restarting ClamAV and configuration

Hi all,

I'm experiencing some crashes with ClamAV running through the module. Whenever this happens, Post.Office can't connect to the ClamAV daemon (clamd) and all messages are being flagged as containing a virus and thus moved to my spam/virus catcher mailbox.

At first, I wanted to monitor the clamd process through the watchdog daemon that comes with MacOS X Server. However I couldn't get it to work properly. Therefore I decided to write this little script and run it through cron instead.

Here is the /etc/crontab entry that runs once a minute.

*/1 * * * * root ~root/checkclamd.sh > /dev/null 2>&1

Copy the following script to your root home directory and make sure to chmod 755 (remove the line numbers in front, I added them to make any line breaks visible)

--------------- Start checkclamd.sh --------- 1 #!/bin/sh 2 clamdproc=`ps -ax | grep "/usr/local/clamav/sbin/clamd" | grep -v "grep /usr/local/clamav/sbin/clamd" | wc -l | tr -d " "` 3 if [ $clamdproc -lt "1" ] 4 then 5 echo "`date` Restarting Clamd" >> /var/log/checkclamd.log 6 echo "`date` Restarting Clamd" 7 /usr/local/clamav/sbin/clamd 8 fi --------------- End checkclamd.sh ---------

I'm not sure why ClamAV crashes when running as a daemon. My own anti-virus script with clamav support wasn't using the daemon continuously but instead called another clamav tool when it detected a new message.

The configuration for Tenon's ClamAV can be found in:
/usr/local/clamav/etc/clamav.conf
and
/usr/local/clamav/etc/freshclam.conf (for the virus signature update tool)

You might want to enable some of the options like the log file. However be aware that you also need to create the log file first and set the owner to mta or it won't work.

        touch /var/log/clamd.log
        chown mta /var/log/clamd.log

In clamav.conf you would have the following line:

LogFile /var/log/clamd.log

If you want to check if Clamav is running on your system then type the following while logged in on your server:

# telnet 127.0.0.1 3310
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
PING
PONG
Connection closed by foreign host.

When I connected to localhost, I typed PING and ClamAV replied with PONG

Other commands that the ClamAV daemon understands are:

PING, VERSION, RELOAD, SHUTDOWN, SCAN file/directory, RAWSCAN, CONTSCAN,...

More information is available at http://www.clamav.net/doc/0.72/html/node18.html

By the way, version 0.73 of ClamAV was released on June 14th and it fixes some bugs. Hopefully Tenon will create an updated ClamAV installer as soon as possible.

Joe. -- -----------------+----------------+---------------------------------- Jochen Savelberg | Euregio.Net AG | domain registrations, co-location joe@xxxxxxxxxxx | Wirtzfeld 140 | hosting, marketing, entertainment Online Producer | 4760 Bullingen | consulting, training, development MIS/IT Director | Belgium | http://www.euregio.net -----------------+----------------+---------------------------------- Internet Services since 1995 - AFS-Returnee '93, Belgium to Australia --------- Tenon Intersystems' Post.Office Mailing List To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx with the body only containing: unsubscribe Find the searchable mailing list archives at: http://postoffice.computeroil.com/