Clamdscan on Debian Sarge

Discussion in 'Installation/Configuration' started by DarkBen, Jun 13, 2007.

  1. DarkBen

    DarkBen New Member

    Hi,

    i have configured my server (Debian 3.1) with clamdscan because my load average was > 95 % !!!

    I used this post http://www.howtoforge.com/forums/showthread.php?t=12864&highlight=clamd

    Version of ISPconfig : 2.2.12

    Version of Clamd 0.84

    Code:
    /etc/init.d/postfix stop
    /etc/init.d/ispconfig_server stop
    
    apt-get install clamav-base clamav-daemon clamav-freshclam libclamav1
    
    I changed the CLAMSCAN line in /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin

    Code:
    CLAMSCAN=/usr/bin/clamdscan
    In /etc/clamav/clamd.conf i didn't find "ScanMail true" but "ScanMail"

    In /etc/clamav/freshclam.conf and /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf I changed the NotifyClamd line :

    Code:
    NotifyClamd /etc/clamav/clamd.conf
    When i test with an eicar virus, the virus is not stoped !

    This is my mail header

    Code:
    X-Virus-Status: No
    X-Virus-Checker-Version: clamassassin 1.2.3 with clamdscan / ClamAV 0.84/3411/Tue Jun 12 16:55:03 2007
    Could you help me please ?

    thanks a lot !
     
    Last edited: Jun 13, 2007
  2. DarkBen

    DarkBen New Member

    I don't understand because when i read my clamav.log i find this lines :

    Code:
    Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
    Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
    Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
    Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
    Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
    
    This means that my clamdscan is working ?! But when i send an eicar virus i receive the mail with the virus !

    Could you help me ?

    thanks for your ideas :)
     
  3. DarkBen

    DarkBen New Member

    I answer to myself :eek:) it seems that the version of clamassassin is not compatible with clamav < 0.90.

    Do you think i can use a debian sarge backport version of clamav-daemon ? (backport.org) is it a risk ?

    thanks for your answers
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. DarkBen

    DarkBen New Member

    Thanks Till !

    it works perfectly with volatile version of clamav-daemon :D
    The load average of my server is ok now !

    Thanks for your great work !
     
  6. Davide

    Davide Member

    Hi!

    I have this setup running on debian 3.1 + volatile, but I have now debian's and ispconfig's freshclam running. I suppose that the good one is Debian's one, because debian's clamd is in use

    I think it's nonsense downloading databases twice (and a bandwith waste for clamav's project)
    Is it possible to use ispconfig's freshclam for updating debian's clamd database or should I disable ispconfig freshclam?
    How can I disable it?

    I can see debian's and ispconfig's clamav databases are in different format:
    Code:
    # ls -la /home/admispconfig/ispconfig/tools/clamav/share/clamav/daily.inc/
    total 1778
    drwxr-xr-x  2 admispconfig admispconfig     376 2007-06-20 10:12 .
    drwxr-xr-x  4 admispconfig admispconfig     136 2007-06-20 19:33 ..
    -rwxr-xr-x  1 admispconfig admispconfig   17992 2007-06-19 20:30 COPYING
    -rwxr-xr-x  1 admispconfig admispconfig      58 2007-06-19 20:30 daily.cfg
    -rwxr-xr-x  1 admispconfig admispconfig   23562 2007-06-19 20:30 daily.db
    -rwxr-xr-x  1 admispconfig admispconfig    3050 2007-06-19 20:30 daily.fp
    -rwxr-xr-x  1 admispconfig admispconfig    3407 2007-06-20 06:06 daily.hdb
    -rw-r--r--  1 admispconfig admispconfig     457 2007-06-20 10:12 daily.info
    -rwxr-xr-x  1 admispconfig admispconfig 1195216 2007-06-20 10:12 daily.mdb
    -rwxr-xr-x  1 admispconfig admispconfig  544940 2007-06-20 10:12 daily.ndb
    -rwxr-xr-x  1 admispconfig admispconfig    2248 2007-06-19 20:30 daily.pdb
    -rwxr-xr-x  1 admispconfig admispconfig     762 2007-06-19 20:30 daily.wdb
    -rwxr-xr-x  1 admispconfig admispconfig    2786 2007-06-19 20:30 daily.zmd
    Code:
    # ls -la /var/lib/clamav/
    total 9922
    drwxr-xr-x   2 clamav clamav     136 2007-06-20 20:08 .
    drwxr-xr-x  37 root   root       944 2007-04-29 14:12 ..
    -rw-r--r--   1 clamav clamav  786774 2007-06-20 19:08 daily.cvd
    -rw-r--r--   1 root   root   9351789 2007-06-20 18:48 main.cvd
    -rw-------   1 clamav clamav     208 2007-06-20 20:08 mirrors.dat
    
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    You can disable the ISPConfig freshclam by removinfg the line that starts freshclam in the script /etc/init.d/ispconfig_server
     
  8. kassie

    kassie New Member

    Hi Guys,

    I need to do this for ubuntu. When i run "apt-get install clamav-base clamav-daemon clamav-freshclam libclamav1" it gives me an error.

    Any help
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    One question. How shall we be able to help you, if you do not post the error message that you got ;) So, please post the exact error message and we will try to help you :)
     
  10. friday

    friday Member

    I think you need to change libclamav1 to libclamav2

    aka:

    apt-get install clamav-base clamav-daemon clamav-freshclam libclamav2
     
  11. Wareagle

    Wareagle New Member

    need help

    i have had a etch server (perfect) running for about a year. ispconfig working great, until a month ago. then server quit responding. found that clamav was maxing out resources, so i changed it to clamd and that fixed that part but now i am losing good emails. any advice would help. p.s. i figured it was time to upgrade so i built two perfect ubuntu servers with ispconfig 2.2.35 and put them in and in about a 1/2 hour they were doing the same thing. really stumped here. can you help

    Thanks Ernie
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The update replaced the changes that you made to enable clamd as clamav was updated too. To fix this, just redo the steps that you did before to enable clamd.
     

Share This Page