Hi Konrad, Have you tried setting "Debug yes" in your clamd.conf?
Steven Morgan On Sun, Mar 17, 2013 at 5:57 AM, Konrad <forum.n...@gmx.de> wrote: > Hi All, > > I'm new to this forum and I know that this is a UNIX only mailing list. My > problem is related to a Win XP installation but I was hoping that you can > at least give me some hints on how to debug clamd or increase the log level > so that I will see what is going on! The Windows mailing list seems to be > "dead" so I guess that I will not get any help from there. If you are not > willing to answer Windows related questions, just let me know... > > My problem: > > I'm using ClamAV together with my mail server (Mercury) on a Windows XP > box and v 0.95 works great so far. Now I wanted to upgrade to 0.97.7 but I > can't get it working. If I start clamd manually in a shell, I can see that > it is coming up "normal" and the process is visible in the task manager. > The first mail is scanned OK and if it contains a virus attachment, clamd > detects it. So far, so good. But from that moment on, it stops working and > every next call is not processed anymore. No idea what is going on... I > tried to activate logs but the log does not say much. Is there is way to > increase the log level to get more information? > > I tried something else: > > I started clamd in one shell window and opened another shell to connect > with telnet and 127.0.0.1 3310 and it gets connected. Pressing any key, I > get UNKNOWN COMMAND and telnet exits. If I repeat this test, I can key in > as much as I like, the UNKNOWN COMMAND error message does not appear > anymore and telnet keeps running. If I do this with the OK working 0.95 > installation, I get UNKNOWN COMMAND every time and telnet always exits > after that. > > I think it is something secific to this windows machine because the telnet > test shows the v0.95 behavior on every other machine I tested with. > > Log output: > > Sat Mar 16 23:12:35 2013 -> +++ Started at Sat Mar 16 23:12:35 2013 > Sat Mar 16 23:12:35 2013 -> clamd daemon 0.97.7 (OS: win32, ARCH: i386, > CPU: i386) > Sat Mar 16 23:12:35 2013 -> Log file size limited to 1048576 bytes. > Sat Mar 16 23:12:35 2013 -> Reading databases from > c:\Programme\Tools\ClamAV_0.**97.7\data > Sat Mar 16 23:12:35 2013 -> Not loading PUA signatures. > Sat Mar 16 23:12:35 2013 -> Bytecode: Security mode set to "TrustSigned". > Sat Mar 16 23:12:42 2013 -> Loaded 2005376 signatures. > Sat Mar 16 23:12:43 2013 -> TCP: Bound to address 127.0.0.1 on port 3310 > Sat Mar 16 23:12:43 2013 -> TCP: Setting connection queue length to 200 > Sat Mar 16 23:12:43 2013 -> Limits: Global size limit set to 104857600 > bytes. > Sat Mar 16 23:12:43 2013 -> Limits: File size limit set to 26214400 bytes. > Sat Mar 16 23:12:43 2013 -> Limits: Recursion level limit set to 16. > Sat Mar 16 23:12:43 2013 -> Limits: Files limit set to 10000. > Sat Mar 16 23:12:43 2013 -> Archive support enabled. > Sat Mar 16 23:12:43 2013 -> Algorithmic detection enabled. > Sat Mar 16 23:12:43 2013 -> Portable Executable support enabled. > Sat Mar 16 23:12:43 2013 -> ELF support enabled. > Sat Mar 16 23:12:43 2013 -> Detection of broken executables enabled. > Sat Mar 16 23:12:43 2013 -> Mail files support enabled. > Sat Mar 16 23:12:43 2013 -> OLE2 support enabled. > Sat Mar 16 23:12:43 2013 -> PDF support enabled. > Sat Mar 16 23:12:43 2013 -> HTML support enabled. > Sat Mar 16 23:12:43 2013 -> Self checking every 600 seconds. > Sat Mar 16 23:12:43 2013 -> Listening daemon: PID: 532 > Sat Mar 16 23:12:43 2013 -> MaxQueue set to: 100 > Sat Mar 16 23:13:24 2013 -> instream(127.0.0.1@27033): > Exploit.Fnstenv_mov-1 FOUND > > Any idea what this could be or how I can track this down? > > btw: Turning off Windows Firewall does not make any difference. > > Thanks a lot! > > Konrad > ______________________________**_________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml> > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
