Mailing List Archive

Hi there,

On Thu, 5 May 2022, Anthony Griffiths via clamav-users wrote:

> I'm running clamav on centos 7, got it using clamav-0.101.4.tar.gz.
> ...

ClamAV version 0.101.4 is almost certainly no use to you because it's
past EOL and it will be blocked from downloading signature databases.

Check the ClamAV Website for information about ClamAV support:

https://docs.clamav.net/manual/Installing/Packages.html

I believe that ClamAV is packaged in the EPEL repository; I don't know
what version, but I'm sure it will be easier for you to install. Even
if the package it's a little out of date, at least you would have the
basic layout of the files you need to work with, probably a working
configuration, and the startup scripts would be set up for you.

How long have you been using CentOS? What do you want to achieve?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

thanks for your response. I'm running clamav on centos 7 on a
raspberry pi and epel is not supported on the pi version, thats why I
had to install from source.
I should have also mentioned I'm using clamav with mimedefang only to
filter malware out of my mail, no other reason.
so my next question is do I have to uninstall version clamav-0.101.4
before I install a newer version? or could I just install a newer
version over the top?
I haven't been using centos 7 that long and unfortunately most of the
google results about clamav are to do with centos 6.

On Fri, May 6, 2022 at 12:10 AM G.W. Haywood via clamav-users
<clamav-users@lists.clamav.net> wrote:
>
> Hi there,
>
> On Thu, 5 May 2022, Anthony Griffiths via clamav-users wrote:
>
> > I'm running clamav on centos 7, got it using clamav-0.101.4.tar.gz.
> > ...
>
> ClamAV version 0.101.4 is almost certainly no use to you because it's
> past EOL and it will be blocked from downloading signature databases.
>
> Check the ClamAV Website for information about ClamAV support:
>
> https://docs.clamav.net/manual/Installing/Packages.html
>
> I believe that ClamAV is packaged in the EPEL repository; I don't know
> what version, but I'm sure it will be easier for you to install. Even
> if the package it's a little out of date, at least you would have the
> basic layout of the files you need to work with, probably a working
> configuration, and the startup scripts would be set up for you.
>
> How long have you been using CentOS? What do you want to achieve?
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Fri, 6 May 2022, Anthony Griffiths via clamav-users wrote:
> On Fri, May 6, 2022 at 12:10 AM G.W. Haywood wrote:
>> On Thu, 5 May 2022, Anthony Griffiths via clamav-users wrote:
>>>
>>> I'm running clamav on centos 7, got it using clamav-0.101.4.tar.gz.
>>> ...
>>
>> ClamAV version 0.101.4 is almost certainly no use to you ...
>> ... I believe that ClamAV is packaged in the EPEL repository
>> ...
> ... clamav ... on a raspberry pi and epel is not supported ...

Why not try RasPiOS or Debian instead? Then you could (I think) just
install ClamAV from packages.

> I should have also mentioned I'm using clamav with mimedefang

A few years ago MIMEDefang seemed to head downhill fast, and I cut it
loose, which I'd been planning to do for a while anyway because I'd
written my own Perl milters. There was no new release of MIMEDefang
between March 2018 and August 2021 but there does recently seem to be
some activity again. I'd still think caution would be advisable.

> only to filter malware out of my mail, no other reason.

If your main concern is viruses you might want to check e.g. the list
archives for estimates of the performance of ClamAV compared to other
virus scanners.

We use ClamAV primarily for filtering mail although the target is spam
rather than malware. Our clamd server runs 'Buster' on a 4GByte Pi4B.
It does crash now and then (it isn't ClamAV which causes the crashes)
but we run a watchdog on it. We also have some 8Gbyte Pis, and touch
wood I've never seen one of those crash, but I'm happy enough with the
4G version for scanning mail as the mail volumes are quite small. The
4G Pi4B would probably cope with running the mail server as well but I
wouldn't be happy for that to crash so often. All the mail software,
including ClamAV, is built from source although the Pi isn't actually
the mail server - it just runs clamd which listens for TCP connections
from the mail server when mail needs to be scanned. There have been a
lot of changes to the ClamAV build system recently and it was a bit of
a performance building recent versions on the Pi:

https://lists.clamav.net/pipermail/clamav-users/2021-July/011569.html

> so my next question is do I have to uninstall version clamav-0.101.4
> before I install a newer version? or could I just install a newer
> version over the top?

Until recently I'd have said just install over the top, which is what
I always do, but because of the recent build system changes I wouldn't
be so confident saying this for a system with which I have no current
experience. If scanning mail using ClamAV is your main reason for
running the Pi and your build skills are a bit rusty, I'd suggest you
use an OS which is as up to date as possible and for which packages
are available for ClamAV and as much of the software that you want to
use as possible. You might not be getting the most up to date ClamAV
but at least you might be spared the pain of the new build system. I
doubt that the scanning performance of the latest version will be much
better than for recent supported versions. My desktop thin client is
running 64-bit RasPiOS 'Bullseye' on an 8G Pi4B so it's very doable.

8<----------------------------------------------------------------------
raspberrypi:$ apt show clamav
Package: clamav
Version: 0.103.5+dfsg-0+deb11u1
Priority: optional
Section: utils
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
...
8<----------------------------------------------------------------------

If you're up for some pain I'd recommend that you go for version 105.0
of ClamAV because it's only just been released (May 4th 2022) and the
developers do read this list. But do try to get a feel for its likely
performance before you spend a lot of time and energy on building it.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

hi Anthony all good info comming from GED hears my two pennys worth
though i have a more important meassage to give then any of this but i do
have an idear for your solution
first things first need to expose the fat rat in the cornner that is indanger
of biteing humanity to death
if enough people know its there then we can bring in pest controll
souce of truth information can be found using this word on favioute search
engine
though now i have to be a bit cyriptic
first part of word =64 or 32 B?? os second part of word is if if throw this
rubbish down the C????


Right to your problem i would say download synaptics package manager
open terminal and type sudo apt-get install synaptics
or just type synaptics and see what centos replys
it will have an updated version of all the clam malarky i am fed up with my mirror as its bionic and if i try to use another repository bionic will say
not affiliated so you cant use
seriously thinking of tampering with offical so called bionic mirror
any ways i will leave you with this command any problems give me a shout names colin

hit the return key after each command but wait for reply before doing so

sudo /etc/init.d/clamav-freshclam stop

now type freshclam

now type sudo /etc/init.d/clamav-freshclam start


regards

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

thankyou for the responses.
I managed to install clamav-0.103.5 but I can't get it to work with
mimedefang. In the maillog I always get:

mimedefang.pl[3520]: 245Fuojh003739: Could not connect to clamd daemon
at /var/spool/MIMEDefang/clamd.sock
mimedefang.pl[3520]: 245Fuojh003739: Problem running virus scanner:
code=999, category=cannot-execute, action=tempfail
mimedefang.pl[3520]: 245Fuojh003739: filter: tempfail=1
mimedefang[3715]: 245Fuojh003739: Tempfailing because filter instructed us to
sendmail[3739]: 245Fuojh003739: Milter: data, reject=451 4.3.0 Problem
running virus-scanner

when I ran ./configure to install mimedefang it detected clamd and it said:
'Make sure clamd runs as the defang user!'
how does one do this?
I tried:
# runuser -l defang -c/usr/local/sbin/clamd &
but md still throws the same error. it's not creating the clamd.sock file.
how do I fix this? thanks for any help.


On Fri, May 6, 2022 at 3:42 PM colin course <course2017@yandex.com> wrote:
>
> hi Anthony all good info comming from GED hears my two pennys worth
> though i have a more important meassage to give then any of this but i do
> have an idear for your solution
> first things first need to expose the fat rat in the cornner that is indanger
> of biteing humanity to death
> if enough people know its there then we can bring in pest controll
> souce of truth information can be found using this word on favioute search
> engine
> though now i have to be a bit cyriptic
> first part of word =64 or 32 B?? os second part of word is if if throw this
> rubbish down the C????
>
>
> Right to your problem i would say download synaptics package manager
> open terminal and type sudo apt-get install synaptics
> or just type synaptics and see what centos replys
> it will have an updated version of all the clam malarky i am fed up with my mirror as its bionic and if i try to use another repository bionic will say
> not affiliated so you cant use
> seriously thinking of tampering with offical so called bionic mirror
> any ways i will leave you with this command any problems give me a shout names colin
>
> hit the return key after each command but wait for reply before doing so
>
> sudo /etc/init.d/clamav-freshclam stop
>
> now type freshclam
>
> now type sudo /etc/init.d/clamav-freshclam start
>
>
> regards

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Fri, 6 May 2022, Anthony Griffiths via clamav-users wrote:

> I managed to install clamav-0.103.5 but I can't get it to work with
> mimedefang. In the maillog I always get:
>
> mimedefang.pl[3520]: 245Fuojh003739: Could not connect to clamd daemon
> at /var/spool/MIMEDefang/clamd.sock

When you use clamd to scan mail, something (obviously) has to send the
mail to clamd. The data passes between the process which sends it and
the clamd process through something called a socket. If the processes
are on different machines (as I explained is the way I do it here) the
socket will be a network-style socket. It can also be that kind of
socket if the processes are on the same machine, but usually it's what
we call a Unix socket. The socket appears in the filesystem as a file
and it has characteristics usually associated with files, e.g. a name,
ownerships and a set of permissions. Whatever sends the mail to clamd
and clamd itself need both to be configured with those things in mind.
To communicate with each other, the processes share a single socket.
It's clamd which creates it. MIMEDefang looks for it. Obviously the
socket needs to be created before MIMEDefang looks for it so clamd has
to be started before MIMEDefang so the socket is there to be found.

> when I ran ./configure to install mimedefang it detected clamd and it said:
> 'Make sure clamd runs as the defang user!'
> how does one do this?

It's not strictly necessary. The daemons need to be able to confer,
and having them all run as the same user/group IDs is one way that can
be used to give them the needed permissions on the shared socket.

If the process sending the data to clamd doesn't have write permission
for the socket then clamd won't get the data. If it doesn't have read
permission, it won't get clamd's replies.

The clamd configuration in clamd.conf (or whatever danged silly name
this configuration file has in a Fedora/RedHat/CentOS system) tells
clamd the owner/group that it's to run as. The ownership/group of the
socket created by clamd will be that of the user and group given there
too. MIMEDefang has configuration information stored in a similar way
in its configuration file. The socket pathname needs to be the same
in both configurations so that the two daemons can talk to each other
via that socket. If the daemons happen to be running as two different
users you can get around the socket ownership/permissions by putting
those users in the same group. You can create a group for the purpose
or use an existing one like clamav or mimedefang. Give the socket the
same group ID and group read/write permission. You could instead give
to the socket read and write permission for *everyone*, but that's bad
advice so only do it for testing.

> I tried:
> # runuser -l defang -c/usr/local/sbin/clamd &
> but md still throws the same error. it's not creating the clamd.sock file.

If clamd is in /usr/local/sbin/clamd then to start it from the command
line you could just type

/usr/local/sbin/clamd

but you need to configure it by editing the configuration file(s) first.
I say "file(s)" because some distributions mess about with configuration
file names and locations, and Red Hat in particular is one of them.

You can send commands to clamd from the command line for testing.
Read the man page using

man clamd

which explains the syntax. For example after I edit my Yara rules, I
might send the 'reload' command to the clamd daemon using

# echo "RELOAD" | telnet 192.168.33.19 3310

Notice that's root sending the command, so it has the permissions. If
I tried to do taht using my own account

$ echo "RELOAD" | telnet 192.168.33.19 3310

it would fail. My own account doesn't have the needed permissions.

You can set verbose logging in the configuration, and look in the logs
to get more information than you ever thought you wanted about what's
happening at startup...

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

just enough Andrew
i thought all linux distros used synaptics in some form or fashion
it being one of its postive features
and thought it might be an easy way out of the mans outdated clam problem
the commands i would say work for any linux distro and might give more
of a clue whats up with Athonys problem
and bionic is just my problem i can stick mirrors in addtional repositorys
but computer/bionic says no

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

hears something might be of use Anthony they reckon get a spam assin
patch from official memdefang site
colin
medefang.roaringpenguin.narkive.com/6yibLCSc/connect-to-clamav-clamd-and-or-sa-on-other-host





_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml