[opensuse] amavisd warning failure?
Hi, Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups' What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST? Tnx Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-01-23 at 15:57 +0200, Hylton Conacher (ZR1HPC) wrote:
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
It only means that you don't have an antivirus installed. Once you install any one, amavis will detect and use it. Or don't install any, and disable antivirus checking: @bypass_virus_checks_maps = (1); # controls running of anti-virus code - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHl069tTMYHG2NR9URAqJwAKCPWTRENTBieGDs4Au7o75fGeWxRwCfQuZo NtTPQYmnpqmkq53mrKUvEbI= =rPkd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Wednesday 2008-01-23 at 15:57 +0200, Hylton Conacher (ZR1HPC) wrote:
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
It only means that you don't have an antivirus installed. Once you install any one, amavis will detect and use it. Or don't install any, and disable antivirus checking:
Most strange since I have both amavis and clamav installed.?? Although Linux 'doesn't' get virii, I am receiving mail from Windows boxes and would like to check the stuff before I send it on to more windows boxes. What next, un-install and then reinstall amavis and clamav and anything else to do with virii i.e. ignoring the dependency warnings and continuing as the dependencies will be met when the app is re-installed?
@bypass_virus_checks_maps = (1); # controls running of anti-virus code
And it can be accessed how as 'man' has not heard of it and etc/sysconfig hasn't either? Regards Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2008-01-25 at 18:06 +0200, Hylton Conacher (ZR1HPC) wrote:
The Wednesday 2008-01-23 at 15:57 +0200, Hylton Conacher (ZR1HPC) wrote:
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
It only means that you don't have an antivirus installed. Once you install any one, amavis will detect and use it. Or don't install any, and disable antivirus checking:
Most strange since I have both amavis and clamav installed.??
Strange indeed.
What next, un-install and then reinstall amavis and clamav and anything else to do with virii i.e. ignoring the dependency warnings and continuing as the dependencies will be met when the app is re-installed?
Possible... but I don't know if that would work. I think not.
@bypass_virus_checks_maps = (1); # controls running of anti-virus code
And it can be accessed how as 'man' has not heard of it and etc/sysconfig hasn't either?
amavis-new has no man page; there is /usr/share/doc/packages/amavisd-new/README_FILES/amavisd-new-docs.html, but the configuration file is "/etc/amavisd.conf". - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHmhC8tTMYHG2NR9URAsikAJ98hzhngFizOUpC6hONdhGMVQMT2QCeM7t7 qXIgfP+3tqtIxtn2EbZkGxo= =3Oc4 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Friday 2008-01-25 at 18:06 +0200, Hylton Conacher (ZR1HPC) wrote:
The Wednesday 2008-01-23 at 15:57 +0200, Hylton Conacher (ZR1HPC) wrote:
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
It only means that you don't have an antivirus installed. Once you install any one, amavis will detect and use it. Or don't install any, and disable antivirus checking:
Most strange since I have both amavis and clamav installed.??
Strange indeed.
I must make a correction to the above. Due to some issues on the suse update server, which did not able me to use Add/Remove Software, The software I had installed was amavisd-new and clamav. I have just added antivir and the messages seem to have stepped on the F10 tty. :)
What next, un-install and then reinstall amavis and clamav and anything else to do with virii i.e. ignoring the dependency warnings and continuing as the dependencies will be met when the app is re-installed?
Possible... but I don't know if that would work. I think not.
@bypass_virus_checks_maps = (1); # controls running of anti-virus code
And it can be accessed how as 'man' has not heard of it and etc/sysconfig hasn't either?
amavis-new has no man page; there is /usr/share/doc/packages/amavisd-new/README_FILES/amavisd-new-docs.html, but the configuration file is "/etc/amavisd.conf".
Tnx for this. I've stored it away. Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Most strange since I have both amavis and clamav installed.?? Although Linux 'doesn't' get virii, I am receiving mail from Windows boxes and would like to check the stuff before I send it on to more windows boxes.
What next, un-install and then reinstall amavis and clamav and anything else to do with virii i.e. ignoring the dependency warnings and continuing as the dependencies will be met when the app is re-installed?
No, reinstalling won't fix the problem - just make sure the amavis config file matches the clamav config file as to the location of the listening socket. A mismatch there is the problem. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 01/23/2008 09:57 PM, Hylton Conacher (ZR1HPC) wrote:
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST?
What antivirus programs do you have installed? Amavisd update will not fix this problem, it is saying your antivirus program has a problem. A couple good possibilities are antivir and clamav. HTH -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joe Morris (NTM) wrote:
On 01/23/2008 09:57 PM, Hylton Conacher (ZR1HPC) wrote:
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST?
What antivirus programs do you have installed? Amavisd update will not fix this problem, it is saying your antivirus program has a problem. A couple good possibilities are antivir and clamav.
To my knowledge I have both installed, at least when I last checked. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Hi,
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST?
You either don't have clamav installed, or have changed the configuration so that it's not listening to the port or socket that amavisd expects. If you do have clamav installed there should be additional warnings, something about a socket. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joe Sloan wrote:
Hylton Conacher (ZR1HPC) wrote:
Hi,
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST?
You either don't have clamav installed, or have changed the configuration so that it's not listening to the port or socket that amavisd expects.
If you do have clamav installed there should be additional warnings, something about a socket.
I have clamav installed, have not changed anything and there are no socket warnings that I could see on the Alt-F10 list. So, now what? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Joe Sloan wrote:
Hylton Conacher (ZR1HPC) wrote:
Hi,
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST? You either don't have clamav installed, or have changed the configuration so that it's not listening to the port or socket that amavisd expects.
If you do have clamav installed there should be additional warnings, something about a socket.
I have clamav installed, have not changed anything and there are no socket warnings that I could see on the Alt-F10 list.
So, now what?
Now you get off you lazy butt and see for yourself how clam-av and amavisd-new are configured. (^-^) egrep -v "^#" /etc/clamd.conf | egrep -v "^$" LogTime yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid # Same localSocket as in /etc/amavisd.conf! LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan Foreground no ScanOLE2 yes ScanPDF yes ScanMail yes PhishingSignatures yes PhishingScanURLs yes Some important parts of /etc/amavisd.conf: $daemon_user = 'vscan'; # yes, same user as clamd! $daemon_group = 'vscan'; @av_scanners = ( ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', ['antivir'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], ); @av_scanners_backup = ( ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], qr/Infection: (.+)/ ], ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], '-i1 -xp {}', [0,10,15], [5,20,21,25], qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], ); Check that clamd actually is running: rcclamd status and is set to start at boot: chkconfig clamd on and finally, that you call fresh-clam from cron. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 01/26/2008 04:08 AM, Sandy Drobic wrote:
Now you get off you lazy butt and see for yourself how clam-av and amavisd-new are configured. (^-^)
egrep -v "^#" /etc/clamd.conf | egrep -v "^$" LogTime yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid # Same localSocket as in /etc/amavisd.conf! LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan Foreground no ScanOLE2 yes ScanPDF yes ScanMail yes PhishingSignatures yes PhishingScanURLs yes
Some important parts of /etc/amavisd.conf: $daemon_user = 'vscan'; # yes, same user as clamd! $daemon_group = 'vscan'; @av_scanners = ( ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', ['antivir'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], ); @av_scanners_backup = ( ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], qr/Infection: (.+)/ ], ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'], '-i1 -xp {}', [0,10,15], [5,20,21,25], qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ , sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], );
Check that clamd actually is running: rcclamd status and is set to start at boot: chkconfig clamd on
and finally, that you call fresh-clam from cron.
Interesting. I never noticed before that the default amavisd setup is to NOT use clamd as a primary antivirus scanner (but antivir is). Mine sees antivir as primary and clamscan as secondary. So the problem for the OP is he only has clamav installed and no primary (by default). I assume he could correct the socket path and uncomment the section for clamd to allow it to work as a primary scanner. Best I assume would be to install a primary scanner from the offering in amavisd.conf, and leave clamscan as a secondary. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Joe Morris (NTM) wrote:
On 01/26/2008 04:08 AM, Sandy Drobic wrote:
Interesting. I never noticed before that the default amavisd setup is to NOT use clamd as a primary antivirus scanner (but antivir is). Mine sees antivir as primary and clamscan as secondary. So the problem for the OP is he only has clamav installed and no primary (by default). I assume he could correct the socket path and uncomment the section for clamd to allow it to work as a primary scanner. Best I assume would be to install a primary scanner from the offering in amavisd.conf, and leave clamscan as a secondary.
My reason for clamd as primary and clamscan as secondary is, that the daemonized version is faster, so the slower command line scanner should only be used when the daemon is unavailable. Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 01/26/2008 10:09 PM, Sandy Drobic wrote:
My reason for clamd as primary and clamscan as secondary is, that the daemonized version is faster, so the slower command line scanner should only be used when the daemon is unavailable.
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour.
I learned something new. I assumed one primary was optimal, thus clamd is commented out by default with the suse amavisd and used as a secondary. I figured 2 primary may cause double scanning and load the server more or slow things down. But I guess I was wrong. I went ahead and corrected the socket path and name, uncommented the clamd entry, and reloaded, and it is now using clamd and antivir as primary and clamscan as secondary. Thanks again Sandy, you have taught me much over the years, and I am still learning. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-01-26 at 15:09 +0100, Sandy Drobic wrote: ...
My reason for clamd as primary and clamscan as secondary is, that the daemonized version is faster, so the slower command line scanner should only be used when the daemon is unavailable.
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour.
I have antivirus checking disabled; instead amavis dumps any email with executable attachments. After all, this is linux and I have no use for executables, even if bona fide ;-) I wonder if amavis can be told to run virus scan only on those email with suspicious attachments: exes, docs, pdfs, etc. I disabled it precisely because it scanned every mail, which I think is an overkill: why should it scan this list mail, for instance? It text only. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHm07vtTMYHG2NR9URAkzBAKCC2r8B8QUYbkAUKFiBqxjRk1j6aQCgko0t vnwAnssfzZw/LeNPniv1HLE= =XoDH -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Saturday 2008-01-26 at 15:09 +0100, Sandy Drobic wrote:
...
My reason for clamd as primary and clamscan as secondary is, that the daemonized version is faster, so the slower command line scanner should only be used when the daemon is unavailable.
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour.
I have antivirus checking disabled; instead amavis dumps any email with executable attachments. After all, this is linux and I have no use for executables, even if bona fide ;-)
That is what amavisd-new already does before it calls virus scanners or spam-assassin. Unfortunately, you can't just reject/quarantine every executable in a corporate environment. At least I can't.
I wonder if amavis can be told to run virus scan only on those email with suspicious attachments: exes, docs, pdfs, etc. I disabled it precisely because it scanned every mail, which I think is an overkill: why should it scan this list mail, for instance? It text only.
It doesn't (see above). Scanninng text only files is very fast, most of the time is spent to actually load the scanner itself. That's why a daemonized scanner is preferable. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-01-26 at 16:46 +0100, Sandy Drobic wrote:
I have antivirus checking disabled; instead amavis dumps any email with executable attachments. After all, this is linux and I have no use for executables, even if bona fide ;-)
That is what amavisd-new already does before it calls virus scanners or spam-assassin. Unfortunately, you can't just reject/quarantine every executable in a corporate environment. At least I can't.
I can't think of a good enough reason to accept executables in a corporate environment :-P Except for developers, perhaps, and they can be declared in one of the "friend" list amavis has.
I wonder if amavis can be told to run virus scan only on those email with suspicious attachments: exes, docs, pdfs, etc. I disabled it precisely because it scanned every mail, which I think is an overkill: why should it scan this list mail, for instance? It text only.
It doesn't (see above). Scanninng text only files is very fast, most of the time is spent to actually load the scanner itself. That's why a daemonized scanner is preferable.
I'll give clamav a try, but I have to find a way to disable "antivir": I do not want both running. I'll check the config. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHm5IitTMYHG2NR9URAi1UAJ9kNyI/dzh0KJbat/eSh1IYUrf9hwCePFpX plIv5xY9JexGM4d70D1Ji1w= =GnVp -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 01/27/2008 04:03 AM, Carlos E. R. wrote:
I'll give clamav a try, but I have to find a way to disable "antivir": I do not want both running. I'll check the config.
Check the clamd entry in amavisd.conf. All you would need to do is comment out the entry for antivir for it not to be used. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-01-27 at 08:43 +0800, Joe Morris wrote:
On 01/27/2008 04:03 AM, Carlos E. R. wrote:
I'll give clamav a try, but I have to find a way to disable "antivir": I do not want both running. I'll check the config.
Check the clamd entry in amavisd.conf. All you would need to do is comment out the entry for antivir for it not to be used.
I had to do way more. First, comment out the section for antivir in amavis: ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus #Cer # ['Avira AntiVir', ['antivir','vexira'], # '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, # qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | # (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], # # NOTE: if you only have a demo version, remove -z and add 214, as in: # # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, Activating/disabling an scanner should be way easier than editing code. It is fine for programmers and techies, but not for users (and I'm the techie kind) :-/ After installing clamav and started its daemon, amavis only detected clamav as secondary scanner and as program, not daemon. I had to un-comment clamd section: # ### http://www.clamav.net/ # Cer ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd, or run it under its own # # uid such as clamav, add user clamav to the amavis group, and then add # # AllowSupplementaryGroups to clamd.conf; # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". But amavis failed to use it, because the socket was wrong. I had to edit "/etc/clamd.conf": # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) #LocalSocket /var/lib/clamav/clamd-socket #Cer LocalSocket /var/run/clamav/clamd And still clamd would fail because of no write permissions to the socket and because the directory does not exist. I had to create /var/run/clamav/ and chown it to vscan, and then, only then, it worked. Quite a nuisance, they are not integrated. Another nuisance was that "rcamavis restart" failed to restart the service: apparently there was an amavis daemon running, but the PID file did not match, so it wasn't killed. I had to kill it manually, meaning that perhaps amavis was failing previously with no warning. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHnH8RtTMYHG2NR9URAo5IAJwOgX9z5CpXCW9GC4jUDJi/6VCHlwCfeTpw 8yfY9Fn5w/nK4Y5FtQmNK28= =y3dT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 01/27/2008 08:54 PM, Carlos E. R. wrote:
The Sunday 2008-01-27 at 08:43 +0800, Joe Morris wrote:
On 01/27/2008 04:03 AM, Carlos E. R. wrote:
I'll give clamav a try, but I have to find a way to disable
"antivir": I
do not want both running. I'll check the config. Check the clamd entry in amavisd.conf. All you would need to do is comment out the entry for antivir for it not to be used.
I had to do way more.
First, comment out the section for antivir in amavis:
### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus #Cer # ['Avira AntiVir', ['antivir','vexira'], # '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, # qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | # (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], # # NOTE: if you only have a demo version, remove -z and add 214, as in: # # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
This was all I was talking about, to NOT use antivir.
After installing clamav and started its daemon, amavis only detected clamav as secondary scanner and as program, not daemon. I had to un-comment clamd section:
# ### http://www.clamav.net/ # Cer ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd, or run it under its own # # uid such as clamav, add user clamav to the amavis group, and then add # # AllowSupplementaryGroups to clamd.conf; # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
This was mentioned in the thread.
But amavis failed to use it, because the socket was wrong. I had to edit "/etc/clamd.conf":
Better to edit amavisd.conf above to the correct path and name of the clamd socket, i.e. /var/lib/clamsv/clamd-socket -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-01-27 at 21:31 +0800, Joe Morris wrote: ...
But amavis failed to use it, because the socket was wrong. I had to edit "/etc/clamd.conf": Better to edit amavisd.conf above to the correct path and name of the clamd socket, i.e. /var/lib/clamsv/clamd-socket
As clamd by default disables the local socket file, ie, there is none, what you say would require: · uncomment the "LocalSocket" in /etc/clamd.conf · change the socket in amavis. That's two changes, over only changing clamd. In any case, setting clamd to be used by amavis is not as straight forward as using antivir. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHnJvutTMYHG2NR9URAlisAJ4k/7s4IskKetLhFYYwv+86JF6WwQCaA1Ms zrO3EF0wh+qMwNUE5Vq16r4= =Xdfu -----END PGP SIGNATURE-----
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
<snip> ....
Activating/disabling an scanner should be way easier than editing code. It is fine for programmers and techies, but not for users (and I'm the techie kind) :-/
HERE, HERE says a user with a little new techie linux background -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
Joe Morris (NTM) wrote:
On 01/26/2008 04:08 AM, Sandy Drobic wrote:
Interesting. I never noticed before that the default amavisd setup is to NOT use clamd as a primary antivirus scanner (but antivir is). Mine sees antivir as primary and clamscan as secondary. So the problem for the OP is he only has clamav installed and no primary (by default). I assume he could correct the socket path and uncomment the section for clamd to allow it to work as a primary scanner. Best I assume would be to install a primary scanner from the offering in amavisd.conf, and leave clamscan as a secondary.
My reason for clamd as primary and clamscan as secondary is, that the daemonized version is faster, so the slower command line scanner should only be used when the daemon is unavailable.
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour.
Sandy, please, please, please walk me through getting a system like this! Please Thanks Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Sandy Drobic wrote:
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour.
Sandy, please, please, please walk me through getting a system like this! Please
So, where's the problem? -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Sandy, Sri for the delay I had more pressing issues to take care of. Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Sandy Drobic wrote:
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour.
Sandy, please, please, please walk me through getting a system like this! Please
So, where's the problem?
The problem is, that I do not know what and how to do the system config to give me a system like you describe. I am however a fast learner, although most of the time I need examples. You need to teach a man to fish before before asking him to catch something. :) Sorry for the plagiarism :) I am also an ex Windows user, although I have been using the KDE desktop for over a year. I try and use the KDE frontend as much as possible, even using Kate to edit system files on both root and my main user. I am sure there are a number of files to be edited however I have to ask which file/s do I need to open and edit, and what do I need to make the files look like? Once the config is almost complete how do I set-up a cron job to add periodic updates? There are many questions from this 'newbie'. Tnx again if you decide to help. Regards Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Hi Sandy,
Sri for the delay I had more pressing issues to take care of.
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Actually, I also have antivir installed (in parallel to clamd as primary). Both are looking for fresh signatures every hour. Sandy, please, please, please walk me through getting a system like
Sandy Drobic wrote: this! Please So, where's the problem?
The problem is, that I do not know what and how to do the system config to give me a system like you describe.
I am however a fast learner, although most of the time I need examples. You need to teach a man to fish before before asking him to catch something. :) Sorry for the plagiarism :)
I am also an ex Windows user, although I have been using the KDE desktop for over a year. I try and use the KDE frontend as much as possible, even using Kate to edit system files on both root and my main user.
I am sure there are a number of files to be edited however I have to ask which file/s do I need to open and edit, and what do I need to make the files look like?
I think I already posted the relevant parts of the config files a few days ago. Okay, I just saw, that I posted EVERYTHING necessary to do the job. Now, before you start to mangle your system, a few words of caution: - as a beginner you should ensure you can retrace your steps if something breaks horribly. For that reason: I suggest you make copies of the configuration files BEFORE you change them! Another possibility is to document the changes within the configuration files like: --------------------------------------------- /etc/clamd.conf: LogTime yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid ### changed on 2008/02/07: # Same localSocket as in /etc/amavisd.conf! # LocalSocket /var/run/clamav.clam.ctl LocalSocket /var/run/clamav/clamd ### end of change --------------------------------------------- Most of the time it is easier to simply copy the entire file: cp /etc/clamd.conf /etc/backup/clamd.conf_2008-02-07_22-30 I like to add date and time so I can compare when I introduced what change if later I discover something has broken. Also I believe in redundancy. (^-^) The necessary parts that HAVE to be present in /etc/clamd.conf are: LogTime yes LogSyslog yes LogFacility LOG_MAIL LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan Change these parameters in /etc/clamd.conf as shown here, ignore all other settings for the moment. Verify that the directory /var/run/clamav/ exists and belongs to user vscan. If necessary, create the directory and assign it to user vscan: mkdir /var/run/clamav chown -R vscan /var/run/clamav Then restart clamd: "rcclamd restart". I consider logging parameters relevant since I like to know what the service is doing. (^-^) Within /var/run/clamav there should now be a file clamd: ls -l clamav total 0 srwxrwxrwx 1 vscan vscan 0 Feb 7 21:32 clamd If no error are logged you can set up the cron job: Simply put a file, maybe with name "clam-signature-update.sh" with this content in /etc/cron.hourly: ------------------- #!/bin/sh # update of clam-av signatures EMAIL=postmaster@example.com tempfile=`mktemp` freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0 case "$statusclam" in 0 ) echo "Clamav has gotten new sigatures!" ;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav could'nt update: $statusclam" $EMAIL ;; esac rm $tempfile ------------------- make the script executable: chmod 700 /etc/cron.hourly/clam-signature-update.sh As a test, run the script manually: /etc/cron.hourly/clam-signature-update.sh You should get a status message, also the update should be logged by clamd in /var/log/mail. If that works you have set up a working clamd and can start to use it in amavisd. You activate the scanner by UNCOMMENTING the lines in /etc/amavisd.conf. Search for the line starting with: @av_scanners = ( # # here a lot of comments with possible virus scanners are shown # ignore them. # #[...delete additional comments...] # # ### http://www.clamav.net/ ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd; match the s # # name (LocalSocket) in clamav.conf to the socket name in this entry # # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], ) The syntax for this parameter is: @av_scanners = ( ['scanner1',para1,para2...], ['scanner2',para1,para2...], ['scanner3',para1,para2...], ) Same for @backup_scanners: @av_scanners_backup = ( ### http://www.clamav.net/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ) Ignore the comments, just make sure that these lines are present and NOT commented out. If you restart amavisd-new, you should see the following lines in /var/log/mail: Feb 7 22:57:09 katgar amavis[5587]: Using primary internal av scanner code for Clam Antivirus-clamd Feb 7 22:57:09 katgar amavis[5587]: Found primary av scanner H+BEDV AntiVir or CentralCommand Vexira Antivirus at /usr/bin/antivir Feb 7 22:57:09 katgar amavis[5587]: Found secondary av scanner Clam Antivirus - clamscan at /usr/bin/clamscan You can activate antivir the same way as I showed for clamd. This grep should show the actual configuration without the comments: These are the lines for the virusscanner output: @av_scanners = ( ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ['H+BEDV AntiVir or CentralCommand Vexira Antivirus', ['antivir'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) | (?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ], ); @av_scanners_backup = ( ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ); egrep -v '^#|^$|^[[:space:]]+#' /etc/amavisd.conf
Once the config is almost complete how do I set-up a cron job to add periodic updates?
There are many questions from this 'newbie'.
Tnx again if you decide to help.
This is your one freebie for the year, I expect you to learn how to do basic task on the commandline for yourself. Consider it an investment into your career, it is absolutely basic and essential knowledge for a unix administrator. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Hi Sandy,
Thanks for the freebie info so far. It is much appreciate and its great to have someone of your superior knowledge assisting me.
The problem is, that I do not know what and how to do the system config to give me a system like you describe.
I think I already posted the relevant parts of the config files a few days ago. Okay, I just saw, that I posted EVERYTHING necessary to do the job.
Now, before you start to mangle your system, a few words of caution:
- as a beginner you should ensure you can retrace your steps if something breaks horribly. For that reason:
I suggest you make copies of the configuration files BEFORE you change them!
Copies made with date and time in a newly created backup directory.
Another possibility is to document the changes within the configuration files like:
This I would do all the time as that way you can see what was there and when you changed it.
The necessary parts that HAVE to be present in /etc/clamd.conf are: LogTime yes LogSyslog yes LogFacility LOG_MAIL LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan
Apart from LocalSocket entry my conf is OK. My socket entry read '/var/lib/clamav/clamd-socket' so I changed it to what you had and created the clamav dir under /var/run/ and assigned the owner and group to vscan. Did a 'rcclamd restart' and it failed :( Below is error message: Umalusi:~ # rcclamd restart ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Parse error at line 30: Option LogTime requires boolean argument. Shutting down Clam AntiVirus daemon done ERROR: Parse error at line 30: Option LogTime requires boolean argument. Starting Clam AntiVirus daemon ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf startproc: exit status of parent of /usr/sbin/clamd: 1 failed What now?
If necessary, create the directory and assign it to user vscan:
I needed to create the clamac directory under run and assigned it to user and group vscan.
mkdir /var/run/clamav chown -R vscan /var/run/clamav
Then restart clamd: "rcclamd restart". I consider logging parameters relevant since I like to know what the service is doing. (^-^)
Within /var/run/clamav there should now be a file clamd:
There isn't ??
If no error are logged you can set up the cron job:
IF......but there were errors that need repairing first. <rest snipped> I have reverted to the backup copy for the moment and done a rcclamd restart successfully. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-02-17 at 12:21 +0200, Hylton Conacher (ZR1HPC) wrote:
Did a 'rcclamd restart' and it failed :( Below is error message:
Umalusi:~ # rcclamd restart ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Parse error at line 30: Option LogTime requires boolean argument. Shutting down Clam AntiVirus daemon done ERROR: Parse error at line 30: Option LogTime requires boolean argument. Starting Clam AntiVirus daemon ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf startproc: exit status of parent of /usr/sbin/clamd: 1 failed
What now?
Obvious! Open "/etc/clamd.conf", search for line number 30, and correct it. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHuB7BtTMYHG2NR9URAg7AAJ475AchQgDPoUCUgjd6bMJX92uqzwCfbs+s lG2yjYkJFHfPng4TWRYo6MI= =Yvjs -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-02-17 at 12:21 +0200, Hylton Conacher (ZR1HPC) wrote:
Did a 'rcclamd restart' and it failed :( Below is error message:
Umalusi:~ # rcclamd restart ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Parse error at line 30: Option LogTime requires boolean argument. Shutting down Clam AntiVirus daemon done ERROR: Parse error at line 30: Option LogTime requires boolean argument. Starting Clam AntiVirus daemon ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf startproc: exit status of parent of /usr/sbin/clamd: 1 failed
What now?
Obvious! Open "/etc/clamd.conf", search for line number 30, and correct it.
Doh!! Tnx Carlos for directing me. Having a look at the clamd.conf file I see that line 30 relates to the LogTime entry however on further checking I see that the Tab creates a full stop in Kate if you press Tab to advance a couple of spaces to put a comment in. Removed the '.' and problems went away. Next problem was the script to update the clamav signatures.
From Sandy: -------------------- #!/bin/sh # update of clam-av signatures
EMAIL=postmaster@example.com tempfile=`mktemp`
freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0
case "$statusclam" in
0 ) echo "Clamav has gotten new signatures!"
;; 1 ) echo "Clamav is up-to-date' ;; 255) cat $tempfile|mail -s "Clamav couldn't update: $statusclam" $EMAIL ;; esac
rm $tempfile --------------------
#statusclam=0 case "$statusclam" in 0 ) echo "Clamav has gotten new sigatures!" ;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav couldn't update: $statusclam" $EMAIL ;; esac rm $tempfile ------------------- I assume that What should I put my email address in place of EMAIL=postmaster@example.com? Tnx Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sorry, wasn't trimmed properly. Corrected version shown below. Hylton Conacher (ZR1HPC) wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-02-17 at 12:21 +0200, Hylton Conacher (ZR1HPC) wrote:
Did a 'rcclamd restart' and it failed :( Below is error message:
Umalusi:~ # rcclamd restart ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Parse error at line 30: Option LogTime requires boolean argument. Shutting down Clam AntiVirus daemon done ERROR: Parse error at line 30: Option LogTime requires boolean argument. Starting Clam AntiVirus daemon ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf startproc: exit status of parent of /usr/sbin/clamd: 1 failed
What now? Obvious! Open "/etc/clamd.conf", search for line number 30, and correct it.
Doh!! Tnx Carlos for directing me. Having a look at the clamd.conf file I see that line 30 relates to the LogTime entry however on further checking I see that the Tab creates a full stop in Kate if you press Tab to advance a couple of spaces to put a comment in. Removed the '.' and problems went away.
Next problem was the script to update the clamav signatures.
From Sandy:
-------------------- #!/bin/sh # update of clam-av signatures
EMAIL=postmaster@example.com tempfile=`mktemp`
freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0
case "$statusclam" in
0 ) echo "Clamav has gotten new signatures!"
;; 1 ) echo "Clamav is up-to-date' ;; 255) cat $tempfile|mail -s "Clamav couldn't update: $statusclam" $EMAIL ;; esac
rm $tempfile --------------------
I assume that What should I put my email address in place of EMAIL=postmaster@example.com?
Tnx Hylton
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Next problem was the script to update the clamav signatures.
From Sandy:
-------------------- #!/bin/sh # update of clam-av signatures
EMAIL=postmaster@example.com tempfile=`mktemp`
freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0
case "$statusclam" in
0 ) echo "Clamav has gotten new signatures!"
;; 1 ) echo "Clamav is up-to-date' ;; 255) cat $tempfile|mail -s "Clamav couldn't update: $statusclam" $EMAIL ;; esac
rm $tempfile -------------------- I assume that What should I put my email address in place of EMAIL=postmaster@example.com?
Yes. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Next problem was the script to update the clamav signatures.
<snip>
I assume that What should I put my email address in place of EMAIL=postmaster@example.com?
Yes.
When I run the script manually I get: Umalusi:~ # /etc/cron.hourly/Clam-signature-update.sh /etc/cron.hourly/Clam-signature-update.sh: line 19: unexpected EOF while looking for matching `"' /etc/cron.hourly/Clam-signature-update.sh: line 24: syntax error: unexpected end of file Umalusi:~ # Now what, as my script looks exactly like you wrote? Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Hylton Conacher (ZR1HPC) <hylton@conacher.co.za> [02-17-08 13:57]:
When I run the script manually I get:
Umalusi:~ # /etc/cron.hourly/Clam-signature-update.sh /etc/cron.hourly/Clam-signature-update.sh: line 19: unexpected EOF while looking for matching `"' /etc/cron.hourly/Clam-signature-update.sh: line 24: syntax error: unexpected end of file Umalusi:~ #
Now what, as my script looks exactly like you wrote?
DID you look for an unclosed quotation mark (") beginning on line 19 as the error notation presented? -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
* Hylton Conacher (ZR1HPC) <hylton@conacher.co.za> [02-17-08 13:57]:
When I run the script manually I get:
Umalusi:~ # /etc/cron.hourly/Clam-signature-update.sh /etc/cron.hourly/Clam-signature-update.sh: line 19: unexpected EOF while looking for matching `"' /etc/cron.hourly/Clam-signature-update.sh: line 24: syntax error: unexpected end of file Umalusi:~ #
Now what, as my script looks exactly like you wrote?
DID you look for an unclosed quotation mark (") beginning on line 19 as the error notation presented?
Yes I did. In fact I went through the file again and checked each quotation mark was were the original script said it should be. I also tried putting EOF right at the end but I still got the error about a missing quotation mark on line 19 and end of file error on line 24. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Hylton Conacher (ZR1HPC) <hylton@conacher.co.za> [02-17-08 14:27]:
Patrick Shanahan wrote:
* Hylton Conacher (ZR1HPC) <hylton@conacher.co.za> [02-17-08 13:57]:
When I run the script manually I get:
Umalusi:~ # /etc/cron.hourly/Clam-signature-update.sh /etc/cron.hourly/Clam-signature-update.sh: line 19: unexpected EOF while looking for matching `"' /etc/cron.hourly/Clam-signature-update.sh: line 24: syntax error: unexpected end of file Umalusi:~ #
Now what, as my script looks exactly like you wrote?
DID you look for an unclosed quotation mark (") beginning on line 19 as the error notation presented?
Yes I did. In fact I went through the file again and checked each quotation mark was were the original script said it should be.
I wouldn't be possible that a quotation mark was missing from the "original script"?
I also tried putting EOF right at the end but I still got the error about a missing quotation mark on line 19 and end of file error on line 24.
??? I believe that the error message indicates it *found* an EOF, not that one was missing.... -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 17 February 2008 20:24:54 Hylton Conacher (ZR1HPC) wrote:
I also tried putting EOF right at the end but I still got the error about a missing quotation mark on line 19 and end of file error on line 24.
Out of curiosity, what do you mean by putting EOF at the end? EOF means End Of File, it means content stops. I wasn't aware that it was possible to "put it" anywhere? Or did you just mean that you deleted something? Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-02-17 at 20:39 +0100, Anders Johansson wrote:
Out of curiosity, what do you mean by putting EOF at the end?
EOF means End Of File, it means content stops. I wasn't aware that it was possible to "put it" anywhere?
Actually, it is, because EOF is also an ascii character that indicates end of file (for text files). I don't remember now is if is ^Z or ^D in linux, though. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHuLFytTMYHG2NR9URAjyZAJ9yNwGkEMi3txuCglGDkh1YoG9A3gCeMqxa JU+8S9d/UWUqUZ8WMLK1eco= =vEvV -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 17 February 2008 23:13:03 Carlos E. R. wrote:
The Sunday 2008-02-17 at 20:39 +0100, Anders Johansson wrote:
Out of curiosity, what do you mean by putting EOF at the end?
EOF means End Of File, it means content stops. I wasn't aware that it was possible to "put it" anywhere?
Actually, it is, because EOF is also an ascii character that indicates end of file (for text files). I don't remember now is if is ^Z or ^D in linux, though.
Well, it's ^D, but it's not an ascii character. It is defined as something which can never be read from a file. All ascii characters can be read. There is no character you can write to a file that will cause the file to stop being read because of end-of-file. There is an ascii character 0x03 (end of text) and 0x04 (end of message) but those aren't the same as EOF If you think about it, it's obvious: a binary file doesn't care about ascii encodings. The 127 characters in ascii can occur anywhere in - for example - a JPEG image. It would be disaster if that caused an end-of-file Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-02-17 at 23:35 +0100, Anders Johansson wrote:
Actually, it is, because EOF is also an ascii character that indicates end of file (for text files). I don't remember now is if is ^Z or ^D in linux, though.
Well, it's ^D, but it's not an ascii character. It is defined as something which can never be read from a file. All ascii characters can be read. There is no character you can write to a file that will cause the file to stop being read because of end-of-file.
There is an ascii character 0x03 (end of text) and 0x04 (end of message) but those aren't the same as EOF
If you think about it, it's obvious: a binary file doesn't care about ascii encodings. The 127 characters in ascii can occur anywhere in - for example - a JPEG image. It would be disaster if that caused an end-of-file
One of the differences between text and binary files is that text files can contain control characters: new line, tabs... and an end of file marker. Yes, it is a character; not printable, not displayable, but a character all right. It is up to the application program to use it or not, and even to recognize it as EOF or something else. I have had programs fail reading a file in the middle of it because they said they had found the EOF - in the middle! I myself used this trick for my data files to be read by my programs in pascal (msdos). I wrote at the beginning of the file a small string describing the type of file and the program that used it, followed by the EOF char, and then the real binary data. When you run "type datafile" it printed that line(s) and stopped, without corrupting the screen. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHuL3vtTMYHG2NR9URAg6uAJ9viBouAtJoNoWZc/5wPgdbI2stgACfcZ9R QyLjhTWpC16cT1Y6PfeaSqc= =aaW/ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 18 February 2008 00:06:22 Carlos E. R. wrote:
One of the differences between text and binary files is that text files can contain control characters: new line, tabs... and an end of file marker.
Nope. There is no difference (to the OS) between binary files and text files. They are just a sequence of characters
Yes, it is a character; not printable, not displayable, but a character all right. It is up to the application program to use it or not, and even to recognize it as EOF or something else.
You are wrong. EOF is defined by POSIX as something which cannot be physically read from or written to disk Haven't you ever wondered why getc() returns an integer when it just reads a char? It's because the "control character" EOF is an integer, and as such can never ever be read from a file as a character But I'll give you a chance to prove me wrong: give me something to write to a file that will cause an end-of-file even when there is more data after it I'll save you some time and say that there is no such thing, but if you want to spend time looking for it, feel free Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 18 February 2008 00:18:20 Anders Johansson wrote:
Haven't you ever wondered why getc() returns an integer when it just reads a char? It's because the "control character" EOF is an integer, and as such can never ever be read from a file as a character
Half sentences are fun. It's because EOF is an integer *bigger than 8 bits* (i.e. > 255) and as such... Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 18 February 2008 00:06:22 Carlos E. R. wrote:
I myself used this trick for my data files to be read by my programs in pascal (msdos). I wrote at the beginning of the file a small string describing the type of file and the program that used it, followed by the EOF char, and then the real binary data. When you run "type datafile" it printed that line(s) and stopped, without corrupting the screen.
Well, what do you know, DOS really did use a standard ascii character as EOF (ctrl-Z, ascii 26) Well, all I can say is that it's not true for linux/unix, and it's yet another reason why dos sucked Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-02-18 at 00:26 +0100, Anders Johansson wrote:
On Monday 18 February 2008 00:06:22 Carlos E. R. wrote:
I myself used this trick for my data files to be read by my programs in pascal (msdos). I wrote at the beginning of the file a small string describing the type of file and the program that used it, followed by the EOF char, and then the real binary data. When you run "type datafile" it printed that line(s) and stopped, without corrupting the screen.
Well, what do you know, DOS really did use a standard ascii character as EOF (ctrl-Z, ascii 26)
Well, all I can say is that it's not true for linux/unix, and it's yet another reason why dos sucked
For that reason? Common! I could say that *nix sucks because it does not use the standard CR-LF end of line sequence. :-P It's just a reason as absurd as your's. Having a text EOF char is quite useful, just different of what you are used to. If you are going that dos sucks, say valid reasons, which there are a lot. But a different text encoding is not one. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHuNGwtTMYHG2NR9URAlUGAJ9pANeIZ3egA0J5C1Xull0rN+AcdQCeLObb sWxA4NtiKxw3lHRLhjNb/dM= =lE/r -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 18 Feb 2008 01:29:32 +0100 (CET), Carlos E. R. wrote:
I could say that *nix sucks because it does not use the standard CR-LF end of line sequence.
No, DOS sucks in way to many ways and one of them is that stupid CR-LF combo, which dates back to ancient CPM if I remember right. That is the reason, why text files have to be treated differently from binary files (in C the "b" open mode for file streams) because of the CR-LF handling.
Having a text EOF char is quite useful, just different of what you are used to.
For transmitting data perhaps (that's where control characters come from), but not in data processing. Philipp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-02-18 at 02:23 +0100, Philipp Thomas wrote:
On Mon, 18 Feb 2008 01:29:32 +0100 (CET), Carlos E. R. wrote:
I could say that *nix sucks because it does not use the standard CR-LF end of line sequence.
No, DOS sucks in way to many ways and one of them is that stupid CR-LF combo, which dates back to ancient CPM if I remember right. That is the reason, why text files have to be treated differently from binary files (in C the "b" open mode for file streams) because of the CR-LF handling.
Its your opinion. Mine is that Linux sucks because it mistakenly forgets to use both CR and LF to signal end of line, loosing useful functionality. :-P :-P :-P Seriously, text files are treated diferently for many reasons, and not only because of the crlf vs lf handling. Almost every operating system on Earth has a different text encoding from one another. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHuOUStTMYHG2NR9URAovJAJ90om0dATUjXfx27wPmX1uERMdkTACgiR+X yg06xIY0y5VaawcFely1VQs= =JGUr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Next problem was the script to update the clamav signatures.
<snip>
I assume that What should I put my email address in place of EMAIL=postmaster@example.com? Yes.
When I run the script manually I get:
Umalusi:~ # /etc/cron.hourly/Clam-signature-update.sh /etc/cron.hourly/Clam-signature-update.sh: line 19: unexpected EOF while looking for matching `"' /etc/cron.hourly/Clam-signature-update.sh: line 24: syntax error: unexpected end of file Umalusi:~ #
Now what, as my script looks exactly like you wrote?
Can't be, I just did a simple copy-and-paste and ran the script. It worked. In line 19 and line 24 you have a quotation mark at the beginning of a command, but no closing quotation mark. By the way, when I pasted the script I had only 23 lines, how did you get 24 lines? The first line is the shebang (#!/bin/sh). Please post the content of your script (including empty lines). -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
Next problem was the script to update the clamav signatures.
<snip>
I assume that What should I put my email address in place of EMAIL=postmaster@example.com? Yes.
When I run the script manually I get:
Umalusi:~ # /etc/cron.hourly/Clam-signature-update.sh /etc/cron.hourly/Clam-signature-update.sh: line 19: unexpected EOF while looking for matching `"' /etc/cron.hourly/Clam-signature-update.sh: line 24: syntax error: unexpected end of file Umalusi:~ #
Now what, as my script looks exactly like you wrote?
Can't be, I just did a simple copy-and-paste and ran the script. It worked.
You are correct. Somehow the damn gremlins must have crept in twice as when I copied and pasted from your email, saved the script and then ran it, I got that ClamAv was up to date. I did change a small part of the script...changed "could'nt" to "could not". It is not necessary to post the script as all seems OK, other than possibly adding an email notification to advise of update success. **Start of script** #!/bin/sh # update of clam-av signatures EMAIL=postmaster@example.com tempfile=`mktemp` freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0 case "$statusclam" in 0 ) echo "Clamav has gotten new sigatures!" ;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav could not update: $statusclam" $EMAIL #2008-02-18 was coluld'nt ;; esac rm $tempfile **End of script** Just waiting for a 'Success' email to tell me that all is up to date to offset the FAILURE emails I have been getting since yesterday up until 14h15 today. Looking at the script though, it doesn't look like I'm gonna get one :) Anyway, now the script is sorted, time to tackle the next bit of your email Sandy that I printed regarding amavisd. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
case "$statusclam" in
0 ) echo "Clamav has gotten new sigatures!"
tempnew=`mktemp` tr '\015' '\012' <$tempfile >$tempnew rm $tempfile cat $tempnew |col -x | mail -s "Clamav has received new signatures!" $EMAIL rm $tempnew;;
;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav could not update: $statusclam" $EMAIL #2008-02-18 was coluld'nt ;; esac
rm $tempfile **End of script**
Just waiting for a 'Success' email to tell me that all is up to date to offset the FAILURE emails I have been getting since yesterday up until 14h15 today. Looking at the script though, it doesn't look like I'm gonna get one :)
I was fed up with the number of emails that I got from the original script (I update every hour and the script sent the status each time. So I disabled the email for "clamav is up-to-date". I still got too many status mails, so I finally decided to only send an email if a problem occured. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote:
case "$statusclam" in
0 ) echo "Clamav has gotten new sigatures!"
tempnew=`mktemp` tr '\015' '\012' <$tempfile >$tempnew rm $tempfile cat $tempnew |col -x | mail -s "Clamav has received new signatures!" $EMAIL rm $tempnew;;
;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav could not update: $statusclam" $EMAIL #2008-02-18 was coluld'nt ;; esac
rm $tempfile **End of script**
Just waiting for a 'Success' email to tell me that all is up to date to offset the FAILURE emails I have been getting since yesterday up until 14h15 today. Looking at the script though, it doesn't look like I'm gonna get one :)
I was fed up with the number of emails that I got from the original script (I update every hour and the script sent the status each time. So I disabled the email for "clamav is up-to-date". I still got too many status mails, so I finally decided to only send an email if a problem occured. Point taken, so I omitted the script above to send me an email every time they were updated.
You mentioned that I can restart amavisd-new, but the cmd of 'rcamavisd-new restart' didn't work? What is the command? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-02-18 at 16:43 +0100, Sandy Drobic wrote:
I was fed up with the number of emails that I got from the original script (I update every hour and the script sent the status each time. So I disabled the email for "clamav is up-to-date". I still got too many status mails, so I finally decided to only send an email if a problem occured.
Why don't you simply log it to syslog? Using "logger" calls in the script. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHubYBtTMYHG2NR9URAsJ2AJ45hTpVe5RBgmh7SPvev+irDwL2OwCeIq6w puYJL63k5mfAc9yo9aPNJDU= =1jwm -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Monday 2008-02-18 at 16:43 +0100, Sandy Drobic wrote:
I was fed up with the number of emails that I got from the original script (I update every hour and the script sent the status each time. So I disabled the email for "clamav is up-to-date". I still got too many status mails, so I finally decided to only send an email if a problem occured.
Why don't you simply log it to syslog? Using "logger" calls in the script.
Because my policy is that all systems should actively report if a problem occurs. I don't want to log in to a system and then analyse the log when a user tells me that something is wrong. My time is limited and there are too many systems to monitor, that's why I make the system send me an email when something happens. It's much faster to read an email than to log on and see if anything has happened. Also I have to remember to check the system. It's too late if the smoke is already filling the room and the rats are leaving ship. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-02-18 at 18:18 +0100, Sandy Drobic wrote:
Why don't you simply log it to syslog? Using "logger" calls in the script.
Because my policy is that all systems should actively report if a problem occurs. I don't want to log in to a system and then analyse the log when a user tells me that something is wrong. My time is limited and there are too many systems to monitor, that's why I make the system send me an email when something happens. It's much faster to read an email than to log on and see if anything has happened. Also I have to remember to check the system. It's too late if the smoke is already filling the room and the rats are leaving ship. (^-^)
X-) Ok, I'll modify the above. Log what the script normally does, log and email on problems. This way, when you investigate a problem, you have an activity log to help you. You know that you can tell syslog to send a log to another computer? You could send the warning log of all computers to a single file. Hum! What if the problem is with email? You could have a script sound the "All hands, abandon ship, report to your designated escape pod" voice recording :-p - -- Cheers -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHucIEtTMYHG2NR9URAkuEAJ9xsu1Wxh8qzVRhpGeYE/jr6xGiRACfdYk5 YF8Co5bMA7iK/3Di4fFs/6Q= =s0KO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 17 February 2008 16:34:34 Hylton Conacher (ZR1HPC) wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-02-17 at 12:21 +0200, Hylton Conacher (ZR1HPC) wrote:
Did a 'rcclamd restart' and it failed :( Below is error message:
Umalusi:~ # rcclamd restart ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Parse error at line 30: Option LogTime requires boolean argument. Shutting down Clam AntiVirus daemon done ERROR: Parse error at line 30: Option LogTime requires boolean argument. Starting Clam AntiVirus daemon ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf startproc: exit status of parent of /usr/sbin/clamd: 1 failed
What now?
Obvious! Open "/etc/clamd.conf", search for line number 30, and correct it.
Doh!! Tnx Carlos for directing me. Having a look at the clamd.conf file I see that line 30 relates to the LogTime entry however on further checking I see that the Tab creates a full stop in Kate if you press Tab to advance a couple of spaces to put a comment in. Removed the '.' and problems went away.
Next problem was the script to update the clamav signatures.
From Sandy:
-------------------- #!/bin/sh # update of clam-av signatures
EMAIL=postmaster@example.com tempfile=`mktemp`
freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0
case "$statusclam" in
0 ) echo "Clamav has gotten new signatures!"
;; 1 ) echo "Clamav is up-to-date'
Here's something wrong. The echo starts with " and ends with ' Did you keep this line? Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
On Sunday 17 February 2008 16:34:34 Hylton Conacher (ZR1HPC) wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-02-17 at 12:21 +0200, Hylton Conacher (ZR1HPC) wrote:
Did a 'rcclamd restart' and it failed :( Below is error message:
Umalusi:~ # rcclamd restart ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Parse error at line 30: Option LogTime requires boolean argument. Shutting down Clam AntiVirus daemon done ERROR: Parse error at line 30: Option LogTime requires boolean argument. Starting Clam AntiVirus daemon ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf startproc: exit status of parent of /usr/sbin/clamd: 1 failed
What now? Obvious! Open "/etc/clamd.conf", search for line number 30, and correct it. Doh!! Tnx Carlos for directing me. Having a look at the clamd.conf file I see that line 30 relates to the LogTime entry however on further checking I see that the Tab creates a full stop in Kate if you press Tab to advance a couple of spaces to put a comment in. Removed the '.' and
Carlos E. R. wrote: problems went away.
Next problem was the script to update the clamav signatures.
From Sandy:
-------------------- #!/bin/sh # update of clam-av signatures
EMAIL=postmaster@example.com tempfile=`mktemp`
freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0
case "$statusclam" in
0 ) echo "Clamav has gotten new signatures!"
;; 1 ) echo "Clamav is up-to-date'
Here's something wrong. The echo starts with " and ends with '
Did you keep this line?
Yes, but after copying and pasting the original script after I told the list of the errors. Problem went away. Tnx though -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-02-17 at 17:34 +0200, Hylton Conacher (ZR1HPC) wrote:
Next problem was the script to update the clamav signatures.
There is an error here:
1 ) echo "Clamav is up-to-date'
^ double -- single ^ - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD4DBQFHuLJXtTMYHG2NR9URAl+tAKCFnqm5nab/yW8F74CqE5hxQoRBGACWK9CN np4VOw/1w6jCj0WAv/kJkg== =afLi -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Sunday 2008-02-17 at 12:21 +0200, Hylton Conacher (ZR1HPC) wrote:
Did a 'rcclamd restart' and it failed :( Below is error message:
Umalusi:~ # rcclamd restart ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Parse error at line 30: Option LogTime requires boolean argument. Shutting down Clam AntiVirus daemon done ERROR: Parse error at line 30: Option LogTime requires boolean argument. Starting Clam AntiVirus daemon ERROR: Parse error at line 30: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf startproc: exit status of parent of /usr/sbin/clamd: 1 failed
What now?
Obvious! Open "/etc/clamd.conf", search for line number 30, and correct it.
Doh!! Tnx Carlos for directing me. Having a look at the clamd.conf file I see that line 30 relates to the LogTime entry however on further checking I see that the Tab creates a full stop in Kate if you press Tab to advance a couple of spaces to put a comment in. Removed the '.' and problems went away.
[rest pruned] You may be interested in reading the following (as first given in the offtopic list): http://www.darkreading.com/document.asp?doc_id=144046&f_src=drweekly Ciao. -- I was very heavily into pornography. Then my pornograph broke. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
[rest pruned]
You may be interested in reading the following (as first given in the offtopic list):
http://www.darkreading.com/document.asp?doc_id=144046&f_src=drweekly
Tnx, but beat you to it as I posted it on the 01/02/2008 :) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thank you Sandy, and others, for your assistance in getting my antivir and clam to work. It is much appreciated. Thank you again Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Sandy, Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote about an amavisd failure:
Now you get off you lazy butt and see for yourself how clam-av and amavisd-new are configured. (^-^)
np except I gotta be on my butt to type :)
egrep -v "^#" /etc/clamd.conf | egrep -v "^$" LogTime yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid # Same localSocket as in /etc/amavisd.conf! LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan Foreground no ScanOLE2 yes ScanPDF yes ScanMail yes PhishingSignatures yes PhishingScanURLs yes
I ran the above command and retrieved: hylton@Umalusi:~> egrep -v "^#" /etc/clamd.conf | egrep -v "^$" LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid LocalSocket /var/lib/clamav/clamd-socket TCPSocket 3310 TCPAddr 127.0.0.1 User vscan To me I should add the lines of: Foreground no ScanOLE2 yes ScanPDF yes ScanMail yes PhishingSignatures yes PhishingScanURLs yes ...into the file, althought I do not know. My /etc/antivisd.conf does not have ClamAV listed under @av_scanners but it is listed under @av_scanners_backup
Check that clamd actually is running: rcclamd status and is set to start at boot: chkconfig clamd on
Above three are all OK
and finally, that you call fresh-clam from cron.
How, as 'crontab -l' inder user and root showed nothing? Tnks for the help. Delay was due to mismatched memory. Hylton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2008-02-01 at 11:04 +0200, Hylton Conacher (ZR1HPC) wrote: ...
My /etc/antivisd.conf does not have ClamAV listed under @av_scanners but it is listed under @av_scanners_backup
Because it is commented out, dissabled. As I said, you have got to edit some code >:-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHoulFtTMYHG2NR9URAtJoAKCADtVoZvkQQ6oB6IUW16NvVGiU1QCdGGqH 8Q2LP9R+xwKFvMUL1pNnUoo= =McbF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Hi Sandy,
Sandy Drobic wrote:
Hylton Conacher (ZR1HPC) wrote about an amavisd failure:
Now you get off you lazy butt and see for yourself how clam-av and amavisd-new are configured. (^-^)
np except I gotta be on my butt to type :)
egrep -v "^#" /etc/clamd.conf | egrep -v "^$"
# Same localSocket as in /etc/amavisd.conf! LocalSocket /var/run/clamav/clamd FixStaleSocket yes TCPSocket 3310 TCPAddr 127.0.0.1 User vscan
I ran the above command and retrieved: hylton@Umalusi:~> egrep -v "^#" /etc/clamd.conf | egrep -v "^$" LogSyslog yes LogFacility LOG_MAIL PidFile /var/lib/clamav/clamd.pid LocalSocket /var/lib/clamav/clamd-socket TCPSocket 3310 TCPAddr 127.0.0.1 User vscan
See above on the socket of clamd.
My /etc/antivisd.conf does not have ClamAV listed under @av_scanners but it is listed under @av_scanners_backup
Okay, so you can simply copy and paste the lines between the two sections. Just make sure the socket in the amavisd-new config is at the same place where clamd has its socket configured in /etc/clamd.conf. See above.
Check that clamd actually is running: rcclamd status and is set to start at boot: chkconfig clamd on
Above three are all OK
and finally, that you call fresh-clam from cron.
How, as 'crontab -l' inder user and root showed nothing?
Yes, that's your job to script. (^-^) Something like: ------------------------------------------- #!/bin/sh # update of clam-av signatures EMAIL=postmaster@example.com tempfile=`mktemp` freshclam > $tempfile statusclam=$? #echo "test clam" > $tempfile #statusclam=0 case "$statusclam" in 0 ) echo "Clamav has gotten new sigatures!" ;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav could'nt update: $statusclam" $EMAIL ;; esac rm $tempfile ------------------------------------------- Feel free to expand the example. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
and finally, that you call fresh-clam from cron.
Why call fresh-clam from cron? I'm curious as to any possible pros/cons because I run freshclam as a daemon and it periodically checks for updates as configured in /etc/freshclam.conf Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sloan wrote:
Sandy Drobic wrote:
and finally, that you call fresh-clam from cron.
Why call fresh-clam from cron?
I'm curious as to any possible pros/cons because I run freshclam as a daemon and it periodically checks for updates as configured in /etc/freshclam.conf
I had happened to me that fresh-clam silently died on me and the signatures were not updated any more. That's the reason why I am calling fresh-clam from cron and (if exit code reports an error) I get an email if there's any trouble. It's just that little bit safer than to depend on an update function that doesn't report trouble. If no av is available and you configured virus scanning in amavisd-new, then mail is deferred. I don't want that. (^-°) ------------------------------------------- #!/bin/sh # update of clam-av signatures EMAIL=postmaster@example.com tempfile=`mktemp` freshclam > $tempfile statusclam=$? case "$statusclam" in 0 ) echo "Clamav has gotten new sigatures!" ;; 1 ) echo "Clamav is up-to-date" ;; 255) cat $tempfile | mail -s "Clamav could'nt update: $statusclam" $EMAIL ;; esac rm $tempfile ------------------------------------------- -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sandy Drobic wrote:
I had happened to me that fresh-clam silently died on me and the signatures were not updated any more. That's the reason why I am calling fresh-clam from cron and (if exit code reports an error) I get an email if there's any trouble.
It's just that little bit safer than to depend on an update function that doesn't report trouble.
If no av is available and you configured virus scanning in amavisd-new, then mail is deferred. I don't want that. (^-°)
OK, that makes sense - In our case however, if clamd has died, it will simply use clamscan. A bit slower, but mail will flow. We have a daily cron job which mails us the current sig level from the clamav boxes: # send virus def level - 7 11 * * 1-5 /usr/bin/sigtool -V | mail -s "virus defs for `hostname`" lxmail@tmsusa.com Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hylton Conacher (ZR1HPC) wrote:
Hi,
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST?
Amavisd-new is only the framework, that is calling the virus scanner. You should install at least clam-av. Please take care to update the signatures with fresh-clam frequently (at least once a day). Usually you set up the daemon version clamd as primary scanner and, in case the daemon is unavailable the commandline version clam-scan as fallback in backup-scanners. I think I had to change the configuration a bit to make it work with clamd. In /etc/amavisd.conf you should find the following lines: @av_scanners = ( #[...delete additional comments...] # ### http://www.clamav.net/ ['Clam Antivirus-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd; match the s # # name (LocalSocket) in clamav.conf to the socket name in this entry # # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"], #[...deleted even more uninstalled scanners...] ); @av_scanners_backup = ( # If no virus scanners from the @av_scanners list produce 'clean' nor # 'infected' status (e.g. they all fail to run or the list is empty), # then _all_ scanners from the @av_scanners_backup list are tried. # When there are both daemonized and command-line scanners available, # it is customary to place slower command-line scanners in the # @av_scanners_backup list. The default choice is somewhat arbitrary, # move entries from one list to another as desired. ### http://www.clamav.net/ ['Clam Antivirus - clamscan', 'clamscan', '--stdout --no-summary -r {}', [0], [1], qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # [...deleted again uninstalled scanners...] ); -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi,
Looking at the Alt-Ctrl-F10 tty I see that anavis is warning that 'all primary virus scanners failed, considering backups'
What should I do to rectify this problem i.e. I assume update amavisd, but how, at least via YAST?
Tnx Hylton
You'd need to add a virus scanner to the system, I'd suggest Clam AV. You can use multiple scanners, but each takes time for the scan to process. ~mike No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.9/1239 - Release Date: 1/23/2008 10:24 AM -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (12)
-
Anders Johansson -
Basil Chupin -
Carlos E. R. -
Hylton Conacher (ZR1HPC) -
Joe Morris -
Joe Morris (NTM)
-
Joe Sloan -
Michael Smith -
Patrick Shanahan -
Philipp Thomas -
Sandy Drobic -
Sloan