That's good, Igor.
You might want to use qmlog for qmail's logs though, e.g.:
# qmlog -f clamd
05-06 17:57:10 SelfCheck: Database status OK.
05-06 17:57:10 /var/qmail/simscan/1210121829.425324.10240/textfile1: OK
05-06 17:57:10 /var/qmail/simscan/1210121829.425324.10240/textfile0: OK
05-06 17:57:10 /var/qmail/simscan/1210121829.425324.10240/textfile2: OK
qmlog works with each of the multilog toaster logs, and has some neat
searching capbility as well. Entering the command with no parameters will
show you the options:
# qmlog
qmlog v0.2.2 - show current log of service 'service'
usage: qmlog service [option] ...
services: authlib clamd imap4 imap4-ssl pop3 pop3-ssl send smtp spamd submission
options:
-h[elp] this help
-l[ist] list saved logs of service
-f follow as it grows, using 'tail -f'
-t N show (tail) last N lines
-nl show without using less
-nt show with no trimming
-d mmdd[:hhmm][-mmdd[:hhmm]]
show logs that contain the date 'mmdd' [thru -'mmdd']
-lc regex show logs that contain a string that matches 'regex'
-ln pattern show logs with file name containing 'pattern'
-s command pipe output through sed 'command'
-g regex show only lines that match the string 'regex'
#
The qmlog command is included with the qmailtoaster-plus package.
Igor Vukotić wrote:
> First check log files:
>
> /var/log/clamav/freshclam.log
>
> my looks :
>
> --------------------------------------
> freshclam daemon 0.93 (OS: linux-gnu, ARCH: i386, CPU: i386)
> ClamAV update process started at Sun May 4 04:02:11 2008
> main.cvd is up to date (version: 46, sigs: 231834, f-level: 26,
> builder: sven)
> nonblock_connect: connect timing out (30 secs)
> Can't connect to port 80 of host db.hr.clamav.net (IP: 147.52.3.167)
> Trying host db.hr.clamav.net (193.92.150.194)...
> Downloading daily-7017.cdiff [100%]
> Downloading daily-7018.cdiff [100%]
> daily.cld updated (version: 7018, sigs: 44441, f-level: 26, builder:
> ccordes)
> Database updated (276275 signatures) from db.hr.clamav.net (IP:
> 193.92.150.194)
> --------------------------------------
> Received signal: wake up
> ClamAV update process started at Sun May 4 06:02:42 2008
> main.cvd is up to date (version: 46, sigs: 231834, f-level: 26,
> builder: sven)
> Downloading daily-7019.cdiff [100%]
> daily.cld updated (version: 7019, sigs: 44875, f-level: 26, builder:
> ccordes)
> Database updated (276709 signatures) from db.hr.clamav.net (IP:
> 193.92.150.194)
> --------------------------------------
> Received signal: wake up
> ClamAV update process started at Sun May 4 08:02:43 2008
> main.cvd is up to date (version: 46, sigs: 231834, f-level: 26,
> builder: sven)
> daily.cld is up to date (version: 7019, sigs: 44875, f-level: 26,
> builder: ccordes)
> --------------------------------------
> Received signal: wake up
> ClamAV update process started at Sun May 4 10:02:44 2008
> main.cvd is up to date (version: 46, sigs: 231834, f-level: 26,
> builder: sven)
> daily.cld is up to date (version: 7019, sigs: 44875, f-level: 26,
> builder: ccordes)
>
>
> Then check realtime scan:
>
> # tail -f /var/log/qmail/clamd/current |tai64nlocal
>
> And you see that clam is checking attachments
>
> 2008-05-07 00:09:47.097325500
> /var/qmail/simscan/1210111786.260698.1247/textfile1: OK
> 2008-05-07 00:09:47.097372500
> /var/qmail/simscan/1210111786.260698.1247/textfile0: OK
> 2008-05-07 00:12:17.504186500
> /var/qmail/simscan/1210111936.662573.1373/textfile2: OK
> 2008-05-07 00:12:17.527527500
> /var/qmail/simscan/1210111936.662573.1373/msg.1210111936.662573.1373: OK
> 2008-05-07 00:12:17.527766500
> /var/qmail/simscan/1210111936.662573.1373/addr.1210111936.662573.1373:
> OK
> 2008-05-07 00:12:17.527995500
> /var/qmail/simscan/1210111936.662573.1373/textfile1: OK
> 2008-05-07 00:12:17.528022500
> /var/qmail/simscan/1210111936.662573.1373/textfile0: OK
> 2008-05-07 00:12:29.410172500
> /var/qmail/simscan/1210111949.403882.1397/addr.1210111949.403882.1397:
> OK
> 2008-05-07 00:12:29.416250500
> /var/qmail/simscan/1210111949.403882.1397/msg.1210111949.403882.1397: OK
> 2008-05-07 00:12:29.417115500
> /var/qmail/simscan/1210111949.403882.1397/textfile0: OK
>
>
> And finally check some mail with attachment and look message at "Row
> Source" and you need to have line in header like:
>
> Received: by simscan 1.3.1 ppid: 26098, pid: 26100, t: 2.4541s
> scanners: attach: 1.3.1 clamav: 0.93/m:46 spam: 3.2.4
>
>
> If every thing is ok, your clamav is working.
>
> To check for "glitch" like i have on my server just stop/start qmail and
> check smtp log and top
> # qmailctl stop
> # qmailctl start
>
> and i get
>
> # supervise: fatal: unable to acquire send/supervise/lock: temporary failure
> supervise: fatal: unable to acquire send/supervise/lock: temporary failure
>
> but after 1-2 minute for my issue everythig works fine (on top i see
> clamav use 100% CPU)
>
> On 2008.05.06, at 23:45, Tom Manliclic wrote:
>
>> Hi Igor,
>>
>> Can you possibly send me a information on what to check to see if my
>> clamav works fine?
>>
>> Thank you very much for the help.
>>
>> Apologize if I emailed you directly.
>>
>> Thanks,
>> Tom
>>
>> Igor Vukotić wrote:
>>> Im running 0.93-1.3.18 and work perfectly fine (except huge CPU
>>> usage), but every else is fine and stable.
>>> If you want some specific detail i can provide :)
>>>
>>>
>>> On 2008.05.06, at 19:14, Eric Shubert wrote:
>>>
>>>> I wish. ;)
>>>>
>>>> I'm still running clamav-toaster-0.92.1-1.3.17 with no apparent problem.
>>>> TTMOMK, 0.9x versions previous to this one were problematic.
>>>>
>>>> The current version on the web site is clamav-toaster-0.93-1.3.18. Has
>>>> anyone had any success or problems with this version? I'd like to
>>>> hear some
>>>> feedback from any/every one running this version.
>>>>
>>>> Igor Vukotic' wrote:
>>>>> Hi Pablo,
>>>>>
>>>>> I recognised log message "*qmail-smtpd: qq soft reject (mail server
>>>>> temporarily rejected message*"
>>>>> That exactly happened to my server when i restart qtp services and when
>>>>> i look at "top" you will probably see clamav process consume huge
>>>>> CPU usage.
>>>>> Good thing is if you leave server (1-2-minute) it will work
>>>>> normally and
>>>>> i suggest to use submission ports for clients, not 25
>>>>>
>>>>> My server has 160Gb mails on HDD (i use IMAP for clients) and its
>>>>> running on 2xXeon 2GHz, 4Gb ram and it took 1-2 minute to clam finish
>>>>> the first job.
>>>>>
>>>>> Bad thing is when your clamav will be updated, it will "die" on 1-2
>>>>> minute again.
>>>>>
>>>>> Maybe Eric has some trick for us, but clamav consume very much CPU-u,
>>>>> and better HW is shorter time :)
>>>>>
>>>>>
>>>>>
>>>>> On 2008.05.02, at 03:47, Pablo Zavalia wrote:
>>>>>
>>>>>> Thanks for the reply Eric, that was quick!
>>>>>>
>>>>>> Smtp logs this:
>>>>>>
>>>>>> @40000000481a6504112f8364 tcpserver: pid 7772 from <MY-DESKTOP-IP>
>>>>>> @40000000481a6504112f8b34 tcpserver: ok 7772
>>>>>> qmailserver.example.com:<server-ip>:25 :<MY-DESKTOP-IP>::25380
>>>>>> @40000000481a650420c9c6a4 tcpserver: status: 11/100
>>>>>> @40000000481a650421d03e0c CHKUSER relaying rcpt: from
>>>>>> <[EMAIL PROTECTED]
>>>>>> <mailto:[EMAIL PROTECTED]>:[EMAIL PROTECTED]
>>>>>> <mailto:[EMAIL PROTECTED]>:> remote
>>>>>> <desktop:unknown:desktop-ip> rcpt <[EMAIL PROTECTED]
>>>>>> <mailto:[EMAIL PROTECTED]>> : client
>>>>>> allowed to relay
>>>>>> @40000000481a650503bfb974 qmail-smtpd: qq soft reject (mail server
>>>>>> temporarily rejected message (#4.3.0)):
>>>>>> MAILFROM:<[EMAIL PROTECTED]
>>>>>> <mailto:[EMAIL PROTECTED]>>
>>>>>> RCPTTO:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>>>>>> @40000000481a650503e1dfa4 tcpserver: end 7772 status 0
>>>>>>
>>>>>> Nothing comes up in spamd log. I wonder why.
>>>>>>
>>>>>> Moreover I tried to run the simscan binary and i got this:
>>>>>> $ /var/qmail/bin/simscan
>>>>>> Segmentation fault
>>>>>>
>>>>>> I'm puzzled...
>>>>>>
>>>>>> Pablo
>>>>>>
>>>>>>
>>>>>> Eric Shubert escribió:
>>>>>>> What are the corresponding smtp and spamd log messages when the
>>>>>>> message is
>>>>>>> rejected?
>>>>>>>
>>>>>>> Pablo Zavalia wrote:
>>>>>>>
>>>>>>>> I've upgraded my clam clamav-toaster-0.92-1.3.16 which was
>>>>>>>> working fine
>>>>>>>> for the new released version clamav-toaster-0.93-1.3.18.
>>>>>>>> Installation
>>>>>>>> went ok, the package manager reported that it was installed fine.
>>>>>>>>
>>>>>>>> The thing es that mail is not being accepted, here's is an
>>>>>>>> example of an
>>>>>>>> smtp transaction:
>>>>>>>>
>>>>>>>> <- 220 qmailserver.example.com - SMTP Server ESMTP
>>>>>>>> -> EHLO sender.example.com
>>>>>>>> <- 250-hostname.example.com - SMTP Server
>>>>>>>> <- 250-STARTTLS
>>>>>>>> <- 250-PIPELINING
>>>>>>>> <- 250-8BITMIME
>>>>>>>> <- 250-SIZE 20971520
>>>>>>>> <- 250 AUTH LOGIN PLAIN CRAM-MD5
>>>>>>>> -> AUTH CRAM-MD5
>>>>>>>> <- 334 ( CRAM MD5 auth )
>>>>>>>> -> (more auth)
>>>>>>>> <- 235 ok, go ahead (#2.0.0)
>>>>>>>> -> MAIL FROM:<[EMAIL PROTECTED]
>>>>>>>> <mailto:[EMAIL PROTECTED]>>
>>>>>>>> <- 250 ok
>>>>>>>> -> RCPT TO:<[EMAIL PROTECTED]
>>>>>>>> <mailto:[EMAIL PROTECTED]>>
>>>>>>>> <- 250 ok
>>>>>>>> -> DATA
>>>>>>>> <- 354 go ahead
>>>>>>>> -> Date: Thu, 01 May 2008 20:47:10 -0400
>>>>>>>> -> Subject: test Thu, 01 May 2008 20:47:10 -0400
>>>>>>>> ->
>>>>>>>> -> This is a test mailing
>>>>>>>> ->
>>>>>>>> -> .
>>>>>>>> <** 451 mail server temporarily rejected message (#4.3.0)
>>>>>>>> -> QUIT
>>>>>>>> <- 221 qmailserver.example.com - SMTP Server
>>>>>>>>
>>>>>>>> This stopped working after the upgrade, my tcp.smtp is:
>>>>>>>>
>>>>>>>> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",RBLSMTPD="",NOP0FCHECK="1"
>>>>>>>>
>>>>>>>> :allow,BADMIMETYPE="",RBLSMTPD="",SENDER_NOCHECK="1",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
>>>>>>>>
>>>>>>>>
>>>>>>>> When I remove the QMAILQUEUE=".." part and do a qmailctl cdb,
>>>>>>>> the mail
>>>>>>>> starts being accepted. The only problem is that AV and Spam are not
>>>>>>>> being processed.
>>>>>>>>
>>>>>>>> I am running a regular qmail-toaster with Fedora Core 6 arch i686
>>>>>>>>
>>>>>>>> The server is now working, but with no scanning, i'd appreciate any
>>>>>>>> suggestions that you may have to fix this.
>>>>>>>>
>>>>>>>> Thanks in advance
>>>>>>>>
>>>>>>>> Pablo Zavalia
>>>>>>>>
>>>>>>>>
>>>>>>>> Ariel escribió:
>>>>>>>>
>>>>>>>>> steps taken
>>>>>>>>>
>>>>>>>>> 1 - qmailctl stop
>>>>>>>>> 2 - rpmbuild package clamv*****
>>>>>>>>> 3 - rpm -e clamav-toaster-0.92.1-1.3.17 --nodeps
>>>>>>>>> 4 - rpm -i clamav-toaster-0.93-1.3.18.i386.rpm
>>>>>>>>>
>>>>>>>>> works OK
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> -Eric 'shubes'
>>>>
>>>> ---------------------------------------------------------------------
>>>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail:
>>>> [EMAIL PROTECTED]
>>>> <mailto:[EMAIL PROTECTED]>
>>>> For additional commands, e-mail:
>>>> [EMAIL PROTECTED]
>>>> <mailto:[EMAIL PROTECTED]>
>>>>
>>>
>
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
