clamd appears to hanging

David Banning david at skytracker.ca
Tue Jan 26 04:18:27 UTC 2021


Well - that was something - it looks like the Avast running on my 
Windows laptop alters the header of each email for viewing just on my 
laptop.  When I look at the headers of each email from the shell using 
Mutt there are no modified headers. But it -does- appears they are being 
scanned for viruses - here is a clip the log from /var/log/clamav/clamd.log

<snip>
Mon Jan 25 13:04:21 2021 -> fd[10]: OK
Mon Jan 25 13:14:20 2021 -> SelfCheck: Database status OK.
Mon Jan 25 13:23:15 2021 -> fd[10]: Win.Test.EICAR_HDB-1 FOUND
Mon Jan 25 13:24:37 2021 -> SelfCheck: Database status OK.
Mon Jan 25 13:27:19 2021 -> fd[11]: Win.Test.EICAR_HDB-1 FOUND
Mon Jan 25 13:34:37 2021 -> SelfCheck: Database status OK.
Mon Jan 25 13:44:46 2021 -> SelfCheck: Database status OK.
Mon Jan 25 13:44:46 2021 -> fd[10]: OK
Mon Jan 25 13:48:05 2021 -> fd[10]: OK
Mon Jan 25 13:55:11 2021 -> SelfCheck: Database status OK.
Mon Jan 25 13:55:12 2021 -> fd[10]: OK
Mon Jan 25 13:57:40 2021 -> fd[10]: OK
Mon Jan 25 14:00:22 2021 -> fd[10]: OK
Mon Jan 25 14:01:10 2021 -> fd[10]: OK
Mon Jan 25 14:03:24 2021 -> fd[10]: OK
Mon Jan 25 14:04:15 2021 -> fd[10]: OK
Mon Jan 25 14:05:09 2021 -> fd[10]: OK
Mon Jan 25 14:06:15 2021 -> SelfCheck: Database status OK.
Mon Jan 25 14:06:15 2021 -> fd[10]: OK
<snip>

It shows the two emails I tried sending with the Eicar fake virus.  And 
/var/maillog shows simply;

Jan 25 13:27:19 3s1 sm-mta[82154]: 10PIRI8l082154: milter=clmilter, 
quarantine=quarantined by clamav-milter

So it appears to scanning for the viruses - I will look to see if there 
are any setting in the configuration files that might add the headers.


On 2021-01-25 9:19 p.m., Doug Hardie wrote:
> Clamav headers look like:
>
> X-Virus-Scanned: clamav-milter 0.103.0 at mail
>
> I don't think those are from clamav.  Are you also using Avast?
>
> -- Doug
>
>> On 25 January 2021, at 17:50, David Banning <david at skytracker.ca 
>> <mailto:david at skytracker.ca>> wrote:
>>
>> Turns out all is good - I see there is a header now in each email;
>>
>> X-Antivirus: Avast (VPS 210125-8, 2021-01-25), Inbound message
>> X-Antivirus-Status: Clean
>>
>> which I am assuming is from Clamav.
>> On 2021-01-25 2:00 p.m., David Banning wrote:
>>> thanks for that - it turns out that when I waited,  spamd -does- 
>>> eventually start - I think it took 45 minutes - knowing that it was 
>>> operating was only from sending the eicar virus to myself - it shows 
>>> that it caught it in the maillog,  but no email cleaned version of 
>>> the email arrived,  and there is no header in clean emails to show 
>>> they have been checked - but it works.  That's the good news.  It 
>>> would be helpful to have -something- that tells me that it is 
>>> operating - even an occasional clean scan note in maillog would be 
>>> great.
>>>
>>> I'll keep an eye to see if it continues to take a long time to start 
>>> at boot time - I may have to have it -not- start at boot, and start 
>>> it manually.
>>>
>>>
>>> On 2021-01-25 5:00 a.m., Doug Hardie wrote:
>>>>> On 24 January 2021, at 08:09, David Banning 
>>>>> <david+dated+1611936580.6d1518 at skytracker.ca> wrote:
>>>>>
>>>>> I just installed clamd on an older version of Freebsd. Freshclam 
>>>>> appears to be working fine, but clamd seems to hang, which 
>>>>> prevents my server from booting.
>>>>> I don't see anything in the log;
>>>>>
>>>>>
>>>>> Any pointers towards getting this up and running would be helpful.
>>>>> The Freebsd version and Clamd version are noted at the beginning 
>>>>> of the log.
>>>> Clamd may be waiting on freshclam.  However, it still takes clamd 
>>>> "forever" to load the virus database.  You have 2 options:
>>>>
>>>> 1.  If you connect to the machine via ssh, then edit /etc/rc.d/sshd 
>>>> and add FILESYSTEMS to the REQUIRE line.  That will cause sshd to 
>>>> become active before clamd tries to start up.  You will be able to 
>>>> poke around and see what is going on.
>>>>
>>>> 2.  If you use a directly connected terminal, then disable clamd 
>>>> and freshclam in /etc/rc.d.  Boot up and then start them up 
>>>> manually.  You do need to run freshclam first though.
>>>>
>>>> In any case, be prepared to wait a long time for clamd to start.
>>>>
>>>> -- Doug
>>>>
>>>>
>>>> _______________________________________________
>>>> freebsd-questions at freebsd.org mailing list
>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>> To unsubscribe, send any mail to 
>>>> "freebsd-questions-unsubscribe at freebsd.org"
>>>>
>>>
>


More information about the freebsd-questions mailing list