Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
https://www.qmailtoaster.org/qttoepelclam.html On 6/22/2020 11:39 PM, ChandranManikandan wrote: Hi Folks, I received below two virus notifications in my logwatch report. How do I protect from virus protection? Eric: Any possible chances to update the latest clamav, have you upload the latest

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
A soft link is not okay? # ls -l /var/run lrwxrwxrwx. 1 root root 6 Aug  3  2015 /var/run -> ../run - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello something weird, I dont have any files scanned by simscan anymore all attachements are qq soft reject nothing logged anymore in /var/log/wmail like  /var/qmail/simscan/15929 messages On 6/24/20 1:04 AM, Eric Broch wrote: A soft link is not okay? # ls -l /var/run lrwxrwxrwx. 1

Re: [qmailtoaster] protect virus

2020-06-23 Thread ChandranManikandan
Hi Eric, I have used the above link to update on my COS7 and i got below error. Status of toaster services send: up (pid 22800) 2 seconds smtp: up (pid 22806) 2 seconds smtps: up (pid 22804) 2 seconds submission: up (pid 22809) 2 seconds send/log: up (pid 22802) 2 seconds smtp/log: up (pid

Re: [qmailtoaster] protect virus

2020-06-23 Thread Remo Mattei
You probably want to check the permissions on your simscan as well. chmod 4711 /var/qmail/bin/simscan That fixed it. > On Jun 23, 2020, at 10:10 PM, Remo Mattei wrote: > > you need to change the permissions on this file > > chown -R clamupdate:clamupdate /var/log/freshclam.log > >

Re: [qmailtoaster] protect virus

2020-06-23 Thread Remo Mattei
I got the same error and my mariadb is now dead!! rebooting hopefully it helps but that’s not a good thing > On Jun 23, 2020, at 9:32 PM, ChandranManikandan > wrote: > > Hi Eric, > > I have used the above link to update on my COS7 and i got below error. > > Status

Re: [qmailtoaster] protect virus

2020-06-23 Thread Remo Mattei
you need to change the permissions on this file chown -R clamupdate:clamupdate /var/log/freshclam.log freshclam Tue Jun 23 22:06:29 2020 -> ClamAV update process started at Tue Jun 23 22:06:29 2020 Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ Tue Jun 23 22:06:29 2020 ->

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello so that's the new way to go for clamav ? Script for upgrade looks simple, I am not too fond of changing user and ownership (thank you epel) if you use extra scripts for un official sigs it can lead to some problems .. Who tested the move to epel clamav tree ? Regards On 6/23/20

Re: [qmailtoaster] protect virus

2020-06-23 Thread remo
Sorry I just saw this where is the script at? Thanks > Il giorno 23 giu 2020, alle ore 18:18, Philip Nix Guru ha > scritto: > >  > I only saw 2 rules in the logs, > > missed one so clamd was kinda starting and dying, which produced the multi qq > soft reject > > > > so I just added all

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
https://www.qmailtoaster.org/qttoepelclam.html Just made some changes, let me know how it works. Eric On 6/23/2020 9:41 PM, r...@mattei.org wrote: Sorry I just saw this where is the script at? Thanks Il giorno 23 giu 2020, alle ore 18:18, Philip Nix Guru ha scritto:  I only saw 2 rules

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello sure, that's fine, I used your script on a very busy production server, all went fine I just had to make a little change for compatibility with some of my scripts I d suggest one thing, in scan.conf PidFile /run/clamd.scan/clamd.pid LocalSocket /run/clamd.scan/clamd.sock I did

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
Philip, Yes, I decided to go with EPEL ClamAV because I don't see a reason not to. It does the same thing with minor changes and someone else takes care of the RPMS. And, updates are faster. Other than the name of the service only the below user/group changes take place. chown

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello ok it was 3 signatures that seem to be faulty with clamav 0.102.3 EMAIL_Cryptowall.yar peid.yar rfxn.yara Seems ok now .. added debuging in scan.conf to check if all is running good Next time I will do that in the day, not at night :) Cheers -P On 6/24/20 1:49 AM, Philip Nix

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
What'd you do to mitigate? On 6/23/2020 6:47 PM, Philip Nix Guru wrote: Hello ok it was 3 signatures that seem to be faulty with clamav 0.102.3 EMAIL_Cryptowall.yar peid.yar rfxn.yara Seems ok now .. added debuging in scan.conf to check if all is running good Next time I will do that

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
I only saw 2 rules in the logs, missed one so clamd was kinda starting and dying, which produced the multi qq soft reject so I just added all the log options in scan.conf, restarted clamd@scan.service (reloading is not enough) check status of daemon and I caught the last signature that

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
There is probably a permission issue In /etc/tcprules.d/tcp.smtp add SIMSCAN_DEBUG="5" and # qmailctl cdb # tail -f /var/log/qmail/smtp/current | tai64nlocal send an email to the server, and error should be apparent. Look at permissions, user, and group # ls -ld /var/qmail/simscan