Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th June 2007, 12:29
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default Clamdscan on Debian Sarge

Hi,

i have configured my server (Debian 3.1) with clamdscan because my load average was > 95 % !!!

I used this post http://www.howtoforge.com/forums/sho...ighlight=clamd

Version of ISPconfig : 2.2.12

Version of Clamd 0.84

Code:
/etc/init.d/postfix stop
/etc/init.d/ispconfig_server stop

apt-get install clamav-base clamav-daemon clamav-freshclam libclamav1
I changed the CLAMSCAN line in /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin

Code:
CLAMSCAN=/usr/bin/clamdscan
In /etc/clamav/clamd.conf i didn't find "ScanMail true" but "ScanMail"

In /etc/clamav/freshclam.conf and /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf I changed the NotifyClamd line :

Code:
NotifyClamd /etc/clamav/clamd.conf
When i test with an eicar virus, the virus is not stoped !

This is my mail header

Code:
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.3 with clamdscan / ClamAV 0.84/3411/Tue Jun 12 16:55:03 2007
Could you help me please ?

thanks a lot !

Last edited by DarkBen; 13th June 2007 at 15:53.
Reply With Quote
Sponsored Links
  #2  
Old 13th June 2007, 16:47
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default

I don't understand because when i read my clamav.log i find this lines :

Code:
Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
Wed Jun 13 16:34:56 2007 -> stream: Email.Phishing.RB-792 FOUND
This means that my clamdscan is working ?! But when i send an eicar virus i receive the mail with the virus !

Could you help me ?

thanks for your ideas
Reply With Quote
  #3  
Old 13th June 2007, 18:59
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default

I answer to myself ) it seems that the version of clamassassin is not compatible with clamav < 0.90.

Do you think i can use a debian sarge backport version of clamav-daemon ? (backport.org) is it a risk ?

thanks for your answers
Reply With Quote
  #4  
Old 13th June 2007, 19:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,475
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Either use the backports or have a look at the debian volatile project:

http://www.debian.org/volatile/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
DarkBen (15th June 2007)
  #5  
Old 15th June 2007, 15:01
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Talking

Thanks Till !

it works perfectly with volatile version of clamav-daemon
The load average of my server is ok now !

Thanks for your great work !
Reply With Quote
  #6  
Old 20th June 2007, 20:25
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 8 Times in 7 Posts
Default

Hi!

I have this setup running on debian 3.1 + volatile, but I have now debian's and ispconfig's freshclam running. I suppose that the good one is Debian's one, because debian's clamd is in use

I think it's nonsense downloading databases twice (and a bandwith waste for clamav's project)
Is it possible to use ispconfig's freshclam for updating debian's clamd database or should I disable ispconfig freshclam?
How can I disable it?

I can see debian's and ispconfig's clamav databases are in different format:
Code:
# ls -la /home/admispconfig/ispconfig/tools/clamav/share/clamav/daily.inc/
total 1778
drwxr-xr-x  2 admispconfig admispconfig     376 2007-06-20 10:12 .
drwxr-xr-x  4 admispconfig admispconfig     136 2007-06-20 19:33 ..
-rwxr-xr-x  1 admispconfig admispconfig   17992 2007-06-19 20:30 COPYING
-rwxr-xr-x  1 admispconfig admispconfig      58 2007-06-19 20:30 daily.cfg
-rwxr-xr-x  1 admispconfig admispconfig   23562 2007-06-19 20:30 daily.db
-rwxr-xr-x  1 admispconfig admispconfig    3050 2007-06-19 20:30 daily.fp
-rwxr-xr-x  1 admispconfig admispconfig    3407 2007-06-20 06:06 daily.hdb
-rw-r--r--  1 admispconfig admispconfig     457 2007-06-20 10:12 daily.info
-rwxr-xr-x  1 admispconfig admispconfig 1195216 2007-06-20 10:12 daily.mdb
-rwxr-xr-x  1 admispconfig admispconfig  544940 2007-06-20 10:12 daily.ndb
-rwxr-xr-x  1 admispconfig admispconfig    2248 2007-06-19 20:30 daily.pdb
-rwxr-xr-x  1 admispconfig admispconfig     762 2007-06-19 20:30 daily.wdb
-rwxr-xr-x  1 admispconfig admispconfig    2786 2007-06-19 20:30 daily.zmd
Code:
# ls -la /var/lib/clamav/
total 9922
drwxr-xr-x   2 clamav clamav     136 2007-06-20 20:08 .
drwxr-xr-x  37 root   root       944 2007-04-29 14:12 ..
-rw-r--r--   1 clamav clamav  786774 2007-06-20 19:08 daily.cvd
-rw-r--r--   1 root   root   9351789 2007-06-20 18:48 main.cvd
-rw-------   1 clamav clamav     208 2007-06-20 20:08 mirrors.dat
Reply With Quote
  #7  
Old 21st June 2007, 11:59
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,475
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

You can disable the ISPConfig freshclam by removinfg the line that starts freshclam in the script /etc/init.d/ispconfig_server
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following 2 Users Say Thank You to till For This Useful Post:
Davide (21st June 2007), vogelor (22nd August 2007)
  #8  
Old 12th July 2007, 06:29
kassie kassie is offline
Senior Member
 
Join Date: May 2007
Location: Johannesburg, South Africa
Posts: 136
Thanks: 13
Thanked 0 Times in 0 Posts
Default

Hi Guys,

I need to do this for ubuntu. When i run "apt-get install clamav-base clamav-daemon clamav-freshclam libclamav1" it gives me an error.

Any help
Reply With Quote
  #9  
Old 12th July 2007, 10:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,475
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Quote:
I need to do this for ubuntu. When i run "apt-get install clamav-base clamav-daemon clamav-freshclam libclamav1" it gives me an error.
One question. How shall we be able to help you, if you do not post the error message that you got So, please post the exact error message and we will try to help you
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 12th October 2007, 19:19
friday friday is offline
Member
 
Join Date: Oct 2006
Posts: 31
Thanks: 4
Thanked 0 Times in 0 Posts
 
Default

I think you need to change libclamav1 to libclamav2

aka:

apt-get install clamav-base clamav-daemon clamav-freshclam libclamav2
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 00:57
Debian Sarge power down by itself jfer Technical 1 24th March 2006 20:08
Difference between Debian Sarge kernel update -> 64 bit & Debian Unofficial AMD64 ver Hans Installation/Configuration 2 2nd March 2006 23:41
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42
Debian Sarge RAID5 killfrog Installation/Configuration 2 23rd October 2005 21:43


All times are GMT +2. The time now is 20:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.