Centos 5.2, MS, perl ClamAV module

Randal, Phil prandal at herefordshire.gov.uk
Fri Nov 28 10:28:36 GMT 2008 

It really is easy to upgrade to clamd.

In addition to what the wiki says on the subject (
http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav
:switch_to_rpm_clamd ), you'll need to remove /usr/local/lin/libclam*

I had to edit /var/www/html/mailscanner/functions.php, other.php, and
rep_viruses.php to get MailWatch to play properly with clamd.

The changes were trivial:

In functions.php

  case 'clamd':
   define(VIRUS_REGEX, '/(.+) was infected: (\S+)/');

In other.php

    <? if(!DISTRIBUTED_SETUP &&
preg_match('/clam/i',get_conf_var('VirusScanners'))): ?>
     <LI><A HREF="clamav_status.php">ClamAV Status</A>
    <? endif; ?>

(if you're already using clamav_status.php - can't remember if that was
in original MailWatch or a later patch)

In rep_viruses.php

  case("clamd"):
   $scanner[$vscanner]['name']  = "ClamD";
   $scanner[$vscanner]['regexp'] = "/(.+) was infected: (\S+)/";
   break;

I run clamdwatch.pl from crontab:

*/1 * * * * root /usr/local/bin/clamdwatch.pl -q && ( /usr/bin/killall
-9 clamd; rm -fr /tmp/clamd.socket; /etc/init.d/clamd start 2>&1 )

Hope this helps.

I'm not going to have the time to update the wiki, alas, so can someone
make the appropriate changes to that page?

Cheers,

Phil
--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
Services Division
Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: prandal at herefordshire.gov.uk

Any opinion expressed in this e-mail or any attached files are those of
the individual and not necessarily those of Herefordshire Council.

This e-mail and any attached files are confidential and intended solely
for the use of the addressee. This communication may contain material
protected by law from being passed on. If you are not the intended
recipient and have received this e-mail in error, you are advised that
any use, dissemination, forwarding, printing or copying of this e-mail
is strictly prohibited. If you have received this e-mail in error please
contact the sender immediately and destroy all copies of it.

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Rick
Cooper
Sent: 27 November 2008 19:24
To: 'MailScanner discussion'
Subject: RE: Centos 5.2, MS, perl ClamAV module

If you look at the change log there were several changes to the
libclamav api. Any time you see that you know that the perl module will
be broken

Rick 

 > -----Original Message-----
 > From: mailscanner-bounces at lists.mailscanner.info
 > [mailto:mailscanner-bounces at lists.mailscanner.info] On  > Behalf Of
David Lee  > Sent: Thursday, November 27, 2008 2:40 PM  > To:
MailScanner discussion  > Subject: Centos 5.2, MS, perl ClamAV module  >
>  > I'm aware that the topic of the perl ClamAV module is a frequent
one  > (because of the unfortunate habit of the clamav software to  >
change its  > interface on each minor release, requiring the perl module
> maintainer to  > do work).
 >
 > I've just tried a fresh install (64 bit Intel) of Centos  > 5.2,
MS-4.72.5-1  > and install-Clam-SA-latest.tar.gz
(install-Clam-0.94.1-SA-3.2.5).
 >
 > "install-Clam-0.94.1-SA-3.2.5" successfully builds the  > clamav
software  > itself (installing it into  >
"/usr/local/{bin,lib64,etc,include}" (etc.)  >  > It then tries to build
the perl ClamAV module, which fails:
 >     ClamAV.xs:308: error: 'CL_EFSYNC' undeclared (first use 
 > in this function)
 >     ClamAV.xs:321: error: 'CL_ELOCKDB' undeclared (first use 
 > in this function)
 >
 > Looking in the (just previously installed)  >
"/usr/local/include/clamav.h"
 > shows that "CL_EFSYNC" is commented out, and that  > "CL_ELOCKDB"
doesn't  > seem to exist at all.
 >
 > So the two clam-related bits of
 > "install-Clam-0.94.1-SA-3.2.5" would seem  > to be inconsistent.
 >
 > Is the recommendation is that we no longer use the perl  > ClamAV
module and  > instead use "clamd"?
 >
 > If so, then are all the pieces in place to ensure that the  > "clamd"
module  > is automatically invoked?  (The "chkconfig ..." and "service
> ... start"
 > or equivalents?)
 >
 >
 > --
 > 
 > :  David Lee                                I.T. Service          :
 > :  Senior Systems Programmer                Computer Centre       :
 > :  UNIX Team Leader                         Durham University     :
 > :                                           South Road            :
 > :  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
 > :  Phone: +44 191 334 2752                  U.K.                  :
 > --
 > MailScanner mailing list
 > mailscanner at lists.mailscanner.info
 > http://lists.mailscanner.info/mailman/listinfo/mailscanner
 >
 > Before posting, read http://wiki.mailscanner.info/posting
 >
 > Support MailScanner development - buy the book off the website! 
 >
 > --
 > This message has been scanned for viruses and  > dangerous content by
MailScanner, and is  > believed to be clean.
 >
 > 


--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list