Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Mon, Nov 19, 2012 at 11:59 AM, Erwan David wrote: > On Sat, Nov 17, 2012 at 09:38:30PM CET, Benny Pedersen said: >> francis picabia skrev den 16-11-2012 21:14: >> >> >This appears to be what the Debian system does when the freshclam >> >daemon handles things. Should my Redhat cron >> >do the same? >> >> if you like to see redhat performs as badly as debian yes >> >> stop using cron to get clamav updated, stop using anything that is >> started with cron >> >> use freshclam, if freshclam gives you issues show them here > > On my debian, freshclam (debian packaged) is in daemon mode, no cron, and it > works... As does mine on Debian. Any idea how the daily.* files are being extracted? Or do you see differently? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Sat, Nov 17, 2012 at 09:38:30PM CET, Benny Pedersen said: > francis picabia skrev den 16-11-2012 21:14: > > >This appears to be what the Debian system does when the freshclam > >daemon handles things. Should my Redhat cron > >do the same? > > if you like to see redhat performs as badly as debian yes > > stop using cron to get clamav updated, stop using anything that is > started with cron > > use freshclam, if freshclam gives you issues show them here On my debian, freshclam (debian packaged) is in daemon mode, no cron, and it works... ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Sat, Nov 17, 2012 at 4:38 PM, Benny Pedersen wrote: > francis picabia skrev den 16-11-2012 21:14: > > >> This appears to be what the Debian system does when the freshclam >> daemon handles things. Should my Redhat cron >> do the same? > > > if you like to see redhat performs as badly as debian yes > > stop using cron to get clamav updated, stop using anything that is started > with cron > > use freshclam, if freshclam gives you issues show them here Maybe you misunderstood. The cron was of freshclam run. Anyway, to test if there was a difference I found an example of an init script for Redhat and freshclam and set it up. It runs now as a daemon and I see like the cron of freshclam it updates only two files: -rw--- 1 amavis amavis 468 Nov 19 11:35 mirrors.dat -rw-r--r-- 1 amavis amavis 18211328 Nov 19 11:35 daily.cld The daily.* files are not extracted as they are in the Debian system. Is there a conf variable associated with this? I've already attempted to improve the freshclam.conf on the Redhat with settings I saw on Debian. I currently have: DatabaseDirectory /var/clamav UpdateLogFile /var/log/clamav/freshclam.log LogSyslog yes DatabaseOwner amavis DatabaseMirror db.ca.clamav.net DatabaseMirror db.local.clamav.net NotifyClamd /etc/clamd.conf Debug no AllowSupplementaryGroups false TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Sat, Nov 17, 2012 at 4:38 PM, Benny Pedersen wrote: > francis picabia skrev den 16-11-2012 21:14: > > >> This appears to be what the Debian system does when the freshclam >> daemon handles things. Should my Redhat cron >> do the same? > > > if you like to see redhat performs as badly as debian yes What the heck does that mean? Let's phrase the question differently... Does the existance of the daily.* files (extracted from daily.cld) : daily.cfg daily.db daily.ftm daily.hdu daily.ign daily.info daily.ldu daily.mdu daily.ndu daily.wdb daily.fp daily.hdb daily.idb daily.ign2 daily.ldb daily.mdb daily.ndb daily.pdb daily.zmd matter to the performance of clamav, does it work just as well if there is only the daily.cld file? I ask this because it was stated my amavis + clamav scanning issue where some Sanesecurity "infections" are missed was said to be possibly linked to a missing daily.ftm file. I don't know why, I was just told this. > stop using cron to get clamav updated, stop using anything that is started > with cron > > use freshclam, if freshclam gives you issues show them here If I recall, on Debian, it asks whether to run once a day as a cron, or as a daemon. On Redhat it just installs a cron. That is two major Linux distros making cron an option. Has something changed that makes the cron option wrong? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
francis picabia skrev den 16-11-2012 21:14: This appears to be what the Debian system does when the freshclam daemon handles things. Should my Redhat cron do the same? if you like to see redhat performs as badly as debian yes stop using cron to get clamav updated, stop using anything that is started with cron use freshclam, if freshclam gives you issues show them here ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
francis picabia skrev den 16-11-2012 19:56: Here is the daily cron I have on Redhat #!/bin/sh maybe start configure freshclam.conf and then start freshclam daemond would solve it without any redhats cron scripting that unpacks cvd files ? no cvd ? what happend if just issue freshclam as root user ? hint dont use --quiet if debuging lastly make a bug report on redhat maintainers to get this solved, clamav maintainers cant solve it with redhat ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Differences between Redhat and Debian clamav set up
On Fri, Nov 16, 2012 at 2:56 PM, francis picabia wrote: > I have a primary MX running Redhat, with postfix+amavisd+clamav > > I also have a secondary MX and SMTP gateway running Debian, with > postfix+amavisd-new+clamav > > Recently we adopted use of Sanesecurity additions, using the scamp script > on both MX and SMTP. > > Root receives virus notifications on the SMTP, and we've noticed some emails > which are not caught on inbound but are stopped on outbound, while tracing > the quarantined message demonstrates it was the same message, being > forwarded out of our domain by a sieve script on cyrus. > > This issue was discussed on the amavis mailing list, and Noel Jones > suggested the symptoms looked like a problem with .ftm files. > > I searched for such files, and on the Redhat system which sometimes misses > a Sanesecurity signature in incoming email, I have an old directory > /var/clamav/daily.inc dated 2008 and all files in there as old. > > # ls -l /var/clamav/daily.inc/ > total 3024 > -rw-r--r-- 1 amavis amavis 17992 Jan 4 2008 COPYING > -rw-r--r-- 1 amavis amavis 142 Apr 29 2008 daily.cfg > -rw-r--r-- 1 amavis amavis 26014 Apr 7 2008 daily.db > -rw-r--r-- 1 amavis amavis5020 Apr 22 2008 daily.fp > -rw-r--r-- 1 amavis amavis5642 May 1 2008 daily.ftm > -rw-r--r-- 1 amavis amavis6798 May 2 2008 daily.hdb > -rw-r--r-- 1 amavis amavis1224 Feb 6 2008 daily.hdu > -rw-r--r-- 1 amavis amavis 32 May 5 2008 daily.ign > -rw-r--r-- 1 amavis amavis 672 May 6 2008 daily.info > -rw-r--r-- 1 amavis amavis 2667216 May 6 2008 daily.mdb > -rw-r--r-- 1 amavis amavis 38567 May 4 2008 daily.mdu > -rw-r--r-- 1 amavis amavis 262690 May 6 2008 daily.ndb > -rw-r--r-- 1 amavis amavis6935 Apr 29 2008 daily.ndu > -rw-r--r-- 1 amavis amavis3218 Mar 27 2008 daily.pdb > -rw-r--r-- 1 amavis amavis1454 Feb 28 2008 daily.wdb > -rw-r--r-- 1 amavis amavis2922 Jan 4 2008 daily.zmd > > If I contrast that with the Debian system, it has more current files, > within the clamav directory. > > # ls -l /var/lib/clamav/daily.* > -rw-r--r-- 1 root root383 Nov 16 14:00 /var/lib/clamav/daily.cfg > -rw-r--r-- 1 amavis amavis 18197504 Nov 15 22:32 /var/lib/clamav/daily.cld > -rw-r--r-- 1 root root 25391 Nov 16 14:00 /var/lib/clamav/daily.db > -rw-r--r-- 1 root root 40375 Nov 16 14:00 /var/lib/clamav/daily.fp > -rw-r--r-- 1 root root 8098 Nov 16 14:00 /var/lib/clamav/daily.ftm > -rw-r--r-- 1 root root 104981 Nov 16 14:00 /var/lib/clamav/daily.hdb > -rw-r--r-- 1 root root 2676 Nov 16 14:00 /var/lib/clamav/daily.hdu > -rw-r--r-- 1 root root 31677 Nov 16 14:00 /var/lib/clamav/daily.idb > -rw-r--r-- 1 root root 3958 Nov 16 14:00 /var/lib/clamav/daily.ign > -rw-r--r-- 1 root root 2471 Nov 16 14:00 /var/lib/clamav/daily.ign2 > -rw-r--r-- 1 root root 1873 Nov 16 14:00 /var/lib/clamav/daily.info > -rw-r--r-- 1 root root 83449 Nov 16 14:00 /var/lib/clamav/daily.ldb > -rw-r--r-- 1 root root 2373 Nov 16 14:00 /var/lib/clamav/daily.ldu > -rw-r--r-- 1 root root 16113730 Nov 16 14:00 /var/lib/clamav/daily.mdb > -rw-r--r-- 1 root root 64233 Nov 16 14:00 /var/lib/clamav/daily.mdu > -rw-r--r-- 1 root root 835302 Nov 16 14:00 /var/lib/clamav/daily.ndb > -rw-r--r-- 1 root root 824779 Nov 16 14:00 /var/lib/clamav/daily.ndu > -rw-r--r-- 1 root root 4094 Nov 16 14:00 /var/lib/clamav/daily.pdb > -rw-r--r-- 1 root root 6394 Nov 16 14:00 /var/lib/clamav/daily.wdb > -rw-r--r-- 1 root root 8689 Nov 16 14:00 /var/lib/clamav/daily.zmd > > The old daily.inc is probably left over from an upgrade. I use > the freshclam scripts daily, but I'm not sure how to correct > this on the Redhat system. The other difference is Redhat > runs it as a cron, while Debian has a daemon. > > Here is the daily cron I have on Redhat > #!/bin/sh > > ### A simple update script for the clamav virus database. > ### This could as well be replaced by a SysV script. > > ### fix log file if needed > LOG_FILE="/var/log/clamav/freshclam.log" > if [ ! -f "$LOG_FILE" ]; then > touch "$LOG_FILE" > chmod 644 "$LOG_FILE" > chown amavis:amavis "$LOG_FILE" > fi > > /usr/bin/freshclam \ > --quiet \ > --datadir="/var/clamav" \ > --log="$LOG_FILE" \ > --daemon-notify="/etc/clamd.conf" > > Are there suggestions on what I should change so I get another version of > daily.ftm and other daily.* files as does the Debian configuration? OK, I've now learned I can extract the daily.* files from daily.cld using sigtool --unpack daily.cld This appears to be what the Debian system does when the freshclam daemon handles things. Should my Redhat cron do the same? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] Differences between Redhat and Debian clamav set up
I have a primary MX running Redhat, with postfix+amavisd+clamav I also have a secondary MX and SMTP gateway running Debian, with postfix+amavisd-new+clamav Recently we adopted use of Sanesecurity additions, using the scamp script on both MX and SMTP. Root receives virus notifications on the SMTP, and we've noticed some emails which are not caught on inbound but are stopped on outbound, while tracing the quarantined message demonstrates it was the same message, being forwarded out of our domain by a sieve script on cyrus. This issue was discussed on the amavis mailing list, and Noel Jones suggested the symptoms looked like a problem with .ftm files. I searched for such files, and on the Redhat system which sometimes misses a Sanesecurity signature in incoming email, I have an old directory /var/clamav/daily.inc dated 2008 and all files in there as old. # ls -l /var/clamav/daily.inc/ total 3024 -rw-r--r-- 1 amavis amavis 17992 Jan 4 2008 COPYING -rw-r--r-- 1 amavis amavis 142 Apr 29 2008 daily.cfg -rw-r--r-- 1 amavis amavis 26014 Apr 7 2008 daily.db -rw-r--r-- 1 amavis amavis5020 Apr 22 2008 daily.fp -rw-r--r-- 1 amavis amavis5642 May 1 2008 daily.ftm -rw-r--r-- 1 amavis amavis6798 May 2 2008 daily.hdb -rw-r--r-- 1 amavis amavis1224 Feb 6 2008 daily.hdu -rw-r--r-- 1 amavis amavis 32 May 5 2008 daily.ign -rw-r--r-- 1 amavis amavis 672 May 6 2008 daily.info -rw-r--r-- 1 amavis amavis 2667216 May 6 2008 daily.mdb -rw-r--r-- 1 amavis amavis 38567 May 4 2008 daily.mdu -rw-r--r-- 1 amavis amavis 262690 May 6 2008 daily.ndb -rw-r--r-- 1 amavis amavis6935 Apr 29 2008 daily.ndu -rw-r--r-- 1 amavis amavis3218 Mar 27 2008 daily.pdb -rw-r--r-- 1 amavis amavis1454 Feb 28 2008 daily.wdb -rw-r--r-- 1 amavis amavis2922 Jan 4 2008 daily.zmd If I contrast that with the Debian system, it has more current files, within the clamav directory. # ls -l /var/lib/clamav/daily.* -rw-r--r-- 1 root root383 Nov 16 14:00 /var/lib/clamav/daily.cfg -rw-r--r-- 1 amavis amavis 18197504 Nov 15 22:32 /var/lib/clamav/daily.cld -rw-r--r-- 1 root root 25391 Nov 16 14:00 /var/lib/clamav/daily.db -rw-r--r-- 1 root root 40375 Nov 16 14:00 /var/lib/clamav/daily.fp -rw-r--r-- 1 root root 8098 Nov 16 14:00 /var/lib/clamav/daily.ftm -rw-r--r-- 1 root root 104981 Nov 16 14:00 /var/lib/clamav/daily.hdb -rw-r--r-- 1 root root 2676 Nov 16 14:00 /var/lib/clamav/daily.hdu -rw-r--r-- 1 root root 31677 Nov 16 14:00 /var/lib/clamav/daily.idb -rw-r--r-- 1 root root 3958 Nov 16 14:00 /var/lib/clamav/daily.ign -rw-r--r-- 1 root root 2471 Nov 16 14:00 /var/lib/clamav/daily.ign2 -rw-r--r-- 1 root root 1873 Nov 16 14:00 /var/lib/clamav/daily.info -rw-r--r-- 1 root root 83449 Nov 16 14:00 /var/lib/clamav/daily.ldb -rw-r--r-- 1 root root 2373 Nov 16 14:00 /var/lib/clamav/daily.ldu -rw-r--r-- 1 root root 16113730 Nov 16 14:00 /var/lib/clamav/daily.mdb -rw-r--r-- 1 root root 64233 Nov 16 14:00 /var/lib/clamav/daily.mdu -rw-r--r-- 1 root root 835302 Nov 16 14:00 /var/lib/clamav/daily.ndb -rw-r--r-- 1 root root 824779 Nov 16 14:00 /var/lib/clamav/daily.ndu -rw-r--r-- 1 root root 4094 Nov 16 14:00 /var/lib/clamav/daily.pdb -rw-r--r-- 1 root root 6394 Nov 16 14:00 /var/lib/clamav/daily.wdb -rw-r--r-- 1 root root 8689 Nov 16 14:00 /var/lib/clamav/daily.zmd The old daily.inc is probably left over from an upgrade. I use the freshclam scripts daily, but I'm not sure how to correct this on the Redhat system. The other difference is Redhat runs it as a cron, while Debian has a daemon. Here is the daily cron I have on Redhat #!/bin/sh ### A simple update script for the clamav virus database. ### This could as well be replaced by a SysV script. ### fix log file if needed LOG_FILE="/var/log/clamav/freshclam.log" if [ ! -f "$LOG_FILE" ]; then touch "$LOG_FILE" chmod 644 "$LOG_FILE" chown amavis:amavis "$LOG_FILE" fi /usr/bin/freshclam \ --quiet \ --datadir="/var/clamav" \ --log="$LOG_FILE" \ --daemon-notify="/etc/clamd.conf" Are there suggestions on what I should change so I get another version of daily.ftm and other daily.* files as does the Debian configuration? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml