4.62.9-1 & MailScanner --lint [FIXED - but why?]
Julian Field
MailScanner at ecs.soton.ac.uk
Thu Aug 2 09:57:41 IST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Quentin Campbell wrote:
> Phil
>
> Thanks for the reply.
>
> Where are your 'main.cvd' and 'daily.cvd' files kept?
>
> A little more research and digging found the problem but I am unclear as
> to how the situation came about. There is now a new maintenance problem
> to be resolved and some worrying questions.
>
> The " LibClamAV Warning: *** The virus database is older than 7 days.
> ***" message arises because there was a second location containing very
> old (July 26, 2005) copies of main.cvd and daily.cvd under
> /usr/local/share/clamav. In my current installation I keep the '.cvd'
> files under /usr/local/clamav.
>
> If I remove the 'clamav' sub-directory from /usr/local/share or remove
> the two files from under it then 'MailScanner --lint' complains. If I
> copy my current two '.cvd' files from /usr/local/clamav to
> /usr/local/share/clamav then MailScanner --lint works OK.
>
> QUESTIONS:
>
> 1. When was the /usr/local/share/clamv sub-directory created and why?
>
A long time ago, it's where my sigs have always been.
> 2. Why is a /usr/local/share/clamav needed when my
> /usr/local/etc/freshclam.conf file specifies /usr/local/clamav as the
> '.cvd' files location?
>
But only freshclam looks at freshclam.conf.
> 3. Has 'clamavmodule' been using these very old '.cvd' files for virus
> detection?
>
Probably.
> 4. There is the maintenance issue - how do I keep the
> /usr/local/share/clamav/*.cvd files up to date? ANSWER: I suppose when
> using 'clamavmodule' I should change /usr/local/etc/freshclam.conf and
> replace
>
> DatabaseDirectory /usr/local/clamav
>
> with
>
> DatabaseDirectory /usr/local/share/clamav
>
Yes, I would do that. AFAIAA the DatabaseDirectory has always been
/usr/local/share/clamav.
> Alternately I can make /usr/local/share/clamav a link to
> /usr/local/clamav (or vice versa). What is best?
>
Correct your DatabaseDirectory.
> Had I missed and important documented step when I swapped from using
> 'clamscan' to using 'clamavmodule'? If so I cannot find it!
>
I don't think so, no.
> Quentin
>
>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Randal, Phil
>> Sent: 01 August 2007 17:19
>> To: MailScanner discussion
>> Subject: RE: 4.62.9-1 & MailScanner --lint [MORE INFO]
>>
>> Works for me:
>>
>> MailScanner --lint
>> Checking version numbers...
>> Version number in MailScanner.conf (4.62.9) is correct.
>>
>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>
>> Checking for SpamAssassin errors (if you use it)...
>> SpamAssassin temp dir =
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> SpamAssassin reported no errors.
>> MailScanner.conf says "Virus Scanners = clamavmodule mcafee"
>> Found these virus scanners installed: clamavmodule, mcafee
>> =======================================================================
>>
> =
>
>> ===
>> Ignore errors about failing to find EOCD signature
>> format error: can't find EOCD signature
>> at /usr/sbin/MailScanner line 450
>> =======================================================================
>>
> =
>
>> ===
>> Virus Scanner test reports:
>> ClamAV Module said "eicar.com was infected: Eicar-Test-Signature"
>> McAfee said "/1/eicar.com Found: EICAR test file NOT a virus."
>>
>> If any of your virus scanners (clamavmodule,mcafee)
>> are not listed there, you should check that they are installed
>>
> correctly
>
>> and that MailScanner is finding them correctly via its
>> virus.scanners.conf.
>>
>> Cheers,
>>
>> Phil
>>
>> --
>> Phil Randal
>> Network Engineer
>> Herefordshire Council
>> Hereford, UK
>>
>>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>>> Of Quentin Campbell
>>> Sent: 01 August 2007 16:57
>>> To: MailScanner discussion
>>> Subject: FW: 4.62.9-1 & MailScanner --lint [MORE INFO]
>>>
>>> Julian
>>>
>>> The MailScanner --lint output I am getting is related to the
>>> fact that I
>>> have "Virus Scanners = clamavmodule mcafee". If I change that line in
>>> MailScanner.conf to be "Virus Scanners = clamav mcafee" then I get
>>>
> the
>
>>> following (more sensible) output from MailScanner --lint but also
>>>
> note
>
>>> confusion in the output over clamav/clamavmodule being installed:
>>>
>>> ------------- cut here
>>> [root at cheviot9 MailScanner]# MailScanner --lint
>>> Checking version numbers...
>>> Version number in MailScanner.conf (4.62.9) is correct.
>>>
>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>>
>>> Checking for SpamAssassin errors (if you use it)...
>>> SpamAssassin temp dir =
>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> SpamAssassin reported no errors.
>>> MailScanner.conf says "Virus Scanners = clamav mcafee"
>>> Found these virus scanners installed: clamavmodule, mcafee
>>> ==============================================================
>>> ==========
>>> ===
>>> Ignore errors about failing to find EOCD signature
>>> ==============================================================
>>> ==========
>>> ===
>>> Virus Scanner test reports:
>>> ClamAV said "eicar.com contains Eicar-Test-Signature"
>>> McAfee said "/1/eicar.com Found: EICAR test file NOT a virus."
>>>
>>> If any of your virus scanners (clamavmodule,mcafee)
>>> are not listed there, you should check that they are
>>> installed correctly
>>> and that MailScanner is finding them correctly via its
>>> virus.scanners.conf.
>>> [root at cheviot9 MailScanner]#
>>> ------------- cut here
>>>
>>> In addition I have just been using CPAN to install
>>> Mail::ClamAV on some
>>> other gateways and noted that when it does its post install tests it
>>> also notices that the database is out of date:
>>>
>>> ------------- cut here
>>>
>>>> install Mail::ClamAV
>>>>
>>> ...
>>> ...
>>> Manifying blib/man3/Mail::ClamAV.3pm
>>> /usr/bin/make -- OK
>>> Running make test
>>> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
>>> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
>>> t/Mail-ClamAV....ok 2/10LibClamAV Warning:
>>> **************************************************
>>> LibClamAV Warning: *** The virus database is older than 7 days. ***
>>> LibClamAV Warning: *** Please update it IMMEDIATELY! ***
>>> LibClamAV Warning: **************************************************
>>> t/Mail-ClamAV....ok
>>>
>>> All tests successful.
>>> Files=1, Tests=10, 2 wallclock secs ( 1.56 cusr + 0.16 csys = 1.72
>>> CPU)
>>> /usr/bin/make test -- OK
>>> Running make install
>>> Installing
>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Ma
>>> il/ClamAV/
>>> ClamAV.so
>>> Installing
>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Ma
>>> il/ClamAV/
>>> ClamAV.bs
>>> Files found in blib/arch: installing files in blib/lib into
>>> architecture
>>> dependent library tree
>>> Installing
>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm
>>> Installing /usr/share/man/man3/Mail::ClamAV.3pm
>>> Writing
>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Ma
>>> il/ClamAV/
>>> .packlist
>>> Appending installation info to
>>> /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod
>>> /usr/bin/make install -- OK
>>>
>>> cpan>
>>> ------------- cut here
>>>
>>> Quentin
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info
>>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
>>> Of Quentin
>>> Campbell
>>> Sent: 01 August 2007 15:36
>>> To: MailScanner discussion
>>> Subject: RE: 4.62.9-1 & MailScanner --lint
>>>
>>>
>>>> -----Original Message-----
>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>
> [mailto:mailscanner-
>
>>>> bounces at lists.mailscanner.info] On Behalf Of Julian Field
>>>> Sent: 01 August 2007 15:08
>>>> To: MailScanner discussion
>>>> Subject: Re: 4.62.9-1 & MailScanner --lint
>>>>
>>>> What does
>>>> grep -i clam /etc/MailScanner/virus.scanners.conf
>>>> say?
>>>>
>>> [snip]
>>>
>>> [root at cheviot4 log]# grep -i clam
>>>
> /etc/MailScanner/virus.scanners.conf
>
>>> clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
>>> clamd /bin/false /usr/local
>>> clamavmodule /bin/false /tmp
>>> [root at cheviot4 log]#
>>>
>>> Before requesting help I changed /tmp for /usr/local for the
>>> clamavmodule but that made no difference.
>>>
>>> Quentin
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
Jules
- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1
wj8DBQFGsZyGEfZZRxQVtlQRAgS8AKCMuXdVu8AD+PsafhQF8to2D7R9qgCffFe8
St60mrZGJM2BN+9fuIOeiwg=
=gRmZ
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
More information about the MailScanner
mailing list