Exiscan + ClamAV

dragon2611 said:
try grabing yum from http://ftp.freshrpms.net/pub/freshrpms/redhat/9/yum/

if you dont have clam installed try yum install clamav or apt-get install clamav


hopefully it would sort the depdencys itself
Click to expand...

From my earlier post
I tried to grab Yum, and it wants a newer libxml2, and so forth
Click to expand...

Yum also has dependencies I cannot resolve (I grabbed libxml2-2.6.9-0.99_10.rh9.at.src.rpm, try to install it, tells me "libxml2-2.6.9-0.99_10.rh9.at.src.rpm: not an rpm package (or package manifest):
")

I'd love to use yum, if I can get through that dependencies. I'm sure it's simple, and if I would be better served by asking about Yum in another forum, feel free to berate me.
 
Last edited:
Last edited:
dragon2611 said:
http://download.atrpms.net/producti.../atrpms/libxml2-2.6.9-0.99_10.rh9.at.i386.rpm

http://download.atrpms.net/producti...s/libxml2-devel-2.6.9-0.99_10.rh9.at.i386.rpm

make sure you have them both in the same directory ideally with nothing else

then try

rpm -Uhv *.rpm


that might do it but im not sure.

Edit yes its common with rh9 which is why i now use centos its seems to be easier to get updated packages for
Click to expand...

Unfortunately that didn't work, I got another failed dependency:

error: Failed dependencies:
libxml2 = 2.6.9 is needed by libxml2-devel-2.6.9-0.99_10.rh9.at
Click to expand...

This lack of being able to find current rpms for all these dependencies is telling me RH9 +latest ClamAV is a no-go.

That's not going to be fun. This a rental server, Redhat 9 is our only option on this box. Clam looked like the popular choice. Do we have any other options?
 
maybe try googling/searching for some more rh9 repositorys then maybe one of them will allow apt to update everything for you, only thing i can really think off at the mo
 
I actually found

clamav-0.83-1.0.rh9.rf.i386.rpm

that I did a rpm -Uvh on, and it did something w/o questions or prompts. I can run clamscan or freshclam from anywhere, and they run, but it didn't load clamd, which i obviously want. It didn't load the clamd.conf file anywhere, so I'm at an impasse until I can stumble across how to add clamd by itself.

I got yum working also, but after it spends like 3 minutes pulling down loads of stuff, it says there is nothing to update. Not a single thing. Why would that be?
 
Last edited:
dragon2611 said:
i cheated...

im using centos and i get my clam av from the dag redhat enterprise reposotory which i added to yum, doesnt seem to cause any problems :)

not sure if there is a DAG repository for redhat9 but if there is grab yum or apt-get for rh and then add it ;) (http://freshrpms.net for yum/apt)

then a simple 'yum update' will update your clam-av and anything else that needs updated


(apt-get update then apt-get upgrade if you grab apt instead)
Click to expand...

Can you write the line that you added to Yum to use thhe dag repository, thanks.

Jon
 
added this to /etc/yum.conf

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el3/en/$basearch/dag
 
almost there

OK, i'm having a bit of an issue.

I'm running Redhat 9, Exim and the 0.83 clamav.

After making the appropriate changes to my exim.conf, when any mail is sent, my exim mainlog shows this:

2005-03-25 12:05:45 1DEsFl-00040S-FU malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
2005-03-25 12:05:45 1DEsFl-00040S-FU H=bay103-dav11.bay103.hotmail.com (hotmail.com) [65.54.174.83] F=<[email protected]> temporarily rejected after DATA

I'm sure this is something simple, but I've tried to follow the instructions in the clamdoc.pdf and from this helpful thread:

http://www.directadmin.com/forum/showthread.php?threadid=3860

I'm thinking my issue is something I've missed in setting up clam. It installed fine from RPMs, clamd runs, freshclam runs, etc.
 
What does this give you?

/etc/init.d/clamd status

Have you tried clamscan somefile

Have you restarted Exim? Have you rebooted since adding all this?

Matthew
 
hci said:
What does this give you?

/etc/init.d/clamd status

Have you tried clamscan somefile

Have you restarted Exim? Have you rebooted since adding all this?

Matthew
Click to expand...

clamd (pid 3370) is running...

and I've restarted both exim and the server, yes. I can comment out the clam stuff I've added to exim.conf and email goes through OK.
 
Do you have iptables or some other firewall running? If so stop firewall and see what happens.

Matthew
 
hci said:
Do you have iptables or some other firewall running? If so stop firewall and see what happens.

Matthew
Click to expand...

This is on our colo'd webserver, I'm sure the host has a router/firewall or three. ASAIK there is no firewall running on the box itself I can reprint our pid list if needed.

Is there a command I can do on the box to see if I can get out via port 3310?
 
Here is someone who had same problem.

http://www.mail-archive.com/[email protected]/msg02221.html

Not that it does any good since no one really helped him.

Look in your /etc/clamd.conf

Make sure TCP port is right and see if anything else sticks out. Seems that either clamd is not properly running on port 3310 or you have a firewall on your box blocking it.

Maybe someone else will jump in here with an idea?

Matthew
 
firewall is possible. I had a similar problem due to apf settings.
 
hci said:
Here is someone who had same problem.

http://www.mail-archive.com/[email protected]/msg02221.html

Not that it does any good since no one really helped him.

Look in your /etc/clamd.conf

Make sure TCP port is right and see if anything else sticks out. Seems that either clamd is not properly running on port 3310 or you have a firewall on your box blocking it.

Maybe someone else will jump in here with an idea?

Matthew
Click to expand...

Well heck maybe it's this. This is from my clamd.conf:

# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /var/run/clamav/clamd.sock

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket

# TCP port address.
# Default: disabled
# TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
TCPAddr 127.0.0.1


My 3310 is commented out, as i was following suggestions from here: http://www200.pair.com/mecham/spam/clamav-redhat-amavis.html

but it occured to me, these are instructions with amavisd-new, not exim.

Maybe that's all I need to switch around, comment out the TCPAddr 127.0.0.1 and uncomment the # TCPSocket 3310...
 
Well crap, now when I try to send, I have to go to the exim paniclog and see this:

2005-03-25 23:06:48 Exim configuration error in line 558 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "($malware_name)"
Click to expand...

repeated several times.

Edit: Ah, my mistake. Your sample conf helped. I had local socket commented out, but both 127.0.0.1 and 3310 were uncommented. Easy enough.

Email works now. Thanks for your help.
 
Last edited:
You must log in or register to reply here.
Back
Top