Mailinglist Archive: opensuse (3434 mails)
| < Previous | Next > |
Re: [opensuse] amavisd warning failure?
- From: Sandy Drobic <suse-linux-e@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 07 Feb 2008 23:01:48 +0100
- Message-id: <47AB7FCC.1050405@xxxxxxxxxxxxxxxxxxxxxxx>
Hylton Conacher (ZR1HPC) wrote:
I think I already posted the relevant parts of the config files a few days ago. Okay, I just saw, that I posted EVERYTHING necessary to do the job.
Now, before you start to mangle your system, a few words of caution:
- as a beginner you should ensure you can retrace your steps if something breaks horribly. For that reason:
I suggest you make copies of the configuration files BEFORE you change them!
Another possibility is to document the changes within the configuration files like:
---------------------------------------------
/etc/clamd.conf:
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/lib/clamav/clamd.pid
### changed on 2008/02/07:
# Same localSocket as in /etc/amavisd.conf!
# LocalSocket /var/run/clamav.clam.ctl
LocalSocket /var/run/clamav/clamd
### end of change
---------------------------------------------
Most of the time it is easier to simply copy the entire file:
cp /etc/clamd.conf /etc/backup/clamd.conf_2008-02-07_22-30
I like to add date and time so I can compare when I introduced what change if later I discover something has broken.
Also I believe in redundancy. (^-^)
The necessary parts that HAVE to be present in /etc/clamd.conf are:
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
LocalSocket /var/run/clamav/clamd
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
User vscan
Change these parameters in /etc/clamd.conf as shown here, ignore all other settings for the moment.
Verify that the directory /var/run/clamav/ exists and belongs to user vscan.
If necessary, create the directory and assign it to user vscan:
mkdir /var/run/clamav
chown -R vscan /var/run/clamav
Then restart clamd: "rcclamd restart".
I consider logging parameters relevant since I like to know what the service is doing. (^-^)
Within /var/run/clamav there should now be a file clamd:
ls -l clamav
total 0
srwxrwxrwx 1 vscan vscan 0 Feb 7 21:32 clamd
If no error are logged you can set up the cron job:
Simply put a file, maybe with name "clam-signature-update.sh" with this content in /etc/cron.hourly:
-------------------
#!/bin/sh
# update of clam-av signatures
EMAIL=postmaster@xxxxxxxxxxx
tempfile=`mktemp`
freshclam > $tempfile
statusclam=$?
#echo "test clam" > $tempfile
#statusclam=0
case "$statusclam" in
0 ) echo "Clamav has gotten new sigatures!"
;;
1 ) echo "Clamav is up-to-date"
;;
255) cat $tempfile | mail -s "Clamav could'nt update: $statusclam" $EMAIL
;;
esac
rm $tempfile
-------------------
make the script executable:
chmod 700 /etc/cron.hourly/clam-signature-update.sh
As a test, run the script manually:
/etc/cron.hourly/clam-signature-update.sh
You should get a status message, also the update should be logged by clamd in /var/log/mail.
If that works you have set up a working clamd and can start to use it in
amavisd.
You activate the scanner by UNCOMMENTING the lines in /etc/amavisd.conf. Search for the line starting with:
@av_scanners = (
#
# here a lot of comments with possible virus scanners are shown
# ignore them.
#
#[...delete additional comments...]
#
# ### http://www.clamav.net/
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the s
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
)
The syntax for this parameter is:
@av_scanners = (
['scanner1',para1,para2...],
['scanner2',para1,para2...],
['scanner3',para1,para2...],
)
Same for @backup_scanners:
@av_scanners_backup = (
### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
)
Ignore the comments, just make sure that these lines are present and NOT commented out.
If you restart amavisd-new, you should see the following lines in /var/log/mail:
Feb 7 22:57:09 katgar amavis[5587]: Using primary internal av scanner code for Clam Antivirus-clamd
Feb 7 22:57:09 katgar amavis[5587]: Found primary av scanner H+BEDV AntiVir or CentralCommand Vexira Antivirus at /usr/bin/antivir
Feb 7 22:57:09 katgar amavis[5587]: Found secondary av scanner Clam Antivirus - clamscan at /usr/bin/clamscan
You can activate antivir the same way as I showed for clamd.
This grep should show the actual configuration without the comments:
These are the lines for the virusscanner output:
@av_scanners = (
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
);
@av_scanners_backup = (
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
egrep -v '^#|^$|^[[:space:]]+#' /etc/amavisd.conf
This is your one freebie for the year, I expect you to learn how to do basic task on the commandline for yourself. Consider it an investment into your career, it is absolutely basic and essential knowledge for a unix administrator.
--
Sandy
List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hi Sandy,
Sri for the delay I had more pressing issues to take care of.
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Sandy Drobic wrote:So, where's the problem?
Sandy, please, please, please walk me through getting a system likeActually, I also have antivir installed (in parallel to clamd as
primary). Both are looking for fresh signatures every hour.
this! Please
The problem is, that I do not know what and how to do the system config
to give me a system like you describe.
I am however a fast learner, although most of the time I need examples.
You need to teach a man to fish before before asking him to catch
something. :) Sorry for the plagiarism :)
I am also an ex Windows user, although I have been using the KDE desktop
for over a year. I try and use the KDE frontend as much as possible,
even using Kate to edit system files on both root and my main user.
I am sure there are a number of files to be edited however I have to ask
which file/s do I need to open and edit, and what do I need to make the
files look like?
I think I already posted the relevant parts of the config files a few days ago. Okay, I just saw, that I posted EVERYTHING necessary to do the job.
Now, before you start to mangle your system, a few words of caution:
- as a beginner you should ensure you can retrace your steps if something breaks horribly. For that reason:
I suggest you make copies of the configuration files BEFORE you change them!
Another possibility is to document the changes within the configuration files like:
---------------------------------------------
/etc/clamd.conf:
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/lib/clamav/clamd.pid
### changed on 2008/02/07:
# Same localSocket as in /etc/amavisd.conf!
# LocalSocket /var/run/clamav.clam.ctl
LocalSocket /var/run/clamav/clamd
### end of change
---------------------------------------------
Most of the time it is easier to simply copy the entire file:
cp /etc/clamd.conf /etc/backup/clamd.conf_2008-02-07_22-30
I like to add date and time so I can compare when I introduced what change if later I discover something has broken.
Also I believe in redundancy. (^-^)
The necessary parts that HAVE to be present in /etc/clamd.conf are:
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
LocalSocket /var/run/clamav/clamd
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
User vscan
Change these parameters in /etc/clamd.conf as shown here, ignore all other settings for the moment.
Verify that the directory /var/run/clamav/ exists and belongs to user vscan.
If necessary, create the directory and assign it to user vscan:
mkdir /var/run/clamav
chown -R vscan /var/run/clamav
Then restart clamd: "rcclamd restart".
I consider logging parameters relevant since I like to know what the service is doing. (^-^)
Within /var/run/clamav there should now be a file clamd:
ls -l clamav
total 0
srwxrwxrwx 1 vscan vscan 0 Feb 7 21:32 clamd
If no error are logged you can set up the cron job:
Simply put a file, maybe with name "clam-signature-update.sh" with this content in /etc/cron.hourly:
-------------------
#!/bin/sh
# update of clam-av signatures
EMAIL=postmaster@xxxxxxxxxxx
tempfile=`mktemp`
freshclam > $tempfile
statusclam=$?
#echo "test clam" > $tempfile
#statusclam=0
case "$statusclam" in
0 ) echo "Clamav has gotten new sigatures!"
;;
1 ) echo "Clamav is up-to-date"
;;
255) cat $tempfile | mail -s "Clamav could'nt update: $statusclam" $EMAIL
;;
esac
rm $tempfile
-------------------
make the script executable:
chmod 700 /etc/cron.hourly/clam-signature-update.sh
As a test, run the script manually:
/etc/cron.hourly/clam-signature-update.sh
You should get a status message, also the update should be logged by clamd in /var/log/mail.
If that works you have set up a working clamd and can start to use it in
amavisd.
You activate the scanner by UNCOMMENTING the lines in /etc/amavisd.conf. Search for the line starting with:
@av_scanners = (
#
# here a lot of comments with possible virus scanners are shown
# ignore them.
#
#[...delete additional comments...]
#
# ### http://www.clamav.net/
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the s
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
)
The syntax for this parameter is:
@av_scanners = (
['scanner1',para1,para2...],
['scanner2',para1,para2...],
['scanner3',para1,para2...],
)
Same for @backup_scanners:
@av_scanners_backup = (
### http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
)
Ignore the comments, just make sure that these lines are present and NOT commented out.
If you restart amavisd-new, you should see the following lines in /var/log/mail:
Feb 7 22:57:09 katgar amavis[5587]: Using primary internal av scanner code for Clam Antivirus-clamd
Feb 7 22:57:09 katgar amavis[5587]: Found primary av scanner H+BEDV AntiVir or CentralCommand Vexira Antivirus at /usr/bin/antivir
Feb 7 22:57:09 katgar amavis[5587]: Found secondary av scanner Clam Antivirus - clamscan at /usr/bin/clamscan
You can activate antivir the same way as I showed for clamd.
This grep should show the actual configuration without the comments:
These are the lines for the virusscanner output:
@av_scanners = (
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
);
@av_scanners_backup = (
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
egrep -v '^#|^$|^[[:space:]]+#' /etc/amavisd.conf
Once the config is almost complete how do I set-up a cron job to add
periodic updates?
There are many questions from this 'newbie'.
Tnx again if you decide to help.
This is your one freebie for the year, I expect you to learn how to do basic task on the commandline for yourself. Consider it an investment into your career, it is absolutely basic and essential knowledge for a unix administrator.
--
Sandy
List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |