> -----Original Message----- > From: Tomasz Kojm [mailto:[EMAIL PROTECTED] > Sent: Sunday, January 11, 2004 6:35 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] pretty basic question - clamscan > vs clamdscan > > > On Sun, 11 Jan 2004 08:36:18 +0200 > Micha Silver <[EMAIL PROTECTED]> wrote: > > > > > faster but clamd dies every so often. So we need the > perl script, > > > > > > Which version of clamd ? > > > > I have installed 0.65 > > What does (exactly) "clamd dies every so often" mean ? Do you > suspect something ?
No. I only brought up this question because there have been a few posts over the past few months concerning problems with clamd. And in addition, there is *no mention anywhere* in the qmail-scanner site nor in the ClamAV site about using clamdscan from the qmail -scanner.pl script in place of clamscan. In any case, here's what I did: I set up clamd to be handled by daemontools as one of its services. I used the scripts from http://www.clamav.net/doc/clamd_supervised/ with a few minor changes in paths in the run and log/run scripts.( My clamav 0.65 was installed from rpm, so clamd is in /usr/sbin. ) In addition I was carefull to chown qscand (as per the default installation of qmail-scanner which runs suid qscand) for two directories- the clamav log dir and the directory where the sock file is placed (/var/run/clamav on my setup). Next I linked the /usr/local/clamav/supervise/clamd directory into /service so that daemontools would start it up. This was 3 days ago, and it's been running fine since, merrily chucking virused emails into the quarantine. Here's a snip from the maillog where qmail-scanner dumps it's stuff from before the above change when I was calling clamscan for each message. ( The number after the IP is the scan time) Most of the scans took several seconds. --------------------------------------------- Jan 9 21:04:14 ns qmail-scanner[25196]: CLAMSCAN:Worm/Klez.H:RC:0(192.114.186.23): 4.57251 150309 [EMAIL PROTECTED] et.il [EMAIL PROTECTED] Questionnaire <[EMAIL PROTECTED]> valign.bat ipaccess.jpg Jan 9 21:04:25 ns qmail-scanner[25216]: CLAMSCAN:Worm/Klez.H:RC:0(192.114.186.23): 1.692442 136227 [EMAIL PROTECTED] net.il [EMAIL PROTECTED] A__IE_6.0_patch <[EMAIL PROTECTED]> src.bat standard[1].html Jan 9 21:05:00 ns qmail-scanner[25286]: CLAMSCAN:Worm/Klez.H:RC:0(192.114.186.23): 8.425265 134893 [EMAIL PROTECTED] net.il [EMAIL PROTECTED] Welcome_to_my_hometown <[EMAIL PROTECTED]> height.exe brigl-do e[1].html Jan 9 21:05:03 ns qmail-scanner[25294]: CLAMSCAN:Worm/Klez.H:RC:0(192.114.186.18): 4.660858 134738 [EMAIL PROTECTED] net.il [EMAIL PROTECTED] Hi,japanese_lass'_sexy_pictures <[EMAIL PROTECTED]> height.scr b rigl-doe[1].html Jan 9 21:05:23 ns qmail-scanner[25342]: CLAMSCAN:Worm/Klez.H:RC:0(192.114.186.22): 5.147878 136239 [EMAIL PROTECTED] net.il [EMAIL PROTECTED] Cariolaro_spa <[EMAIL PROTECTED]> content.bat cariolaro[1].htm --------------------------------------------- And here's a similar snip from today. Almost always < 1 sec. --------------------------------------------- Jan 13 23:25:42 ns qmail-scanner[20540]: CLAMSCAN:Worm/Klez.H:RC:0(192.114.186.23): 0.524575 134007 [EMAIL PROTECTED] av.net.il [EMAIL PROTECTED] Questionnaire <[EMAIL PROTECTED]> ppkb.bat tsukim_dbf10 [1].htm Jan 14 00:18:52 ns qmail-scanner[27901]: CLAMSCAN:Worm.Mimail.G:RC:0(212.150.48.117): 0.202245 16046 [EMAIL PROTECTED] co.il [EMAIL PROTECTED] don't_be_late!______________________________oovoseus <20040113221950.ZGXD27793.mtastorm@ localhost> readnow.zip Jan 14 01:17:26 ns qmail-scanner[1897]: CLAMSCAN:Worm.Mimail.I:RC:0(212.150.48.117): 0.284472 19768 [EMAIL PROTECTED] aypal.com [EMAIL PROTECTED] YOUR_PAYPAL.COM_ACCOUNT_EXPIRES <[EMAIL PROTECTED]> www.p aypal.com.scr Jan 14 04:39:31 ns qmail-scanner[22495]: CLAMSCAN:Worm.Mimail.I:RC:0(212.150.48.117): 0.362224 19768 donotreply@ paypal.com [EMAIL PROTECTED] YOUR_PAYPAL.COM_ACCOUNT_EXPIRES <[EMAIL PROTECTED]> www. paypal.com.scr --------------------------------------------- In short, nice piece of software! Regards --Micha > > Best regards, > Tomasz Kojm > -- > oo ..... [EMAIL PROTECTED] www.ClamAV.net > (\/)\......... http://www.clamav.net/gpg/tkojm.gpg > \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B > //\ /\ Sun Jan 11 17:32:16 CET 2004 > ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
