Tenon Intersystems Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation

Search tenon.com

Thanks to:

Post.Office
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: restarting ClamAV and configuration

To: post_office@xxxxxxxxxxxxxxx
Subject: Re: restarting ClamAV and configuration
From: eyang@xxxxxxxxx (Eric Yang)
Date: Fri, 18 Jun 2004 12:39:58 -0700
Hi Joe,

Is it possible that you have two copies of clamd running on your server? The Post.Office installs it's own clamd, but this version is configured to use LocalSocket instead of TCPSocket. Therefore, telnet 127.0.0.1 3310 won't give you a connection. We don't keep port 3310 open to offer to scan virus through TCPSocket so there is a little less chance that a remote hacker could abuse your ClamAV. ClamAV has been running solid on mail.tenon.com since April, and it was rock solid.

In addition, the current design is to seal user from any virus, therefore, when clamd failed, the mails should be collected in a filtered mail box until Postmaster take action. This might not be the most desired behavior for postmasters, but it's certainly most secure. If more customer demands that the filter should let email pass through when clamd is down, then we will update our plug-in to function accordingly.

regards,
Eric

On Jun 17, 2004, at 8:00 PM, Joe Savelberg wrote:

Hi all,

I'm experiencing some crashes with ClamAV running through the module. Whenever this happens, Post.Office can't connect to the ClamAV daemon (clamd) and all messages are being flagged as containing a virus and thus moved to my spam/virus catcher mailbox.

At first, I wanted to monitor the clamd process through the watchdog daemon that comes with MacOS X Server. However I couldn't get it to work properly. Therefore I decided to write this little script and run it through cron instead.

Here is the /etc/crontab entry that runs once a minute.

*/1 * * * * root ~root/checkclamd.sh > /dev/null 2>&1


Copy the following script to your root home directory and make sure to chmod 755
(remove the line numbers in front, I added them to make any line breaks visible)


--------------- Start checkclamd.sh ---------
1 #!/bin/sh
2 clamdproc=`ps -ax | grep "/usr/local/clamav/sbin/clamd" | grep -v "grep /usr/local/clamav/sbin/clamd" | wc -l | tr -d " "`
3 if [ $clamdproc -lt "1" ]
4 then
5 echo "`date` Restarting Clamd" >> /var/log/checkclamd.log
6 echo "`date` Restarting Clamd"
7 /usr/local/clamav/sbin/clamd
8 fi
--------------- End checkclamd.sh ---------


I'm not sure why ClamAV crashes when running as a daemon. My own anti-virus script with clamav support wasn't using the daemon continuously but instead called another clamav tool when it detected a new message.

The configuration for Tenon's ClamAV can be found in:
/usr/local/clamav/etc/clamav.conf
and
/usr/local/clamav/etc/freshclam.conf (for the virus signature update tool)

You might want to enable some of the options like the log file. However be aware that you also need to create the log file first and set the owner to mta or it won't work.

        touch /var/log/clamd.log
        chown mta /var/log/clamd.log

In clamav.conf you would have the following line:

LogFile /var/log/clamd.log

If you want to check if Clamav is running on your system then type the following while logged in on your server:

# telnet 127.0.0.1 3310
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
PING
PONG
Connection closed by foreign host.

When I connected to localhost, I typed PING and ClamAV replied with PONG

Other commands that the ClamAV daemon understands are:

PING, VERSION, RELOAD, SHUTDOWN, SCAN file/directory, RAWSCAN, CONTSCAN,...

More information is available at http://www.clamav.net/doc/0.72/html/node18.html

By the way, version 0.73 of ClamAV was released on June 14th and it fixes some bugs. Hopefully Tenon will create an updated ClamAV installer as soon as possible.


Joe.
--
-----------------+----------------+----------------------------------
Jochen Savelberg | Euregio.Net AG | domain registrations, co-location
joe@xxxxxxxxxxx  | Wirtzfeld 140  | hosting, marketing, entertainment
Online Producer  | 4760 Bullingen | consulting, training, development
MIS/IT Director  | Belgium        |      http://www.euregio.net
-----------------+----------------+----------------------------------
Internet Services since 1995 - AFS-Returnee '93, Belgium to Australia
---------
Tenon Intersystems' Post.Office Mailing List
To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
with the body only containing: unsubscribe
Find the searchable mailing list archives at:
http://postoffice.computeroil.com/


--
Tenon Intersystems                              805-963-6983
232 Anacapa Street, #2A                 eyang@xxxxxxxxx
Santa Barbara, CA 93101         http://www.tenon.com

---------
Tenon Intersystems' Post.Office Mailing List
To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
with the body only containing: unsubscribe
Find the searchable mailing list archives at:
http://postoffice.computeroil.com/

<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ClamAv working?, Elton
Next by Date:  Re: ClamAv working?, Eric Yang
Previous by Thread:  restarting ClamAV and configuration, Joe Savelberg
Next by Thread:  Tenon email bouncing, Blaine Fergerstrom
Indexes:  [Date] [Thread] [Top] [All Lists]
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |

Powered By iTools

Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara, CA 93101. All rights reserved.
Questions about our website - Contact: webmaster@tenon.com.

Tenon Home Tenon Home Tenon Home Tenon Home Product Info Tenon Ordering Contact About Register Support Resources Press Mailing Lists