Mailscanner + spamassassin + clamav package
-
Your antivirus is up to date ?
freshclam –versionclamav is not automatically updated, you have configure your crontab.
To update manually :
/usr/local/bin/freshclam -
/usr/local/bin/freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).freshclam –version
ClamAV 0.97.3 -
/usr/local/bin/sa-update -> this one too ;)
-
sa-update
/usr/local/lib/perl5/site_perl/5.12.4 /usr/local/lib/perl5/5.12.3/BSDPAN /usr/local/lib/perl5/site_perl/5.12.3/mach /usr/local/lib/perl5/site_perl/5.12.3 /usr/local/lib/perl5/5.12.3/mach /usr/local/lib/perl5/5.12.3) at /usr/local/bin/sa-update line 80.
BEGIN failed–compilation aborted at /usr/local/bin/sa-update line 80. -
sa-update
/usr/local/lib/perl5/site_perl/5.12.4 /usr/local/lib/perl5/5.12.3/BSDPAN /usr/local/lib/perl5/site_perl/5.12.3/mach /usr/local/lib/perl5/site_perl/5.12.3 /usr/local/lib/perl5/5.12.3/mach /usr/local/lib/perl5/5.12.3) at /usr/local/bin/sa-update line 80.
BEGIN failed–compilation aborted at /usr/local/bin/sa-update line 80.Are you using the latest mailscanner package version?
-
mailscanner-dev Services Package Info 4.83.5 pkg v.0.2.1
-
Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming
Is anyone seeing this error in the /var/log/maillog. It's obviously a permissions error, but I can not figure out how to get rid of it.
the /var/spool/MailScanner/ is created by postfix. I tried adding clamav to the postfix group as well as www and wheel the error still occurs.
-
clamd should be running with postfix user.
Try to apply maiscanner config and check in /usr/local/etc/clamd.conf what user is configured.
att,
Marcello Coutinho -
Multiple installs all installed
postfix->mailscanner->dansguardian
I check them all all have
Run as another user (clamd must be started by root for this option to work)
Default: don't drop privileges
User clamav
Tried save mailscanner configuration and enabling and disabling the daemon. It appears that the program is not updating the clamd.conf at all.
Did a new clean install -postfix-mailscanner-dansguardian. Saved the mailscanner config and checked the clamd.conf "clamav" was still the user.
Manually edited the clamd.conf and changed the user from "clamav" to "postfix" reboot and everthing is working properly.
-
Manually edited the clamd.conf and changed the user from "clamav" to "postfix" reboot and everthing is working properly.
I'll check again the code and include a force config file option. On my install it's working with user postfix without any manual edit.
att,
Marcello Coutinho -
I have a problem with Mailscanner, mailscanner installed today so it should be uptodate.
Working with postfix and mailscanner-dev: http://forum.pfsense.org/index.php/topic,40201.0.htmlMailscanner do exit every second or two. with this in the log:
mailscanner: Process did not exit cleanly, returned 1 with signal 0I also get this in the log:
ClamAV Module ERROR:: Could not load databases from /var/db/clamavSo i tried to do as suggested here and tried to run this:
/usr/local/bin/freshclambut then i got this error:
ERROR: Can not open /var/log/clamav/freshclam.log in append mode (check permissions!)
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)When i check the folder /var/log/clamav it is emty!!
Same thing with /var/log/db emty!!Running freshclam –version
Gives ClamAV 0.97.3and did run this one(/usr/local/bin/sa-update ) too and that did run with no output.
So is mailscanner restarting every second because clamav has no db??
EDIT: Might have been a bit quick posting here.
Manually created the log file: /var/log/clamav/freshclam.log and changed permisions so any thing could log to it.
then tried to updated and then it complained it could not create tem folder in /var/db/clamav so i changed the permisions on that folder so it could update and create the temp folder.And now i am stuck on this error when trying to update clamav:
WARNING: Clamd was NOT Notified: Can't connect to clamd through /var/run/clamav/clamd.sock
connect(): No such file or directory ???The folder var/run/clamav/ is emty? Should it be?
And now mailscanner is veining me this in the log
mailscanner: Process did not exit cleanly, returned 0 with signal 9
And i get alot of this: kernel: swap_pager_getswapspace(4): failed until i get this: kernel: pid 8874 (perl5.12.4), uid 125, was killed: out of swap space
And then it continues with: swap_pager_getswapspace(5): failedSorry for noob questions. ::)
-
Did you configured the mailscanner on gui? Checked and save options on all tabs?
-
jupp i did.
I did go through all of the to make sure they saved and did write the config files to stop this error:
MailScanner[15521]: Syntax error in line 145, value "" for allowscripttags is not one of allowed values "yes","disarm","no"that did not fix it so i had to change allowscripttags from disarm to no..
looks like the swap_pager_getswapspace problem is gone after a reboot.. strange???
Looks like thing are working as they should now, and did not do anything else then describe in previous post except reboot.
But anyway would still like to know more about this error:
WARNING: Clamd was NOT Notified: Can't connect to clamd through /var/run/clamav/clamd.sock
connect(): No such file or directory -
I have a problem with Mailscanner, mailscanner installed today so it should be uptodate.
Working with postfix and mailscanner-dev: http://forum.pfsense.org/index.php/topic,40201.0.htmlMailscanner do exit every second or two. with this in the log:
mailscanner: Process did not exit cleanly, returned 1 with signal 0I also get this in the log:
ClamAV Module ERROR:: Could not load databases from /var/db/clamavSo i tried to do as suggested here and tried to run this:
/usr/local/bin/freshclambut then i got this error:
ERROR: Can not open /var/log/clamav/freshclam.log in append mode (check permissions!)
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)When i check the folder /var/log/clamav it is emty!!
Same thing with /var/log/db emty!!Running freshclam –version
Gives ClamAV 0.97.3and did run this one(/usr/local/bin/sa-update ) too and that did run with no output.
So is mailscanner restarting every second because clamav has no db??
EDIT: Might have been a bit quick posting here.
Manually created the log file: /var/log/clamav/freshclam.log and changed permisions so any thing could log to it.
then tried to updated and then it complained it could not create tem folder in /var/db/clamav so i changed the permisions on that folder so it could update and create the temp folder.And now i am stuck on this error when trying to update clamav:
WARNING: Clamd was NOT Notified: Can't connect to clamd through /var/run/clamav/clamd.sock
connect(): No such file or directory ???The folder var/run/clamav/ is emty? Should it be?
And now mailscanner is veining me this in the log
mailscanner: Process did not exit cleanly, returned 0 with signal 9
And i get alot of this: kernel: swap_pager_getswapspace(4): failed until i get this: kernel: pid 8874 (perl5.12.4), uid 125, was killed: out of swap space
And then it continues with: swap_pager_getswapspace(5): failedSorry for noob questions. ::)
check this file /usr/local/etc/clamd.conf
scroll down to the following line and make sure that this is who clam is running under:
Run as another user (clamd must be started by root for this option to work)
Default: don't drop privileges
User postfix
If not change the user then you will need to reboot the box.
-
Thanks for that mschiek01, the user was set to clamav so just changed it(Nice recap with the VI editor too :) ) and now it is rebooting.
So now more playing with subject word blacklisting. ;D
-
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
#check virus_scanner options $libexec_dir="/usr/local/libexec/MailScanner/"; if ($virus_scanning == "yes"){ if ($antivirus['virus_scanner'] =="none"){ unlink_if_exists($libexec_dir.'clamav-autoupdate'); unlink_if_exists($libexec_dir.'clamav-wrapper'); } else{ . . . #clamd conf file $cconf="/usr/local/etc/clamd.conf"; if (file_exists($conf)){ $cconf_file=file_get_contents($cconf); if (preg_match('/User clamav/',$cconf_file)){ $cconf_file=preg_replace("/User clamav/","User postfix",$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); } } -
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
#check virus_scanner options $libexec_dir="/usr/local/libexec/MailScanner/"; if ($virus_scanning == "yes"){ if ($antivirus['virus_scanner'] =="none"){ unlink_if_exists($libexec_dir.'clamav-autoupdate'); unlink_if_exists($libexec_dir.'clamav-wrapper'); } else{ . . . #clamd conf file $cconf="/usr/local/etc/clamd.conf"; if (file_exists($conf)){ $cconf_file=file_get_contents($cconf); if (preg_match('/User clamav/',$cconf_file)){ $cconf_file=preg_replace("/User clamav/","User postfix",$cconf_file); file_put_contents($cconf, $cconf_file, LOCK_EX); } }All my boxes had virus scanner = auto. Maybe that is why I always have to configure it manually?
Maybe you should default it in your package to clamd instead of auto?
-
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
I just checked an it was set to:
VirusScanning(yes)Do not even know how to change this or turn on any options that have (no)Guess i have to modify some config files or something. Google will answer me i hope. ;DAha ()=default and if it is selected it is on right?Virus scanner was set to auto
So what is recommended i do?
Change user back to clamav and set it to use clameav?
And should i be able to see in the logs that any emails is scanned and passes the scan?
Reason for asking is that i can not see anything like that in the log files in regards to avscan of emails..
This is what i see in the log for an incoming email:2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: CONNECT from [69.64.6.29]:34011
2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: PASS OLD [69.64.6.29]:34011
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 00:06:56.261267 rule 27/0(match): pass in on de0: (tos 0x0, ttl 52, id 47253, offset 0, flags [DF], proto TCP (6), length 64)
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 69.64.6.29.34011 > WANIPONMailscanner: Flags [ S ], cksum 0xb9e2 (correct), seq 994851350, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,TS val 150586674 ecr 0], length 0
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: connect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: A4B6911D1B: client=mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/cleanup[1882]: A4B6911D1B: message-id=3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: disconnect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/qmgr[31335]: A4B6911D1B: from=cmb@pfsense.org, size=2295, nrcpt=1 (queue active)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/smtp[2195]: A4B6911D1B: to=my@email.com, relay=MAILserverIP[MAILserverIP]:25, delay=0.79, delays=0.33/0.01/0.02/0.43, dsn=2.6.0, status=sent (250 2.6.0 3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org [InternalId=284] Queued mail for delivery)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/qmgr[31335]: A4B6911D1B: removed/my@email.com/cmb@pfsense.orgAgain sorry for noob questions.
-
Maybe you should default it in your package to clamd instead of auto?
The php code checks for virus_scanning == "yes" and 'virus_scanner' != none
so auto or clamd will result on the same config check.
-
Just a question, did you checked VirusScanning(yes) and Virus scanner =clamd on mailscanner antivirus tab?
I've checked the code and it looks for user clamav on clamd.conf file
I just checked an it was set to:
VirusScanning(yes)Do not even know how to change this or turn on any options that have (no)Guess i have to modify some config files or something. Google will answer me i hope. ;DAha ()=default and if it is selected it is on right?Virus scanner was set to auto
So what is recommended i do?
Change user back to clamav and set it to use clameav?
And should i be able to see in the logs that any emails is scanned and passes the scan?
Reason for asking is that i can not see anything like that in the log files in regards to avscan of emails..
This is what i see in the log for an incoming email:2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: CONNECT from [69.64.6.29]:34011
2012-07-24 18:35:09 Mail.Info LANIP Jul 24 18:37:22 postfix/postscreen[881]: PASS OLD [69.64.6.29]:34011
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 00:06:56.261267 rule 27/0(match): pass in on de0: (tos 0x0, ttl 52, id 47253, offset 0, flags [DF], proto TCP (6), length 64)
2012-07-24 18:35:09 Local0.Info LANIP Jul 24 18:37:22 pf: 69.64.6.29.34011 > WANIPONMailscanner: Flags [ S ], cksum 0xb9e2 (correct), seq 994851350, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,TS val 150586674 ecr 0], length 0
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: connect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: A4B6911D1B: client=mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/cleanup[1882]: A4B6911D1B: message-id=3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/smtpd[1239]: disconnect from mail.pfsense.org[69.64.6.29]
2012-07-24 18:35:10 Mail.Info LANIP Jul 24 18:37:23 postfix/qmgr[31335]: A4B6911D1B: from=cmb@pfsense.org, size=2295, nrcpt=1 (queue active)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/smtp[2195]: A4B6911D1B: to=my@email.com, relay=MAILserverIP[MAILserverIP]:25, delay=0.79, delays=0.33/0.01/0.02/0.43, dsn=2.6.0, status=sent (250 2.6.0 3408b51f40ccd43c38e94056c4fe832e-m276917@pfsense.org [InternalId=284] Queued mail for delivery)
2012-07-24 18:35:11 Mail.Info LANIP Jul 24 18:37:24 postfix/qmgr[31335]: A4B6911D1B: removed/my@email.com/cmb@pfsense.orgAgain sorry for noob questions.
Leave the user as postfix or it will not work.
in /var/log/maillog you should see something like this on accepted mail.
Jul 24 17:41:23 6460_a_51st MailScanner[4124]: New Batch: Scanning 1 messages, 50753 bytes
Jul 24 17:41:23 6460_a_51st MailScanner[4124]: Virus and Content Scanning: Starting
Jul 24 17:41:24 6460_a_51st MailScanner[4124]: Spam Checks: Starting
Jul 24 17:41:24 6460_a_51st MailScanner[4124]: Expired 1 records from the SpamAssassin cache
Jul 24 17:41:38 6460_a_51st MailScanner[4124]: Requeue: 746EA78C4A.A7765 to 41CC478C8AFirst though you need to configure postfix to hold the mail in the que so it can be scanned with something like this.
in the gui for postfix
click the access lists tab
and put something like this "/^from:/ HOLD"You also need to configure the recipients tab as well as the antispam tab
If you look to the botom of the antispam page:
Check use third party anti spam
I use message hold mode "manual mode using acls"
mailscanner+spam assassin + clamav
