Extension development
Checking ClamD status automatically??

Ditto to that. I am very grateful for everyone's input on my problem and the solution that Nico has given us.

 

<p>Ditto to that. I am very grateful for everyone's input on my problem and the solution that Nico has given us.</p><p> </p>

I am very satisfied with the detection rate of ClamWall running under Mercury on my Server 2003 platform. Not only viruses, but using the SaneSecurity signatures, hundreds of Phishing messages and other scams also eliminated.

What is a matter of concerned is that, perhaps once a month or so, ClamD seems to get itself into trouble and fail. The only way that I become aware of it is by checking the ClamWall logs and finding the "ClamD not responding!" line. Sometimes it appears that ClamD is not running, but manually starting it by double-clicking on the executable in clamav\bin does the trick. Alternatively, sometimes ClamD appears as a hung process or application, and stopping it via the Task Manager is required.

 

Has anyone on the list had a similar experience?  Any ideas on how to be alerted as soon as there is a failure?

 

 

<p>I am very satisfied with the detection rate of ClamWall running under Mercury on my Server 2003 platform. Not only viruses, but using the SaneSecurity signatures, hundreds of Phishing messages and other scams also eliminated. </p><p>What is a matter of concerned is that, perhaps once a month or so, ClamD seems to get itself into trouble and fail. The only way that I become aware of it is by checking the ClamWall logs and finding the "ClamD not responding!" line. Sometimes it appears that ClamD is not running, but manually starting it by double-clicking on the executable in clamav\bin does the trick. Alternatively, sometimes ClamD appears as a hung process or application, and stopping it via the Task Manager is required.</p><p> </p><p>Has anyone on the list had a similar experience?  Any ideas on how to be alerted as soon as there is a failure?</p><p> </p><p> </p>

What about a filtering rule to check for the X-CLAMWALL header on incoming mail?

If it's NOT there "Run a Program" calling a batch script to kill & restart the clamd daemon.

 

EDIT:

X-CLAMWALL header is inserted by Clamwall even if clamd fails to respond ...GRRR

Plan B: Periodically run a script to scan a small test file against clamd and check for a proper reply then kill & restart if necessary.

If Lucas (or anyone who knows) knows of a win app to scan using STREAM (as clamwall does) to the clamd TCP port, I would love to get hold of it. 

<p>What about a filtering rule to check for the X-CLAMWALL header on incoming mail?</p><p>If it's NOT there "Run a Program" calling a batch script to kill & restart the clamd daemon.</p><p> </p><p>EDIT:</p><p>X-CLAMWALL header is inserted by Clamwall even if clamd fails to respond ...GRRR</p><p>Plan B: Periodically run a script to scan a small test file against clamd and check for a proper reply then kill & restart if necessary.</p><p>If Lucas (or anyone who knows) knows of a win app to scan using STREAM (as clamwall does) to the clamd TCP port, I would love to get hold of it. </p>

[quote user="pbeddy"]Has anyone on the list had a similar experience?  Any ideas on how to be alerted as soon as there is a failure?[/quote]

Yes, but rarely, and no.  The way clamd listens on the port doesn't make it easy for automated tests (like serversalive) to check if it's working.

<P>[quote user="pbeddy"]Has anyone on the list had a similar experience?  Any ideas on how to be alerted as soon as there is a failure?[/quote]</P> <P>Yes, but rarely, and no.  The way clamd listens on the port doesn't make it easy for automated tests (like serversalive) to check if it's working.</P>

[quote user="dilberts_left_nut"]

If Lucas (or anyone who knows) knows of a win app to scan using STREAM (as clamwall does) to the clamd TCP port, I would love to get hold of it. 

[/quote]

ClamDScan.exe? :)

Best regards

Nico
[quote user="dilberts_left_nut"]<P>If Lucas (or anyone who knows) knows of a win app to scan using STREAM (as clamwall does) to the clamd TCP port, I would love to get hold of it. </P>[/quote] ClamDScan.exe? :) Best regards Nico

From what I can gather clamdscan just passes the path\filename to clamd which then goes and scans the file(s)

What I am after is something to STREAM the file to the TCP port for scanning (as clamwall seems to from the clamd log file).

This would allow me to run 1 clamd server on the network for streaming clients to use rather that a clamav install on each machine.

<p>From what I can gather clamdscan just passes the path\filename to clamd which then goes and scans the file(s)</p><p>What I am after is something to STREAM the file to the TCP port for scanning (as clamwall seems to from the clamd log file).</p><p>This would allow me to run 1 clamd server on the network for streaming clients to use rather that a clamav install on each machine.</p>

[quote user="dilberts_left_nut"]

From what I can gather clamdscan just passes the path\filename to clamd which then goes and scans the file(s)

What I am after is something to STREAM the file to the TCP port for scanning (as clamwall seems to from the clamd log file).

This would allow me to run 1 clamd server on the network for streaming clients to use rather that a clamav install on each machine.

[/quote]

Ah I see. Well, ClamDscan is able to scan by STREAM if '-' as the filename is used. Then ClamDscan streams STDIN to the ClamD daemon. Still it won't help much in your case and I know of no other Win32 solution which is able to stream to a ClamD daemon on a different server. There's a Unix stream client for ClamD on sourceforge which does that but as far as I remember it doesn't compile under Cygwin because the Addrinfo structure which it uses is not implemented there. It would probably run under Cygwin if the GetHostByName/Addr functions are used instead (haven't tried to compile it under MSVC yet).

Best regards

Nico
[quote user="dilberts_left_nut"]<P>From what I can gather clamdscan just passes the path\filename to clamd which then goes and scans the file(s)</P><P>What I am after is something to STREAM the file to the TCP port for scanning (as clamwall seems to from the clamd log file).</P><P>This would allow me to run 1 clamd server on the network for streaming clients to use rather that a clamav install on each machine.</P>[/quote] Ah I see. Well, ClamDscan is able to scan by STREAM if '-' as the filename is used. Then ClamDscan streams STDIN to the ClamD daemon. Still it won't help much in your case and I know of no other Win32 solution which is able to stream to a ClamD daemon on a different server. There's a Unix stream client for ClamD on sourceforge which does that but as far as I remember it doesn't compile under Cygwin because the Addrinfo structure which it uses is not implemented there. It would probably run under Cygwin if the GetHostByName/Addr functions are used instead (haven't tried to compile it under MSVC yet). Best regards Nico

[quote user="pbeddy"]
Has anyone on the list had a similar experience?
[/quote]
No but I don't run ClamWall.

[quote user="pbeddy"]

Any ideas on how to be alerted as soon as there is a failure?

[/quote]
I've written a small script now which checks if ClamD responds and if not, kills ClamD if it exists and restarts it afterwards. It's here:

http://hideout.ath.cx/clamav/clamdog.zip

Hope it helps

Best regards

Nico
[quote user="pbeddy"] Has anyone on the list had a similar experience? [/quote] No but I don't run ClamWall. [quote user="pbeddy"]<P>Any ideas on how to be alerted as soon as there is a failure?</P>[/quote] I've written a small script now which checks if ClamD responds and if not, kills ClamD if it exists and restarts it afterwards. It's here: http://hideout.ath.cx/clamav/clamdog.zip Hope it helps Best regards Nico
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft