Exiscan + ClamAV

[Muzza]

I used the yum program, and it updated the server, except that i still have the same Failed dependencies issue before i ran yum. So it looks like yum updated the couple of rpm's on my system that were old, except for the ones i really needed it to update.

warning: glibc-2.3.5-0.fc3.1.i386.rpm: V3 DSA signature: NOKEY, key ID 4f2a6fd2
error: Failed dependencies:
        shadow-utils < 2:4.0.3-20 conflicts with glibc-2.3.5-0.fc3.1
        nscd < 2.3.3-52 conflicts with glibc-2.3.5-0.fc3.1
        tzdata >= 2003a is needed by glibc-common-2.3.5-0.fc3.1
        libgd.so.2 is needed by glibc-utils-2.3.5-0.fc3.1
        libc.so.6(GLIBC_PRIVATE) is needed by (installed) nscd-2.3.2-27.9.7

Any thought's

 

[Muzza]

I have actually downloaded a different version of ClamAV rpm's and it installed okay.

Just now i get the following error message when i do

# clamd start

LibClamAV Warning: ****************************************************
LibClamAV Warning: ***  This version of ClamAV engine is outdated.  ***
LibClamAV Warning: ***         Please update it IMMEDIATELY!        ***
LibClamAV Warning: ****************************************************
LibClamAV Error: cli_hex2si(): Malformed hexstring: 49662042203d2033205468656e205365742043203d204e6f726d616c54656d706c617465*42203c3e2031205468656e20442e41646466726f6d737472696e672045 (length: 131)
LibClamAV Error: cli_parse_add(): Problem adding signature.
LibClamAV Error: Problem parsing signature at line 26895
LibClamAV Error: Problem parsing database at line 26895
LibClamAV Error: Malformed database file /tmp/clamav-1cfd79e0498fd0e3/main.db
LibClamAV Warning: ****************************************************
LibClamAV Warning: ***  This version of ClamAV engine is outdated.  ***
LibClamAV Warning: ***         Please update it IMMEDIATELY!        ***
LibClamAV Warning: ****************************************************
Segmentation fault

but it's the latest version of ClamAV, so i'm not sure what to do now.

 

[Muzza]

I think it was due to a previous version of ClamAV installed on my server and the copy of the new ClamAv not installing properly.

I downloaded a copy of the source from

http://easynews.dl.sourceforge.net/sourceforge/clamav/

and also zlib from

http://www.zlib.net/

i created and installed them both without any real issues. A couple of conf issues but that was to be expected.

 

[tdldp]

Problem installing...

I've followed all steps as indicated, with latest versions.
I've got :
Fedora Core 3 - Directadmin 1.24.1
- Exim 4.50 da installed (so normally no need of exiscan as integrated in package)
- pico 4.61 installed
- i got clamAV 0.85-1 downloaded.

When i rpm -Uvh clamav-0.85.1-1.i386.rpm i get the following error :
[mymachine tmp]# rpm -Uvh clamav-0.85.1-1.i386.rpm
attention: clamav-0.85.1-1.i386.rpm: signature V3 DSA: NOKEY, key ID 6cdf2cc1
erreur: D
curl est n
libcurl.so.2 est n

Anyone can help me on this problem ?? I'm a linux newbie, who is willing to learn, but needs sometime some howto to understand...

Thks
Tdldp

edited : After reading a bit i've found an error.. I'd downloaded fedora 2 rpm. So restarted loading Fed 3 rpm and installing.
i then get this message (worse )
[mymachine tmp]# rpm -Uvh clamav-0.85.1-1.i386.rpm
attention: clamav-0.85.1-1.i386.rpm: signature V3 DSA: NOKEY, key ID 6cdf2cc1
erreur: D
curl est n
libcurl.so.3 est n
libidn est n
libidn.so.11 est n

Anyone has a clue ???

edited : In fact using bitvise tunnelier there are some error output troubles, so for other newbies as me, prefer using putty, or when error messages are uncomplete as above double check with putty.


Edited : Thks very much to titam who help me a lot round getting clamAV clean installed...
Though i do not pretend being an expert in how-to's, here is one that worked for my box : FC 3 / Da 1.241
//** are comments : are line feeds
1. //** ssh to box as root.
2. : cd /var/tmp
// put up to date exim to 4.51
3. : yum install db4-devel (if not installed it will skip)
4. : yum install rpm-build (if not installed it will skip)
5. //** install exim 4.51
: wget http://files.directadmin.com/services/da_exim-4.51-1.src.rpm
: rpm -ivh da_exim-4.51-1.src.rpm
: cd /usr/src/redhat/SPECS
: rpmbuild -bb exim.spec
: cd /usr/src/redhat/RPMS/i386
: rpm -Uvh --force da_exim-4.51-1.i386.rpm
6. //** install clamAV 0.85
: wget http://crash.fce.vutbr.cz/crash-hat/3/clamav/clamav-0.85.1-1.i386.rpm
: yum install clamav-0.85.1-1.i386.rpm //** yes i know this isn't normal way, but rpm -iv or -Uvh --force never worked on my box)


Answer yes to all questions and ClamAv should be installed, and so with latest exim version..
Hope this helps out as it could have helped me ...

Tdldp

 

[deltaned]

I get at:
clamd start
[root@srv2 admin]# clamav start
bash: clamav: command not found

Fedora core 2, Exim 4.50 clean box installed
ClamAV downloaded from: http://crash.fce.vutbr.cz/crash-hat/2/clamav/clamav-0.86.1-1.i386.rpm

Any tips?

 

[interfasys]

Are you sure that 1 and 2 were not blocked? 3 is a spam and should just say so. 4-7 should be blocked, but for this to happen, someone needs to write a better mime acl rule.

 

[joelhaasnoot]

Problems with Exim & ClamAV

I found instructions on how to integrate ClamAV into Exim and make it scan on this forum. Those instructions are here:
http://www.directadmin.com/forum/showthread.php?postid=31701#post31701

I succeed, but when I get to the part to modify the exim.conf file, I get the following error when restarting:

Shutting down exim:
Starting exim: 2005-07-19 22:34:37 Exim configuration error in line 563 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

Any ideas?

 

[splitech]

hmmm

[root@savvis clamav-0.86.2]# service exim restart
Shutting down exim: /etc/init.d/exim: line 41: kill: (9486) - No such process

Starting exim: 2005-07-30 01:00:34 Exim configuration error in line 593 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

[root@savvis clamav-0.86.2]#

what could be the problem

 

[albatroz]

Open your exim.conf file (at /etc/exim.conf)
with a text editor and look for that line,
the one that contents the "demime" ACL
and comment that line.

Then restart exim...

 

[splitech]

same thing

When i do that, and remove the demime = * now i get

[root@savvis etc]# service exim restart
Shutting down exim: /etc/init.d/exim: line 41: kill: (7953) - No such process

Starting exim: 2005-07-30 21:10:47 Exim configuration error in line 591 of /etc/exim.conf:
error in ACL: unknown ACL verb in "malware = *"

for malware = *

and if i remove that,
then all emails with an attachment are scanned and said they were a virus,

Theres gotta be a bug someplace.

 

[Icheb]

Re: same thing

When i do that, and remove the demime = * now i get
...
Starting exim: 2005-07-30 21:10:47 Exim configuration error in line 591 of /etc/exim.conf:
error in ACL: unknown ACL verb in "malware = *"
...
for malware = *
...

Sounds like you don't have an exiscan patch or something...
demime is normal, malware shouldn't happen...

 

[splitech]

exiscan

How can i tell if i have exiscan installed??

I just installed da_exim-4.52-1

 

[Icheb]

Should be enough...

Anyone else have the same problem ?
I'm still at a bit older version with my servers... Not going to upgrade until I find it to be safe ...

 

[rmday]

i have same problem

I get this :
Starting exim: 2005-08-06 02:15:55 Exim configuration error in line 565 of /etc/exim.conf: error in ACL: unknown ACL condition/modifier in "demime = *"

Then I commented out
# demime = *

And it is working exim restarted fine.

What does demime = * do?? Is it needed and will everything work with out it??

Redhat 9
exim 4.52
clamav 0.86.2

 

[nobaloney]

From a Waikato Linux Users Group Wiki:

Recent exiscans (including the one included with Exim 4.50) have deprecated demime, instead adding a acl_smtp_mime ACL. This is more powerful than the precvious demime, but as always, is more complex to get the above features.

While there's a complete workaround listed, I'm not sure this is something we should implement individually.

I've asked John to look at this thread and my post, and give us the benefit of his knowledge.

Jeff

 

[rmday]

Should I be ok with demime commented out?
Will it not cause users to loose mail or anything wired and will still block viruses??

Thanks
Rmday

 

[nobaloney]

The only effect I know of from commenting out the line would be that mime attachments may not get scanned.

However I'm not positive.

Jeff

 

[DirectAdmin Support]

Hi Guys,

I've honestly never looked at it in any detail, so I won't be of much use.

If it will make your lives easier, I can easily add the demime option to the exim compiles, not a big deal for me. The only issue you may encounter is the day that demime *is* in fact fully depreciated (removed from exim) on a future release. So it's basically now or later.

I've got no problems changing the compiles, so if you'd like it, let me know. If there is a new tool that is replacing demime (I'm guessing acl_smtp_mime), then I think it may be smarter to implement the scanning with the new tool instead, so that you won't need to worry about it becoming depreciated down the line.

This looks like it would be the guide on how to replace demime with what you want:
http://www.exim.org/exim-html-4.50/doc/html/spec_40.html#CHAP40

John

 

[nobaloney]

John, I agree with you fully (your last paragraph) and I'm sorry I asked you to get involved, since it's really not required for a basic DA install.

It's going to be my problem for VirusBlocker, and I'm going to follow the instructions in your link.

Jeff

 

[panamaspace]

Demime Option for Exim

I personally would like the option. Add my vote.

Or a quick how-to would be appreciated, I can rebuild my exim.

I have noticed ½ the virus test emails I am sending myself get rejected, but the other half come through, I am guessing it has something to do with this.

Thanks!