Re: [clamav-users] Yum Updater Breaks My Set Up
On 6/26/2015 14:55, Bob Cohen wrote: > > > Okay. Now I see what happened. The owner and group should be set to > clamav. And now it works. Thank you. I knew it was something simple. > > This makes sense. After a yum update clam sets the log file owner to > clam:clam instead of clamav:clamav and it must also change the user > name which causes the permissions error. How can I get amavisd, > spamassassin, and clam to play nicely with Yum Update? > You may come upon a problem at reboot is that directory re-creates upon startup (I had some sort of problem like that, when I moved to CentOS 7, but I don't have the details handy). My problem was with clamav-milter, though, and I eventually changed all the run IDs to clamav instead. That seems to have worked for me. -Don ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam-AV reverts to prior (mis)configuration after each reboot
On 3/26/2015 16:40, Bryan Burke wrote: >> I have both clamd and clamav-milter installed on my CentOS 7 machine. For >> ease of use, >> I've got bth configured to use one id, 'clamav'. This means I use two >> different >> directories, /var/run/clamav and /var/run/clamav-milter, owned by user >> clamav and set to >> permissions 711, to hold the socket/pid files. This is all working well, as >> far as I >> can tell. >> >> However, I've had a number of reboots recently, and after each one the >> following >> happens: >> >> * The clamav directory (/var/run/clamav) is deleted. >> * The clamav-milter directory (/var/run/clamav-milter) is changed to owner >> clmilt. >> >> The conf files do NOT change. Therefore, I get an error (misleading, at >> that) for >> clamav-milter. Clamav seems to start, but does not create a socket file, >> and so the >> milter can't find it (and can't create its own run file in a directory it >> doesn't own. >> >> Does this make sense to anyone? > > It does, in fact. On RHEL7 (and variants), /var/run is now a symlink to /run, > which is a > tmpfs, so it is always cleared on reboot. For persistent application data, > you should put > things in /var/lib, e.g. /var/lib/clamav. > Ah, great - thanks! -Don ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Clam-AV reverts to prior (mis)configuration after each reboot
I can't find a logical explanation for this, so I thought I'd ask here. I have both clamd and clamav-milter installed on my CentOS 7 machine. For ease of use, I've got bth configured to use one id, 'clamav'. This means I use two different directories, /var/run/clamav and /var/run/clamav-milter, owned by user clamav and set to permissions 711, to hold the socket/pid files. This is all working well, as far as I can tell. However, I've had a number of reboots recently, and after each one the following happens: * The clamav directory (/var/run/clamav) is deleted. * The clamav-milter directory (/var/run/clamav-milter) is changed to owner clmilt. The conf files do NOT change. Therefore, I get an error (misleading, at that) for clamav-milter. Clamav seems to start, but does not create a socket file, and so the milter can't find it (and can't create its own run file in a directory it doesn't own. Does this make sense to anyone? -Don ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [Clamav-users] Clamav-milter 0.95: error connecting to filter... connection refused [RESOLVED]
Don Levey wrote: > > Immediately upon updating from 0.94.2 the system started to > malfunction. While I was able to make sure that things came up again > properly (editing the conf files for new options from the upgrade, socket > locations, and the like) I am still getting the following error in my > maillog: > > Apr 22 16:13:13 dungeon sendmail[11077]: n3MKDDAP011077: Milter > (clmilter): error connecting to filter: Connection refused by > /var/run/clamav/clmilter.sock > > For whatever reason, I stopped getting this message in my maillog. By adding the "AddHeaders" directive in the clamav-milter.conf file, I was able to confirm that things are indeed working again. I don't understand it, but I'm happy with it. Thanks again, -Don Levey ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Clamav-milter 0.95: error connecting to filter... connection refused
First, the vitals: [r...@dungeon clamav]# uname -a Linux dungeon.the-leveys.us 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:10:25 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux [r...@dungeon clamav]# rpm -q clamav clamav-0.95.1-2.el5.rf [r...@dungeon clamav]# rpm -q clamav-milter clamav-milter-0.95.1-2.el5.rf [r...@dungeon clamav]# rpm -q sendmail sendmail-8.13.8-2.el5 Immediately upon updating from 0.94.2 (?) the system started to malfunction. While I was able to make sure that things came up again properly (editing the conf files for new options from the upgrade, socket locations, and the like) I am still getting the following error in my maillog: Apr 22 16:13:13 dungeon sendmail[11077]: n3MKDDAP011077: Milter (clmilter): error connecting to filter: Connection refused by /var/run/clamav/clmilter.sock Here is the directory listing for the socket directory: [r...@dungeon clamav]# pwd /var/run/clamav [r...@dungeon clamav]# ls -la total 32 drwxr-xr-x 2 clamav clamav 4096 Apr 22 16:14 . drwxr-xr-x 29 root root 4096 Apr 22 16:19 .. -rw-rw 1 clamav clamav5 Apr 22 16:14 clamd.pid srwxrwxrwx 1 clamav clamav0 Apr 22 16:14 clamd.socket srwxr-xr-x 1 clamav clamav0 Apr 22 16:14 clmilter.sock My sendmail.mc file shows the following: INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, F=, T=C:1m;S:4m;R:4m')dnl which makes sense to me as we seem to be looking for the socket file in the correct place, but are for some reason unable to open it. I've seen at least one suggestion elsewhere that permissions might have something to do with the problem; please forgive my ignorance but how do I change the permissions for socket file creation? Thanks for your time and help, -Don ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
RE: [Clamav-users] Version mismatches on supposedly up-to-date system
[EMAIL PROTECTED] wrote: > Stephen Gran wrote: >> On Fri, Apr 14, 2006 at 01:04:06PM -0400, Don Levey said: >>> What have I missed? >> >> clamav-0.88-1 >> >> That one? > > 0.88-1 != 0.88.1-1 > > It looks to me that you have three packages yet to update: > > clamav-server-0.88-1 > clamav-0.88-1 > clamav-milter-0.88-1 Indeed. I have updated those three. Now I've just gone through yet another config file change hell, where the files have changed name/location (again!) and not used the versions I've already set up. I'm trying to chase down what files are in use now, and what options I need to change to get things running again. When I try to restart sendmail, I get: [EMAIL PROTECTED] ~]# service sendmail restart Shutting down sendmail:[ OK ] Shutting down sm-client: [ OK ] Starting sendmail: WARNING: Xclmilter: local socket name /var/run/clamav- milter/clamav.sock missing [ OK ] Starting sm-client:[ OK ] So sendmail starts, but the milter sock file isn't there. No surprise, as the milter is now not running: [EMAIL PROTECTED] ~]# service clamav-milter restart Shutting down clamav-milter: [FAILED] Starting clamav-milter: /var/log/clamav/clamd.log: Permission denied [ OK ] So without having changed permissions, now I can't log milter activities. Even making sure that the owner of the /var/log/clamav directory is the one mentioned in the milter.conf file doesn't help. And by the way, the sock file is still not created. Just for amusement value, I tried to restart clamd now that I have "upgraded": [EMAIL PROTECTED] ~]# service clamd restart clamd: unrecognized service So now clamd is gone... [EMAIL PROTECTED] ~]# ls -la /etc/init.d/clam* -rwxr-xr-x 1 root root 1570 Apr 6 13:03 /etc/init.d/clamav-milter -rwxr-xr-x 1 root root 1458 Jan 15 12:28 /etc/init.d/clamav-milter.rpmsave -rwxr-xr-x 1 root root 1570 Nov 4 08:12 /etc/init.d/clamav-milter-stock lrwxrwxrwx 1 root root 31 Apr 14 13:33 /etc/init.d/clamd-wrapper -> /usr/share/clamav/clamd-wrapper So now it's a link to clamd-wrapper. Trying to start *that* gives me: [EMAIL PROTECTED] ~]# service clamd-wrapper restart clamd-wrapper: unrecognized service ...Which is interesting, as I had just verified that it exists. Bt wait: [EMAIL PROTECTED] ~]# ls -la /usr/share/clamav/clamd-wrapper -rw-r--r-- 1 root root 1863 Nov 7 2004 /usr/share/clamav/clamd-wrapper [EMAIL PROTECTED] ~]# So the source for that link is no longer executable. I don't understand - a wrapper script that gets installed as non-executable? And of course no incoming mail is being scanned. Do I just need to remove ALL the packages and start again from scratch? -Don ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Version mismatches on supposedly up-to-date system
I've been through something like this before, but the previous cause/solution doesn't fit now. Here's the scoop: I'm getting "outdated" error messages in my logwatch reports: Last Status: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.88 Recommended version: 0.88.1 DON'T PANIC! Read http://www.clamav.net/faq.html main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes) daily.cvd is up to date (version: 1397, sigs: 4080, f-level: 7, builder: sven) Received signal: wake up OK, I've seen that before, so I went and checked what I have installed: [EMAIL PROTECTED] ~]# rpm -qa | grep clam clamav-server-0.88-1 clamav-lib-0.88.1-1.fc4 clamav-0.88-1 clamav-data-0.88.1-1.fc4 clamav-milter-0.88-1 clamav-update-0.88.1-1.fc4 So my installed RPMs are of the correct version. I stopped and restarted all running clam processes (at that point, we're talking about freshclam, clamd and clamav-milter) and then did a version check: [EMAIL PROTECTED] ~]# clamd -V ClamAV 0.88/1400/Fri Apr 14 10:21:07 2006 WARNING: Version mismatch. See http://www.clamav.net/faq.html Tool version: 0.88, Engine version: 0.88.1 [EMAIL PROTECTED] ~]# clamav-milter -V ClamAV version 0.88, clamav-milter version 0.87 [EMAIL PROTECTED] ~]# freshclam -V ClamAV 0.88.1/1400/Fri Apr 14 10:21:07 2006 So freshclam is fine (confirmed by version listed in /var/log/clamav/freshclam.log: [EMAIL PROTECTED] ~]# tail /var/log/clamav/freshclam.log -- freshclam daemon 0.88.1 (OS: linux-gnu, ARCH: i386, CPU: i386) ClamAV update process started at Fri Apr 14 12:47:01 2006 main.cvd is up to date (version: 37, sigs: 46700, f-level: 7, builder: ccordes) daily.cvd is up to date (version: 1400, sigs: 4228, f-level: 7, builder: arnaud) -- [EMAIL PROTECTED] ~]# But my clamav and clamav-milter executables are (still) older versions. I have only one of each (confirmed by locate/which). What have I missed? -Don ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Version 0.87 installed, outdated message claims 0.86.2
Bob wrote: > On Thursday 29 Sep 2005 12:08, Don Levey wrote: >> [EMAIL PROTECTED] wrote: >>> On 9/28/05, Don Levey <[EMAIL PROTECTED]> wrote: >>>> [EMAIL PROTECTED] wrote: >>>>> And clamd -V reports what? >>>> >>>> That gives me 0.87, just like the others. >>>> I didn't kill (or restart) any of the clam processes when I >>>> upgraded, but previous upgrades stopped/started the processes as >>>> part of the installation (I install from RPM). I only see >>>> freshclam as a running process; I run clamav-milter and sendmail, >>>> which otherwise has worked well for me. >>> >>> It is a bug in logwatch. If you do not logrotate daily then the >>> logwatch scriptlet for clamav will flag that no matter how long in >>> the past. I havent had time to try and find a fix. >> >> Ah, I see - so it's not really a problem with the versions per se. >> When the logs rotate again, will it clear up? > > have a look in /var/log/freshclam.log and see what it says there. If > it is reporting 0.87 then all is well > Silly me - this looks like it was it. While my *installed* version of freshclam was 0.87, the version that was actually running (which, unlike previous updates, did not stop and restart upon upgrade) was still 0.86.2. Simply restarting freshclam gave "normal" messages in my freshclam.log. I suspect that I'll get fewer of those outdated messages in tomorrow morning's log message. Thanks! -Don ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Version 0.87 installed, outdated message claims 0.86.2
[EMAIL PROTECTED] wrote: > On 9/28/05, Don Levey <[EMAIL PROTECTED]> wrote: >> [EMAIL PROTECTED] wrote: >>> And clamd -V reports what? >>> >>> >> That gives me 0.87, just like the others. >> I didn't kill (or restart) any of the clam processes when I >> upgraded, but previous upgrades stopped/started the processes as >> part of the installation (I install from RPM). I only see freshclam >> as a running process; I run clamav-milter and sendmail, which >> otherwise has worked well for me. > > It is a bug in logwatch. If you do not logrotate daily then the > logwatch scriptlet for clamav will flag that no matter how long in the > past. I havent had time to try and find a fix. > Ah, I see - so it's not really a problem with the versions per se. When the logs rotate again, will it clear up? -Don ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Version 0.87 installed, outdated message claims 0.86.2
[EMAIL PROTECTED] wrote: > And clamd -V reports what? > > That gives me 0.87, just like the others. I didn't kill (or restart) any of the clam processes when I upgraded, but previous upgrades stopped/started the processes as part of the installation (I install from RPM). I only see freshclam as a running process; I run clamav-milter and sendmail, which otherwise has worked well for me. -Don ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Version 0.87 installed, outdated message claims 0.86.2
This seems to be a bizarre error, and one I'm not finding in (recent) past correspondence. I'm getting the following error in my daily logwatch report: Last Status: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.86.2 Recommended version: 0.87 DON'T PANIC! Read http://www.clamav.net/faq.html main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 1102, sigs: 759, f-level: 6, builder: arnaud) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 5, recommended = 6 DON'T PANIC! Read http://www.clamav.net/faq.html Received signal: wake up So I went to look at the FAQ. My clamscan and freshclam seem to be v0.87: [EMAIL PROTECTED] ~]# whereis freshclam freshclam: /usr/bin/freshclam /etc/freshclam.conf /usr/share/man/man1/freshclam.1.gz [EMAIL PROTECTED] ~]# /usr/bin/freshclam -V ClamAV 0.87/1103/Wed Sep 28 12:48:20 2005 [EMAIL PROTECTED] ~]# whereis clamscan clamscan: /usr/bin/clamscan /usr/share/man/man1/clamscan.1.gz [EMAIL PROTECTED] ~]# /usr/bin/clamscan -V ClamAV 0.87/1103/Wed Sep 28 12:48:20 2005 And the libraries seem to be up to date, as far as I can tell: [EMAIL PROTECTED] ~]# ldd `which freshclam` linux-gate.so.1 => (0x002e4000) libclamav.so.1 => /usr/lib/libclamav.so.1 (0x0028a000) libz.so.1 => /usr/lib/libz.so.1 (0x4e8c3000) libbz2.so.1 => /usr/lib/libbz2.so.1 (0x41597000) libgmp.so.3 => /usr/lib/libgmp.so.3 (0x4ec1b000) libpthread.so.0 => /lib/libpthread.so.0 (0x4e8d8000) libnsl.so.1 => /lib/libnsl.so.1 (0x4f368000) libresolv.so.2 => /lib/libresolv.so.2 (0x4ea85000) libc.so.6 => /lib/libc.so.6 (0x4e771000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x4eac6000) /lib/ld-linux.so.2 (0x4e744000) [EMAIL PROTECTED] ~]# ls -la /usr/lib/libclamav* -rw-r--r-- 1 root root 389474 Sep 17 06:03 /usr/lib/libclamav.a lrwxrwxrwx 1 root root 19 Sep 20 09:14 /usr/lib/libclamav.so -> libclamav.so.1.0.16 lrwxrwxrwx 1 root root 19 Sep 20 09:14 /usr/lib/libclamav.so.1 -> libclamav.so.1.0.16 -rwxr-xr-x 1 root root 294160 Sep 17 06:03 /usr/lib/libclamav.so.1.0.16 As far as I can tell, v0.86.2 isn't installed anymore; it's all 0.87: [EMAIL PROTECTED] ~]# rpm -qa clam* clamav-server-0.87-1.fc4 clamav-data-0.87-1.fc4 clamav-0.87-1.fc4 clamav-update-0.87-1.fc4 clamav-milter-0.87-1.fc4 clamav-lib-0.87-1.fc4 clamav-devel-0.87-1.fc4 So why am I being told that this is outdated? Any ideas? Thanks, in advance, -Don ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Are we safe - WORM_BAGLE.AZ
[EMAIL PROTECTED] wrote: > On Thu, 2005-01-27 at 07:01 -0700, Craig Daters wrote: >> I'm thinking that someone has submitted this, and we already have the >> update...but does anyone know for sure if we are safe from this. >> >> WORM_BAGLE.AZ is what Trend Net is referring to this as, there >> message to me this morning follows: >> > > It is detected by Clam as Trojan.Downloader.Small-165, which was added > on 8th Nov 2004 by Christoph. > > -trog Hmm... Passed right through my setup, without detection. Database updated as recently as 4:am today. -Don ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] 'localhost' on X-Virus-Scanned line regardless of settings [RESOLVED]
[EMAIL PROTECTED] wrote: > My messages are all being scanned, which is good. > However, the X-Virus-Scanned: line added to the header references > 'localhost' and not the name of the mail server doing the scanning. > I can't find what is controlling this; the archives suggest looking > at my hosts file. However, the actual hostname is there pointing to > 127.0.0.1; localhost is only at the end of that line. > > This used to work for me up through version 0.74, but that was on > another machine. This is a new machine, and the configuration seems > the same. Any clues? > -Don > > It appears that I did overlook one thing which was different on the two machines. On the old (working machine, I had the following in my clanav.conf file: LocalSocket /var/run/clamav/clamd.sock FixStaleSocket # TCP port address. #TCPSocket 3310 #TCPAddr 127.0.0.1 While in the new (non-working) machine, I had: #LocalSocket /var/run/clamav/clamd.sock FixStaleSocket # TCP port address. TCPSocket 3310 TCPAddr 127.0.0.1 Once I added the local socket, and removed the TCP reference, the hostname appeared properly. Thanks for your time, sorry to bother. -Don --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] 'localhost' on X-Virus-Scanned line regardless of settings
My messages are all being scanned, which is good. However, the X-Virus-Scanned: line added to the header references 'localhost' and not the name of the mail server doing the scanning. I can't find what is controlling this; the archives suggest looking at my hosts file. However, the actual hostname is there pointing to 127.0.0.1; localhost is only at the end of that line. This used to work for me up through version 0.74, but that was on another machine. This is a new machine, and the configuration seems the same. Any clues? -Don --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Starting Clamav-Milter
Todd Lyons wrote: > > The config file is the clamav config file, usually /etc/clamav.conf. > You should be calling the clamav-milter with the lines set below: > >> CLAMAV_FLAGS=" >> --config-file=/etc/clamav.conf >> --headers --noreject --outgoing >> --quarantine-dir=/var/clamav/quarantine >> --max-children=10 --force-scan --local >> [EMAIL PROTECTED] >> --postmaster-only >> --server=localhost >> local:/var/run/clamav/clamav-milter.sock >> " > > This should do it (and is common as a clamav-milter init script: > > . /etc/sysconfig/clamav-milter > clamav-milter $CLAMAV_FLAGS > > I've attached my clamav-milter init script. Note that I've adjusted > the startup priority for my system. You too should adjust it for your > particular needs. You do this by editing the line: > # chkconfig: 2345 78 32 > That means that when you do 'chkconfig add clamav-milter', it will > enable it for runlevels 2, 3, 4 and 5 with priority 78, and during the > shutdown process, will kill it with priority 32. Clamd needs to start > before clamav-milter, so make the 78 number larger than clamd's and > you should be good to go. Unfortunately, the script didn't make it through. Here's what I've got in the init.d/clamav-milter script: # Local clamav-milter config CLAMAV_FLAGS= test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter Well, there's more, but this looks like the important line. Another chance to display my ignorance: Does this mean that it will pick up the flags from the file I've got in sysconfig, and use them when it starts? If so, then it looks like simply adjusting the priorities will do it. Thanks again, -Don --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Starting Clamav-Milter
[EMAIL PROTECTED] wrote: > On Tue, 29 Jun 2004, Don Levey wrote: > >> without issue. I can then start the milter manually because clamd is >> already started. Looks like I'll change that from S80 to S85... > > . . . and don't forget to make sure sendmail starts after that ! ...and that affects spamassassin... Looking at it again, perhaps I should just change clamd from S80 to S70, and keep everything else where it is. -Don --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Starting Clamav-Milter
[EMAIL PROTECTED] wrote: > What do you mean "isn't enough"? Are you saying you get an error > message? If so what is the message? If not, what do you mean? > > On Tuesday 29 Jun 2004 16:06, Don Levey wrote: >> I know the answer is out there somewhere, I just can't seem to find >> it. When my system restarts, clamd starts right up, just like it's >> supposed to. However, I need to manually start clamav-milter, and >> specify all options on the command-line. Even specifying the config >> file isn't enough. >> >> What is the approved method for: >> 1) Starting the milter automatically upon system startup, and >> 2) Making sure the config file is read when this happens? >> >> TIA, >> -Don >> Whether or not I specify the file (-c /etc/sysconfig/clamav-milter) I get an error: clamav-milter: No socket-addr given If I specify the socket address on the command-line also, I get: ERROR: Parse error at line 10: Unknown option CLAMAV_FLAGS=". clamav-milter: Can't parse the config file /etc/sysconfig/clamav-milter The contents of the config file are: ### Simple config file for clamav-milter, you should ### read the documentation and tweak it as you wish. # CLAMAV_FLAGS=" # --config-file=/etc/clamav.conf # --max-children=2 # -obl local:/var/run/clamav/clmilter.socket #" CLAMAV_FLAGS=" --config-file=/etc/clamav.conf --headers --noreject --outgoing --quarantine-dir=/var/clamav/quarantine --max-children=10 --force-scan --local [EMAIL PROTECTED] --postmaster-only --server=localhost local:/var/run/clamav/clamav-milter.sock " My additions are modeled after the default config commented out above. My assumption is that the default specified is in fact valid. I'll check out the rc.d stuff someone else mentioned - I was blanking on that and couldn't find it anywhere. Thanks, -Don --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Starting Clamav-Milter
[EMAIL PROTECTED] wrote: > On Tue, 29 Jun 2004, Don Levey wrote: > >> I know the answer is out there somewhere, I just can't seem to find >> it. When my system restarts, clamd starts right up, just like it's >> supposed to. > > I'm sure it doesn't start up by magic -- you probably added a start-up > script for it -- something in /etc/init.d with a symlink from > /etc/rc3.d or whatever is appropriate for your system ? You need to > add a similar script for clamav-milter. > > Of course this will depend on what flavor of Unix, version, > run-level, etc. > Ah, I think this is what I was missing. In the appropriate rcX.d directory (3, 5) both the clamav-milter and the clamd are set at priority 80. Clamav-milter, perhaps because it comes first in alphabetical order, tries to start and fails because the clamd socket does not exist. Clamd starts without issue. I can then start the milter manually because clamd is already started. Looks like I'll change that from S80 to S85... Thanks! -Don --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Starting Clamav-Milter
I know the answer is out there somewhere, I just can't seem to find it. When my system restarts, clamd starts right up, just like it's supposed to. However, I need to manually start clamav-milter, and specify all options on the command-line. Even specifying the config file isn't enough. What is the approved method for: 1) Starting the milter automatically upon system startup, and 2) Making sure the config file is read when this happens? TIA, -Don --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Ethics Question
[EMAIL PROTECTED] wrote: > On Wed, 2004-06-09 at 20:10, Samuel Benzaquen wrote: > >> I think the only way I could think is reporting the IP to some >> DNSBLs. That way you can stop receiving their mails and you leave >> the cleansing problem to their ISP. > > Or simply block the IP with sendmails acces database (or the > equivalent for your choice of MTA) > Considering how many (if not most) of these IPs are on client machines that send mail directly, and not through their ISP's mail host, you can probably drop the entire block of dynamic addresses in your firewall. That's what I've had to do with some optonline blocks, as the ISP seems uninterested in stopping the abuse. -Don --- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd dead but subsys locked
[EMAIL PROTECTED] wrote: > Folks, > I am again in the situation where the clamav-milter seems unable to > connect to clamd. In my maillog I get the following: > > Milter: data, reject=451 4.7.1 Please try again later > > Previously, I had thought that this was a problem with the milter > itself, but as I know (a little) more now I went to check on the clamd > process. Checking on the status gives the following: > > clamd dead but subsys locked > > I am able to start clamd again, but it seems only a matter of time > before it stops again. I do not know the trigger event that stops it; > it does seem to accept some number of messages successfully before it > dies. > > Below are the relevant lines from my sendmail.mc file; I'll also > attach the (non-commented) lines in my clamav.conf file. > > Hopefully this will make sense to someone; thanks for your time. > > -Don > > It appears that the message from Samuel Benzaquen, mentioned elsewhere, must have been the source of my crash. Does anyone have any ideas for what in this message may have caused a crash? -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamd dead but subsys locked
Folks, I am again in the situation where the clamav-milter seems unable to connect to clamd. In my maillog I get the following: Milter: data, reject=451 4.7.1 Please try again later Previously, I had thought that this was a problem with the milter itself, but as I know (a little) more now I went to check on the clamd process. Checking on the status gives the following: clamd dead but subsys locked I am able to start clamd again, but it seems only a matter of time before it stops again. I do not know the trigger event that stops it; it does seem to accept some number of messages successfully before it dies. Below are the relevant lines from my sendmail.mc file; I'll also attach the (non-commented) lines in my clamav.conf file. Hopefully this will make sense to someone; thanks for your time. -Don >From sendmail.mc: define(`confLOG_LEVEL', `9')dnl define(`confMILTER_LOG_LEVEL', `9')dnl INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clamav-milter.sock, F=, T=C:1m;S:4m;R:4m')dnl from clamav.conf: LogFile /var/log/clamav/clamd.log LogFileMaxSize 2M LogTime LogVerbose PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/clamav LocalSocket /var/clamav/clamd.socket FixStaleSocket StreamSaveToDisk StreamMaxLength 10M ReadTimeout 600 MaxDirectoryRecursion 15 User clamav ScanOLE2 ScanMail ScanArchive ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxCompressionRatio 200 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] v0.71: clamav-milter dead but subsys locked
On Thu, 2004-05-27 at 14:08, Don Levey wrote: > NOTE: I am not really expecting an answer to this, but didn't find much of a > discussion of these errors in the archive. Therefore, I'm writing my > experiences in the hopes that others with these errors can work around their > problems. > So far, so good. I then restarted clamd and clamav-milter to make sure I > was running the new version. At this point, mail seemed to be going through > unscanned, with the following lines in my maillog: > > May 27 12:28:06 davinci sendmail[32077]: i4RGS5a2032077: Milter: data, > reject=451 4.7.1 Please try again later > May 27 12:28:36 davinci sendmail[32079]: i4RGSU3h032079: Milter: data, > reject=451 4.7.1 Please try again later > May 27 12:31:27 davinci sendmail[32145]: i4RGVQgi032145: Milter: data, > reject=451 4.7.1 Please try again later > > I isolated these problems to the command-line options being used when > starting up. When I was working properly, I had started manually using: > > clamav-milter --quarantine-dir=/var/run/clamav/quarantine --max-children=10 > --force-scan --local --postmaster-only --server=localhost > local:/var/run/clamav/clamav-milter.sock > > However when running 'service clamav-milter restart' I found I was running: > > clamav-milter --quarantine-dir=/var/clamav/quarantine --max-children=10 > --force-scan --local --postmaster-only --server=localhost > local:/var/run/clamav/clamav-milter.sock --config-file=/etc/clamav.conf --he > aders --noreject --outgoing > > I isolated the problem to the clamav.conf file, but have not delved any > deeper than that I may have found the problem. The clamuko options were enabled by default in the config file, do I hadn't changed them. I disabled all of them, and that appears to have done the trick (though it may be too early to tell). > > This led me to what I think was the problem: I moved the clamav-milter.sock > file out of the way and tried to start again. The milter started normally, > and seems to be processing mail correctly. Eventually I'll get to whatever > is in the clamav.conf file that is causing the hang-up mentioned earlier. > Simply for reference, I'm pasting the options in the conf file below. I did enable the FixStaleSocket, just in case, on Nigel's advice. > # Note: Clamuko/Dazuko is not configured/running > ClamukoScanOnOpen > ClamukoScanOnClose > ClamukoScanOnExec > ClamukoIncludePath /home > ClamukoMaxFileSize 1M > ClamukoScanArchive > Hopefully, this info will help someone else who finds themselves in my position. -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] v0.71: clamav-milter dead but subsys locked
NOTE: I am not really expecting an answer to this, but didn't find much of a discussion of these errors in the archive. Therefore, I'm writing my experiences in the hopes that others with these errors can work around their problems. As of this morning, I had v0.70 up and running, and seemed to be working just fine. I still don't kow why it was bouncing authentication for a local mailman account sending to itself, but I stopped that message from sending, so I was OK. Anyway, not being one to leave well enough alone, I wanted to update to v0.71. The clamav website gives two sources for Fedora RPMs: Crash and Dag. I went with Dag. I installed Clam-av, Clamav-milter, Clamav-db, and Clamd. So far, so good. I then restarted clamd and clamav-milter to make sure I was running the new version. At this point, mail seemed to be going through unscanned, with the following lines in my maillog: May 27 12:28:06 davinci sendmail[32077]: i4RGS5a2032077: Milter: data, reject=451 4.7.1 Please try again later May 27 12:28:36 davinci sendmail[32079]: i4RGSU3h032079: Milter: data, reject=451 4.7.1 Please try again later May 27 12:31:27 davinci sendmail[32145]: i4RGVQgi032145: Milter: data, reject=451 4.7.1 Please try again later I isolated these problems to the command-line options being used when starting up. When I was working properly, I had started manually using: clamav-milter --quarantine-dir=/var/run/clamav/quarantine --max-children=10 --force-scan --local --postmaster-only --server=localhost local:/var/run/clamav/clamav-milter.sock However when running 'service clamav-milter restart' I found I was running: clamav-milter --quarantine-dir=/var/clamav/quarantine --max-children=10 --force-scan --local --postmaster-only --server=localhost local:/var/run/clamav/clamav-milter.sock --config-file=/etc/clamav.conf --he aders --noreject --outgoing I isolated the problem to the clamav.conf file, but have not delved any deeper than thay yet because I've gotten the clamav-milter dead but subsys locked error when checking on the status of the daemon (service clamav-milter status). The subsys file (/var/lock/subsys/clamav-milter) seems to be created correctly, but is persistent. Deleting it then gave me a status of 'stopped', but trying to start it again and checking status gave me the same "subsys locked" error. I then got the brilliant idea of checking the messages log, which uncovered: May 27 13:07:12 davinci clamav-milter: ClamAv: Unable to bind to port local:/var/run/clamav/clamav-milter.sock: Address already in use May 27 13:07:12 davinci clamav-milter: ClamAv: Unable to create listening socket on conn local:/var/run/clamav/clamav-milter.sock May 27 13:07:12 davinci clamav-milter: clamav-milter startup succeeded This led me to what I think was the problem: I moved the clamav-milter.sock file out of the way and tried to start again. The milter started normally, and seems to be processing mail correctly. Eventually I'll get to whatever is in the clamav.conf file that is causing the hang-up mentioned earlier. Simply for reference, I'm pasting the options in the conf file below. -Don LogFile /var/log/clamav/clamd.log LogFileMaxSize 2M LogTime LogVerbose PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/clamav LocalSocket /var/clamav/clamd.socket StreamSaveToDisk StreamMaxLength 10M ReadTimeout 600 MaxDirectoryRecursion 15 User clamav ScanOLE2 ScanMail ScanArchive ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxCompressionRatio 200 # Note: Clamuko/Dazuko is not configured/running ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec ClamukoIncludePath /home ClamukoMaxFileSize 1M ClamukoScanArchive --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav-milter and Mailman - user not authenticating?
I am noticing something strange and frustrating when I have clamav-milter enabled in my sendmail installation. First, the vital stats: Fedora Core 2 Sendmail 8.12.11-4.6 Clam-AV 0.70 Clamav-milter 0.70j Mailman 2.1.4-4 I do have mailman on this server, though no active lists at the moment. Whenever I have clamav-milter enabled in my sendmail.mc/cf, I get the following in my maillog (below). For some reason, the mailman user seems to be trying to send a message to itself. When I remove the milter from the configuration, I not only cease to see the milter lines in the log (of course) but also the reject line: May 26 15:50:06 davinci sendmail[30441]: ruleset=trust_auth, [EMAIL PROTECTED], relay=[192.168.1.1], re ject=550 5.7.1 <[EMAIL PROTECTED]>... not authenticated There are no mailman processes running; this seems to happen every 5 minutes. Has anyone seen anything like this, and/or have any suggestions? -Don May 26 15:50:01 davinci sendmail[30438]: i4QJo0R3030438: from=mailman, size=1074, class=0, nrcpts=1, msgid=<200405261950 [EMAIL PROTECTED]>, [EMAIL PROTECTED] May 26 15:50:06 davinci sendmail[30441]: NOQUEUE: connect from [192.168.1.1] May 26 15:50:06 davinci sendmail[30441]: AUTH: available mech=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=DI GEST-MD5 CRAM-MD5 LOGIN PLAIN May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: Milter (clmilter): init success to negotiate May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: Milter: connect to filters May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: milter=clmilter, action=connect, continue May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 220 [davinci.the-leveys.us ESMTP MTAname vmta.version; Wed, 26 May 2004 15:50:06 -0400] - All Access Logged - No Unauthorised Access Permitted - Unauthorized access subject to fin es, fees, and costs of cleanup - All Rights Reserved, including those not explicitly mentioned May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: <-- EHLO davinci.the-leveys.us May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-davinci.the-leveys.us Hello [192.168.1.1], pleased to m eet you May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-ENHANCEDSTATUSCODES May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-PIPELINING May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-8BITMIME May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-SIZE May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-DSN May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-ETRN May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250-DELIVERBY May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250 HELP May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: <-- MAIL From:<[EMAIL PROTECTED]> SIZE=1074 AUTH=ma [EMAIL PROTECTED] May 26 15:50:06 davinci sendmail[30441]: ruleset=trust_auth, [EMAIL PROTECTED], relay=[192.168.1.1], re ject=550 5.7.1 <[EMAIL PROTECTED]>... not authenticated May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: Milter: senders: <[EMAIL PROTECTED]> May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: milter=clmilter, action=mail, continue May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: <-- RCPT To:<[EMAIL PROTECTED]> May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: Milter: rcpts: <[EMAIL PROTECTED]> May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: milter=clmilter, action=rcpt, continue May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: <-- DATA May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 354 Enter mail, end with "." on a line by itself May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: from=<[EMAIL PROTECTED]>, size=1369, class=0, nrcpt s=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=[192.168.1.1] May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: milter=clmilter, action=header, continue May 26 15:50:06 davinci last message repeated 9 times May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: milter=clmilter, action=eoh, continue May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: milter=clmilter, action=body, continue May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: Milter add: header: X-Virus-Scanned: clamd / ClamAV version 0.7 0, clamav-milter version 0.70j May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: Milter accept: message May 26 15:50:06 davinci sendmail[30441]: i4QJo6NG030441: --- 250 2.0.0 i4QJo6NG030441 Message accepted for delivery May 26 15:50:06 davinci sendmail[30438]: i4QJo0R3030438: to=mailman, ctladdr=mailman (41
RE: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
[EMAIL PROTECTED] wrote: > Don Levey wrote: > >> On >> >> My sendmail and sendmail-devel are both 8.12.8-9.90. >> Is this known to cause problems? Thanks again! >> -Don >> >> >> >> >> > > I dont know. Perhaps you would like to try compiling > sendmail,libmilter,clamav from source? > You mentioned that the code shown in the strace looked like that of libmilter. Would that suggest that sendmail/libmilter were operating, and that for some reason libmilter wasn't talking to clamav-milter? As I mentioned, I'm reluctant to recompile sendmail unless I absolutely need that to get this working. -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
[EMAIL PROTECTED] wrote: > Don Levey wrote: > >> On >> >> My sendmail and sendmail-devel are both 8.12.8-9.90. >> Is this known to cause problems? Thanks again! >> -Don >> >> >> >> >> > > I dont know. Perhaps you would like to try compiling > sendmail,libmilter,clamav from source? > Well, I'm willing to try most anything at this point, though I tried to compile the clamav packages from source and that seemed to cause quite a few other problems. I admit I'm a little reluctant to recompile sendmail unless it's absolutely necessary, since it works (otherwise) now, but if that's what I need to do, so be it. -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
On Wed, 2004-04-28 at 05:57, Joe Maimon wrote: > Don Levey wrote: > > > > >Apr 27 21:38:54 davinci sendmail[7174]: i3S1csjm007174: > >from=<[EMAIL PROTECTED]>, size=700, class=0, nrcpts=1, > >msgid=<[EMAIL PROTECTED]>, proto=ESMTP, > >daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] > >Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter > >(clmilter): timeout during data read > >Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter > >(clmilter): to error state > > > > > > > This looks like exactly what it seems. clamav-milter did not respond > during the 5 minute timeout (check your sendmail cf readme or look at > www.sendmail.org) > Hmm... This is a 4-minute lag, which would correspond with the line in sendmail.mc: INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clamav-milter.sock, F=, T=C:1m;S:4m;R:4m')dnl Any ideas on why it would take so long to (fail to) respond? > >Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: > >from=<[EMAIL PROTECTED]>, size=703, class=0, nrcpts=1, > >msgid=<[EMAIL PROTECTED]>, proto=ESMTP, > >daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] > >Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: Milter: data, > >reject=451 4.7.1 Please try again later > >Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: > >to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=30695, stat=Please try again > >later > > > >Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: > >from=<[EMAIL PROTECTED]>, size=703, class=0, nrcpts=1, > >msgid=<[EMAIL PROTECTED]>, proto=ESMTP, > >daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] > >Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: Milter: data, > >reject=451 4.7.1 Please try again later > >Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: > >to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=30695, stat=Please try again > >later > > > > > > > Your strace looks like the code in libmilter. > Exactly what version of sendmail and sendmail-devel do you have? > My sendmail and sendmail-devel are both 8.12.8-9.90. Is this known to cause problems? Thanks again! -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
On Mon, 2004-04-26 at 21:19, Don Levey wrote:
> In case anyone is still following my story...
>
> I've narrowed things down a bit. The clamd daemon seems to be running
> properly, as evidenced by a proper run of clamdscan. Takes almost no
> time at all to scan one file, and 12 minutes in total to scan approx
> 30Gb of directories/files.
>
> Therefore, I must conclude that there is some communication problem
> between clamav-milter and clamd (or clamav-milter and sendmail) that is
> interfering with the ability of the milter to do its job. As I
> mentioned above, there are two symptoms - a significant slowdown in mail
> exchange, and the failure for any virii to be flagged or a header line
> to be written in acceptable messages. Does anyone have any suggestions
> for what might account for this?
> -Don
>
Once more into the breach:
Three entries from the mail log -
Apr 27 21:38:54 davinci sendmail[7174]: i3S1csjm007174:
from=<[EMAIL PROTECTED]>, size=700, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62]
Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter
(clmilter): timeout during data read
Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter
(clmilter): to error state
Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212:
from=<[EMAIL PROTECTED]>, size=703, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62]
Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: Milter: data,
reject=451 4.7.1 Please try again later
Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212:
to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=30695, stat=Please try again
later
Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214:
from=<[EMAIL PROTECTED]>, size=703, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62]
Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: Milter: data,
reject=451 4.7.1 Please try again later
Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214:
to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=30695, stat=Please try again
later
What seem to be corresponding entries from an strace run of
clamav-milter:
accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 2
setsockopt(2, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
clone(child_stack=0x410cba90,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI
D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7175], {entry_number:6,
base_addr:0x410cbb30, limit:1048575, seg_32bit:1, contents:0
, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) =
7175
accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 3
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
clone(child_stack=0x418cca90,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI
D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7213], {entry_number:6,
base_addr:0x418ccb30, limit:1048575, seg_32bit:1, contents:0
, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) =
7213
select(2, [1], NULL, [1], {5, 0}) = 1 (in [1], left {4, 78})
accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 3
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
clone(child_stack=0x418cca90,
flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI
D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7215], {entry_number:6,
base_addr:0x418ccb30, limit:1048575, seg_32bit:1, contents:0
, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) =
7215
So what is happening here? Why don't viruses get blocked? Why is mail
significantly delayed? Why aren;t the headers getting rewritten?
-Don
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
On Mon, 2004-04-26 at 09:39, Don Levey wrote: > > 1) Each message transaction takes significantly longer to complete. > I've boosted the timeout in the config file (to 600), and yet I'm still > getting the following errors in the maillog: > > Apr 26 09:31:17 davinci sendmail[7530]: i3QDVHVI007530: Milter: data, > reject=451 4.7.1 Please try again later > Apr 26 09:31:17 davinci sendmail[7530]: i3QDVHVI007530: > to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=86363, stat=Please try > again later > Apr 26 09:31:33 davinci sendmail[7510]: i3QDRXVI007510: Milter > (clmilter): timeout during data read > Apr 26 09:31:33 davinci sendmail[7510]: i3QDRXVI007510: Milter > (clmilter): to error state > > The second entry was from a message that was started 4 minutes > previously, well within the 10-minute timeout window. Eventually, I see > messages delivered - but I haven't done a one-to-one check on message > IDs yet to determine if ALL messages are delivered. > > > 2) The second problem: Viruses are still getting through. More to the > point, viruses in the database are still getting through. Additionally, > no header line ([X-Virus-Scanned]). Therefore, I'm back to where I > started before clamav - only more slowly. > > -Don In case anyone is still following my story... I've narrowed things down a bit. The clamd daemon seems to be running properly, as evidenced by a proper run of clamdscan. Takes almost no time at all to scan one file, and 12 minutes in total to scan approx 30Gb of directories/files. Therefore, I must conclude that there is some communication problem between clamav-milter and clamd (or clamav-milter and sendmail) that is interfering with the ability of the milter to do its job. As I mentioned above, there are two symptoms - a significant slowdown in mail exchange, and the failure for any virii to be flagged or a header line to be written in acceptable messages. Does anyone have any suggestions for what might account for this? -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
On Sun, 2004-04-25 at 07:59, Don Levey wrote: > Now I'm getting a clamfi_close error, but it seems like progress. I can > start the clamav-milter and it shows in my process list. > > -Don > I am no longer getting this error. I ripped everything out by the roots, and started over. Instead of trying to build from source, I downloaded binary packages from Dag Wieer's repository, and installed. It seemed to go smoothly, and the three processes (clamd, freshclam, clamav-milter) all started up without problem. The sendmail restarted cleanly also. There are two small problems: 1) Each message transaction takes significantly longer to complete. I've boosted the timeout in the config file (to 600), and yet I'm still getting the following errors in the maillog: Apr 26 09:31:17 davinci sendmail[7530]: i3QDVHVI007530: Milter: data, reject=451 4.7.1 Please try again later Apr 26 09:31:17 davinci sendmail[7530]: i3QDVHVI007530: to=<[EMAIL PROTECTED]>, delay=00:00:00, pri=86363, stat=Please try again later Apr 26 09:31:33 davinci sendmail[7510]: i3QDRXVI007510: Milter (clmilter): timeout during data read Apr 26 09:31:33 davinci sendmail[7510]: i3QDRXVI007510: Milter (clmilter): to error state The second entry was from a message that was started 4 minutes previously, well within the 10-minute timeout window. Eventually, I see messages delivered - but I haven't done a one-to-one check on message IDs yet to determine if ALL messages are delivered. 2) The second problem: Viruses are still getting through. More to the point, viruses in the database are still getting through. Additionally, no header line ([X-Virus-Scanned]). Therefore, I'm back to where I started before clamav - only more slowly. -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Sun, 2004-04-25 at 02:44, Nigel Horne wrote: > On Sunday 25 Apr 2004 12:19 am, Don Levey wrote: > > > I thought I had... > > Of course, the key line in all of that is: > > "Install into /usr/local/sbin/clamav-milter" > > Which is what I'm trying to do - but this isn't particularly informative > > (to me). The closest thing I could figure was to use --prefix during > > the overall make, but this did nothing for the milter at all. > > You can achieve that by either > "cp .../clamav-milter/clamav-milter /usr/local/sbin" > or "cd .../clamav-milter; make install" > or even "make install" from the clamav-devel directory. This I tried. I found that I was missing the sendmail-devel files; installing those permitted the clamav-milter file to be built. Now I'm getting a clamfi_close error, but it seems like progress. I can start the clamav-milter and it shows in my process list. -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Sat, 2004-04-24 at 18:05, Nigel Horne wrote: > On Saturday 24 April 2004 10:10 pm, Don Levey wrote: > > > Since those are the only files directly named 'clamav-milter", which one > > is the executable and which one the startup script? > > Look in .../clamav-milter/INSTALL and ensure that you have followed the > instructions in there. I thought I had... Of course, the key line in all of that is: "Install into /usr/local/sbin/clamav-milter" Which is what I'm trying to do - but this isn't particularly informative (to me). The closest thing I could figure was to use --prefix during the overall make, but this did nothing for the milter at all. The example referenced didn't give me any information either, unfortunately. I've added the relevant lines to the sendmail.mc (and rebuilt sendmail.cf), made sure that clamav.conf was similarly edited, made the appropriate run directory with permissions and ownership. The next instructions were not applicable, as I am not running spamassassin, and I'm trying to run all on one machine. >From there on, everything else is changelog. What have I missed? Running make in the overall clamav directory, enabling the milter, still says that there's nothing to be done for 'all' in the milter directory. Likewise when I try to run make in the milter directory itself. I'm clearly missing something - but what? -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Sat, 2004-04-24 at 16:57, Nigel Horne wrote:
> On Saturday 24 April 2004 9:28 pm, Don Levey wrote:
>
> > Well, I may be making progress.
> > Based upon someone's suggestion, I had been keeping the clamav-milter
> > execution script in /etc/rc.d/init.d/. I copied it to /usr/sbin, with a
> > link to it in /usr/local/sbin. I made sure the permissions were the
> > same as the test of the files there (755). Now, when I try to execute
> > it, I get the following:
> >
> > [EMAIL PROTECTED] log]# clamav-milter start
> > Starting clamav-milter: Usage: /usr/sbin/clamav-milter
> > {start|stop|reload|restart|condrestart|status}
> >[FAILED]
>
> Why are you putting an init startup script in /usr/local/sbin? init scripts
> live in /etc/rc.d or /etc/init.d depending on your OS, certainly not in a
> sbin directory!
>
> Leave the clamav-milter executable in /usr/local/sbin and the startup
> script in /etc/rc.d/init.d. Two programs for two jobs and never the
> twain shall meet...
I've got two files names "clamav-milter".
One is in /etc/sysconfig, and contains what looks like command-line
flags for startup. My guess was that this was a config file.
The second is an executable script. I can't even remember where it was
originally; probably in the build directory and no-where else. Yes, I
did run make in the milter subdirectory when I downloaded the code, as
well as make install. I copied *this* script into /etc/rc.d/init.d, and
then into /usr/sbin and /usr/local/sbin. For reference, it starts:
!/bin/sh
#
# clamav-milter This script starts and stops the clamav-milter daemon
#
# chkconfig: 2345 91 30
#
# description: clamav-milter is a daemon which hooks into sendmail and
routes
# email messages to clamav
# processname: clamav-milter
# Source function library.
. /etc/rc.d/init.d/functions
Since those are the only files directly named 'clamav-milter", which one
is the executable and which one the startup script?
-Don
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Fri, 2004-04-23 at 16:25, Todd Lyons wrote:
> B. van Ouwerkerk wrote:
> >
> > On my system I had to chmod /var/run/clamav to 700 owned by
> > clamav:clamav. You have that dir set to 755. I'm not sure this will work
> > exactly the same on all distro's but on Slackware this works just fine.
>
> It works fine at mode 755. If you're using an
> /etc/sysconfig/clamav-milter config file, you could be specifying it on
> the commandline which will override the config file settings:
>
> [EMAIL PROTECTED] root]# ps ax | grep clamav-milter | grep -v grep
> 6090 ?S 4:07 clamav-milter --config-file=/etc/clamav.conf
> --max-children=20 --quiet -ol local:/var/clamav/clmilter.socket
>
Well, I may be making progress.
Based upon someone's suggestion, I had been keeping the clamav-milter
execution script in /etc/rc.d/init.d/. I copied it to /usr/sbin, with a
link to it in /usr/local/sbin. I made sure the permissions were the
same as the test of the files there (755). Now, when I try to execute
it, I get the following:
[EMAIL PROTECTED] log]# clamav-milter start
Starting clamav-milter: Usage: /usr/sbin/clamav-milter
{start|stop|reload|restart|condrestart|status}
[FAILED]
It looks like it's actually trying to start something now, though
failing.
I did an strace, and found that it was looking for a file
"initscripts.mo" in the US locale directories. Searching for the file,
I seemed to have a copy almost everywhere *except* in the US. I first
linked to one in the UK directory; the "[FAILED]" message then appeared
in Cyrillic. Linking to a copy in /var/log changed nothing. According
to yum, I have the latest initscripts package installed. Ignoring that,
I redid an strace; for those interested the text is here:
http://www.the-leveys.us:6080/clamav-milter-strace.txt
I am not good at reading these, so I don't see what else might be
wrong. Any suggestions are welcome.
-Don
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Fri, 2004-04-23 at 16:55, Steven Stern wrote: > On Fri, 23 Apr 2004 15:27:41 -0400, "Don Levey" <[EMAIL PROTECTED]> wrote: > > >touch /var/lock/subsys/clamav-milter > > If you su to "clamav", can you do the above? > -- >Steve > Well, no - but that's because the clamav user doesn't have a login shell, per the docs: # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, segmentation fault
On Fri, 2004-04-23 at 16:50, Pat Masterson wrote: > Don, yes, unfortunately I have blocked most of the cable/DSL networks > (including my own) from getting thru the MTA. My apolgies, but I'm sure > you understand. -pat > > > On Fri, 23 Apr 2004, Don Levey wrote: > > >Pat (Masterson): > >It looks like your mail system doesn't like RCN. > >My response to your message is below. > > -Don > > Well, I do understand. However, I'm unable to reply to you, except through the list. FWIW, RCN blocks all outbound port 25 traffic from their dynamic IPs, which is why I smarthost through their server. Since you're blocking their servers also, all I can say is that I've not seen a more aggressive anti-spam outfit, ever. -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, segmentation fault
[EMAIL PROTECTED] wrote:
> On Fri, 23 Apr 2004 12:07:13 -0400, "Don Levey"
> <[EMAIL PROTECTED]> wrote:
>
>
>> For whatever reason, I'm not seeing clamav-milter in my ps list.
>> If it's not running, that would explain why it doesn't create a sock
>> and perhaps why sendmail can't then connect to that sock. I get no
>> feedback when trying to start it, even explicitly using the command-
>> line options in the config file. Nor do I see anything in any log
>> file that is of help (checked messages, no clamav-milter log,
>> clamd.log doesn't show anything).
>>
>> FWIW, freshclam *seems* to be working smoothly - at least, I get no
>> errors and the process seems to be running...
>>
>
>
> the milter is controlled by its command line:
>
> [root]# cat /etc/sysconfig/clamav-milter
> CLAMAV_FLAGS="-lo --max-children=10 --noreject --force-scan --quiet
> --dont-log-clean --server=localhost
> local:/var/run/clamav/clamav-milter.sock
> --quarantine-dir=/var/spool/clamav"
>
> [root]# ps -ef |grep clamav-milter
> clamav2252 1 0 08:56 ?00:00:00
> /usr/sbin/clamav-milter -lo
> --max-children=10 --noreject --force-scan --quiet --dont-log-clean
> --server=localhost local:/var/run/clamav/clamav-milter.sock
> --quarantine-dir=/var/spool/clamav
>
> In my clamav.conf, I have syslogging enabled. I don't know if
> clamav-milter cares about it.
>
> At a minimum, the process events get logged there:
...
I'm beginning to think that it's the clamav-milter script itself which is
the problem. For those still patient enough to remain tuned in, I think
we've checked just about everything else. My script is below - I haven't
made any changes to the base install because I can see no red flags here:
#!/bin/sh
#
# clamav-milter This script starts and stops the clamav-milter daemon
#
# chkconfig: 2345 91 30
#
# description: clamav-milter is a daemon which hooks into sendmail and
routes
# email messages to clamav
# processname: clamav-milter
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Local clamav-milter config
CLAMAV_FLAGS=
test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/local/sbin/clamav-milter ] || exit 0
PATH=$PATH:/usr/bin:/usr/local/sbin:/usr/local/bin
RETVAL=0
start() {
echo -n "Starting clamav-milter: "
daemon clamav-milter ${CLAMAV_FLAGS}
RETVAL=$?
echo
test $RETVAL -eq 0 && touch /var/lock/subsys/clamav-milter
return $RETVAL
}
stop() {
echo -n "Shutting down clamav-milter: "
killproc clamav-milter
RETVAL=$?
echo
test $RETVAL -eq 0 && rm -f /var/lock/subsys/clamav-milter
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
# Start daemon.
start
;;
stop)
# Stop daemon.
stop
;;
restart|reload)
restart
;;
condrestart)
test -f /var/lock/subsys/clamav-milter && $0 restart || :
;;
status)
status clamav-milter
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
exit 1
esac
exit $?
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, segmentation fault
Pat (Masterson): It looks like your mail system doesn't like RCN. My response to your message is below. -Don Mail Delivery System wrote: > This message was created automatically by mail delivery software > (Exim). > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) > failed: > > [EMAIL PROTECTED] > SMTP error from remote mailer after RCPT TO:<[EMAIL PROTECTED]>: > host gateway.northropgrumman.com [192.86.71.9]: > 550 5.0.0 <[EMAIL PROTECTED]>... We do not accept mail from > spammers. > > -- This is a copy of the message, including all the headers. > -- > > Return-path: <[EMAIL PROTECTED]> > Received: from 207-172-67-176.c3-0.frm-ubr1.sbo-frm.ma.cable.rcn.com > ([207.172.67.176] helo=davinci.the-leveys.us) by > smtp03.mrf.mail.rcn.net with esmtp (Exim 3.35 #4) id 1BH5h5-0004GC-00 > for [EMAIL PROTECTED]; Fri, 23 Apr 2004 14:46:35 -0400 > Received: from dleveyxp (gate.abinitio.com [65.170.40.132]) > by davinci.the-leveys.us (8.12.8/8.12.8) with SMTP id i3NIlVCB016755 > for <[EMAIL PROTECTED]>; Fri, 23 Apr 2004 14:47:31 -0400 > From: "Don Levey" <[EMAIL PROTECTED]> > To: "Pat Masterson" <[EMAIL PROTECTED]> > Subject: RE: [Clamav-users] Re: clam-av/milter, segmentation fault > Date: Fri, 23 Apr 2004 14:46:34 -0400 > Message-ID: <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) > Importance: Normal > In-Reply-To: <[EMAIL PROTECTED]> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 > > Pat Masterson wrote: >> Don - this is what I see in my ps: >> >> [EMAIL PROTECTED] [22]: ps -eaf | grep clam >> clamav 270 1 0 Apr 13 ?9:06 /usr/local/bin/clamd >> ping clamav 274 1 0 Apr 13 ?1:35 >> /usr/local/sbin/clamav-milter -bloq /var/run/clmilter.sock >> >> -pat >> > > Mine shows no clamav-milter:[EMAIL PROTECTED] log]# ps -eaf | grep clam > clamav 19574 1 0 Apr21 ?00:00:00 freshclam -d > clamav 15818 1 0 11:07 ?00:00:00 clamd > > Any ideas on why mine won't start, and/or where I could look for an > error? > > -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamav 0.70 gmp-devel
Julia McWhirter wrote: > > Can you just verify gmp-devel is part of gmp? > I needed both gmp and gmp-devel to build clam-av. They are separate packages. -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, segmentation fault
[EMAIL PROTECTED] wrote: > On Fri, 23 Apr 2004 09:12:03 -0400, "Don Levey" > <[EMAIL PROTECTED]> wrote: > > >> A search of my system doesn't turn up either a clamav-milter.sock or >> clamd.pid. The milter sock file should, at the very least, show up >> here since this is where I'm pointing in the sendmail.mc file. I >> had thought I was doing well, as I followed all the instructions... >> Perhaps I'll rewrite/expand the how-to when I get to the other side. >> -Don >> > > Just FYI, after failing several times to build clamav and > clamav-milter, I used the RPMs from the "crash-hat" site to install > version 0.70. One thing I've found that is important is to > explicitly set every parameter in clamav.conf and freshclam.conf and > not trust any of the default settings. In addition, it pays to be > explicit in clamav-milter.conf and sysconfig/clamav-milter. > I tried RPMs also, and had problems, but was able to build without apparent issue. My clamav-milter.conf seems to match what at least one person has posted so far. As for clamav.conf, I don't see anything that (in my ignorance) would raise a red flag. > If I could make just one suggestion to the clam developers, it would > be to consolidate all of the conf files into one. Well, it looks like there are actually two projects here: clam-av, and the one that enables this as a milter. Consolidation would be nice, as separate sections in the same file, as long as everyone behaves. For whatever reason, I'm not seeing clamav-milter in my ps list. If it's not running, that would explain why it doesn't create a sock and perhaps why sendmail can't then connect to that sock. I get no feedback when trying to start it, even explicitly using the command- line options in the config file. Nor do I see anything in any log file that is of help (checked messages, no clamav-milter log, clamd.log doesn't show anything). FWIW, freshclam *seems* to be working smoothly - at least, I get no errors and the process seems to be running... -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, segmentation fault
Steven Stern wrote: > On Thu, 22 Apr 2004 22:36:14 -0400, Don Levey <[EMAIL PROTECTED]> > wrote: > >>> Change the security on /var/run/clamav to clamav:clamav >>> >>> $ ls -ld /var/run/clamav >>> drwxr-xr-x 2 clamav clamav 4096 Apr 19 08:24 /var/run/clamav >>> >>> -- >> Steve, >> Unfortunately, that didn't seem to have an effect. >> The owner:group were already at clamav, and the permissions were set >> at 700. I reset to 755 as in your example, but there was no >> difference in behaviour. >> >> > What are the permissions on the files? > > $ ls -l /var/run/clamav/ > total 4 > srwx-- 1 clamav clamav 0 Apr 19 08:24 clamav-milter.sock > -rw-rw 1 clamav clamav 5 Apr 18 09:20 clamd.pid > srwxrwxrwx 1 clamav clamav 0 Apr 18 09:20 clamd.sock Well, so here might be part of the problem: [EMAIL PROTECTED] clamav]# ls -la /var/run/clamav/ total 8 drwxr-xr-x2 clamav clamav 4096 Apr 22 21:45 . drwxr-xr-x 11 root root 4096 Apr 22 21:21 .. srwx--1 clamav clamav 0 Apr 22 21:45 clamd.sock A search of my system doesn't turn up either a clamav-milter.sock or clamd.pid. The milter sock file should, at the very least, show up here since this is where I'm pointing in the sendmail.mc file. I had thought I was doing well, as I followed all the instructions... Perhaps I'll rewrite/expand the how-to when I get to the other side. -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Thu, 2004-04-22 at 22:20, Steven Stern wrote: > >Oops, I may have spoken too soon. My maillog is showing the following: > > > >Apr 22 20:57:07 davinci sendmail[11572]: i3N0v70t011572: Milter > >(clmilter): local socket name /var/run/clamav/clamav-milter.sock unsafe > >Apr 22 20:57:07 davinci sendmail[11572]: i3N0v70t011572: Milter > >(clmilter): to error state > > > > > Change the security on /var/run/clamav to clamav:clamav > > $ ls -ld /var/run/clamav > drwxr-xr-x 2 clamav clamav 4096 Apr 19 08:24 /var/run/clamav > > -- Steve, Unfortunately, that didn't seem to have an effect. The owner:group were already at clamav, and the permissions were set at 700. I reset to 755 as in your example, but there was no difference in behaviour. Thanks, -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Thu, 2004-04-22 at 20:31, Don Levey wrote: > Thank you again - this worked. As far as I can tell, it's functioning > correctly now. Thanks all for your help! > -Don > Oops, I may have spoken too soon. My maillog is showing the following: Apr 22 20:57:07 davinci sendmail[11572]: i3N0v70t011572: Milter (clmilter): local socket name /var/run/clamav/clamav-milter.sock unsafe Apr 22 20:57:07 davinci sendmail[11572]: i3N0v70t011572: Milter (clmilter): to error state >From what I was able to get in the archives, this can happen if the sock is named differently in the sendmail.mc and clamav-milter files. However: sendmail.mc: define(`confINPUT_MAIL_FILTERS', `clmilter')dnl INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clamav-milter.sock, F=, T=S:4m;R:4m')dnl clamav-milter: CLAMAV_FLAGS="--headers --noreject --outgoing --quarantine-dir=/var/run/clamav/quarantine --max-children=10 --force-scan --local --postmaster-only --server=localhost local:/var/run/clamav/clamav-milter.sock" >From what I see here, they seem to be named the same. I tried to make sure that the owner and group of the /var/run/clamav/clamav-milter.sock file were clamav, and permissions were 600, but now restarting clamd gives an error in the clamd log that the sock file is in use by another process. I've not found anything yet in the archives which discusses this; stopping and restarting the processes doesn't seem to help. I hope I'm getting somewhere... -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, segmentation fault
On Thu, 2004-04-22 at 18:25, [EMAIL PROTECTED] wrote: > In the message dated: Thu, 22 Apr 2004 16:35:01 EDT, > The pithy ruminations from "Don Levey" on > were: > > RTFEM (Read The Fine Error Message): > > => Starting sendmail: 451 4.0.0 InputFilter clmilter not defined: No such file > > > OK, sendmail is looking for an InputFilter named clmilter, and complaining when > it doesn't exist. > Ah, OK - thanks. I was following the instructions - but actually understanding what I was doing would have helped more... > > => or directory > => WARNING: Xclamav: local socket name /var/run/clamav/clamav-milter.sock > => missing > => > => The lines in sendmail.mc are: > => INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav-milter.sock, F=, > ^^ > You've named your filter "clamav". > > => T=S:4m;R:4m')dnl > => define(`confINPUT_MAIL_FILTERS', `clmilter')dnl > > Then you tell sendmail to use a filter named "clmilter". No wonder the poor > thing is confused. > > => Thank you again - this worked. As far as I can tell, it's functioning correctly now. Thanks all for your help! -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, segmentation fault
[EMAIL PROTECTED] wrote: > The startup-scipt nomally resides in, lets say /etc/rc.d/init.d/ on > Redhat Linux. > > Here is how my /etc/sysconfig/clamav-milter looks like: (beware of > line-wraps) > CLAMAV_FLAGS="--headers --noreject --outgoing > --quarantine-dir=/var/run/clamav/quarantine --max-children=10 > --force-scan --local --postmaster-only --server=localhost > local:/var/run/clamav/clamav-milter.sock" > > Hope it helps. > > /Joacim > > Yes, it does - thanks! Running that permitted the milter to start without incident or error. Of course now (you just knew there had to be something else), trying to start sendmail with the example lines included in sendmail.mc gives me the following: Starting sendmail: 451 4.0.0 InputFilter clmilter not defined: No such file or directory WARNING: Xclamav: local socket name /var/run/clamav/clamav-milter.sock missing The lines in sendmail.mc are: INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav-milter.sock, F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clmilter')dnl I had thought that the order might affect the execution, and reversed them, but the results were the same. What might I have forgotten? Thanks again, -Don --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clam-av/milter, segmentation fault
First - I've searched the archives. Any failure to find information to my
question in the archives is mine alone.
I am attempting to install and v0.70 for use with Sendmail. I am running on
RedHat 9, Athlon.
I've downloaded and compiled source for both clamav and clamav-milter, and I
did enable the milter when compiling clam-av. Here's the problem:
I am able to run freshclam, and clamd.
However, when trying to start clamav-milter I receive a segmentation fault.
No further information, just that error.
I'm not at the point where I've restarted Sendmail (with new conf) yet.
I don't see anything in whatever logs I can find.
In case it helps, I've got the clamav-milter file below.
Thank you for any help you can offer,
-Don
/etc/sysconfig/clamav-milter:
#!/bin/sh
#
# clamav-milter This script starts and stops the clamav-milter daemon
#
# chkconfig: 2345 91 30
#
# description: clamav-milter is a daemon which hooks into sendmail and
routes
# email messages to clamav
# processname: clamav-milter
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Local clamav-milter config
CLAMAV_FLAGS=
test -f /etc/sysconfig/clamav-milter && . /etc/sysconfig/clamav-milter
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/local/sbin/clamav-milter ] || exit 0
PATH=$PATH:/usr/bin:/usr/local/sbin:/usr/local/bin
RETVAL=0
start() {
echo -n "Starting clamav-milter: "
daemon clamav-milter ${CLAMAV_FLAGS}
RETVAL=$?
echo
test $RETVAL -eq 0 && touch /var/lock/subsys/clamav-milter
return $RETVAL
}
stop() {
echo -n "Shutting down clamav-milter: "
killproc clamav-milter
RETVAL=$?
echo
test $RETVAL -eq 0 && rm -f /var/lock/subsys/clamav-milter
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
# Start daemon.
start
;;
stop)
# Stop daemon.
stop
;;
restart|reload)
restart
;;
condrestart)
test -f /var/lock/subsys/clamav-milter && $0 restart || :
;;
status)
status clamav-milter
;;
*)
echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
exit 1
esac
exit $?
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
