Date: Mon, 25 Jan 2021 23:18:00 -0500 From: David Banning <david@skytracker.ca> To: Doug Hardie <bc979@lafn.org>, questions@freebsd.org Subject: Re: clamd appears to hanging Message-ID: <e8efbd0d-e1ce-e7e9-4861-effb20f73a1f@skytracker.ca> In-Reply-To: <E906CE26-AE7D-46EA-92F4-96ED688180C9@sermon-archive.info> References: <20210124160938.GA82891@skytracker.ca> <C9B5E339-B4C7-46FD-8585-724BFC4BBF6D@sermon-archive.info> <485b6c93-6729-becd-5e01-262299327e1c@daveyelectric.ca> <f7fe27a1-acba-8216-5dac-d34620c3f287@skytracker.ca> <E906CE26-AE7D-46EA-92F4-96ED688180C9@sermon-archive.info>
next in thread | previous in thread | raw e-mail | index | archive | help
Well - that was something - it looks like the Avast running on my Windows laptop alters the header of each email for viewing just on my laptop. When I look at the headers of each email from the shell using Mutt there are no modified headers. But it -does- appears they are being scanned for viruses - here is a clip the log from /var/log/clamav/clamd.log <snip> Mon Jan 25 13:04:21 2021 -> fd[10]: OK Mon Jan 25 13:14:20 2021 -> SelfCheck: Database status OK. Mon Jan 25 13:23:15 2021 -> fd[10]: Win.Test.EICAR_HDB-1 FOUND Mon Jan 25 13:24:37 2021 -> SelfCheck: Database status OK. Mon Jan 25 13:27:19 2021 -> fd[11]: Win.Test.EICAR_HDB-1 FOUND Mon Jan 25 13:34:37 2021 -> SelfCheck: Database status OK. Mon Jan 25 13:44:46 2021 -> SelfCheck: Database status OK. Mon Jan 25 13:44:46 2021 -> fd[10]: OK Mon Jan 25 13:48:05 2021 -> fd[10]: OK Mon Jan 25 13:55:11 2021 -> SelfCheck: Database status OK. Mon Jan 25 13:55:12 2021 -> fd[10]: OK Mon Jan 25 13:57:40 2021 -> fd[10]: OK Mon Jan 25 14:00:22 2021 -> fd[10]: OK Mon Jan 25 14:01:10 2021 -> fd[10]: OK Mon Jan 25 14:03:24 2021 -> fd[10]: OK Mon Jan 25 14:04:15 2021 -> fd[10]: OK Mon Jan 25 14:05:09 2021 -> fd[10]: OK Mon Jan 25 14:06:15 2021 -> SelfCheck: Database status OK. Mon Jan 25 14:06:15 2021 -> fd[10]: OK <snip> It shows the two emails I tried sending with the Eicar fake virus. And /var/maillog shows simply; Jan 25 13:27:19 3s1 sm-mta[82154]: 10PIRI8l082154: milter=clmilter, quarantine=quarantined by clamav-milter So it appears to scanning for the viruses - I will look to see if there are any setting in the configuration files that might add the headers. On 2021-01-25 9:19 p.m., Doug Hardie wrote: > Clamav headers look like: > > X-Virus-Scanned: clamav-milter 0.103.0 at mail > > I don't think those are from clamav. Are you also using Avast? > > -- Doug > >> On 25 January 2021, at 17:50, David Banning <david@skytracker.ca >> <mailto:david@skytracker.ca>> wrote: >> >> Turns out all is good - I see there is a header now in each email; >> >> X-Antivirus: Avast (VPS 210125-8, 2021-01-25), Inbound message >> X-Antivirus-Status: Clean >> >> which I am assuming is from Clamav. >> On 2021-01-25 2:00 p.m., David Banning wrote: >>> thanks for that - it turns out that when I waited, spamd -does- >>> eventually start - I think it took 45 minutes - knowing that it was >>> operating was only from sending the eicar virus to myself - it shows >>> that it caught it in the maillog, but no email cleaned version of >>> the email arrived, and there is no header in clean emails to show >>> they have been checked - but it works. That's the good news. It >>> would be helpful to have -something- that tells me that it is >>> operating - even an occasional clean scan note in maillog would be >>> great. >>> >>> I'll keep an eye to see if it continues to take a long time to start >>> at boot time - I may have to have it -not- start at boot, and start >>> it manually. >>> >>> >>> On 2021-01-25 5:00 a.m., Doug Hardie wrote: >>>>> On 24 January 2021, at 08:09, David Banning >>>>> <david+dated+1611936580.6d1518@skytracker.ca> wrote: >>>>> >>>>> I just installed clamd on an older version of Freebsd. Freshclam >>>>> appears to be working fine, but clamd seems to hang, which >>>>> prevents my server from booting. >>>>> I don't see anything in the log; >>>>> >>>>> >>>>> Any pointers towards getting this up and running would be helpful. >>>>> The Freebsd version and Clamd version are noted at the beginning >>>>> of the log. >>>> Clamd may be waiting on freshclam. However, it still takes clamd >>>> "forever" to load the virus database. You have 2 options: >>>> >>>> 1. If you connect to the machine via ssh, then edit /etc/rc.d/sshd >>>> and add FILESYSTEMS to the REQUIRE line. That will cause sshd to >>>> become active before clamd tries to start up. You will be able to >>>> poke around and see what is going on. >>>> >>>> 2. If you use a directly connected terminal, then disable clamd >>>> and freshclam in /etc/rc.d. Boot up and then start them up >>>> manually. You do need to run freshclam first though. >>>> >>>> In any case, be prepared to wait a long time for clamd to start. >>>> >>>> -- Doug >>>> >>>> >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to >>>> "freebsd-questions-unsubscribe@freebsd.org" >>>> >>> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e8efbd0d-e1ce-e7e9-4861-effb20f73a1f>