Dansguardian - clamdscan(off)

asterix

I selected clamdscan under general tab and issued freshbclam command through console. But I keep getting the below errors.

May 1 15:08:26 php: /pkg_edit.php: Reloading Dansguardian
May 1 15:08:26 php: /pkg_edit.php: Starting clamav-clamd
May 1 15:08:26 php: /pkg_edit.php: The command '/usr/local/etc/rc.d/clamav-clamd stop' returned exit code '1', the output was 'Stopping clamav_clamd. Waiting for PIDS: 52025. clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd not running? clamav_clamd

Here is what I get after running freshclam

$ freshclam
ClamAV update process started at Wed May  1 15:07:10 2013
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd is up to date (version: 17121, sigs: 1198874, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

marcelloc

I've fixed on latest version a bug on clamav-clamd startup script.

Try to unistall dansguardian, remove /usr/local/etc/rc.d/clamav-clamd and reinstall dansguardian.

asterix

Seems that fixed it. Any way to check and see if the virus scanning is working?

Also I see a lot of this in the log after boot up.

May 2 10:48:21 php: : [Dansguardian] - Detected boot process pr:1 bp:1 rpc:
May 2 10:48:21 php: : [Dansguardian] - Detected boot process pr:1 bp:1 rpc:
May 2 10:48:21 php: : [Dansguardian] - Detected boot process pr:1 bp:1 rpc:
May 2 10:48:21 php: : [Dansguardian] - Detected boot process pr:1 bp:1 rpc:
May 2 10:48:21 php: : [Dansguardian] - Detected boot process pr:1 bp:1 rpc:
May 2 10:48:21 php: : [Dansguardian] - Detected boot process pr:1 bp:1 rpc:

marcelloc

@asterix:

I see a lot of this in the log after boot up.
May 2 10:48:21 php: : [Dansguardian] - Detected boot process pr:1 bp:1 rpc:

Isn't these logs only on boot time? There are some code to prevent package restart/save config during boot process.

asterix

Yes I see them only on boot. Should be safe to ignore them.. I suppose.

Also, how do I test if clamdscan antivirus is working?

Legion

Try and download the test files from http://www.eicar.org/85-0-Download.html

asterix

Yeah I found that earlier and tested. Works just fine.

awsiemieniec

@Legion:

Try and download the test files from http://www.eicar.org/85-0-Download.html

I'm 99% sure all is ok, but what should I see when I try to download the test eicar file?  Am I supposed to get a warning that Clamd blocked something or should the download process just not do anything?  When I click on the "Download Anti Malware Test File" my browser shows the spinning icon for about 1/2 second then nothing happens.  ???

Thx

UPDATE:  I found the warning… /var/log/clamav/clamd.log has /tmp/tfemgsEy: Eicar-Test-Signature FOUND