Re: [Clamav-users] Updates w/o freshclam
> > > > Hi John, > > > > Wanted to jump in to say that I found that confusing also. > This is how > > I read it: > > > > 1) On external (meaning: not CentOS) machine: run freshclam (which > > will pick up the new {main,daily}.c[vl]d), then copy those > new files > > to your sneakerware device. > > > > 2) On CentOS machine: stop clamd, copy over new files, > restart clamd. > > Also remove any old database files in step 2). Otherwise you > may end up with both a .cvd and a .cld file, which will load > the same database twice. > > > > So the question is back to Torok for clarification. > > Yes, that is what I meant, thanks for explaining it more clearly. > > --Edwin > Ahah...got it. Thanks for the help and clarifications Torok and Robert - that helped. I'll just need to run clam updates on another machine that's connected...makes perfect sense now. Thanks again! John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 22:08, Robert Wyatt wrote: >>> The simplest way would be to run freshclam, copy >>> {main,daily}.c[vl]d to your device, then stop clamd on the >>> CentOS system, remove main.*, daily.* from the DBdir, copy >>> over your new databases, and start clamd. >>> >> Okay, seems reasonable...but why run freshclam at all if I am manually >> copying the databases over onto the device? Are the steps you >> described the >> ones that actually get done automatically when you run freshclam? >> (save >> for the getting the databases from the 'net) Or are you running >> freshclam >> in the above sequence to verify versions at the start? > > > Hi John, > > Wanted to jump in to say that I found that confusing also. This is how > I read it: > > 1) On external (meaning: not CentOS) machine: run freshclam (which > will pick up the new {main,daily}.c[vl]d), then copy those new files > to your sneakerware device. > > 2) On CentOS machine: stop clamd, copy over new files, restart clamd. Also remove any old database files in step 2). Otherwise you may end up with both a .cvd and a .cld file, which will load the same database twice. > > So the question is back to Torok for clarification. Yes, that is what I meant, thanks for explaining it more clearly. --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to your device, then stop clamd on the CentOS system, remove main.*, daily.* from the DBdir, copy over your new databases, and start clamd. Okay, seems reasonable...but why run freshclam at all if I am manually copying the databases over onto the device? Are the steps you described the ones that actually get done automatically when you run freshclam? (save for the getting the databases from the 'net) Or are you running freshclam in the above sequence to verify versions at the start? Hi John, Wanted to jump in to say that I found that confusing also. This is how I read it: 1) On external (meaning: not CentOS) machine: run freshclam (which will pick up the new {main,daily}.c[vl]d), then copy those new files to your sneakerware device. 2) On CentOS machine: stop clamd, copy over new files, restart clamd. So the question is back to Torok for clarification. Thanks, Robert ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 21:31, John Corelli wrote: >> On 2010-01-07 19:49, John Corelli wrote: >> >>> Hi All - >>> >>> I'm new to clamav, but I've spent time looking through the archives >>> and FAQs, so I hope my question is not too "newbish". >>> >>> I'm running clam 0.95.3 on a single Centos 5.3 system. That system >>> will not be connected to the internet ever, but I have DSS/NISPOM >>> security requirements that I run AV tools on that computer >>> >> and update >> >>> the virus dat/database files on a regular basis. I see >>> >> that freshclam >> >>> is a nice way to get the updated sigs etc., but I will be >>> >> running without that tool. >> >>> >>> >> If you are not connected to the internet what are you >> scanning? Network shares? >> >> > Any PDFs or other docs that get brought into the system. > > >>> What is the best way to get virus sig updates via sneakernet? From >>> the setup I have, I see that there is the main.cvd, daily.cvd and >>> daily.cld files which are all the ones that need to get updated. >>> >>> I believe it is the two daily.* files that need to be the >>> >> same version >> >>> at all times, correct? Is main.cvd the engine then? >>> >>> >> Both main.cvd and daily.* are the database, main.cvd is >> updated less often, while daily.cvd is updated several times a day. >> >> The CVD and CLD files store the same information, the former >> is the compressed database, the latter is a previous CVD/CLD, >> with an incremental update applied to it. >> Thus if you have a .cld file you shouldn't have a .cvd file. >> If the incremental update fails you'll get a CVD file again. >> >> The simplest way would be to run freshclam, copy >> {main,daily}.c[vl]d to your device, then stop clamd on the >> CentOS system, remove main.*, daily.* from the DBdir, copy >> over your new databases, and start clamd. >> >> > Okay, seems reasonable...but why run freshclam at all if I am manually > copying the databases over onto the device? You can download the databases yourself directly, like: wget database.clamav.net/main.cvd wget database.clamav.net/daily.cvd main.cvd is rather large though, so its faster if you use freshclam to update. > Are the steps you described the > ones that actually get done automatically when you run freshclam? (save > for the getting the databases from the 'net) Freshclam checks remote DB version, tries to download an incremental update and apply it, if that is not possible it downloads the full DB and checks its version. It also warns if engine is out of date. > Or are you running freshclam > in the above sequence to verify versions at the start? > I recommended to use freshclam, because its the simplest way to get an up-to-date database. For example it knows to retry downloading from another mirror, if one of the mirrors is down, or has an old version. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
> > On 2010-01-07 19:49, John Corelli wrote: > > Hi All - > > > > I'm new to clamav, but I've spent time looking through the archives > > and FAQs, so I hope my question is not too "newbish". > > > > I'm running clam 0.95.3 on a single Centos 5.3 system. That system > > will not be connected to the internet ever, but I have DSS/NISPOM > > security requirements that I run AV tools on that computer > and update > > the virus dat/database files on a regular basis. I see > that freshclam > > is a nice way to get the updated sigs etc., but I will be > running without that tool. > > > > If you are not connected to the internet what are you > scanning? Network shares? > Any PDFs or other docs that get brought into the system. > > What is the best way to get virus sig updates via sneakernet? From > > the setup I have, I see that there is the main.cvd, daily.cvd and > > daily.cld files which are all the ones that need to get updated. > > > > I believe it is the two daily.* files that need to be the > same version > > at all times, correct? Is main.cvd the engine then? > > > > Both main.cvd and daily.* are the database, main.cvd is > updated less often, while daily.cvd is updated several times a day. > > The CVD and CLD files store the same information, the former > is the compressed database, the latter is a previous CVD/CLD, > with an incremental update applied to it. > Thus if you have a .cld file you shouldn't have a .cvd file. > If the incremental update fails you'll get a CVD file again. > > The simplest way would be to run freshclam, copy > {main,daily}.c[vl]d to your device, then stop clamd on the > CentOS system, remove main.*, daily.* from the DBdir, copy > over your new databases, and start clamd. > Okay, seems reasonable...but why run freshclam at all if I am manually copying the databases over onto the device? Are the steps you described the ones that actually get done automatically when you run freshclam? (save for the getting the databases from the 'net) Or are you running freshclam in the above sequence to verify versions at the start? Regards John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updates w/o freshclam
On 2010-01-07 19:49, John Corelli wrote: > Hi All - > > I'm new to clamav, but I've spent time looking through the archives and > FAQs, so I hope my question is not too "newbish". > > I'm running clam 0.95.3 on a single Centos 5.3 system. That system will not > be connected to the internet ever, but I have DSS/NISPOM security > requirements that I run AV tools on that computer and update the virus > dat/database files on a regular basis. I see that freshclam is a nice way > to get the updated sigs etc., but I will be running without that tool. > If you are not connected to the internet what are you scanning? Network shares? > What is the best way to get virus sig updates via sneakernet? From the > setup I have, I see that there is the main.cvd, daily.cvd and daily.cld > files which are all the ones that need to get updated. > > I believe it is the two daily.* files that need to be the same version at > all times, correct? Is main.cvd the engine then? > Both main.cvd and daily.* are the database, main.cvd is updated less often, while daily.cvd is updated several times a day. The CVD and CLD files store the same information, the former is the compressed database, the latter is a previous CVD/CLD, with an incremental update applied to it. Thus if you have a .cld file you shouldn't have a .cvd file. If the incremental update fails you'll get a CVD file again. The simplest way would be to run freshclam, copy {main,daily}.c[vl]d to your device, then stop clamd on the CentOS system, remove main.*, daily.* from the DBdir, copy over your new databases, and start clamd. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Updates w/o freshclam
Hi All - I'm new to clamav, but I've spent time looking through the archives and FAQs, so I hope my question is not too "newbish". I'm running clam 0.95.3 on a single Centos 5.3 system. That system will not be connected to the internet ever, but I have DSS/NISPOM security requirements that I run AV tools on that computer and update the virus dat/database files on a regular basis. I see that freshclam is a nice way to get the updated sigs etc., but I will be running without that tool. What is the best way to get virus sig updates via sneakernet? From the setup I have, I see that there is the main.cvd, daily.cvd and daily.cld files which are all the ones that need to get updated. I believe it is the two daily.* files that need to be the same version at all times, correct? Is main.cvd the engine then? Thanks for the help John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd, clamav-milter: socket permissions
On Thu, Jan 07, 2010 at 04:49:15PM +0100, aCaB wrote: > Noah Sheppard wrote: > > When I start clamav-milter, it creates clmilter.socket like so: > > $ ls -l /var/clamav/clmilter.socket > > srwxr-xr-x 1 clamav clamav 0 Dec 29 16:02 /var/clamav/clmilter.socket > > > > Because of the mode 755, postfix cannot write to clamav-milter's > > socket, so I have to manually 'chmod 755 /var/clamav/clmilter.socket' in > > order to make virus checking work. Unless somebody tells me otherwise, > > I am sure the modes are the default, at least for my distribution. > > As for adding a dedicated option to clamav-milter, that's sure something > that can be done. > > Please open a feature request ticket so it doesn't get forgotten. Great! I'll do as you suggest. Thanks, -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd, clamav-milter: socket permissions
On Thu, Jan 07, 2010 at 07:47:45AM -0800, Todd Lyons wrote: > On Thu, Jan 7, 2010 at 6:31 AM, Noah Sheppard wrote: > > > > I'm running postfix-2.3.3 with clamav-milter-0.95.3 (and therefore > > clamd-0.95.3). Postfix is running as user "postfix". OS is RHEL5, > > x86_64. > > > > When I start clamd, it creates clamd.sock like so: > > $ ls -l /var/run/clamav/clamd.sock > > srwxrwxrwx 1 clamav clamav 0 Dec 29 16:02 /var/run/clamav/clamd.sock > > Change the user that clamav runs as to "postfix". I considered that, but didn't like the sound of it, since it would mean other things that could potentially want to use clamd for virus scanning may not be able to (though I suppose that's a bit academic since on this server, we only need clamd for mail scanning; I may reconsider). Thanks for your help, -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd, clamav-milter: socket permissions
On Thu, Jan 7, 2010 at 6:31 AM, Noah Sheppard wrote: > > I'm running postfix-2.3.3 with clamav-milter-0.95.3 (and therefore > clamd-0.95.3). Postfix is running as user "postfix". OS is RHEL5, > x86_64. > > When I start clamd, it creates clamd.sock like so: > $ ls -l /var/run/clamav/clamd.sock > srwxrwxrwx 1 clamav clamav 0 Dec 29 16:02 /var/run/clamav/clamd.sock Change the user that clamav runs as to "postfix". You'll need to change it in clamd.conf, freshclam.conf, and clamav-milter.conf. You'll also need to change the owner of the directories that clamav uses. chown -R postfix: /var/log/clamav /var/clamav /var/lib/clamav /var/run/clamav Restart clamav, clamav-milter, and freshclam daemons. The only issue I have is that the rpm changes the directory permissions back to clamav: when it installs and updated version, but it's easily fixable with one command, so not a big deal. -- Regards... Todd Real Integrity is doing the right thing, knowing that no body's going to know whether you did it or not. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd, clamav-milter: socket permissions
Noah Sheppard wrote: > When I start clamav-milter, it creates clmilter.socket like so: > $ ls -l /var/clamav/clmilter.socket > srwxr-xr-x 1 clamav clamav 0 Dec 29 16:02 /var/clamav/clmilter.socket > > Because of the mode 755, postfix cannot write to clamav-milter's > socket, so I have to manually 'chmod 755 /var/clamav/clmilter.socket' in > order to make virus checking work. Unless somebody tells me otherwise, > I am sure the modes are the default, at least for my distribution. Hi Noah, the milter socket is created by libmilter, which should obey the umask. Just set it to suit your needs. As for adding a dedicated option to clamav-milter, that's sure something that can be done. Please open a feature request ticket so it doesn't get forgotten. Cheers, -acab ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamd, clamav-milter: socket permissions
Hi all, I'm running postfix-2.3.3 with clamav-milter-0.95.3 (and therefore clamd-0.95.3). Postfix is running as user "postfix". OS is RHEL5, x86_64. When I start clamd, it creates clamd.sock like so: $ ls -l /var/run/clamav/clamd.sock srwxrwxrwx 1 clamav clamav 0 Dec 29 16:02 /var/run/clamav/clamd.sock When I start clamav-milter, it creates clmilter.socket like so: $ ls -l /var/clamav/clmilter.socket srwxr-xr-x 1 clamav clamav 0 Dec 29 16:02 /var/clamav/clmilter.socket Because of the mode 755, postfix cannot write to clamav-milter's socket, so I have to manually 'chmod 755 /var/clamav/clmilter.socket' in order to make virus checking work. Unless somebody tells me otherwise, I am sure the modes are the default, at least for my distribution. I could certainly modify the init script to make the chmod automatic, but is there a better way people are setting this up, perhaps w/o world-writable sockets, or configuration done in the conf file rather than the initscript (I haven't been able to find docs on clamav-milter.conf other than the included example file)? Thanks much, -- Noah Sheppard Assistant Computer Resource Manager Taylor University CSE Department nshep...@cse.taylor.edu ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml