Steps to install clamav on my 1&1/FC6/PSA8.6/SA3.25?

[nickpick]

I noticed following:

The mysql on this server is: 5.0.45-7
Before I installed atomic.repo, I ran a test "yum update".
Then there were no mysql updates (it only uses centos repo).
After installing and activating atomic.repo and test running "yum update" I got the above mentioned mysql update from ART.

So I disabled the atomic.repo again (just because I am curious) and once again test running: yum update
Then no mysql listed anymore.

To me it seems as if in your repo there is a newer mysql available then in the centos repo?

 

[atomicturtle]

Thats correct, Mysql 5.0.58 is in [atomic], and 5.0.76 is in [atomic-testing]

 

[nickpick]

Clam down..

This morning I received several calls from customers complaining they got no mail all weekend.
Investigating: /usr/local/psa/var/log/maillog
showed following errors:

Mar 9 08:41:52 ceres X-Qmail-Scanner-2.02st: [ceres.<hostname here>12365845127911353] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

Solution:
[root@ceres ]# /etc/rc.d/init.d/clamd restart
Stopping Clam AntiVirus Daemon: [FAILED]
Starting Clam AntiVirus Daemon: [ OK ]

After that the mail worked again.
And slowly all mail from last weekend dropped in.

How can this happen?

 

[atomicturtle]

You should get something set up to monitor clamd and restart it if it crashes. We use psmon to do it, which is available in both ASL and in the atomic repo

 

[nickpick]

new problems

I am getting following errors when running /usr/bin/freshclam

ClamAV update process started at Mon May 4 12:24:53 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94.2 Recommended version: 0.95.1
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
ERROR: chdir_tmp: Can't create directory ./clamav-fb281f92d3a906ba5f07946dd67393f9
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: getfile: Can't create new file /var/clamav/clamav-22cdf4949e277e1e296508186f4fcd59 in /var/clamav
Hint: The database directory must be writable for UID 111 or GID 101
WARNING: Can't download daily.cvd from db.local.clamav.net

Also Horde is having problems when sending mail: Een fout bij het verzenden van uw bericht: sendmail returned error code 111

And in /var/log/httpd/error_log there are some lines: qmail-inject: fatal: qq temporary problem (#4.3.0)

Any ideas ??

 

[breun]

Multiple problems here:

1. ClamAV 0.94.2 is not the current version. Update your system.
2. /var/clamav has incorrect owner/permissions. You can manually fix this, but installing the update should fix this automatically.
3. The qq temporary problem. I don't know what's causing this. Have you tried running qmail-scanner-reconfigure (make sure ClamAV and SpamAssassin are running when you do or they won't be configured to be used by qmail-scanner)?

 

[atomicturtle]

Sounds like you need to upgrade clamav, and something has changed the permissions on your directories. An upgrade will probably fix that

 

[nickpick]

Many thanks guys. You are fast.

 

[nickpick]

Still a problem.
Ok, i tried to use my mind and did following:

yum update clamd qmail-scanner
qmail-scanner-reconfigure
/usr/bin/freshclam

all ok, but the freshclam puts out this:

ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

Here are the properties:
-rw-r----- 1 qscand qscand 3002 May 4 12:53 /var/log/clamav/freshclam.log

So what should I do to fix this?
All email seems to be running fine.

 

[roadrash]

user permision problem.

Seems like a user permission problem.

Probably this would make it possible for you to update: /usr/bin/freshclam -u root

I see your freshclam.log is owned by user qscand and group qscand.
And most likely the system thinks it is user "clamav"

So edit /etc/freshclam.conf to change this into:

DatabaseOwner qscand

then edit the logrotate too: /etc/logrotate.d/freshclam

Change following: create 644 qscand qscand

Hey beun and turtle, can you confirm this?

 

[nickpick]

Thank you,

It seems to work.
Only CRON came with an E-mail message:

/etc/cron.daily/freshclam:
WARNING: Ignoring deprecated option --log-verbose

So I removed the line "--log-verbose" from /etc/cron.daily/freshclam

Dear Atomicturtle.
As I used your repo to upgrade, is this some kind of known bug?
Or did I do something wrong?

 

[atomicturtle]

Sounds like you have the old version still, because that line isnt in freshclam.cron in 0.95.1-2. It was changed if I recall correctly in 0.95.

 

[nickpick]

That's weird..
Here is the result of "yum update clamd qmail-scanner":

Transaction Test Succeeded
Running Transaction
Updating : clamav ######################### [1/6]
warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew
Updating : clamd ######################### [2/6]
warning: /etc/clamd.conf created as /etc/clamd.conf.rpmnew
Updating : qmail-scanner ######################### [3/6]
Cleanup : clamav ######################### [4/6]
Cleanup : clamd ######################### [5/6]
Cleanup : qmail-scanner ######################### [6/6]

Updated: clamav.x86_64 0:0.95.1-2.el5.art clamd.x86_64 0:0.95.1-2.el5.art qmail-scanner.noarch 1:2.05-3.el5.art
Complete!

And an rpm -qa results:

rpm -qa | grep clam
clamd-0.95.1-2.el5.art
clamav-db-0.94.2-3.el5.art
clamav-0.95.1-2.el5.art

So what has gone wrong?
Did I forget something?

 

[calderwood]

Error with ClamAV updates - Atomic install

I installed ClamAV from Atomic and it seems to be working well and is integrated into SpamAssassin, however, I'm seeing some errors in the logs to do with the updates and not sure why:

Oct 20 11:06:19 ip-xxx-109-248-176 clamd[28099]: /var/spool/qscan/tmp/ip-xxx-109-248-176.ip.secureserver.net12560511787944756/orig-ip-xxx-109-248-176.ip.secureserver.net12560511787944756: Sanesecurity.Scam4.1644.UNOFFICIAL FOUND
Oct 20 11:07:26 ip-xxx-109-248-176 clamd[28099]: /var/spool/qscan/tmp/ip-xxx-109-248-176.ip.secureserver.net12560512467944988/orig-ip-xxx-109-248-176.ip.secureserver.net12560512467944988: Sanesecurity.Junk.11224.UNOFFICIAL FOUND
Oct 20 11:16:49 ip-xxx-109-248-176 clamd[28099]: SelfCheck: Database status OK.
Oct 20 11:17:25 ip-xxx-109-248-176 xinetd[6272]: warning: can't get client address: Connection reset by peer
Oct 20 11:21:00 ip-xxx-109-248-176 xinetd[6768]: warning: can't get client address: Connection reset by peer
Oct 20 11:27:02 ip-xxx-109-248-176 clamd[28099]: SelfCheck: Database status OK.
Oct 20 11:28:56 ip-xxx-109-248-176 xinetd[7956]: warning: can't get client address: Connection reset by peer
Oct 20 11:37:17 ip-xxx-109-248-176 clamd[28099]: SelfCheck: Database status OK.