HowTo: ClamAV

[@how@]

ClamAV 88.2

wget [url]http://www.web4host.net/tools/ClamAV-update-tools.sh[/url]
chmod 755 ClamAV-update-tools.sh
./ClamAV-update-tools.sh

Wael

 

[jw00dy]

Thank you Wael

Your script still has 88.1 though, so those who download it will need to change the script to get 88.2

Otherwise, worked perfect. Thanks again.

 

[@how@]

Thank you Wael

Your script still has 88.1 though, so those who download it will need to change the script to get 88.2

Otherwise, worked perfect. Thanks again.

you need to delete old file and download again

 

[jw00dy]

I did. I am showing 88.2 now.

 

[The_cobra666]

2006-05-02 15:36:38 1Fav3O-0006ws-Tw malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)
2006-05-02 15:36:38 1Fav3O-0006ws-Tw H=localhost (81.164.13.74) [127.0.0.1] F=<[email protected]> temporarily rejected after DATA
2006-05-02 15:36:42 1Fav3S-0006wt-Ja malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)
2006-05-02 15:36:42 1Fav3S-0006wt-Ja H=localhost (81.164.13.74) [127.0.0.1] F=<[email protected]> temporarily rejected after DATA
2006-05-02 15:36:46 1Fav3W-0006wu-0Z malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)
2006-05-02 15:36:46 1Fav3W-0006wu-0Z H=localhost (81.164.13.74) [127.0.0.1] F=<[email protected]> temporarily rejected after DATA

Any idea's? When I disable clam it works just fine.

 

[@how@]

2006-05-02 15:36:38 1Fav3O-0006ws-Tw malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)
2006-05-02 15:36:38 1Fav3O-0006ws-Tw H=localhost (81.164.13.74) [127.0.0.1] F=<[email protected]> temporarily rejected after DATA
2006-05-02 15:36:42 1Fav3S-0006wt-Ja malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)
2006-05-02 15:36:42 1Fav3S-0006wt-Ja H=localhost (81.164.13.74) [127.0.0.1] F=<[email protected]> temporarily rejected after DATA
2006-05-02 15:36:46 1Fav3W-0006wu-0Z malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)
2006-05-02 15:36:46 1Fav3W-0006wu-0Z H=localhost (81.164.13.74) [127.0.0.1] F=<[email protected]> temporarily rejected after DATA

Any idea's? When I disable clam it works just fine.

nano -w /etc/exim.conf

At the end of comments section add this:

av_scanner = clamd:127.0.0.1 3310

Type in Ctrl-W and search for the second instance of check_message

Change:

# ACL that is used after the DATA command
check_message:
accept

To this:

# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware ($malware_name)
demime = *
malware = *
accept

Do a Ctrl-X and save.

Now restart Exim

/etc/init.d/exim restart

 

[The_cobra666]

2006-05-02 19:47:54 exim 4.61 daemon started: pid=1395, -q15m, listening for SMTP on port 25 (IPv4) port 587 (IPv4)
2006-05-02 19:48:43 1FayzL-0000Na-Bm malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Connection refused)
2006-05-02 19:48:43 1FayzL-0000Na-Bm H=astra.telenet-ops.be [195.130.132.58] F=<[email protected]> temporarily rejected after DATA

Disabeling clamd again.

Edit: Great can't send any emails now even with clamd disabled... Stopping clamd is ==> clamd stop right?

 

[jw00dy]

Do you have a firewall that is blocking that port?

 

[The_cobra666]

Do you have a firewall that is blocking that port?

I am on a VPS and for what I now I do not have any firewall. Strange thing is, clamd used to work before... but now sundenly it blocks everything.

 

[jw00dy]

Hmmm, interesting... I'm not sure.

 

[The_cobra666]

I've deleted the added line's to the exim.conf can recive and send mails now.

 

[@how@]

I've deleted the added line's to the exim.conf can recive and send mails now.

Yes you can now recive and send but without ClamAV

 

[The_cobra666]

Yes you can now recive and send but without ClamAV

That I now can't find away around the problem so don't think I will have any other chois.

 

[xemaps]

This is my conf which works

after comment of my exim.conf 2.0 (FC3 EXIM4.60)

av_scanner = clamd:/var/run/clamav/clamd

and later

# ACL that is used after the DATA command
check_message:
deny message = This message content malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = May contains a virus or malware ($malware_name)
demime = *
malware = *
deny message = Attachement Not accepted (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clamav
  accept

sometimes need reboot after update when the socket is busy

 

[rldev]

Is their a way to prevent clamav from taking down all incoming email when it get's stuck or crashes? I had this problem this weekend. Clam stopped working and so did all incoming mail with it. It has has a couple of times in the past year. The problem is there does not seem to be real way to automatically monitor this becuase everything thinks it's working. This is a major problem.

Also is it all or nothing for Clam? Can some users use it and others not?

 

[nobaloney]

The ClamAV installation in the How-To is system-wide.

Our first NoBaloney Official version of ClamAV will not be user-by-user.

Our second version will.

But that's user as in domain owner, not user as in email box holder.

Whether or not DirectAdmin will use our NoBaloney Official version will of course be up to them, but in the past they've been interested in, and have used, our exim.conf files (and we of course have added their official sections as well).

Jeff

 

[rldev]

I look forward to it Jeff.

Hopefully someone knows the answer to my question. I can not have Clam crap out and halt all incoming email. I should just disable it for now.

 

[bigboy]

FreeBSD5.4 Install clamav at ports

i cannot send mail from outlook

outlook error

av_scanner = clamd:/var/run/clamav/clamd

cat /var/log/clamav/clamd.log


ERROR: Socket file /var/run/clamav/clamd could not be bound: Permission denied
+++ Started at Sun May 21 08:20:32 2006
clamd daemon 0.88.2 (OS: freebsd5.4, ARCH: i386, CPU: i386)
Log file size limited to 1048576 bytes.
Running as user clamav (UID 106, GID 106)




An unknown error has occurred. Subject 'test', Account: 'support', Server: 'mail.xxxxxt.com', Protocol: SMTP, Server Response: '451 Temporary local problem - please try later', Port: 25, Secure(SSL): No, Server Error: 451, Error Number: 0x800CCC6A


cat /var/log/exim/mainlog



2006-05-21 00:49:44 1FhVa7-000Da8-LJ malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
2006-05-21 00:49:44 1FhVa7-000Da8-LJ H=ppp-124.121.20.4.revip2.asianet.co.th (home15ddc4daa7) [124.121.20.4] F=<[email protected]> temporarily rejected after DATA
2006-05-21 00:49:55 1FhVaH-000DaP-TS malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
2006-05-21 00:49:55 1FhVaH-000DaP-TS H=ppp-124.121.20.4.revip2.asianet.co.th (home15ddc4daa7) [124.121.20.4] F=<[email protected]> temporarily rejected after DATA
2006-05-21 00:49:59 1FhVZY-000DXB-U4 => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=934 H=mail2.chaiyo.com [203.150.226.23] C="250 ok 1148146709 qp 14963"
2006-05-21 00:49:59 1FhVZY-000DXB-U4 Completed

 

[@how@]

here other how to
http://www.directadmin.com/forum/showthread.php?s=&threadid=12099

 

[bigboy]

Dear Sir

i need Script for FreeBSD