On 01/26/2008 04:08 AM, Sandy Drobic wrote:
Now you get off you lazy butt and see for yourself how clam-av and
amavisd-new are configured. (^-^)
egrep -v "^#" /etc/clamd.conf | egrep -v "^$"
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/lib/clamav/clamd.pid
# Same localSocket as in /etc/amavisd.conf!
LocalSocket /var/run/clamav/clamd
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
User vscan
Foreground no
ScanOLE2 yes
ScanPDF yes
ScanMail yes
PhishingSignatures yes
PhishingScanURLs yes
Some important parts of /etc/amavisd.conf:
$daemon_user = 'vscan'; # yes, same user as clamd!
$daemon_group = 'vscan';
@av_scanners = (
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
);
@av_scanners_backup = (
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6],
qr/Infection: (.+)/ ],
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ],
['KasperskyLab kavscanner', ['/opt/kav/bin/kavscanner','kavscanner'],
'-i1 -xp {}', [0,10,15], [5,20,21,25],
qr/(?:CURED|INFECTED|CUREFAILED|WARNING|SUSPICION) (.*)/ ,
sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
);
Check that clamd actually is running:
rcclamd status
and is set to start at boot:
chkconfig clamd on
and finally, that you call fresh-clam from cron.
Interesting. I never noticed before that the default amavisd setup is
to NOT use clamd as a primary antivirus scanner (but antivir is). Mine
sees antivir as primary and clamscan as secondary. So the problem for
the OP is he only has clamav installed and no primary (by default). I
assume he could correct the socket path and uncomment the section for
clamd to allow it to work as a primary scanner. Best I assume would be
to install a primary scanner from the offering in amavisd.conf, and
leave clamscan as a secondary.
--
Joe Morris
Registered Linux user 231871 running openSUSE 10.3 x86_64
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
