Hi Steven,
Thanks for this hint. Did not know about that debug switch... Got more
messages but IÄm not sure what this means:
+++ Started at Mon Mar 18 19:02:02 2013
clamd daemon 0.97.7 (OS: win32, ARCH: i386, CPU: i386)
Log file size limited to 1048576 bytes.
Reading databases from c:\Programme\Tools\ClamAV_0.97.7\data
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
Loaded 2005376 signatures.
TCP: Bound to address 127.0.0.1 on port 3311
TCP: Setting connection queue length to 200
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 10000.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Detection of broken executables enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
HTML support enabled.
Self checking every 600 seconds.
Listening daemon: PID: 1848
MaxQueue set to: 100
fds_poll_recv: timeout after 600 seconds(Last message after startup)
Received POLLIN|POLLHUP on fd 836 (The following messages appeared after
the first telnet connection)
Got new connection, FD 648
fds_poll_recv: timeout after 5 seconds
Received POLLIN|POLLHUP on fd 648
got command d (1, 0), argument:
Receive thread: closing conn (FD 648), group finished
Consumed entire command
Number of file descriptors polled: 0 fds
fds_poll_recv: timeout after 600 seconds
After the first telnet connection, nothing happens anymore and no more
debug lines are printed.
Any idea?
Thx
Konrad
Am 18.03.2013 17:47, schrieb Steven Morgan:
Hi Konrad,
Have you tried setting "Debug yes" in your clamd.conf?
Steven Morgan
On Sun, Mar 17, 2013 at 5:57 AM, Konrad<forum.n...@gmx.de> wrote:
Hi All,
I'm new to this forum and I know that this is a UNIX only mailing list. My
problem is related to a Win XP installation but I was hoping that you can
at least give me some hints on how to debug clamd or increase the log level
so that I will see what is going on! The Windows mailing list seems to be
"dead" so I guess that I will not get any help from there. If you are not
willing to answer Windows related questions, just let me know...
My problem:
I'm using ClamAV together with my mail server (Mercury) on a Windows XP
box and v 0.95 works great so far. Now I wanted to upgrade to 0.97.7 but I
can't get it working. If I start clamd manually in a shell, I can see that
it is coming up "normal" and the process is visible in the task manager.
The first mail is scanned OK and if it contains a virus attachment, clamd
detects it. So far, so good. But from that moment on, it stops working and
every next call is not processed anymore. No idea what is going on... I
tried to activate logs but the log does not say much. Is there is way to
increase the log level to get more information?
I tried something else:
I started clamd in one shell window and opened another shell to connect
with telnet and 127.0.0.1 3310 and it gets connected. Pressing any key, I
get UNKNOWN COMMAND and telnet exits. If I repeat this test, I can key in
as much as I like, the UNKNOWN COMMAND error message does not appear
anymore and telnet keeps running. If I do this with the OK working 0.95
installation, I get UNKNOWN COMMAND every time and telnet always exits
after that.
I think it is something secific to this windows machine because the telnet
test shows the v0.95 behavior on every other machine I tested with.
Log output:
Sat Mar 16 23:12:35 2013 -> +++ Started at Sat Mar 16 23:12:35 2013
Sat Mar 16 23:12:35 2013 -> clamd daemon 0.97.7 (OS: win32, ARCH: i386,
CPU: i386)
Sat Mar 16 23:12:35 2013 -> Log file size limited to 1048576 bytes.
Sat Mar 16 23:12:35 2013 -> Reading databases from
c:\Programme\Tools\ClamAV_0.**97.7\data
Sat Mar 16 23:12:35 2013 -> Not loading PUA signatures.
Sat Mar 16 23:12:35 2013 -> Bytecode: Security mode set to "TrustSigned".
Sat Mar 16 23:12:42 2013 -> Loaded 2005376 signatures.
Sat Mar 16 23:12:43 2013 -> TCP: Bound to address 127.0.0.1 on port 3310
Sat Mar 16 23:12:43 2013 -> TCP: Setting connection queue length to 200
Sat Mar 16 23:12:43 2013 -> Limits: Global size limit set to 104857600
bytes.
Sat Mar 16 23:12:43 2013 -> Limits: File size limit set to 26214400 bytes.
Sat Mar 16 23:12:43 2013 -> Limits: Recursion level limit set to 16.
Sat Mar 16 23:12:43 2013 -> Limits: Files limit set to 10000.
Sat Mar 16 23:12:43 2013 -> Archive support enabled.
Sat Mar 16 23:12:43 2013 -> Algorithmic detection enabled.
Sat Mar 16 23:12:43 2013 -> Portable Executable support enabled.
Sat Mar 16 23:12:43 2013 -> ELF support enabled.
Sat Mar 16 23:12:43 2013 -> Detection of broken executables enabled.
Sat Mar 16 23:12:43 2013 -> Mail files support enabled.
Sat Mar 16 23:12:43 2013 -> OLE2 support enabled.
Sat Mar 16 23:12:43 2013 -> PDF support enabled.
Sat Mar 16 23:12:43 2013 -> HTML support enabled.
Sat Mar 16 23:12:43 2013 -> Self checking every 600 seconds.
Sat Mar 16 23:12:43 2013 -> Listening daemon: PID: 532
Sat Mar 16 23:12:43 2013 -> MaxQueue set to: 100
Sat Mar 16 23:13:24 2013 -> instream(127.0.0.1@27033):
Exploit.Fnstenv_mov-1 FOUND
Any idea what this could be or how I can track this down?
btw: Turning off Windows Firewall does not make any difference.
Thanks a lot!
Konrad
______________________________**_________________
Help us build a comprehensive ClamAV guide: visithttp://wiki.clamav.net
http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml>
_______________________________________________
Help us build a comprehensive ClamAV guide: visithttp://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
