Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 22nd May 2007, 13:31
andypl andypl is offline
Member
 
Join Date: Mar 2006
Location: Warsaw, Poland
Posts: 99
Thanks: 1
Thanked 3 Times in 3 Posts
Default Clamav use up 99.9 % cpu

Hi
I have problem with clamav on ispconfig.
Clamav use up 99.9 % cpu the consider is switching to clamd/clamdscan.
My question is how to disable clamscan and enable clamd on ispconfig ?
Sorry for my pour english
Best regards
Reply With Quote
Sponsored Links
  #2  
Old 22nd May 2007, 14:18
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

To enable clamd instead of clamav, you must first install the clamd daemon of your linux distribution. Then edit the file /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin and reconfigure clamassassin to use clamd of your linux distribution instead of clamav that comes with ISPconfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 22nd May 2007, 17:40
andypl andypl is offline
Member
 
Join Date: Mar 2006
Location: Warsaw, Poland
Posts: 99
Thanks: 1
Thanked 3 Times in 3 Posts
Default

Found this solutions on web

I modify antivirus.rc.master
Maybe some users helps
Now i have fresh ClamAV version

# Rules for running ClamAV

CLAMSCAN=/usr/bin/clamdscan
VIRUSTARGET=/dev/null

:0
* > 10000
* multipart
{
# Okay, large multipart message run through clamscan
VIRUS=`$CLAMSCAN --mbox --disable-summary --stdout -`

:0 Di
* VIRUS ?? FOUND
$VIRUSTARGET
Reply With Quote
  #4  
Old 22nd May 2007, 17:52
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

I still recommend to modify the clamassassin script instaed of modifying the antivirus.rc.master.

Your solution might work for you but be aware that e.g. the --mbox option is not supported anymore in the latest clamav versions.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 21st June 2007, 01:22
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 9 Times in 8 Posts
Default

Quote:
Originally Posted by till
To enable clamd instead of clamav, you must first install the clamd daemon of your linux distribution. Then edit the file /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin and reconfigure clamassassin to use clamd of your linux distribution instead of clamav that comes with ISPconfig.
After doing this on a Debian 3.1, mail is being scanned by clamd, and deleted if it contains virus (tried with eicar), but warning mail is not sent to "antivirus admin", nor to sender.

Is it necessary to change something more to make warning mails work?

Thank you very much
Reply With Quote
  #6  
Old 21st June 2007, 12:31
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Which clamd / clamav version do you have installed? You need a 0.90.x version for the clamassassin script that is used in ISPConfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 21st June 2007, 12:54
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 9 Times in 8 Posts
Default

I have installed 0.90.3 from debian-volatile:

Code:
dpkg --get-selections |grep clam |awk {'print $1'}|while read pkg
> do
> apt-cache policy $pkg
> done
clamav-base:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages
     0.84-2.sarge.16 0
        500 http://security.debian.org sarge/updates/main Packages
     0.84-2.sarge.15 0
        500 http://ftp.fi.debian.org sarge/main Packages
clamav-daemon:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages
     0.84-2.sarge.16 0
        500 http://security.debian.org sarge/updates/main Packages
     0.84-2.sarge.15 0
        500 http://ftp.fi.debian.org sarge/main Packages
clamav-freshclam:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages
     0.84-2.sarge.16 0
        500 http://security.debian.org sarge/updates/main Packages
     0.84-2.sarge.15 0
        500 http://ftp.fi.debian.org sarge/main Packages
libclamav2:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages
Reply With Quote
  #8  
Old 22nd June 2007, 00:13
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

What exactly did you use. The modification I recommended as described here:

http://www.howtoforge.com/forums/sho...t=clamassassin

or the modification from andypl in this thread? If you just modified the antivirus.rc.master as decribed in this thread, you will not have notification emails as this is only supported when you use the clamassassin script.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 22nd June 2007, 10:20
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 9 Times in 8 Posts
Default

Quote:
Originally Posted by till
What exactly did you use. The modification I recommended as described here:

http://www.howtoforge.com/forums/sho...t=clamassassin
I've used the modification you reccommends:

Code:
# grep "CLAMSCAN=" /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin
#CLAMSCAN=/home/admispconfig/ispconfig/tools/clamav/bin/clamscan
CLAMSCAN=/usr/bin/clamdscan
  SHORTCLAMSCAN=`${ECHO} ${CLAMSCAN} | ${SED} -e "s/.*\///"`
Code:
# grep "ScanMail" /etc/clamav/clamd.conf
ScanMail true
Code:
# grep "NotifyClamd" /etc/clamav/freshclam.conf
NotifyClamd /etc/clamav/clamd.conf
Code:
# grep "NotifyClamd" /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf
#NotifyClamd
#NotifyClamd /config/file/path
NotifyClamd /etc/clamav/clamd.conf
I haven't changed anymore...
Reply With Quote
  #10  
Old 22nd June 2007, 12:12
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
 
Default

The changes look ok. Then I have no Idea why the notifications do not work. Have you checked the mail.log that really no email was send by the clamassassin script?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ClamAV update to 0.90 made easy? rbartz Tips/Tricks/Mods 35 10th April 2008 12:11
Server sometimes (1 or 2 hrs) down :/ edge Server Operation 25 31st July 2006 14:44
Just installed Debian.. I'm not happy edge Installation/Configuration 10 18th June 2006 23:23
Clamav starting error scherpenzeel Installation/Configuration 3 19th May 2006 15:01
ClamAV for postfix-courier-mysql (Debian - Sarge) toastmaster HOWTO-Related Questions 2 24th February 2006 20:00


All times are GMT +2. The time now is 00:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.