Navigation

andypl · #1 22nd May 2007, 12:31

Hi
I have problem with clamav on ispconfig.
Clamav use up 99.9 % cpu the consider is switching to clamd/clamdscan.
My question is how to disable clamscan and enable clamd on ispconfig ?
Sorry for my pour english
Best regards

till · #2 22nd May 2007, 13:18

To enable clamd instead of clamav, you must first install the clamd daemon of your linux distribution. Then edit the file /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin and reconfigure clamassassin to use clamd of your linux distribution instead of clamav that comes with ISPconfig.

andypl · #3 22nd May 2007, 16:40

Found this solutions on web

I modify antivirus.rc.master
Maybe some users helps

Now i have fresh ClamAV version

# Rules for running ClamAV

CLAMSCAN=/usr/bin/clamdscan
VIRUSTARGET=/dev/null

:0
* > 10000
* multipart
{
# Okay, large multipart message run through clamscan
VIRUS=`$CLAMSCAN --mbox --disable-summary --stdout -`

:0 Di
* VIRUS ?? FOUND
$VIRUSTARGET

till · #4 22nd May 2007, 16:52

I still recommend to modify the clamassassin script instaed of modifying the antivirus.rc.master.

Your solution might work for you but be aware that e.g. the --mbox option is not supported anymore in the latest clamav versions.

Davide · #5 21st June 2007, 00:22

Quote:

Originally Posted by till

To enable clamd instead of clamav, you must first install the clamd daemon of your linux distribution. Then edit the file /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin and reconfigure clamassassin to use clamd of your linux distribution instead of clamav that comes with ISPconfig.

After doing this on a Debian 3.1, mail is being scanned by clamd, and deleted if it contains virus (tried with eicar), but warning mail is not sent to "antivirus admin", nor to sender.

Is it necessary to change something more to make warning mails work?

Thank you very much

till · #6 21st June 2007, 11:31

Which clamd / clamav version do you have installed? You need a 0.90.x version for the clamassassin script that is used in ISPConfig.

Davide · #7 21st June 2007, 11:54

I have installed 0.90.3 from debian-volatile:

Code:

dpkg --get-selections |grep clam |awk {'print $1'}|while read pkg
> do
> apt-cache policy $pkg
> done
clamav-base:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages
     0.84-2.sarge.16 0
        500 http://security.debian.org sarge/updates/main Packages
     0.84-2.sarge.15 0
        500 http://ftp.fi.debian.org sarge/main Packages
clamav-daemon:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages
     0.84-2.sarge.16 0
        500 http://security.debian.org sarge/updates/main Packages
     0.84-2.sarge.15 0
        500 http://ftp.fi.debian.org sarge/main Packages
clamav-freshclam:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages
     0.84-2.sarge.16 0
        500 http://security.debian.org sarge/updates/main Packages
     0.84-2.sarge.15 0
        500 http://ftp.fi.debian.org sarge/main Packages
libclamav2:
  Installed: 0.90.3-0volatile1
  Candidate: 0.90.3-0volatile1
  Version Table:
 *** 0.90.3-0volatile1 0
        500 http://volatile.debian.org sarge/volatile/main Packages
        100 /var/lib/dpkg/status
     0.90.2-1~bpo.1 0
          1 http://www.backports.org sarge-backports/main Packages

till · #8 21st June 2007, 23:13

What exactly did you use. The modification I recommended as described here:

http://www.howtoforge.com/forums/sho...t=clamassassin

or the modification from andypl in this thread? If you just modified the antivirus.rc.master as decribed in this thread, you will not have notification emails as this is only supported when you use the clamassassin script.

Davide · #9 22nd June 2007, 09:20

Quote:

Originally Posted by till

What exactly did you use. The modification I recommended as described here:

http://www.howtoforge.com/forums/sho...t=clamassassin

I've used the modification you reccommends:

Code:

# grep "CLAMSCAN=" /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin
#CLAMSCAN=/home/admispconfig/ispconfig/tools/clamav/bin/clamscan
CLAMSCAN=/usr/bin/clamdscan
  SHORTCLAMSCAN=`${ECHO} ${CLAMSCAN} | ${SED} -e "s/.*\///"`

Code:

# grep "ScanMail" /etc/clamav/clamd.conf
ScanMail true

Code:

# grep "NotifyClamd" /etc/clamav/freshclam.conf
NotifyClamd /etc/clamav/clamd.conf

Code:

# grep "NotifyClamd" /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf
#NotifyClamd
#NotifyClamd /config/file/path
NotifyClamd /etc/clamav/clamd.conf

I haven't changed anymore...

till · #10 22nd June 2007, 11:12

The changes look ok. Then I have no Idea why the notifications do not work. Have you checked the mail.log that really no email was send by the clamassassin script?

Navigation

Facebook

News

Recent comments

Newsletter