[Postfixbuch-users] OT: Clamd und amavis : Not a CODE reference at (eval 55) line 408.

Joerg Reisslein j.reisslein at schmitt-aufzuege.de
Do Mai 3 10:36:22 CEST 2007 

Hallo Liste,

 

Ich hätte eine Offtopic-Frage zu clamd mit amavisd-new, leider habe ich bei
Google dazu nichts gefunden. Deswegen an die Experten xD

 

Wir verwenden den clamav in der Version 

 

mail:/var/lib/clamav # clamscan --version

ClamAV 0.90.2/3197/Thu May  3 09:17:13 2007

 

auf einem SuSE SLES. Installiert durch offizielle SuSE RPMs. Clamav läuft
unter dem selben Account wie amavisd-new (amavis)

 

Clamconf:

mail:/var/lib/clamav # clamconf

/etc/clamd.conf: clamd directives

-----------------

LogFile not set

LogFileUnlock = no

LogFileMaxSize = 2097152

LogTime = no

LogClean = no

LogVerbose = no

LogSyslog = yes

LogFacility = "LOG_MAIL"

PidFile = "/var/lib/clamav/clamd.pid"

TemporaryDirectory not set

ScanPE = yes

ScanELF = yes

DetectBrokenExecutables = no

ScanMail = yes

MailFollowURLs = no

MailMaxRecursion = 64

PhishingSignatures = yes

AlgorithmicDetection = yes

ScanHTML = yes

ScanOLE2 = yes

ScanPDF = yes

ScanArchive = yes

ArchiveMaxFileSize = 10485760

ArchiveMaxRecursion = 8

ArchiveMaxFiles = 1000

ArchiveMaxCompressionRatio = 250

ArchiveLimitMemoryUsage = no

ArchiveBlockEncrypted = no

ArchiveBlockMax = no

DatabaseDirectory = "/var/lib/clamav"

TCPAddr = "127.0.0.1"

TCPSocket = 3310

LocalSocket = "/var/lib/clamav/clamd-socket"

MaxConnectionQueueLength = 15

StreamMaxLength = 10485760

StreamMinPort = 1024

StreamMaxPort = 2048

MaxThreads = 10

ReadTimeout = 120

IdleTimeout = 30

MaxDirectoryRecursion = 15

FollowDirectorySymlinks = no

FollowFileSymlinks = no

ExitOnOOM = no

Foreground = no

Debug = no

LeaveTemporaryFiles = no

FixStaleSocket = yes

User = "amavis"

AllowSupplementaryGroups = no

SelfCheck = 1800

VirusEvent not set

NodalCoreAcceleration = no

ClamukoScanOnAccess not set

ClamukoScanOnOpen not set

ClamukoScanOnClose not set

ClamukoScanOnExec not set

ClamukoIncludePath not set

ClamukoExcludePath not set

ClamukoMaxFileSize = 5242880

 

/etc/freshclam.conf: freshclam directives

-----------------

LogVerbose = no

LogSyslog = yes

LogFacility = "LOG_MAIL"

PidFile = "/var/lib/clamav/freshclam.pid"

DatabaseDirectory = "/var/lib/clamav"

Foreground = no

Debug = no

AllowSupplementaryGroups = no

DatabaseOwner = "vscan"

Checks = 12

UpdateLogFile not set

DNSDatabaseInfo = "current.cvd.clamav.net"

DatabaseMirror = "database.clamav.net"

MaxAttempts = 3

ScriptedUpdates = yes

HTTPProxyServer not set

HTTPProxyPort not set

HTTPProxyUsername not set

HTTPProxyPassword not set

HTTPUserAgent not set

NotifyClamd = "/etc/clamd.conf"

OnUpdateExecute not set

OnErrorExecute not set

OnOutdatedExecute not set

LocalIPAddress not set

ConnectTimeout = 30

ReceiveTimeout = 30

 

Im Amavis Konfigfile ist aktiviert (für primary AV):

# ### http://www.clamav.net/

  ['ClamAV-clamd',

    \&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/clamd"],

    \&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/"],

    qr/\bOK$/, qr/\bFOUND$/,

    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

 

 

und für secondary der clamscan (funktioniert).

 

 

Dem Mail-Log entnehme ich, dass der clamd anscheinend nicht sauber
funktioniert:

 

May  3 10:23:36 mail amavis[6645]: (06645-08) (!!)ClamAV-clamd av-scanner
FAILED: Not a CODE reference at (eval 55) line 408.

May  3 10:23:36 mail amavis[6645]: (06645-08) (!!)WARN: all primary virus
scanners failed, considering backups

 

Der clamscan funktioniert zumindest xD

May  3 10:28:20 mail amavis[6646]: (06646-13) Blocked INFECTED
(Trojan.Fakebill-1), [194.25.242.123] [83.130.60.13] <Debra at nitco.com> ->
<user at tld>, quarantine: virus-EFsDlvriGmxW, Message-ID:
<001b01c78d75$8919d4d0$00725adc at roeyv6c2a8heq4>, mail_id: EFsDlvriGmxW,
Hits: -, 45657 ms

 

Jeder Hinweis oder Tipp ist sehr willkommen, ich weiß nicht mehr was ich
noch versuchen könnte um den clamd zum Funktionieren zu überreden. Der
Clamscan „frisst“ mir zu viele Ressourcen.

 

Mfg

J. Reisslein

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20070503/502e8da1/attachment.html>

Mehr Informationen über die Mailingliste Postfixbuch-users