Daniel J Walsh pise: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/19/2012 07:36 AM, Bill Shirley wrote: > > > > On 9/19/2012 5:47 AM, Arthur Dent wrote: > >>> "What tells it that it is a "scan" service? That bit of the puzzle > >>> seems to be missing..." > >>> > >>> Whatever is the parameter after the @ and before the dot becomes %i > >>> in the service file. Look at the service file: [Unit] Description = > >>> clamd scanner (%i) daemon After = syslog.target nss-lookup.target > >>> network.target > >>> > >>> [Service] Type = simple ExecStart = /usr/sbin/clamd -c > >>> /etc/clamd.d/%i.conf --nofork=yes Restart = on-failure PrivateTmp = > >>> true > >>> > >>> so clamd@scan.service invokes clamd with the scan.conf file as it's > >>> configuration file. This way you can have multiple clamd services each > >>> using a different config file. Just create another config file in > >>> /etc/clamd.d/my_config.conf and: ln -s > >>> /lib/systemd/system/clamd@.service > >>> /etc/systemd/system/clamd@my_config.service > >>> > >>> You should have the /etc/clamd.d/scan.conf I think: > >>> > >>> [root@moses shorewall]# rpm -qf /etc/clamd.d/scan.conf > >>> clamav-scanner-0.97.5-1700.fc17.noarch > >> Thank you Bill for a helpful and, more importantly, informative reply. I > >> think this will not only help me to solve my problem but, even better, > >> help me to understand where I was going wrong. > >> > >> As before, I don't have access to the machine right now, so i will try > >> when I get home to work through this and get it right. > >> > >> I will once again report back later... > >> > >> Thanks again. Your help is much appreciated. > >> > >> Mark > >> > >> > > > > You mentioned scanning email. I run clamav-milter and stop the virus at > > smtp time. You may find this helpful: > > > > [root@moses clamav]# rpm -qa | grep clam | sort > > clamav-data-0.97.5-1700.fc17.noarch > > clamav-filesystem-0.97.5-1700.fc17.noarch > > clamav-lib-0.97.5-1700.fc17.x86_64 clamav-milter-0.97.5-1700.fc17.x86_64 > > clamav-milter-systemd-0.97.5-1700.fc17.noarch > > clamav-scanner-0.97.5-1700.fc17.noarch > > clamav-scanner-systemd-0.97.5-1700.fc17.noarch > > clamav-server-0.97.5-1700.fc17.x86_64 > > clamav-server-systemd-0.97.5-1700.fc17.noarch > > clamav-update-0.97.5-1700.fc17.x86_64 > > > > For clamav-milter, I had to add clamilt to the postfix group (usermod -a > > -G postfix clamilt): [root@moses clamav]# egrep 'post|clam' /etc/group > > mail:x:12:postfix postfix:x:89:clamilt postdrop:x:90: > > clamscan:x:987:clamilt clamilt:x:988:postfix clamupdate:x:989: > > > > > > Add to the end of /etc/mail/clamav-milter.conf: # my stuff # be sure to > > comment out above: Example > > > > ClamdSocket unix:/var/run/clamd.scan/clamd.sock MilterSocket > > /var/run/clamav-milter/clamav-milter.socket ##MilterSocket > > inet:3381 # usermod -a -G postfix clamilt MilterSocketGroup postfix > > MilterSocketMode 660 > > > > OnInfected Reject AddHeader Replace > > > > #LogFile /var/log/clamav-milter.log #LogFileMaxSize > > 1M #LogTime yes LogSyslog yes LogFacility > > LOG_MAIL #LogVerbose no LogClean Basic > > LogInfected Full > > > > Add to postfix's main.cf: # usermod -a -G clamilt postfix smtpd_milters = > > unix:/var/run/clamav-milter/clamav-milter.socket #milter_default_action = > > accept milter_default_action = tempfail > > > > I can't remember if I had to create the directory, but here is that info: > > [root@moses clamav]# ldpz /var/run/clamav-milter/clamav-milter.socket > > drwxr-xr-x. root root system_u:object_r:var_t:s0 /var > > lrwxrwxrwx. root root system_u:object_r:var_run_t:s0 /var/run -> > > ../run drwx--x---. clamilt clamilt system_u:object_r:clamd_var_run_t:s0 > > /var/run/clamav-milter srw-rw----. clamilt postfix > > system_u:object_r:clamd_var_run_t:s0 > > /var/run/clamav-milter/clamav-milter.socket > > > > > > For clamav, to avoid selinux problems issue command: setsebool -P > > clamd_use_jit on > > > > Add to end of scan.conf: # my stuff # be sure to commend out above: > > Example > > > > #LogFile /var/log/clamav/clamd.scan #LogFacility > > LOG_MAIL LogFacility LOG_DAEMON ExtendedDetectionInfo yes > > LocalSocket /var/run/clamd.scan/clamd.sock #LocalSocketGroup > > virusgroup #LocalSocketMode 660 FixStaleSocket yes > > CrossFilesystems no ExcludePath ^/proc/ ExcludePath > > ^/sys/ ExcludePath ^/fuse/ ExcludePath ^/backup/ > > ExcludePath ^/bacula/ SelfCheck 3600 > > > > > > And finally freshclam, add to the end of freshclam.conf: # my stuff > > LogFacility LOG_DAEMON DatabaseMirror db.US.clamav.net TestDatabases yes > > > > > > Note in all the clamav configuration file there is a line: Example that has > > to be commented out for the service to run. > > > > Don't forget to systemctl enable these to services: [root@moses clamav]# > > systemctl is-active clamav-milter.service active [root@moses clamav]# > > systemctl is-active clamd@scan.service active > > > > Hope this helps, Bill > > > > > > > Is this the default setting for clamd now? clamd_use_jit on Should we turn > this on by default? On a fresh install there is # Bytecode mode # # This option has been set to 'ForceInterpreter' in Fedora due to # security concerns by default. You might need to enable the # 'clamd_use_jit' SELinux boolean after setting this option to the # more efficient 'ForceJIT' value. # # Default: ForceInterpreter #ByteCodeMode ForceInterpreter We didn't change this, but had to change clamd_use_jit --> on. -- --Zdenek Pytela, <pytela@xxxxxxxxxxxx> -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
