ERROR - ClamAV integration with scalix

atanubanerji · Postby **atanubanerji** » Wed Feb 28, 2007 3:21 am

the contents of the /var/opt/scalix/au/s/logs/fatal file is -
SERIOUS ERROR CDA Server (CDA Server ) Wed Feb 28 12:21:30 2007
[OM 28664] There is already a CDA server process running
Pid of logging process: 2776

what is CDA Server here? how do i solve the problem.

Please help :cry:

Valerion · Postby **Valerion** » Wed Feb 28, 2007 4:08 am

The CDA server sorts the address books for Outlook.

Check in /var/opt/scalix/??/s/sys for a omcda.lock file. Delete it, then do a

omoff -d0 -w cda
omreset -o cda off
omon -w cda

and see if this helps you.

atanubanerji · Postby **atanubanerji** » Wed Feb 28, 2007 5:12 am

Valerion

thanks for the help.

it seemed working good now.

can you please advice me, how do i check whether it is really working !! is there any sample virus file to test my configuration?

thank you once again.

atanu

Postby **ScalixSupport** » Wed Feb 28, 2007 5:49 am

Referring to the post:
viewtopic.php?p=27975

Try attaching a test virus from the /usr/share/doc/clamav-x.xx/test folder and see if clam
is able to detect the virus.

Thanks,
Subir

atanubanerji · Postby **atanubanerji** » Wed Feb 28, 2007 6:47 am

hello subir !!

it failed to detect the virus. however whenever i am scanning the test directory using clamscan it is saying - see the output below -

/root/clamav-0.88.6/test/clam.exe.bz2: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam-error.rar: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam.exe: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/README: OK
/root/clamav-0.88.6/test/clam.cab: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam.rar: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam.zip: ClamAV-Test-File FOUND

----------- SCAN SUMMARY -----------
Known viruses: 90464
Engine version: 0.88.5
Scanned directories: 1
Scanned files: 7
Infected files: 6
Data scanned: 0.00 MB
Time: 3.303 sec (0 m 3 s)
...

but while i m sending these files as attachment, it fails ----

what could be the problem?

Postby **ScalixSupport** » Wed Feb 28, 2007 7:09 am

Hi!

Can you please reply to me with the result of the command:
rpm -qa | grep clam

Also, can you run freshclam to update the virus database.

[Edit]
Did you complete the steps under section "Installing Anti-Virus Protection" at page 24 in:
http://www.scalix.com/documents/Scalix_ ... 11.0.1.pdf

Thanks,
Subir

atanubanerji · Postby **atanubanerji** » Wed Feb 28, 2007 7:16 am

subir...

thanks for quick response....here is the output -
[root@atanu test]# rpm -qa | grep clam
clamav-0.88.5-1.rhel4
clamav-devel-0.88.5-1.rhel4
[root@atanu test]#
......

the virusdatabase is updated ....see the output here - (/var/log/clamav/clamav-update.log)
Database updated (95326 signatures) from database.clamav.net
....
yes. i have followed those steps...excepd the clamav-db is not installed.....
............
eagerly waiting for ur response...

thank you

atanu

Postby **ScalixSupport** » Wed Feb 28, 2007 8:29 am

Yes, the RPMs to be installed are:
clamav-db-0
clamav-0
clamd-0

Thanks,
Subir

atanubanerji · Postby **atanubanerji** » Wed Feb 28, 2007 8:51 am

subir...

i m really pleased - u r fast in response and really helpful.

still i m not gettin desired result.
these r the software i have installed - see the output -
[root@atanu logs]# rpm -qa | grep clam
clamav-milter-0.90-1.el4.rf
clamav-devel-0.90-1.el4.rf
clamav-0.90-1.el4.rf
clamd-0.90-1.el4.rf
clamav-db-0.90-1.el4.rf
------------
see the output of freshclam.log -
ClamAV update process started at Wed Feb 28 17:57:52 2007
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Connecting via 172.16.1.12
Reading CVD header (main.cvd): OK (IMS)
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)
Connecting via 172.16.1.12
Reading CVD header (daily.cvd): OK
daily.inc is up to date (version: 2679, sigs: 11454, f-level: 13, builder: ccordes)
--------------------
when i m scanning the "test" directory - see the output -
[root@atanu test]# clamscan
/root/clamav-0.88.6/test/clam.exe.bz2: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam-error.rar: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam.exe: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/README: OK
/root/clamav-0.88.6/test/clam.cab: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam.rar: ClamAV-Test-File FOUND
/root/clamav-0.88.6/test/clam.zip: ClamAV-Test-File FOUND

----------- SCAN SUMMARY -----------
Known viruses: 95405
Engine version: 0.90
Scanned directories: 1
Scanned files: 7
Infected files: 6
Data scanned: 0.00 MB
Time: 2.486 sec (0 m 2 s)
-------------------

but when i m attaching those files while sending mail.......unfortunate results r comin.
-----------
I have followed the steps strictly as it is there in the scalix_server_setup_guide..

please help once again

:cry:

Postby **ScalixSupport** » Wed Feb 28, 2007 9:37 am

Hi!

Let me try these steps tomorrow myself on a test server, I hope we help resolve this issue.
What Scalix version you are using? Are you using a fresh install or it is an upgraded from
earlier Scalix version?

If you use Scalix 11, just to verify, have you copied:
file /opt/scalix/examples/general/omvscan.map to /var/opt/scalix/??/s/rules
/opt/scalix/template/release.sys/omvscan.cfg to /var/opt/scalix/??/s/sys

Make sure you apply the changes as specified in the manual.

Thanks,
Subir

atanubanerji · Postby **atanubanerji** » Wed Feb 28, 2007 9:55 am

using scalix 11 on rhel 4
fresh install...

using these clam rpms --
clamav-devel-0.90-1.el4.rf
clamav-0.90-1.el4.rf
clamd-0.90-1.el4.rf
clamav-db-0.90-1.el4.rf
-----
have followed the steps in the manual----

thank u subir for ur gr8 help..

atanu

atanubanerji · Postby **atanubanerji** » Thu Mar 08, 2007 8:02 am

subir

it is really pleasing to see you again.

however see the output below -

[root@atanu etc]# lsb_release -d
Description: Red Hat Enterprise Linux ES release 4 (Nahant Update 2)
[root@atanu etc]# ps ax | grep clam
2508 ? Ss 0:02 clamd
4160 pts/1 R+ 0:00 grep clam
[root@atanu etc]#

and here is the log file, clamd.log -

[root@atanu etc]# tail -f /var/log/clamav/clamd.log
Thu Mar 8 17:04:26 2007 -> Archive support enabled.
Thu Mar 8 17:04:26 2007 -> Algorithmic detection enabled.
Thu Mar 8 17:04:26 2007 -> Portable Executable support enabled.
Thu Mar 8 17:04:26 2007 -> ELF support enabled.
Thu Mar 8 17:04:26 2007 -> Detection of broken executables enabled.
Thu Mar 8 17:04:26 2007 -> Mail files support enabled.
Thu Mar 8 17:04:26 2007 -> Mail: Recursion level limit set to 64.
Thu Mar 8 17:04:26 2007 -> OLE2 support enabled.
Thu Mar 8 17:04:26 2007 -> HTML support enabled.
Thu Mar 8 17:04:26 2007 -> Self checking every 1800 seconds.

subir, can i go again for a fresh installation? please help.

atanu
_________________

florian · Postby **florian** » Fri Mar 09, 2007 10:51 pm

what version of the clam packages are you running?

Code: Select all

rpm -qa | grep clam

Florian.

atanubanerji · Postby **atanubanerji** » Fri Mar 09, 2007 11:51 pm

florian !!

it is nice to hear from you.

i am using the following version of clam softwares...
[root@atanu ~]# rpm -qa | grep clam
clamav-milter-0.90-1.el4.rf
clamav-devel-0.90-1.el4.rf
clamav-0.90-1.el4.rf
clamd-0.90-1.el4.rf
clamav-db-0.90-1.el4.rf
[root@atanu ~]#

there is no problem seen in the /var/opt/scalix/au/s/logs/fatal file...

my clamdscan command does well when i execute -
[root@atanu data]# clamdscan *
/var/opt/scalix/au/s/data/0000001: OK
/var/opt/scalix/au/s/data/0000002: OK
/var/opt/scalix/au/s/data/0000003: OK
/var/opt/scalix/au/s/data/0000004: OK
/var/opt/scalix/au/s/data/0000005: OK
/var/opt/scalix/au/s/data/0000006: OK
/var/opt/scalix/au/s/data/0000007: OK
/var/opt/scalix/au/s/data/0000008/000015a: Eicar-Test-Signature FOUND
/var/opt/scalix/au/s/data/0000008/000017c: Eicar-Test-Signature FOUND
/var/opt/scalix/au/s/data/0000008/000015d: Eicar-Test-Signature FOUND
/var/opt/scalix/au/s/data/0000008/000017f: Eicar-Test-Signature FOUND
/var/opt/scalix/au/s/data/0000009: OK
/var/opt/scalix/au/s/data/000000a: OK
/var/opt/scalix/au/s/data/000000b/0000181: Eicar-Test-Signature FOUND
/var/opt/scalix/au/s/data/000000b/000016u: Eicar-Test-Signature FOUND
/var/opt/scalix/au/s/data/000000c: OK
/var/opt/scalix/au/s/data/000000d: OK

----------- SCAN SUMMARY -----------
Infected files: 6
Time: 0.794 sec (0 m 0 s)
.....

i am following "scalix_server_setup_guide_11.0.1.pdf file.

working with rhel4 update 2.

but whenever i am attaching a test virus file, scalix-clamav failed to catch this. for your kind information, when i am attaching the same virus file in another test environment, where i am using sendmail-mailscanner-clamav-spamassassin....it works.

please help me

atanu

Postby **ScalixSupport** » Tue Mar 13, 2007 6:03 am

Hi Atanu,

As soon as I reset and started the Service Router, ClamAV was able to detect the test
virus file attached to a mail, got the appropriate message.

You can try to reset Service Router service using the commands below:

Code: Select all

omoff -wd 0 sr
omreset -o off sr
omon sr

Try to send a mail to user with the test virus file attached, see if the virus gets detected
and mail delivery is stopped.

Thanks,
Subir

Scalix Forums

ERROR - ClamAV integration with scalix

ERROR - ClamAV integration with scalix

Who is online