subject:"\[clamav\-users\] Differences between Redhat and Debian clamav set up"

Re: [clamav-users] Differences between Redhat and Debian clamav set up

2012-11-19 Thread francis picabia

On Mon, Nov 19, 2012 at 11:59 AM, Erwan David  wrote:
> On Sat, Nov 17, 2012 at 09:38:30PM CET, Benny Pedersen  said:
>> francis picabia skrev den 16-11-2012 21:14:
>>
>> >This appears to be what the Debian system does when the freshclam
>> >daemon handles things.  Should my Redhat cron
>> >do the same?
>>
>> if you like to see redhat performs as badly as debian yes
>>
>> stop using cron to get clamav updated, stop using anything that is
>> started with cron
>>
>> use freshclam, if freshclam gives you issues show them here
>
> On my debian, freshclam (debian packaged) is in daemon mode, no cron, and it 
> works...

As does mine on Debian.  Any idea how the daily.* files are being
extracted?  Or do you
see differently?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Differences between Redhat and Debian clamav set up

2012-11-19 Thread Erwan David

On Sat, Nov 17, 2012 at 09:38:30PM CET, Benny Pedersen  said:
> francis picabia skrev den 16-11-2012 21:14:
> 
> >This appears to be what the Debian system does when the freshclam
> >daemon handles things.  Should my Redhat cron
> >do the same?
> 
> if you like to see redhat performs as badly as debian yes
> 
> stop using cron to get clamav updated, stop using anything that is
> started with cron
> 
> use freshclam, if freshclam gives you issues show them here

On my debian, freshclam (debian packaged) is in daemon mode, no cron, and it 
works...

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Differences between Redhat and Debian clamav set up

2012-11-19 Thread francis picabia

On Sat, Nov 17, 2012 at 4:38 PM, Benny Pedersen  wrote:
> francis picabia skrev den 16-11-2012 21:14:
>
>
>> This appears to be what the Debian system does when the freshclam
>> daemon handles things.  Should my Redhat cron
>> do the same?
>
>
> if you like to see redhat performs as badly as debian yes
>
> stop using cron to get clamav updated, stop using anything that is started
> with cron
>
> use freshclam, if freshclam gives you issues show them here

Maybe you misunderstood.  The cron was of freshclam run.

Anyway, to test if there was a difference I found an example of
an init script for Redhat and freshclam and set it up.  It runs
now as a daemon and I see like the cron of freshclam it
updates only two files:

-rw--- 1 amavis amavis  468 Nov 19 11:35 mirrors.dat
-rw-r--r-- 1 amavis amavis 18211328 Nov 19 11:35 daily.cld

The daily.* files are not extracted as they are in the Debian system.
Is there a conf variable associated with this?  I've already attempted
to improve the freshclam.conf on the Redhat with settings
I saw on Debian.

I currently have:

DatabaseDirectory /var/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog yes
DatabaseOwner amavis
DatabaseMirror db.ca.clamav.net
DatabaseMirror db.local.clamav.net
NotifyClamd /etc/clamd.conf
Debug no
AllowSupplementaryGroups false
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Differences between Redhat and Debian clamav set up

2012-11-19 Thread francis picabia

On Sat, Nov 17, 2012 at 4:38 PM, Benny Pedersen  wrote:
> francis picabia skrev den 16-11-2012 21:14:
>
>
>> This appears to be what the Debian system does when the freshclam
>> daemon handles things.  Should my Redhat cron
>> do the same?
>
>
> if you like to see redhat performs as badly as debian yes

What the heck does that mean?

Let's phrase the question differently...

Does the existance of the daily.* files (extracted from daily.cld) :

daily.cfg  daily.db  daily.ftm  daily.hdu  daily.ign   daily.info
daily.ldu  daily.mdu  daily.ndu  daily.wdb
daily.fp  daily.hdb  daily.idb  daily.ign2  daily.ldb   daily.mdb
daily.ndb  daily.pdb  daily.zmd

matter to the performance of clamav, does it work just as well if there
is only the daily.cld file?  I ask this because it was stated my amavis + clamav
scanning issue where some Sanesecurity "infections" are missed was said
to be possibly linked to a missing daily.ftm file.  I don't know why,
I was just told this.

> stop using cron to get clamav updated, stop using anything that is started
> with cron
>
> use freshclam, if freshclam gives you issues show them here

If I recall, on Debian, it asks whether to run once a day as
a cron, or as a daemon.  On Redhat it just installs a cron.
That is two major Linux distros making cron an option.
Has something changed that makes the cron option wrong?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Differences between Redhat and Debian clamav set up

2012-11-17 Thread Benny Pedersen


francis picabia skrev den 16-11-2012 21:14:


This appears to be what the Debian system does when the freshclam
daemon handles things.  Should my Redhat cron
do the same?


if you like to see redhat performs as badly as debian yes

stop using cron to get clamav updated, stop using anything that is 
started with cron


use freshclam, if freshclam gives you issues show them here



___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Differences between Redhat and Debian clamav set up

2012-11-17 Thread Benny Pedersen


francis picabia skrev den 16-11-2012 19:56:


Here is the daily cron I have on Redhat
#!/bin/sh


maybe start configure freshclam.conf and then start freshclam daemond 
would solve it without any redhats cron scripting that unpacks cvd files 
?


no cvd ?

what happend if just issue freshclam as root user ?

hint dont use --quiet if debuging

lastly make a bug report on redhat maintainers to get this solved, 
clamav maintainers cant solve it with redhat




___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Differences between Redhat and Debian clamav set up

2012-11-16 Thread francis picabia

On Fri, Nov 16, 2012 at 2:56 PM, francis picabia  wrote:
> I have a primary MX running Redhat, with postfix+amavisd+clamav
>
> I also have a secondary MX and SMTP gateway running Debian, with
> postfix+amavisd-new+clamav
>
> Recently we adopted use of Sanesecurity additions, using the scamp script
> on both MX and SMTP.
>
> Root receives virus notifications on the SMTP, and we've noticed some emails
> which are not caught on inbound but are stopped on outbound, while tracing
> the quarantined message demonstrates it was the same message, being
> forwarded out of our domain by a sieve script on cyrus.
>
> This issue was discussed on the amavis mailing list, and Noel Jones
> suggested the symptoms looked like a problem with .ftm files.
>
> I searched for such files, and on the Redhat system which sometimes misses
> a Sanesecurity signature in incoming email, I have an old directory
> /var/clamav/daily.inc dated 2008 and all files in there as old.
>
> # ls -l /var/clamav/daily.inc/
> total 3024
> -rw-r--r-- 1 amavis amavis   17992 Jan  4  2008 COPYING
> -rw-r--r-- 1 amavis amavis 142 Apr 29  2008 daily.cfg
> -rw-r--r-- 1 amavis amavis   26014 Apr  7  2008 daily.db
> -rw-r--r-- 1 amavis amavis5020 Apr 22  2008 daily.fp
> -rw-r--r-- 1 amavis amavis5642 May  1  2008 daily.ftm
> -rw-r--r-- 1 amavis amavis6798 May  2  2008 daily.hdb
> -rw-r--r-- 1 amavis amavis1224 Feb  6  2008 daily.hdu
> -rw-r--r-- 1 amavis amavis  32 May  5  2008 daily.ign
> -rw-r--r-- 1 amavis amavis 672 May  6  2008 daily.info
> -rw-r--r-- 1 amavis amavis 2667216 May  6  2008 daily.mdb
> -rw-r--r-- 1 amavis amavis   38567 May  4  2008 daily.mdu
> -rw-r--r-- 1 amavis amavis  262690 May  6  2008 daily.ndb
> -rw-r--r-- 1 amavis amavis6935 Apr 29  2008 daily.ndu
> -rw-r--r-- 1 amavis amavis3218 Mar 27  2008 daily.pdb
> -rw-r--r-- 1 amavis amavis1454 Feb 28  2008 daily.wdb
> -rw-r--r-- 1 amavis amavis2922 Jan  4  2008 daily.zmd
>
> If I contrast that with the Debian system, it has more current files,
> within the clamav directory.
>
> # ls -l /var/lib/clamav/daily.*
> -rw-r--r-- 1 root   root383 Nov 16 14:00 /var/lib/clamav/daily.cfg
> -rw-r--r-- 1 amavis amavis 18197504 Nov 15 22:32 /var/lib/clamav/daily.cld
> -rw-r--r-- 1 root   root  25391 Nov 16 14:00 /var/lib/clamav/daily.db
> -rw-r--r-- 1 root   root  40375 Nov 16 14:00 /var/lib/clamav/daily.fp
> -rw-r--r-- 1 root   root   8098 Nov 16 14:00 /var/lib/clamav/daily.ftm
> -rw-r--r-- 1 root   root 104981 Nov 16 14:00 /var/lib/clamav/daily.hdb
> -rw-r--r-- 1 root   root   2676 Nov 16 14:00 /var/lib/clamav/daily.hdu
> -rw-r--r-- 1 root   root  31677 Nov 16 14:00 /var/lib/clamav/daily.idb
> -rw-r--r-- 1 root   root   3958 Nov 16 14:00 /var/lib/clamav/daily.ign
> -rw-r--r-- 1 root   root   2471 Nov 16 14:00 /var/lib/clamav/daily.ign2
> -rw-r--r-- 1 root   root   1873 Nov 16 14:00 /var/lib/clamav/daily.info
> -rw-r--r-- 1 root   root  83449 Nov 16 14:00 /var/lib/clamav/daily.ldb
> -rw-r--r-- 1 root   root   2373 Nov 16 14:00 /var/lib/clamav/daily.ldu
> -rw-r--r-- 1 root   root   16113730 Nov 16 14:00 /var/lib/clamav/daily.mdb
> -rw-r--r-- 1 root   root  64233 Nov 16 14:00 /var/lib/clamav/daily.mdu
> -rw-r--r-- 1 root   root 835302 Nov 16 14:00 /var/lib/clamav/daily.ndb
> -rw-r--r-- 1 root   root 824779 Nov 16 14:00 /var/lib/clamav/daily.ndu
> -rw-r--r-- 1 root   root   4094 Nov 16 14:00 /var/lib/clamav/daily.pdb
> -rw-r--r-- 1 root   root   6394 Nov 16 14:00 /var/lib/clamav/daily.wdb
> -rw-r--r-- 1 root   root   8689 Nov 16 14:00 /var/lib/clamav/daily.zmd
>
> The old daily.inc is probably left over from an upgrade.  I use
> the freshclam scripts daily, but I'm not sure how to correct
> this on the Redhat system.  The other difference is Redhat
> runs it as a cron, while Debian has a daemon.
>
> Here is the daily cron I have on Redhat
> #!/bin/sh
>
> ### A simple update script for the clamav virus database.
> ### This could as well be replaced by a SysV script.
>
> ### fix log file if needed
> LOG_FILE="/var/log/clamav/freshclam.log"
> if [ ! -f "$LOG_FILE" ]; then
> touch "$LOG_FILE"
> chmod 644 "$LOG_FILE"
> chown amavis:amavis "$LOG_FILE"
> fi
>
> /usr/bin/freshclam \
> --quiet \
> --datadir="/var/clamav" \
> --log="$LOG_FILE" \
> --daemon-notify="/etc/clamd.conf"
>
> Are there suggestions on what I should change so I get another version of
> daily.ftm and other daily.* files as does the Debian configuration?

OK, I've now learned I can extract the daily.* files from daily.cld
using sigtool --unpack daily.cld

This appears to be what the Debian system does when the freshclam
daemon handles things.  Should my Redhat cron
do the same?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[clamav-users] Differences between Redhat and Debian clamav set up

2012-11-16 Thread francis picabia

I have a primary MX running Redhat, with postfix+amavisd+clamav

I also have a secondary MX and SMTP gateway running Debian, with
postfix+amavisd-new+clamav

Recently we adopted use of Sanesecurity additions, using the scamp script
on both MX and SMTP.

Root receives virus notifications on the SMTP, and we've noticed some emails
which are not caught on inbound but are stopped on outbound, while tracing
the quarantined message demonstrates it was the same message, being
forwarded out of our domain by a sieve script on cyrus.

This issue was discussed on the amavis mailing list, and Noel Jones
suggested the symptoms looked like a problem with .ftm files.

I searched for such files, and on the Redhat system which sometimes misses
a Sanesecurity signature in incoming email, I have an old directory
/var/clamav/daily.inc dated 2008 and all files in there as old.

# ls -l /var/clamav/daily.inc/
total 3024
-rw-r--r-- 1 amavis amavis   17992 Jan  4  2008 COPYING
-rw-r--r-- 1 amavis amavis 142 Apr 29  2008 daily.cfg
-rw-r--r-- 1 amavis amavis   26014 Apr  7  2008 daily.db
-rw-r--r-- 1 amavis amavis5020 Apr 22  2008 daily.fp
-rw-r--r-- 1 amavis amavis5642 May  1  2008 daily.ftm
-rw-r--r-- 1 amavis amavis6798 May  2  2008 daily.hdb
-rw-r--r-- 1 amavis amavis1224 Feb  6  2008 daily.hdu
-rw-r--r-- 1 amavis amavis  32 May  5  2008 daily.ign
-rw-r--r-- 1 amavis amavis 672 May  6  2008 daily.info
-rw-r--r-- 1 amavis amavis 2667216 May  6  2008 daily.mdb
-rw-r--r-- 1 amavis amavis   38567 May  4  2008 daily.mdu
-rw-r--r-- 1 amavis amavis  262690 May  6  2008 daily.ndb
-rw-r--r-- 1 amavis amavis6935 Apr 29  2008 daily.ndu
-rw-r--r-- 1 amavis amavis3218 Mar 27  2008 daily.pdb
-rw-r--r-- 1 amavis amavis1454 Feb 28  2008 daily.wdb
-rw-r--r-- 1 amavis amavis2922 Jan  4  2008 daily.zmd

If I contrast that with the Debian system, it has more current files,
within the clamav directory.

# ls -l /var/lib/clamav/daily.*
-rw-r--r-- 1 root   root383 Nov 16 14:00 /var/lib/clamav/daily.cfg
-rw-r--r-- 1 amavis amavis 18197504 Nov 15 22:32 /var/lib/clamav/daily.cld
-rw-r--r-- 1 root   root  25391 Nov 16 14:00 /var/lib/clamav/daily.db
-rw-r--r-- 1 root   root  40375 Nov 16 14:00 /var/lib/clamav/daily.fp
-rw-r--r-- 1 root   root   8098 Nov 16 14:00 /var/lib/clamav/daily.ftm
-rw-r--r-- 1 root   root 104981 Nov 16 14:00 /var/lib/clamav/daily.hdb
-rw-r--r-- 1 root   root   2676 Nov 16 14:00 /var/lib/clamav/daily.hdu
-rw-r--r-- 1 root   root  31677 Nov 16 14:00 /var/lib/clamav/daily.idb
-rw-r--r-- 1 root   root   3958 Nov 16 14:00 /var/lib/clamav/daily.ign
-rw-r--r-- 1 root   root   2471 Nov 16 14:00 /var/lib/clamav/daily.ign2
-rw-r--r-- 1 root   root   1873 Nov 16 14:00 /var/lib/clamav/daily.info
-rw-r--r-- 1 root   root  83449 Nov 16 14:00 /var/lib/clamav/daily.ldb
-rw-r--r-- 1 root   root   2373 Nov 16 14:00 /var/lib/clamav/daily.ldu
-rw-r--r-- 1 root   root   16113730 Nov 16 14:00 /var/lib/clamav/daily.mdb
-rw-r--r-- 1 root   root  64233 Nov 16 14:00 /var/lib/clamav/daily.mdu
-rw-r--r-- 1 root   root 835302 Nov 16 14:00 /var/lib/clamav/daily.ndb
-rw-r--r-- 1 root   root 824779 Nov 16 14:00 /var/lib/clamav/daily.ndu
-rw-r--r-- 1 root   root   4094 Nov 16 14:00 /var/lib/clamav/daily.pdb
-rw-r--r-- 1 root   root   6394 Nov 16 14:00 /var/lib/clamav/daily.wdb
-rw-r--r-- 1 root   root   8689 Nov 16 14:00 /var/lib/clamav/daily.zmd

The old daily.inc is probably left over from an upgrade.  I use
the freshclam scripts daily, but I'm not sure how to correct
this on the Redhat system.  The other difference is Redhat
runs it as a cron, while Debian has a daemon.

Here is the daily cron I have on Redhat
#!/bin/sh

### A simple update script for the clamav virus database.
### This could as well be replaced by a SysV script.

### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
if [ ! -f "$LOG_FILE" ]; then
touch "$LOG_FILE"
chmod 644 "$LOG_FILE"
chown amavis:amavis "$LOG_FILE"
fi

/usr/bin/freshclam \
--quiet \
--datadir="/var/clamav" \
--log="$LOG_FILE" \
--daemon-notify="/etc/clamd.conf"

Are there suggestions on what I should change so I get another version of
daily.ftm and other daily.* files as does the Debian configuration?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Differences between Redhat and Debian clamav set up

Re: [clamav-users] Differences between Redhat and Debian clamav set up

Re: [clamav-users] Differences between Redhat and Debian clamav set up

Re: [clamav-users] Differences between Redhat and Debian clamav set up

Re: [clamav-users] Differences between Redhat and Debian clamav set up

Re: [clamav-users] Differences between Redhat and Debian clamav set up

Re: [clamav-users] Differences between Redhat and Debian clamav set up

[clamav-users] Differences between Redhat and Debian clamav set up

8 matches

Site Navigation

Mail list logo

Footer information