First check log files: /var/log/clamav/freshclam.log
my looks : -------------------------------------- freshclam daemon 0.93 (OS: linux-gnu, ARCH: i386, CPU: i386) ClamAV update process started at Sun May 4 04:02:11 2008main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven)
nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.hr.clamav.net (IP: 147.52.3.167) Trying host db.hr.clamav.net (193.92.150.194)... Downloading daily-7017.cdiff [100%] Downloading daily-7018.cdiff [100%]daily.cld updated (version: 7018, sigs: 44441, f-level: 26, builder: ccordes) Database updated (276275 signatures) from db.hr.clamav.net (IP: 193.92.150.194)
-------------------------------------- Received signal: wake up ClamAV update process started at Sun May 4 06:02:42 2008main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven)
Downloading daily-7019.cdiff [100%]daily.cld updated (version: 7019, sigs: 44875, f-level: 26, builder: ccordes) Database updated (276709 signatures) from db.hr.clamav.net (IP: 193.92.150.194)
-------------------------------------- Received signal: wake up ClamAV update process started at Sun May 4 08:02:43 2008main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven) daily.cld is up to date (version: 7019, sigs: 44875, f-level: 26, builder: ccordes)
-------------------------------------- Received signal: wake up ClamAV update process started at Sun May 4 10:02:44 2008main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven) daily.cld is up to date (version: 7019, sigs: 44875, f-level: 26, builder: ccordes)
Then check realtime scan: # tail -f /var/log/qmail/clamd/current |tai64nlocal And you see that clam is checking attachments2008-05-07 00:09:47.097325500 /var/qmail/simscan/ 1210111786.260698.1247/textfile1: OK 2008-05-07 00:09:47.097372500 /var/qmail/simscan/ 1210111786.260698.1247/textfile0: OK 2008-05-07 00:12:17.504186500 /var/qmail/simscan/ 1210111936.662573.1373/textfile2: OK 2008-05-07 00:12:17.527527500 /var/qmail/simscan/ 1210111936.662573.1373/msg.1210111936.662573.1373: OK 2008-05-07 00:12:17.527766500 /var/qmail/simscan/ 1210111936.662573.1373/addr.1210111936.662573.1373: OK 2008-05-07 00:12:17.527995500 /var/qmail/simscan/ 1210111936.662573.1373/textfile1: OK 2008-05-07 00:12:17.528022500 /var/qmail/simscan/ 1210111936.662573.1373/textfile0: OK 2008-05-07 00:12:29.410172500 /var/qmail/simscan/ 1210111949.403882.1397/addr.1210111949.403882.1397: OK 2008-05-07 00:12:29.416250500 /var/qmail/simscan/ 1210111949.403882.1397/msg.1210111949.403882.1397: OK 2008-05-07 00:12:29.417115500 /var/qmail/simscan/ 1210111949.403882.1397/textfile0: OK
And finally check some mail with attachment and look message at "Row Source" and you need to have line in header like:
Received: by simscan 1.3.1 ppid: 26098, pid: 26100, t: 2.4541s scanners: attach: 1.3.1 clamav: 0.93/m:46 spam: 3.2.4 If every thing is ok, your clamav is working.To check for "glitch" like i have on my server just stop/start qmail and check smtp log and top
# qmailctl stop # qmailctl start and i get# supervise: fatal: unable to acquire send/supervise/lock: temporary failure supervise: fatal: unable to acquire send/supervise/lock: temporary failure
but after 1-2 minute for my issue everythig works fine (on top i see clamav use 100% CPU)
On 2008.05.06, at 23:45, Tom Manliclic wrote:
Hi Igor,Can you possibly send me a information on what to check to see if my clamav works fine?Thank you very much for the help. Apologize if I emailed you directly. Thanks, Tom Igor Vukotić wrote:Im running 0.93-1.3.18 and work perfectly fine (except huge CPU usage), but every else is fine and stable.If you want some specific detail i can provide :) On 2008.05.06, at 19:14, Eric Shubert wrote:I wish. ;)I'm still running clamav-toaster-0.92.1-1.3.17 with no apparent problem.TTMOMK, 0.9x versions previous to this one were problematic.The current version on the web site is clamav-toaster-0.93-1.3.18. Has anyone had any success or problems with this version? I'd like to hear somefeedback from any/every one running this version. Igor Vukotic' wrote:Hi Pablo, I recognised log message "*qmail-smtpd: qq soft reject (mail server temporarily rejected message*"That exactly happened to my server when i restart qtp services and when i look at "top" you will probably see clamav process consume huge CPU usage. Good thing is if you leave server (1-2-minute) it will work normally andi suggest to use submission ports for clients, not 25 My server has 160Gb mails on HDD (i use IMAP for clients) and itsrunning on 2xXeon 2GHz, 4Gb ram and it took 1-2 minute to clam finishthe first job. Bad thing is when your clamav will be updated, it will "die" on 1-2 minute again.Maybe Eric has some trick for us, but clamav consume very much CPU-u,and better HW is shorter time :) On 2008.05.02, at 03:47, Pablo Zavalia wrote:Thanks for the reply Eric, that was quick! Smtp logs this: @40000000481a6504112f8364 tcpserver: pid 7772 from <MY-DESKTOP-IP> @40000000481a6504112f8b34 tcpserver: ok 7772 qmailserver.example.com:<server-ip>:25 :<MY-DESKTOP-IP>::25380 @40000000481a650420c9c6a4 tcpserver: status: 11/100 @40000000481a650421d03e0c CHKUSER relaying rcpt: from <[EMAIL PROTECTED]:[EMAIL PROTECTED]:> remote<desktop:unknown:desktop-ip> rcpt <[EMAIL PROTECTED]> : clientallowed to relay @40000000481a650503bfb974 qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): MAILFROM:<[EMAIL PROTECTED]> RCPTTO:[EMAIL PROTECTED] @40000000481a650503e1dfa4 tcpserver: end 7772 status 0 Nothing comes up in spamd log. I wonder why. Moreover I tried to run the simscan binary and i got this: $ /var/qmail/bin/simscan Segmentation fault I'm puzzled... Pablo Eric Shubert escribió:What are the corresponding smtp and spamd log messages when the message isrejected? Pablo Zavalia wrote:I've upgraded my clam clamav-toaster-0.92-1.3.16 which was working fine for the new released version clamav-toaster-0.93-1.3.18. Installation went ok, the package manager reported that it was installed fine.The thing es that mail is not being accepted, here's is an example of ansmtp transaction: <- 220 qmailserver.example.com - SMTP Server ESMTP -> EHLO sender.example.com <- 250-hostname.example.com - SMTP Server <- 250-STARTTLS <- 250-PIPELINING <- 250-8BITMIME <- 250-SIZE 20971520 <- 250 AUTH LOGIN PLAIN CRAM-MD5 -> AUTH CRAM-MD5 <- 334 ( CRAM MD5 auth ) -> (more auth) <- 235 ok, go ahead (#2.0.0) -> MAIL FROM:<[EMAIL PROTECTED]> <- 250 ok -> RCPT TO:<[EMAIL PROTECTED]> <- 250 ok -> DATA <- 354 go ahead -> Date: Thu, 01 May 2008 20:47:10 -0400 -> Subject: test Thu, 01 May 2008 20:47:10 -0400 -> -> This is a test mailing -> -> . <** 451 mail server temporarily rejected message (#4.3.0) -> QUIT <- 221 qmailserver.example.com - SMTP Server This stopped working after the upgrade, my tcp.smtp is:127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/ domainkeys/%/private",RBLSMTPD="",NOP0FCHECK="1":allow ,BADMIMETYPE = "",RBLSMTPD = "",SENDER_NOCHECK = "1 ",BADLOADERTYPE = "M ",CHKUSER_RCPTLIMIT ="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/ simscan",DKSIGN="/var/qmail/control/domainkeys/%/ private",NOP0FCHECK="1"When I remove the QMAILQUEUE=".." part and do a qmailctl cdb, the mail starts being accepted. The only problem is that AV and Spam are notbeing processed.I am running a regular qmail-toaster with Fedora Core 6 arch i686The server is now working, but with no scanning, i'd appreciate anysuggestions that you may have to fix this. Thanks in advance Pablo Zavalia Ariel escribió:steps taken 1 - qmailctl stop 2 - rpmbuild package clamv***** 3 - rpm -e clamav-toaster-0.92.1-1.3.17 --nodeps 4 - rpm -i clamav-toaster-0.93-1.3.18.i386.rpm works OK-- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
