Discuss our MailScanner install script and MailScanner itself
docbreed
Junior Member
Posts: 27 Joined: 17 Feb 2007, 02:48
Post
by docbreed 08 Dec 2008, 03:15
WHM 11.23.2 cPanel 11.23.6-R27698
CENTOS Enterprise 5.2 i686 on standard - WHM X v3.1.0
* ConfigServer Mail Manage
* ConfigServer Mail Queues
* ConfigServer Security&Firewall
* ConfigServer MailScanner FE
I'm recieveing multiple emails of this:
Code: Select all
From Subject Received Size Categories
cpanel@server.myhost.com clamav on server.myhost.com failed 6:53 PM 5 KB
chkservd.log file
Code: Select all
]...cpsrvd [+]...lfd [+]...mailscanner [+]...named [+]...Done
[Sun Dec 7 20:52:54 2008] Service check ....clamav [Unable to connect to port -Notification => me@myhost.com via EMAIL [level => 1]
Restarting clamav....
Sarah
Moderator
Posts: 934 Joined: 09 Dec 2006, 22:49
Post
by Sarah 08 Dec 2008, 08:46
Are you seeing any clamav related errors in the maillog?
docbreed
Junior Member
Posts: 27 Joined: 17 Feb 2007, 02:48
Post
by docbreed 08 Dec 2008, 12:51
Sarah wrote: Are you seeing any clamav related errors in the maillog?
Code: Select all
Dec 8 06:01:02 chicago1 update.virus.scanners: Found clamav installed
Dec 8 06:01:02 chicago1 update.virus.scanners: Running autoupdate for clamav
Dec 8 06:01:02 chicago1 ClamAV-autoupdate[11605]: ClamAV did not need updating
Dec 8 06:01:02 chicago1 update.virus.scanners: Found generic installed
Dec 8 06:01:02 chicago1 update.virus.scanners: Running autoupdate for generic
Dec 8 06:01:13 chicago1 MailScanner[10643]: New Batch: Forwarding 1 unscanned messages, 1766 bytes
Dec 8 06:01:13 chicago1 MailScanner[10643]: Unscanned: Delivered 1 messages
Dec 8 06:01:13 chicago1 MailScanner[10643]: Virus and Content Scanning: Starting
Dec 8 06:01:13 chicago1 MailScanner[10643]: Logging message 1L9enX-000331-59 to SQL
Dec 8 06:01:13 chicago1 MailScanner[10540]: 1L9enX-000331-59: Logged to MailWatch SQL
Dec 8 06:01:18 chicago1 pop3d: Connection, ip=[::ffff:1.31.238.52]
Dec 8 06:01:18 chicago1 pop3d: LOGIN, user=skh@domain.com, ip=[::ffff:1.31.238.52], port=[4704]
Dec 8 06:01:18 chicago1 pop3d: LOGOUT, user=skh@domain.com, ip=[::ffff:1.31.238.52], port=[4704], top=0, retr=0, rcvd=12, sent=39, time=0
Dec 8 06:01:19 chicago1 MailScanner[10633]: New Batch: Forwarding 1 unscanned messages, 3533 bytes
Dec 8 06:01:19 chicago1 MailScanner[10633]: Unscanned: Delivered 1 messages
Dec 8 06:01:19 chicago1 MailScanner[10633]: Virus and Content Scanning: Starting
Dec 8 06:01:19 chicago1 MailScanner[10633]: Logging message 1L9enc-00033J-6y to SQL
Dec 8 06:01:19 chicago1 MailScanner[10540]: 1L9enc-00033J-6y: Logged to MailWatch SQL
By looks of it finds updates on the hour every hour and installs it. but I'm receiving the Failed emails about every ten mins.
Sarah
Moderator
Posts: 934 Joined: 09 Dec 2006, 22:49
Post
by Sarah 08 Dec 2008, 16:07
Is clamd actually running if you look for it in ps axf? Are there two entries for clamav/clamd in Service Manager?
docbreed
Junior Member
Posts: 27 Joined: 17 Feb 2007, 02:48
Post
by docbreed 08 Dec 2008, 16:35
Code: Select all
root@chicago1 [/var/log]# ps axf|grep clam
17369 pts/0 S+ 0:00 \_ grep clam
2149 ? Ssl 0:08 /usr/local/sbin/clamd
docbreed
Junior Member
Posts: 27 Joined: 17 Feb 2007, 02:48
Post
by docbreed 08 Dec 2008, 20:43
Service Manager has
Sarah
Moderator
Posts: 934 Joined: 09 Dec 2006, 22:49
Post
by Sarah 10 Dec 2008, 10:25
I'm not sure what's happening on your server. I presume you've tested the virus scanner by sending the eicar test virus, or otherwise confirmed that virus scanning is occurring. It may be a problem with chkservd itself. You could contact cPanel if you're concerned about it.
docbreed
Junior Member
Posts: 27 Joined: 17 Feb 2007, 02:48
Post
by docbreed 13 Dec 2008, 13:16
ok so i was running whm 11.23 and upgraded last night to whm 11.24 and clamav had the tick box.. Thanks.