Advise please

Jules Field MailScanner at ecs.soton.ac.uk
Tue Jan 12 08:38:50 GMT 2010


Check /usr/local/lib and /usr/local/share as well, you will find 
references in there too. You need to check all of usr/local. This should 
help:
find /usr/local -name '*clam*' -print


On 11/01/2010 16:39, Dave Filchak wrote:
> Jules,
>
> Basically, what I have done is remove all references to clam* from 
> /usr/loca/bin and sbin. I already had the latest clamd installed under 
> /usr/bin and /usr/sbin. Updated the references under 
> virus.scanners.conf to point to the clamd installation under /usr/sbin 
> and mad sure the /etc/clamd.conf and MailScanner.conf socket directory 
> entries were both set to /tmp/ However, when I run MailScanner --lint, 
> it says:
>
>
> =========================================================================== 
>
> Filename Checks: Windows/DOS Executable (1 eicar.com)
> Other Checks: Found 1 problems
> Virus and Content Scanning: Starting
> Cannot find Socket (/tmp/clamd.socket) Exiting! at 
> /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3689
>
> The socket file is indeed in /tmp so why can't it find it? Also, 
> confused about the previous entry:
No it isn't. Is your clamd running at all? The socket file must be 
called "clamd.socket" in /tmp, not just be in /tmp somewhere, the name 
has to match too.
>
> MailScanner.conf says "Virus Scanners = clamd"
> Found these virus scanners installed: clamavmodule
That implies it can't find the socket file. Check your /etc/clamd.conf 
for the full name of the socket file.

>
> Shouldn't the second line say clamd as well?
>
> Dave
>
> On 11/01/2010 7:00 AM, Jules Field wrote:
>> Find every directory and file under /usr/local whose name mentions 
>> "clam" in it anywhere, and delete it.
>> Then install the clamd and related RPMs from packages.sw.be and make 
>> sure your /etc/clamd.conf contains the same socket location as your 
>> MailScanner.conf file does, or else they won't talk to each other. 
>> Also change your virus.scanners.conf to point to the new location and 
>> not /usr/local or whatever it says now.
>>
>> "MailScanner --lint" will show you if your setup is basically 
>> correct, it should find some viruses in its test message and complete 
>> without any errors.
>>
>> Jules
>>
>> On 10/01/2010 20:17, Dave Filchak wrote:
>>> I have come to realize that I have two versions of clamscan and two 
>>> versions of freshclam installed on my machine. This after getting 
>>> the "Your ClamAV Installation is OUTDATED". As well, have duplicate 
>>> libraries, two versions of clamd etc. I would like advise as to how 
>>> to clean this up and get it down to only one of each. I am using 
>>> clamd for scanning.
>>>
>>> I would prefer to use rpms for this but am not adverse to compiling 
>>> things. I am only one taking care of the servers and have lots of 
>>> other things on the go so quick and efficient is always good. Below 
>>> are the specs. I know the OS is old and needs to be updated. All are 
>>> scheduled to be replaced this year but may be later in the year so 
>>> would like to get things in the proper place, not duplicated and 
>>> easy to update until I have a new machine and a chance to deal with it.
>>>
>>> Had another fellow doing this before but now is just myself. All 
>>> help is very much appreciated.
>>>
>>> Let me know if any more info is required.
>>>
>>> Cheers,
>>>
>>> Dave
>>>
>>> whereis clamav
>>> clamav: /usr/include/clamav.h
>>>
>>> whereis clamd
>>> clamd: /usr/sbin/clamd /etc/clamd.conf /usr/local/sbin/clamd 
>>> /usr/local/etc/clamd.conf /usr/share/man/man8/clamd.8.gz
>>>
>>> whereis freshclam
>>> freshclam: /usr/bin/freshclam /etc/freshclam.conf 
>>> /usr/local/bin/freshclam /usr/local/etc/freshclam.conf 
>>> /usr/share/man/man1/freshclam.1.gz
>>>
>>> whereis clamscan
>>> clamscan: /usr/bin/clamscan /usr/local/bin/clamscan 
>>> /usr/share/man/man1/clamscan.1.gz
>>>
>>> ldd /usr/bin/freshclam
>>>         libclamav.so.6 => /usr/lib64/libclamav.so.6 
>>> (0x0000002a95568000)
>>>         libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a9573c000)
>>>         libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000)
>>>         libpthread.so.0 => /lib64/tls/libpthread.so.0 
>>> (0x0000003c2f500000)
>>>         libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000)
>>>         libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000)
>>>         libdl.so.2 => /lib64/libdl.so.2 (0x0000003c2ef00000)
>>>         /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000)
>>>
>>> ldd /usr/local/bin/freshclam
>>>         libclamav.so.4 => /usr/local/lib/libclamav.so.4 
>>> (0x0000002a95568000)
>>>         libz.so.1 => /usr/local/lib/libz.so.1 (0x0000002a95704000)
>>>         libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003c30300000)
>>>         libpthread.so.0 => /lib64/tls/libpthread.so.0 
>>> (0x0000003c2f500000)
>>>         libc.so.6 => /lib64/tls/libc.so.6 (0x0000003c2ec00000)
>>>         libgmp.so.3 => /usr/lib64/libgmp.so.3 (0x0000003c30900000)
>>>         libclamunrar_iface.so.4 => 
>>> /usr/local/lib/libclamunrar_iface.so.4 (0x0000002a9581b000)
>>>         libbz2.so.1 => /usr/lib64/libbz2.so.1 (0x0000003c36a00000)
>>>         /lib64/ld-linux-x86-64.so.2 (0x0000003c2ea00000)
>>>         libclamunrar.so.4 => /usr/local/lib/libclamunrar.so.4 
>>> (0x0000002a9591e000)
>>>
>>> MailScanner -V
>>> Running on
>>> Linux  2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 
>>> x86_64 x86_64 GNU/Linux
>>> This is CentOS release 4.3 (Final)
>>> This is Perl version 5.008005 (5.8.5)
>>>
>>> This is MailScanner version 4.78.17
>>> Module versions are:
>>> 1.00    AnyDBM_File
>>> 1.20    Archive::Zip
>>> 0.23    bignum
>>> 1.03    Carp
>>> 2.005   Compress::Zlib
>>> 1.119   Convert::BinHex
>>> 0.17    Convert::TNEF
>>> 2.121   Data::Dumper
>>> 2.27    Date::Parse
>>> 1.00    DirHandle
>>> 1.05    Fcntl
>>> 2.73    File::Basename
>>> 2.08    File::Copy
>>> 2.01    FileHandle
>>> 1.06    File::Path
>>> 0.20    File::Temp
>>> 0.78    Filesys::Df
>>> 1.35    HTML::Entities
>>> 3.56    HTML::Parser
>>> 2.37    HTML::TokeParser
>>> 1.23    IO
>>> 1.14    IO::File
>>> 1.13    IO::Pipe
>>> 2.04    Mail::Header
>>> 1.89    Math::BigInt
>>> 0.22    Math::BigRat
>>> 3.05    MIME::Base64
>>> 5.427   MIME::Decoder
>>> 5.427   MIME::Decoder::UU
>>> 5.427   MIME::Head
>>> 5.427   MIME::Parser
>>> 3.03    MIME::QuotedPrint
>>> 5.427   MIME::Tools
>>> 0.13    Net::CIDR
>>> 1.25    Net::IP
>>> 0.16    OLE::Storage_Lite
>>> 1.04    Pod::Escapes
>>> 3.05    Pod::Simple
>>> 1.08    POSIX
>>> 1.19    Scalar::Util
>>> 1.77    Socket
>>> 2.16    Storable
>>> 1.4     Sys::Hostname::Long
>>> 0.27    Sys::Syslog
>>> 1.26    Test::Pod
>>> 0.6     Test::Simple
>>> 1.68    Time::HiRes
>>> 1.02    Time::localtime
>>>
>>> Optional module versions are:
>>> 1.32    Archive::Tar
>>> 0.23    bignum
>>> 1.82    Business::ISBN
>>> 1.10    Business::ISBN::Data
>>> 1.08    Data::Dump
>>> 1.814   DB_File
>>> 1.25    DBD::SQLite
>>> 1.607   DBI
>>> 1.10    Digest
>>> 1.01    Digest::HMAC
>>> 2.36    Digest::MD5
>>> 2.11    Digest::SHA1
>>> 1.00    Encode::Detect
>>> 0.17008 Error
>>> 0.19    ExtUtils::CBuilder
>>> 2.18    ExtUtils::ParseXS
>>> 2.38    Getopt::Long
>>> 0.44    Inline
>>> 1.08    IO::String
>>> 1.04    IO::Zlib
>>> 2.21    IP::Country
>>> 0.22    Mail::ClamAV
>>> 3.002005        Mail::SpamAssassin
>>> v2.004  Mail::SPF
>>> 1.999001        Mail::SPF::Query
>>> 0.2808  Module::Build
>>> 0.20    Net::CIDR::Lite
>>> 0.65    Net::DNS
>>> 0.002.2 Net::DNS::Resolver::Programmable
>>> 0.31    Net::LDAP
>>>  4.004  NetAddr::IP
>>> 1.94    Parse::RecDescent
>>> missing SAVI
>>> 2.52    Test::Harness
>>> 0.95    Test::Manifest
>>> 1.98    Text::Balanced
>>> 1.35    URI
>>> 0.7203  version
>>> 0.65    YAML
>>>
>>
>> Jules
>>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list