> Hi there, > > On Sun, 21 Feb 2021, Joe Acquisto-j4 wrote: > >> As it happens Suse Leap 15.2 has clamAV and ClamAV-milter provided >> as was suggested earlier. >> >> I think I followed and have stuff running. Working is another question. > > A few simple checks: > > 1. Do you have the clamd daemon running? Is its logging configured?
clamd is running. I thought I read id does not have to be as calmd-milter is capable of running mail scans without. But I could be mistaken. Logging is enabled and is shows results of the PING test similar to below: > 2. Can you get clamd to reply to a PING? Here's my laptop talking to my > clamd server, you might want to use a Unix socket, or IP 127.0.0.1 > and port 3310 depending on your configuration: > Seems quite leisurely, but it does come back, eventually. myhost:~ # clamd zPING Sun Feb 21 18:34:45 2021 -> !TCP: Cannot bind to [127.0.0.1]:3310: Address already in use Sun Feb 21 18:34:45 2021 -> !LOCAL: Socket file /var/run/clamav/clamd-socket is in use by another process. Sun Feb 21 18:34:45 2021 -> *Closing the main socket. I am a bit perplexed by this as I am pretty sure I had the port set correctly a while back. Well, gotta fix that at least. > > 3. Can you scan things with the 'clamdscan' command? Note the 'd' in > 'clamdscan'. Don't use 'clamscan', because that doesn't use clamd. myhost:~ # clamdscan eicar.txt /root/eicar.txt: lstat() failed: Permission denied. ERROR > > 4. Is clamd logging anything? If you've set up logging in clamd.conf > it should log things when you scan with clamdscan, If you mean clamd.log, see above. If you mean clamavmilter.log it only logs that it started. > 5. Anything interesting in the Postfix logs? Can you increase the > logging verbosity? Nothing "new" far as I can tell. > 6. What happens if you mail to yourself something containing the > EICAR test file? Check all your log files as well as looking > for mail headers etc. That has proven difficult as every place I have an email client out in the great wilderness, has strict checking and blocks EICAR when I try. Even ssh and telnet are blocked in the terminal sessions. I have a pretty good relationship with one of them and they will humor me from time to time, but, don't want to wear it out. I've resorted to a site that purports to send EICAR test email "as a public service" sort of thing, in the past. . > 7. Please also let us have the output of > > clamconf -n > > which with luck will be fewer than a hundred lines. > Checking configuration files in /etc Config file: clamd.conf ----------------------- LogFile = "/var/log/clamd.log" LogTime = "yes" LogClean = "yes" LogSyslog = "yes" LogFacility = "LOG_MAIL" LogVerbose = "yes" PidFile = "/var/run/clamav/clamd.pid" LocalSocket = "/var/run/clamav/clamd-socket" TCPSocket = "3310" TCPAddr = "127.0.0.1" User = "vscan" DetectPUA = "yes" HeuristicScanPrecedence = "yes" Config file: freshclam.conf --------------------------- LogTime = "yes" LogSyslog = "yes" LogFacility = "LOG_MAIL" LogVerbose = "yes" PidFile = "/var/run/clamav/freshclam.pid" UpdateLogFile = "/var/log/freshclam.log" DatabaseMirror = "database.clamav.net" Config file: clamav-milter.conf ------------------------------- LogFile = "/var/log/clamav-milter.log" LogSyslog = "yes" LogFacility = "LOG_MAIL" PidFile = "/run/clamav/clamav-milter.pid" ClamdSocket = "unix:/run/clamav/clamd-socket" MilterSocket = "/run/clamav/clamav-milter-socket" AddHeader = "Add" LogClean = "Basic" Software settings ----------------- Version: 0.103.0 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR Database information -------------------- Database directory: /var/lib/clamav main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 08:56:15 2019 bytecode.cld: version 332, sigs: 93, built on Wed Feb 17 16:06:23 2021 daily.cld: version 26087, sigs: 4008904, built on Sun Feb 21 07:10:19 2021 Total number of signatures: 8573899 Platform information -------------------- uname: Linux 5.3.18-lp152.63-default #1 SMP Mon Feb 1 17:31:55 UTC 2021 (98caa86) x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a2179790800000000070500 Build information ----------------- GNU C: 7.5.0 (7.5.0) CPPFLAGS: CFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -DFP_64BIT -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -std=gnu++98 LDFLAGS: -pie Configure: '--host=x86_64-suse-linux-gnu' '--build=x86_64-suse-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/lib' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--disable-clamav' '--disable-static' '--with-dbdir=/var/lib/clamav' '--with-user=vscan' '--with-group=vscan' '--enable-milter' '--enable-check' '--enable-clamdtop' '--disable-zlib-vcheck' '--disable-timestamps' '--disable-yara' '--with-system-libmspack' 'build_alias=x86_64-suse-linux-gnu' 'host_alias=x86_64-suse-linux-gnu' 'CXXFLAGS=-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -std=gnu++98' 'LDFLAG S=-pie' 'CFLAGS=-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fstack-protector -fPIE -fno-strict-aliasing -DFP_64BIT' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' sizeof(void*) = 8 Engine flevel: 121, dconf: 121 > > 73, > Ged. > Oh, I wonder if the OS upgrade grabbed the ports on the QT? I'll have to look into that. After I look into how to look into that, if you get my drift. After a few months I need to retrain the idle brain. Also wondering in main.cf (postfix) is the only place I need to add Clamav directives. master.cf has a spot for Spamassassin as a "filter" and commented out stuff for amavis. So, my puzzlements grows more profound as . . . umm . . . something. joe a. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
