Hall, Michael H. (GSFC-423.0)[RAYTHEON COMPANY] via clamav-users wrote:
OK, I know this is months “overdue”.
I’m working on upgrading my office’s ClamAV to 1.0.7.
I’ve reached the system that’s running “clamav-milter”.
It appears that the RHEL Linux version of provides man pages for
ClamAV-m
OK, I know this is months “overdue”.
I’m working on upgrading my office’s ClamAV to 1.0.7.
I’ve reached the system that’s running “clamav-milter”.
It appears that the RHEL Linux version of provides man pages for
ClamAV-milter, but I don’t seem to see other files for clamav-milter.
Is another RP
Hi all,
we have a mailserver with clamav-milter and clamd Version
0.103.8+dfsg-0ubuntu0.16.04.1+esm1.
There we have a cdb ruleset to block some filetypes:
/var/lib/clamav/archive_blocker.cdb withe following content:
attach.blockgz2:*:*:\.[Gg][Zz]$:*:*:*:*:*:*
Now I want to exclude some file e
I recently had an issue where mail was temporarily rejected because
clamav-milter/spamass-milter could not connect to clamd/spamd. Clamd/Spamd are
a tasks that can automatically change hosts and thus their ips. A simple
restart of the milter fixes this (resolves the new ip).
However, it would
Dear Arnoud,
Thanks for your quick reply! I managed to exclude that specific signature.
Regards
Milos
пон, 17. окт 2022. у 11:13 Arnaud Jacques је
написао/ла:
> Hello Milos,
>
>
> > infected by Archived_JS.UNOFFICIAL
>
> UNOFFICIAL means this signature has not been created by ClamAV official.
Hello Milos,
infected by Archived_JS.UNOFFICIAL
UNOFFICIAL means this signature has not been created by ClamAV official.
You should find who published this signature, and ask them.
--
Cordialement / Best regards,
Arnaud Jacques
Gérant de SecuriteInfo.com
Téléphone : +33-(0)3.60.47.09.81
Dear All,
I use ClamAV with Postfix for years and generally, we are very satisfied.
However, whenever someone tries to send any JSON file in an attachment, it
gets an automatic bounce with:
infected by Archived_JS.UNOFFICIAL
OTOH, when I invoke normal clamscan, that JSON file is not reported as
> >
> > >
> > > this looks like your sendmail DID reject mail from client.
> > >
> >
> > I think you are maybe right, however this is not being reported and it
> > gets stuck in my delivering mail server. Which I do not get because if I
> > put my own email address on the email blacklist, I am gett
Hi there,
On Tue, 8 Feb 2022, Marc wrote:
... the frontend servers know what can be relayed.
Hmm. Do you have multiple MTAs processing mail in some kind of chain?
Can you describe your setup more fully?
... I noticed somewhere in clamav or clamav-milter there was a
'--bounce' option. And I
I just reread my message. Reject is good behavior. Bouncing is not. At
least in my opinion. Replace reject below with bounce and you have my
correct opinion.
Sorry,
Lyle
On 2/8/22 9:49 AM, Lyle Giese via clamav-users wrote:
But the reject may NOT be going to the server/service that sent th
But the reject may NOT be going to the server/service that sent the virus.
You received a bad email from hackedu...@example.com from server
mail.badisp.ru
However the mx record for example.com is mail.example.com, not the
sending server or ISP.
Now you have annoyed somebody that had nothing
On 08.02.22 10:35, Marc wrote:
>Normally when a client connection is reject by my sendmail server, the
> client is notified of the Reject message and the client server is
> generating a NDR. This is listed in my log as [1]
> however when I send a virus
what's the difference between "you" and
On Tuesday 08 February 2022, Andrea Venturoli via clamav-users wrote:
> > That is the problem of the server that is contacting mine.
> > They should not be relaying such crap to me anyway.
>
> No, this is *your* problem.
No. Marc is absolutely right. That is sender's server problem and
its ser
On Tuesday 08 February 2022, Marc wrote:
> I have a bit of experience with mailfromd and if I reject a message
> there the MTA processes it correctly but different from clamav-milter.
b.t.w. mailfromd can replace clamav-milter:
prog eom
do
if clamav(current_message(),clamd_port)
rejec
>
> >
> > this looks like your sendmail DID reject mail from client.
> >
>
> I think you are maybe right, however this is not being reported and it
> gets stuck in my delivering mail server. Which I do not get because if I
> put my own email address on the email blacklist, I am getting the delive
> > That is the problem of the server that is contacting mine. They should
> not be relaying such crap to me anyway.
>
> No, this is *your* problem.
> If you start annoying people with inappropriate bounces, you'll get into
> blacklists fast.
>
> In any case, we are OT, so I'll stop here.
>
Try
On 2/8/22 10:50, Marc wrote:
That is the problem of the server that is contacting mine. They should not be
relaying such crap to me anyway.
No, this is *your* problem.
If you start annoying people with inappropriate bounces, you'll get into
blacklists fast.
In any case, we are OT, so I'l
> >Normally when a client connection is reject by my sendmail server, the
> > client is notified of the Reject message and the client server is
> > generating a NDR. This is listed in my log as [1]
>
> > however when I send a virus
>
> what's the difference between "you" and a "client connecti
>
> > So please explain, why should I not do this, and why I should care about
> a server that is delivering a spam message to mine?
>
> You might not care about the server that sent a virus to you, but you
> should care about the *apparent* sender, which has probably nothing to
> do with this; s
On 2/8/22 09:40, Marc wrote:
There is a difference between rejecting the message and having the client
server decide whether or not it creates a message to the sender. (which is what
I want)
Sorry, I find that unclear; please explain better.
my server is generating a message to the sende
On 07.02.22 21:36, Marc wrote:
Normally when a client connection is reject by my sendmail server, the
client is notified of the Reject message and the client server is
generating a NDR. This is listed in my log as [1]
however when I send a virus
what's the difference between "you" and a "cl
> > Normally when a client connection is reject by my sendmail server,
> > the client is notified of the Reject message and the client server
> > is generating a NDR. This is listed in my log as [1] however when I
> > send a virus it looks like sendmail is not reporting the reject back
> > to the c
> On 2/7/22 22:36, Marc wrote:
> > however when I send a virus it looks like sendmail is not reporting the
> reject back to the client server.
> > How should I 'enable' this?
>
> Don't.
> Viruses are usually sent with a spoofed sender address; you would only
> annoy victims who didn't really send
On 2/7/22 22:36, Marc wrote:
however when I send a virus it looks like sendmail is not reporting the reject
back to the client server.
How should I 'enable' this?
Don't.
Viruses are usually sent with a spoofed sender address; you would only
annoy victims who didn't really send what you rece
Hi there,
On Mon, 7 Feb 2022, Marc wrote:
Normally when a client connection is reject by my sendmail server,
the client is notified of the Reject message and the client server
is generating a NDR. This is listed in my log as [1] however when I
send a virus it looks like sendmail is not reportin
Normally when a client connection is reject by my sendmail server, the client
is notified of the Reject message and the client server is generating a NDR.
This is listed in my log as [1] however when I send a virus it looks like
sendmail is not reporting the reject back to the client server. How
Unsubscribe
On Thu, Feb 25, 2021 at 8:58 AM Joe Acquisto-j4
wrote:
>
> > Perhaps you should look into MailScanner and MailWatch. Mailscanner
> (package
> > for Suse available) will handle the interaction with spamassassin and
> clamd
> > (as well as other A/V solutions) and MailWatch provides a
> Perhaps you should look into MailScanner and MailWatch. Mailscanner (package
> for Suse available) will handle the interaction with spamassassin and clamd
> (as well as other A/V solutions) and MailWatch provides a nice GUI for
> quarantine and archive. Once set they just work.
>
> Rick
>
Th
Perhaps you should look into MailScanner and MailWatch. Mailscanner (package
for Suse available) will handle the interaction with spamassassin and clamd
(as well as other A/V solutions) and MailWatch provides a nice GUI for
quarantine and archive. Once set they just work.
Rick
Joe Acquisto-j4 wro
Citeren Matus UHLAR - fantomas :
you can use amavisd-new, as milter (using amavisd-milter) or maybe postfix
content_filter (but that's post-queue which means you can't reject it
anymore and sending bounces is not safe)
Postfix has also a smtpd_proxy_filter, which does basically the same
as c
This has probably drifted as far OT for this list as it should go.
Welcome to the delights of running your own mail server. I've been
doing it for over a quarter of a century, and I wouldn't have it any
other way, but it ain't all roses. Perhaps you could share with us
why you feel the need to d
Hi there,
On Wed, 24 Feb 2021, Joe Acquisto-j4 wrote:
... limited familiarity ...
Of course. It all takes time and neurone cycles.
There's a simple-minded but reasonable view of the milter API at
https://howto.lintel.in/what-is-milter/
which has a useful diagram although it's inaccurate.
On 2/24/21 9:47 AM, Joe Acquisto-j4 wrote:
Back OT, my post was about dealing with items that have already
been processed and are in the posfix HOLD queue, per the action of
clamav-milter, waiting for disposition in some way.
Hypothetically, a milter, such as clamav-milter, could say:
```
Thi
On 2/24/21 9:56 AM, Joe Acquisto-j4 wrote:
Thanks. Workable.
*nod*
Ah. Well I did not mean to suggest the milter should "manage"
the postfix queue at all, but could alter any "directive" as to
disposition. The log messages I noticed, for "infected" mail
(/var/log/mail) seem to suggest p
> On 2/24/21 6:26 AM, Joe Acquisto-j4 wrote:
>> For now I will settle on a cron job script that peeks at the hold queue
>> every so often and alerts someone (me) with an alert.
>
> *nod*nod*
>
> I have a daily cron job that runs a script which shows me:
>
>- Number of messages which are:
. . .
> This has probably drifted as far OT for this list as it should go.
> Welcome to the delights of running your own mail server. I've been
> doing it for over a quarter of a century, and I wouldn't have it any
> other way, but it ain't all roses. Perhaps you could share with us
> why you fee
On 2/24/21 6:26 AM, Joe Acquisto-j4 wrote:
For now I will settle on a cron job script that peeks at the hold queue
every so often and alerts someone (me) with an alert.
*nod*nod*
I have a daily cron job that runs a script which shows me:
- Number of messages which are:
- Normally queue
Hi there,
On Wed, 24 Feb 2021, Joe Acquisto-j4 wrote:
I tend to agree with the "NO" votes. But, in the postfix "FILTER_README"
the author(s) suggest it is not a great idea, these days, to send the email
back to the sender, as the sender is very likely to be "spoofed".
You need to understand t
>> Citeren Joe Acquisto-j4 :
>>
>>> Another question from the peanut gallery (a kids TV show reference from
>>> the 1950's. Which should tell you something) . . .
>>>
>>> With a local test email EICAR is detected and fed back to postfix.
>>> Ends up in hold queue as you would expect as
>>> per
Hi there,
On Wed, 24 Feb 2021, Andrew C Aitchison via clamav-users wrote:
On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
Wondering now what people generally do with infected mail? That is, is
there a general consensus?
Would it be "safe" (for the systems) to simply send the mail through, to th
On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
Wondering now what people generally do with infected mail? That is, is there a
general consensus?
Would it be "safe" (for the systems) to simply send the mail through, to the end
use and merely tag the subject line with "Virus Detected" as SPAM mess
> Citeren Joe Acquisto-j4 :
>
>> Another question from the peanut gallery (a kids TV show reference from
>> the 1950's. Which should tell you something) . . .
>>
>> With a local test email EICAR is detected and fed back to postfix.
>> Ends up in hold queue as you would expect as
>> per below as
Citeren Joe Acquisto-j4 :
Another question from the peanut gallery (a kids TV show reference from
the 1950's. Which should tell you something) . . .
With a local test email EICAR is detected and fed back to postfix.
Ends up in hold queue as you would expect as
per below as /var/log/mail says:
Another question from the peanut gallery (a kids TV show reference from
the 1950's. Which should tell you something) . . .
With a local test email EICAR is detected and fed back to postfix.
Ends up in hold queue as you would expect as
per below as /var/log/mail says: (snipped)
"postfix/cleanup[
Citeren "G.W. Haywood via clamav-users" :
This is not to say that it can't be worked around by the configuration
of clamav-milter directly, of course it can, but if he does that he'll
be confused by the next update, when it bleats about files having been
changed from the versions which were dist
> Citeren Joe Acquisto-j4 :
>
Citeren "G.W. Haywood via clamav-users" :
> Hi there,
>
> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>
>> Seems starting or restarting clamav-milter (systemctl restart
>> clamav-milter.service)
>> changes owner and group of /va
Citeren Joe Acquisto-j4 :
Citeren "G.W. Haywood via clamav-users" :
Hi there,
On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
Seems starting or restarting clamav-milter (systemctl restart
clamav-milter.service)
changes owner and group of /var/run/clamav-milter.socket to root
which make the
sock
>
>>> Citeren "G.W. Haywood via clamav-users" :
>>>
Hi there,
On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
> Seems starting or restarting clamav-milter (systemctl restart
> clamav-milter.service)
> changes owner and group of /var/run/clamav-milter.socket to roo
Hi there,
On Tue, 23 Feb 2021, Arjen de Korte via clamav-users wrote:
Citeren "G.W. Haywood via clamav-users" :
This isn't about clamav-milter, it's about your system and the way it
does things. Try reading some of the the systemd 'man' pages, e.g.
It *is* about clamav-miiter. The owner an
>> Citeren "G.W. Haywood via clamav-users" :
>>
>>> Hi there,
>>>
>>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>>>
Seems starting or restarting clamav-milter (systemctl restart
clamav-milter.service)
changes owner and group of /var/run/clamav-milter.socket to root
whi
> Citeren "G.W. Haywood via clamav-users" :
>
>> Hi there,
>>
>> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>>
>>> Seems starting or restarting clamav-milter (systemctl restart
>>> clamav-milter.service)
>>> changes owner and group of /var/run/clamav-milter.socket to root
>>> which make the
Citeren "G.W. Haywood via clamav-users" :
Hi there,
On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
Seems starting or restarting clamav-milter (systemctl restart
clamav-milter.service)
changes owner and group of /var/run/clamav-milter.socket to root
which make the
socket inaccessible to postf
> Hi there,
>
> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>
>> Seems starting or restarting clamav-milter (systemctl restart
> clamav-milter.service)
>> changes owner and group of /var/run/clamav-milter.socket to root which make
> the
>> socket inaccessible to postfix (at least).
>
> This
Hi there,
On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
Seems starting or restarting clamav-milter (systemctl restart
clamav-milter.service)
changes owner and group of /var/run/clamav-milter.socket to root which make the
socket inaccessible to postfix (at least).
This isn't about clamav-milter
Seems starting or restarting clamav-milter (systemctl restart
clamav-milter.service)
changes owner and group of /var/run/clamav-milter.socket to root which make the
socket inaccessible to postfix (at least).
I found some reference to a similar concern dated 2009 and 2013.
Does not appear rel
I did some testing and it seems that, if I use the local unix socket the
clamav-milter => clamd communication don't works but it works if I use the
network socket.
Pierluigi
On Sun, Mar 22, 2020 at 1:11 PM Pierluigi Frullani <
pierluigi.frull...@gmail.com> wrote:
> After fixing ( thanks Gary ) t
After fixing ( thanks Gary ) the problem with freshclam I'm facing another
problem.
- clamd running fine
- clamav-milter running fine
All the mails get rejected with 5.7.1 Command rejected.
What i've noticed it that in the clamax-milter log file there is this
"ERROR: Unknown reply from clamd" w
Gerard E. Seibert via clamav-users wrote:
On Mon, 23 Dec 2019 08:04:13 +0100, Alessandro Vesely via clamav-users
stated:
Perhaps you could try and match From:snopescom-.*@cmail20.com?
Actually, it is the "@cmail20.com" part changes also.
I've also got cmail1 and cmail2 in my ham collection
On Mon, 23 Dec 2019 08:04:13 +0100, Alessandro Vesely via clamav-users
stated:
>Perhaps you could try and match From:snopescom-.*@cmail20.com?
Actually, it is the "@cmail20.com" part changes also.
--
Jerry
___
clamav-users mailing list
clamav-user
On Sun 22/Dec/2019 12:26:04 +0100 Gerard E. Seibert via clamav-users wrote:
> I have this line in that file:
>
> From:market...@snopes.com
>
> However, that file is being blocked with this message in the
> clamav-milter.log file:
>
> Fri Dec 20 20:12:00 2019 -> Message from
> to
> <> in
clamav-milter 0.102.1
FreeBSD 11.3-p5
Either I am not understanding how the "WHITELIST" works with
clamav-milter, or it is not working as I thought it would.
# This option specifies a file which contains a list of basic POSIX regular
# expressions. Addresses (sent to or from - see below) matching
clamav-milter 0.102.1
FreeBSD 11.3-RELEASE-p5
I seem to be having a problem with the 'clamav-milter' "Whitelist"
option. I created a list I thought was correct. This is an example. I
truncated the file for brevity's sake.
# clamav-milter 'white listed addresses'
#
From:datacenterknowle...@enews.d
On 13.11.19 11:21, Chris Conn wrote:
I am trying to use the ClamdSocket tcp: and am successfully connecting
to port 3310 of a clamd daemon on remote hosts to scan using
clamav-milter.
The hostname I configured points to a pool
ClamdSocket tcp:mypool.mydomain.com
this resolves to 4 IP address
Hello,
I am trying to use the ClamdSocket tcp: and am successfully connecting
to port 3310 of a clamd daemon on remote hosts to scan using clamav-milter.
The hostname I configured points to a pool
ClamdSocket tcp:mypool.mydomain.com
this resolves to 4 IP addresses
I am surprised to see that
Citeren Yasuhiro KIMURA :
Hello Micah,
From: "Micah Snyder \(micasnyd\) via clamav-users"
Subject: Re: [clamav-users] clamav-milter not being built for 0.102.0
Date: Tue, 5 Nov 2019 18:19:21 +
Thanks for reaching out. I’m also CC’ing the binary package
maintainers maili
Hello Micah,
From: "Micah Snyder \(micasnyd\) via clamav-users"
Subject: Re: [clamav-users] clamav-milter not being built for 0.102.0
Date: Tue, 5 Nov 2019 18:19:21 +
> Thanks for reaching out. I’m also CC’ing the binary package maintainers
> mailing list on this reply.
&
: Re: [clamav-users] clamav-milter not being built for 0.102.0
Hello Micah,
2019年10月3日木曜日 Micah Snyder (micasnyd) via clamav-users
mailto:clamav-users@lists.clamav.net>>:
Hi lukn,
You're not missing something. It appears that configure changes between ClamAV
0.102.0-rc and 0.102.0 bro
On Tue, November 5, 2019 06:56, Yasuhiro KIMURA wrote:
> Hello Micah,
>
>
> 2019å¹´10æ3æ¥æ¨ææ¥ Micah Snyder (micasnyd) via clamav-users <
> clamav-users@lists.clamav.net>:
>
>
>> Hi lukn,
>>
>>
>> You're not missing something. It appears that configure changes between
>> ClamAV 0.102.0-rc a
Hello Micah,
2019年10月3日木曜日 Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net>:
> Hi lukn,
>
> You're not missing something. It appears that configure changes between
> ClamAV 0.102.0-rc and 0.102.0 broke building of clamav-milter.
>
> We will identify the exact issue and i
Hi Micah,
On Mon, 7 Oct 2019, Micah Snyder (micasnyd) wrote:
On 10/6/19, 11:39 AM, G.W. Haywood wrote:
> On Wed, 2 Oct 2019, Micah Snyder (micasnyd) via clamav-users wrote:
> >
> > We will identify the exact issue and include a fix for it in a
> > 0.102.1 patch release along with one or two oth
Ged,
Can you be more specific? I just got up, drinking my first cup of tea (ran out
of coffee), but issue isn't ringing any bells with me at the moment.
-Micah
On 10/6/19, 11:39 AM, "clamav-users on behalf of G.W. Haywood via
clamav-users" wrote:
Hi Micah,
On Wed, 2 Oct 2019
Hi Micah,
On Wed, 2 Oct 2019, Micah Snyder (micasnyd) via clamav-users wrote:
We will identify the exact issue and include a fix for it in a
0.102.1 patch release along with one or two other bug fixes.
If you can squeeze in a check somewhere that the temporary directory
exists and is writeabl
Thank you Micah
In that case I'll just lean back and wait for the bugfix release :-)
On 02.10.19 22:52, Micah Snyder (micasnyd) wrote:
> Hi lukn,
>
> You're not missing something. It appears that configure changes between
> ClamAV 0.102.0-rc and 0.102.0 broke building of clamav-milter.
>
>
Hi lukn,
You're not missing something. It appears that configure changes between ClamAV
0.102.0-rc and 0.102.0 broke building of clamav-milter.
We will identify the exact issue and include a fix for it in a 0.102.1 patch
release along with one or two other bug fixes.
I'm sorry for the confus
Hello list
Previous versions built perfectly, but on same build host 0.102.0 does
not build clamav-milter, but also does not show any obvious error
message as to why not.
Build hosts: Centos 6 (CentOS release 6.10 (Final)) and Centos 7 (CentOS
Linux release 7.6.1810 (Core)) - admitted, I should m
> Jul 23 11:45:39 storm clamd[22351]: LibClamAV Error: yyerror():
>> /var/lib/clamav/packer.yar line 82 undefined identifier "pe"
>>
>
> remove yar rules
>
> clamav is unstable with yara, google it
>
Yes just found
https://github.com/extremeshok/clamav-unofficial-sigs/issues/203#issuecomment-400
Robert Kudyba skrev den 2018-07-30 16:23:
Jul 23 11:45:39 storm clamd[22351]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 82 undefined identifier "pe"
remove yar rules
clamav is unstable with yara, google it
and systemd is not working with milter interfaces
__
Any other suggestions on this? Still getting /var/log/clamav-milter.log:
Mon Jul 30 08:55:09 2018 -> Probe for slot 1 returned: success
So I'm pretty sure it's the setting in /etc/mail/sendmail.mc that needs
updating. Here's what we have:
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav-
>
> However I still get these errors in sendmail:
>> Milter: data, reject=451 4.3.2 Please try again later
>>
>
> the syslog entry should give us more information.
>
Jul 23 11:45:33 storm systemd[1]: clamd@scan.service: Main process exited,
code=killed, status=6/A
BRT
Jul 23 11:45:33 storm system
On 17.07.18 15:50, Robert Kudyba wrote:
An update, I got clamav-milter to run, from the clamav-milter logs:
ps -auwx | grep clam
clamupd+ 2252 0.0 0.0 50740 3832 ?Ss Jul11 0:45
/usr/bin/freshclam -d -c 4
clamscan 18943 0.0 4.6 1406760 1142296 ? Ssl 15:34 0:00
/usr/sbin/
An update, I got clamav-milter to run, from the clamav-milter logs:
Tue Jul 17 15:34:15 2018 -> +++ Started at Tue Jul 17 15:34:15 2018
Tue Jul 17 15:34:15 2018 -> Probe for slot 1 returned: success
Tue Jul 17 15:35:50 2018 -> +++ Started at Tue Jul 17 15:35:50 2018
Tue Jul 17 15:35:50 2018 -> Prob
/var/run/clamd.scan/clamd.sock
srw-rw-rw- 1 clamscan clamscan 0 Jul 16 10:57 /var/run/clamd.scan/clamd.sock
On Mon, Jul 16, 2018, 12:27 PM Micah Snyder (micasnyd)
wrote:
> What are your current user/group ownership and permissions on:
> /var/run/clamd.scan/clamd.sock ?
>
> Regards,
> Micah
>
>
What are your current user/group ownership and permissions on:
/var/run/clamd.scan/clamd.sock ?
Regards,
Micah
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 16, 2018, at 12:19 PM, Robert Kudyba
mailto:rkud...@fordham.edu>> wrote:
I set:
MilterSocketGroup clamscan
User cl
I set:
MilterSocketGroup clamscan
User clamscan
Still getting the permission denied.
Note the process:
clamscan 30407 1.4 4.6 1406020 1150544 ? Ssl 10:57 1:08
/usr/sbin/clamd -c /etc/clamd.d/scan.conf
And I added most of the clamav-related users to the closely name groups:
clamilt:x:123
Hi Robert,
clamav-milter is a separate process that interacts with clamd. What user are
you running clamav-milter under? It seems as thought clamav-milter doesn't
have permission to access the clamd socket file to interact with clamd.
Regarding multiple socket options:
You are correct in tha
Thanks Micah, now getting a different error:
Jul 16 10:59:23 storm clamav-milter[32079]: ClamAV: Unable to remove
/var/run/clamd.scan/clamd.sock: Permission denied
Jul 16 10:59:23 storm clamav-milter[32079]: ERROR: Failed to create socket
/var/run/clamd.scan/clamd.sock
Jul 16 10:59:23 storm clamav-
It looks to me like you have 2 types of sockets set up in your milter config,
and only 1 type of socket set up in your clamd config:
ClamdSocket tcp:localhost:3310
ClamdSocket unix:/var/run/clamd.scan/clamd.sock
Lines in /etc/clamd.d/scan.conf
TCPSocket 3310
TCPAddr 127.0.0.1
You should use o
Well I changed sendmail.mc to:
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav-milter/clamav-milter.socket,F=,
T=S:4m;R:4m')dnl
But now in clamav-milter.log I see these errors:
Thu Jul 12 13:46:40 2018 -> Probe for slot 1 returned: success
Thu Jul 12 13:46:40 2018 -> Probe for slot 2 re
On Tue, 10 Jul 2018, Robert Kudyba wrote:
>Hello hive,
>
>Running:
>clamav-0.100.0-2.fc28.x86_64
>
>clamd, freshclam and clamav-milter all up and running:
>ps -auwx | grep clam
>clamupd+ 20336 0.0 0.0 50672 4016 ?Ss Jun29 1:15
>/usr/bin/freshclam -d -c 4
>clamav 23713 0.0 0.0 1
Hello hive,
Running:
clamav-0.100.0-2.fc28.x86_64
clamd, freshclam and clamav-milter all up and running:
ps -auwx | grep clam
clamupd+ 20336 0.0 0.0 50672 4016 ?Ss Jun29 1:15
/usr/bin/freshclam -d -c 4
clamav 23713 0.0 0.0 176780 1160 ?Ssl 13:23 0:00
/usr/sbin/clam
d
problem.
Also I've gone back to CentOS' native .service files for clamd and
clamav-milter. All is working well AFAICT.
unix:socket is just snakebit, and haunted...
> Original Message ----
> Subject: Re: [clamav-users] clamav-milter Can't Find Clamd
> Local Ti
tures and the rest of the mailsystem get started
too soon
Original Message ----
Subject: Re: [clamav-users] clamav-milter Can't Find Clamd
Local Time: November 7, 2017 4:26 PM
UTC Time: November 8, 2017 12:26 AM
From: h.rei...@thelounge.net
To: clamav-users@lists.clam
> Subject: Re: [clamav-users] clamav-milter Can't Find Clamd
> Local Time: November 7, 2017 4:26 PM
> UTC Time: November 8, 2017 12:26 AM
> From: h.rei...@thelounge.net
> To: clamav-users@lists.clamav.net
>
> Am 08.11.2017 um 00:06 schrieb Colony.three:
>
>> Am 07.11.2
Am 08.11.2017 um 00:06 schrieb Colony.three:
Am 07.11.2017 um 22:46 schrieb Colony.three:
So much for that theory. There are about a million of these in the logfile.
It's not making its own socket for unknown reasons which may be New To Science.
well, that looks like clamd is restarted agai
Am 07.11.2017 um 22:46 schrieb Colony.three:
>> So much for that theory. There are about a million of these in the logfile.
>> It's not making its own socket for unknown reasons which may be New To
>> Science.
>>
>> well, that looks like clamd is restarted again and again because it's
>> failing
Am 07.11.2017 um 22:46 schrieb Colony.three:
So much for that theory. There are about a million of these in the logfile.
It's not making its own socket for unknown reasons which may be New To Science.
well, that looks like clamd is restarted again and again because it's
failing, most like
> But I'm beginning to gather that the reason clamd is not creating its socket
> is that it's still loading current pattern databases. It's consuming 98% of
> CPU, although I'm not seeing any sign of network traffic, which seems odd.
> The signature database (main.cld) is 300MB and daily.cld i
> On Tue, 7 Nov 2017, Colony.three wrote:
>
>> Since I installed clamd a week ago, I've had to manually create the
>> /run/clamd.scan directory and the clamd.sock file. The clamd daemon is not
>> doing this even though it is running as root.
>>
>> ps aux |grep clamd
>>
>> root 1963 93.0 25.5 3459
On Tue, 7 Nov 2017, Colony.three wrote:
> Since I installed clamd a week ago, I've had to manually create the
> /run/clamd.scan directory and the clamd.sock file. The clamd daemon is not
> doing this even though it is running as root.
> # ps aux |grep clamd
> root 1963 93.0 25.5 345992 258
> Hi,
>
>> Have you checked the directory permissions:
>>
>> ls -ld /var/run/clamd.scan /run/clamd.scan
>>
>> Regards
>> Mark.
>
> Sure, it's the third one up from this post.
Since I installed clamd a week ago, I've had to manually create the
/run/clamd.scan directory and the clamd.sock file. Th
1 - 100 of 1262 matches
Mail list logo
