Re: [qmailtoaster] protect virus

2020-07-03 Thread Eric Broch
Your clamav-freshclam daemon is running and locking the log. Stop the daemon # systemctl stop clamav-freshclam run freshclam # freshclam systemctl start clamav-freshclam The daemon should update the db. On 7/3/2020 11:07 AM, Leonardo - IW Telecom wrote: Hi everyone, I replaced the

Re: [qmailtoaster] protect virus

2020-07-03 Thread Leonardo - IW Telecom
Hi everyone, I replaced the ClamAV using the scripts and everything is working fine but now every three hours I get this message from Cron: Subject: "Cron /usr/share/clamav/freshclam-sleep" Body: ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). ERROR:

Re: [qmailtoaster] protect virus

2020-06-24 Thread Eric Broch
Thanks for the tests, adjusted the script and all seems to be working. Let me know... On 6/24/2020 2:55 AM, ChandranManikandan wrote: Hi Remo, Thanks, I have changed the log path in fresclam.conf and permission was working fine. On Wed, Jun 24, 2020 at 2:18 PM Remo Mattei

Re: [qmailtoaster] protect virus

2020-06-24 Thread ChandranManikandan
Hi Remo, Thanks, I have changed the log path in fresclam.conf and permission was working fine. On Wed, Jun 24, 2020 at 2:18 PM Remo Mattei wrote: > sorry one more tip. The server I had an issue with simscan, then I got qq > soft limit, which I sent an email out .. eventually it will show up,

Re: [qmailtoaster] protect virus

2020-06-24 Thread Remo Mattei
sorry one more tip. The server I had an issue with simscan, then I got qq soft limit, which I sent an email out .. eventually it will show up, I just rerun the script (from Eric) and that fixed it. Remo > On Jun 23, 2020, at 10:48 PM, Remo Mattei wrote: > > so I updated the other production

Re: [qmailtoaster] protect virus

2020-06-24 Thread Remo Mattei
so I updated the other production servers I have and all of them had the same freshclam issues. changed the log options and restarted systemctl restart clamav-freshclam.service that worked just fine. Only one server had an issue with the simscan. Just my 2 cents > On Jun 23, 2020, at 10:18

Re: [qmailtoaster] protect virus

2020-06-23 Thread Remo Mattei
You probably want to check the permissions on your simscan as well. chmod 4711 /var/qmail/bin/simscan That fixed it. > On Jun 23, 2020, at 10:10 PM, Remo Mattei wrote: > > you need to change the permissions on this file > > chown -R clamupdate:clamupdate /var/log/freshclam.log > >

Re: [qmailtoaster] protect virus

2020-06-23 Thread Remo Mattei
I got the same error and my mariadb is now dead!! rebooting hopefully it helps but that’s not a good thing > On Jun 23, 2020, at 9:32 PM, ChandranManikandan > wrote: > > Hi Eric, > > I have used the above link to update on my COS7 and i got below error. > > Status

Re: [qmailtoaster] protect virus

2020-06-23 Thread Remo Mattei
you need to change the permissions on this file chown -R clamupdate:clamupdate /var/log/freshclam.log freshclam Tue Jun 23 22:06:29 2020 -> ClamAV update process started at Tue Jun 23 22:06:29 2020 Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ Tue Jun 23 22:06:29 2020 ->

Re: [qmailtoaster] protect virus

2020-06-23 Thread ChandranManikandan
Hi Eric, I have used the above link to update on my COS7 and i got below error. Status of toaster services send: up (pid 22800) 2 seconds smtp: up (pid 22806) 2 seconds smtps: up (pid 22804) 2 seconds submission: up (pid 22809) 2 seconds send/log: up (pid 22802) 2 seconds smtp/log: up (pid

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
https://www.qmailtoaster.org/qttoepelclam.html Just made some changes, let me know how it works. Eric On 6/23/2020 9:41 PM, r...@mattei.org wrote: Sorry I just saw this where is the script at? Thanks Il giorno 23 giu 2020, alle ore 18:18, Philip Nix Guru ha scritto:  I only saw 2 rules

Re: [qmailtoaster] protect virus

2020-06-23 Thread remo
Sorry I just saw this where is the script at? Thanks > Il giorno 23 giu 2020, alle ore 18:18, Philip Nix Guru ha > scritto: > >  > I only saw 2 rules in the logs, > > missed one so clamd was kinda starting and dying, which produced the multi qq > soft reject > > > > so I just added all

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
I only saw 2 rules in the logs, missed one so clamd was kinda starting and dying, which produced the multi qq soft reject so I just added all the log options in scan.conf, restarted clamd@scan.service (reloading is not enough) check status of daemon and I caught the last signature that

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
What'd you do to mitigate? On 6/23/2020 6:47 PM, Philip Nix Guru wrote: Hello ok it was 3 signatures that seem to be faulty with clamav 0.102.3 EMAIL_Cryptowall.yar peid.yar rfxn.yara Seems ok now .. added debuging in scan.conf to check if all is running good Next time I will do that

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello ok it was 3 signatures that seem to be faulty with clamav 0.102.3 EMAIL_Cryptowall.yar peid.yar rfxn.yara Seems ok now .. added debuging in scan.conf to check if all is running good Next time I will do that in the day, not at night :) Cheers -P On 6/24/20 1:49 AM, Philip Nix

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
There is probably a permission issue In /etc/tcprules.d/tcp.smtp add SIMSCAN_DEBUG="5" and # qmailctl cdb # tail -f /var/log/qmail/smtp/current | tai64nlocal send an email to the server, and error should be apparent. Look at permissions, user, and group # ls -ld /var/qmail/simscan

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello something weird, I dont have any files scanned by simscan anymore all attachements are qq soft reject nothing logged anymore in /var/log/wmail like  /var/qmail/simscan/15929 messages On 6/24/20 1:04 AM, Eric Broch wrote: A soft link is not okay? # ls -l /var/run lrwxrwxrwx. 1

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
A soft link is not okay? # ls -l /var/run lrwxrwxrwx. 1 root root 6 Aug  3  2015 /var/run -> ../run - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail:

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello sure, that's fine, I used your script on a very busy production server, all went fine I just had to make a little change for compatibility with some of my scripts I d suggest one thing, in scan.conf PidFile /run/clamd.scan/clamd.pid LocalSocket /run/clamd.scan/clamd.sock I did

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
Philip, Yes, I decided to go with EPEL ClamAV because I don't see a reason not to. It does the same thing with minor changes and someone else takes care of the RPMS. And, updates are faster. Other than the name of the service only the below user/group changes take place. chown

Re: [qmailtoaster] protect virus

2020-06-23 Thread Philip Nix Guru
Hello so that's the new way to go for clamav ? Script for upgrade looks simple, I am not too fond of changing user and ownership (thank you epel) if you use extra scripts for un official sigs it can lead to some problems .. Who tested the move to epel clamav tree ? Regards On 6/23/20

Re: [qmailtoaster] protect virus

2020-06-23 Thread Eric Broch
https://www.qmailtoaster.org/qttoepelclam.html On 6/22/2020 11:39 PM, ChandranManikandan wrote: Hi Folks, I received below two virus notifications in my logwatch report. How do I protect from virus protection? Eric: Any possible chances to update the latest clamav, have you upload the latest

[qmailtoaster] protect virus

2020-06-22 Thread ChandranManikandan
Hi Folks, I received below two virus notifications in my logwatch report. How do I protect from virus protection? Eric: Any possible chances to update the latest clamav, have you upload the latest clamav epel. Please assist me. Some few spam emails with the same subject with different email