want each scan to >> be a >> separate process so as to not increase the overall scan time of any one >> file. > > I don't understand. Why do you think that scanning in multiple threads > increases scan time? I don't see hosw muti-thread or multi-process would be different. But I do not recommend scanning in parallel, the disk I/O is IMHO the bottleneck, why you use only 10% of CPU, and running multiple scans in parallel will make things even worse. -- Best Regards Vladislav Kurz ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Multiple Clam Daemons on a single system
On 05.03.20 15:38, Ashish Poddar via clamav-users wrote: We have a situation where we run a clamav daemon to scan files on a system. how? However, in the process, we only use about 10% CPU in the system. We would naturally like to increase this number. We were thus trying to come up with a way to scan multiple files in parallel on the same system. Is there a way we can spawn multiple clam daemons to do this? afaik single clamav daemon is able to scan multiple files in parallel. I am aware of the multiscan mode in clamdscan but I want each scan to be a separate process so as to not increase the overall scan time of any one file. I don't understand. Why do you think that scanning in multiple threads increases scan time? Is there a way to do this? Or are there any other alternatives to tackle this situation? This is my first time posting to this mailing list. I apologize if I made any violations while using the mailing list. Thanks for you cooperation. I don't see any violations here, although I prefer single plaintext (you used multipart text+html) :) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Multiple Clam Daemons on a single system
Hi all, We have a situation where we run a clamav daemon to scan files on a system. However, in the process, we only use about 10% CPU in the system. We would naturally like to increase this number. We were thus trying to come up with a way to scan multiple files in parallel on the same system. Is there a way we can spawn multiple clam daemons to do this? I am aware of the multiscan mode in clamdscan but I want each scan to be a separate process so as to not increase the overall scan time of any one file. Is there a way to do this? Or are there any other alternatives to tackle this situation? This is my first time posting to this mailing list. I apologize if I made any violations while using the mailing list. Thanks for you cooperation. - Ashish Poddar ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml