Форум Сайтостроение Администрирование серверов

Проблемы с Clamav

12
CM
На сайте с 24.03.2009
Offline
136
Cesar_Mt
#11
Продюсер:
может кто-то поделится знаниями бесплатно?

Гугл.... 10 символов.

п.с. Сам я не Админ, но уверен, что бизнес-процессы и секреты никто не откроет, да и дело это не одного поста и даже не одной темы

MT
На сайте с 15.01.2013
Offline
49
MarcusTven
#12

"клам" должен висеть постоянно.

Профит я на своем примере - рассказал. Надо проверить логи еще и /var/log/messages и /var/log/maillog .

Чекинг базы каждые 10 минут делать нот логикал. 30 минут достаточно.

Cesar_Mt:
но уверен, что бизнес-процессы и секреты никто не откроет

Базово, поможем.

А когда нужен анализ в машине, то тут уже да. Наша помощь с чужими рукмми != 0% профита.

marcus@cluster:~$
Рассылают спам с нашего ISP backup и /tmp mysql продолжает грузить VDS
Продюсер
На сайте с 09.11.2010
Offline
36
Продюсер
#13
MarcusTven:
"клам" должен висеть постоянно.

понял,тогда все же установлю.

MarcusTven:
Надо проверить логи еще и /var/log/messages и /var/log/maillog .

*******************************
Jan 26 19:43:27 92 rsyslogd-2177: imuxsock begins to drop messages from pid 15904 due to rate-limiting
Jan 26 19:45:01 92 watchdog[16189]: ISPmanager config was changed
Jan 26 19:45:30 92 rsyslogd-2177: imuxsock lost 329 messages from pid 15904 due to rate-limiting
Jan 26 19:50:01 92 watchdog[16870]: ISPmanager config was changed
Jan 26 19:50:35 92 named[991]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::19#53
Jan 26 19:50:35 92 named[991]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:60::30#53
Jan 26 19:50:35 92 named[991]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:71::30#53
Jan 26 19:55:01 92 watchdog[17534]: ISPmanager config was changed
Jan 26 20:00:01 92 watchdog[18187]: ISPmanager config was changed
Jan 26 20:01:01 92 rotated[18295]: Checking links to log files
Jan 26 20:01:01 92 rotated[18295]: Checking links finished
Jan 26 20:01:01 92 rotated[18295]: Rotation finished. 0 log files was processed. 0 seconds left
Jan 26 20:05:01 92 watchdog[18661]: ISPmanager config was changed
Jan 26 20:10:01 92 watchdog[19261]: ISPmanager config was changed
Jan 26 20:15:01 92 watchdog[19979]: ISPmanager config was changed
Jan 26 20:20:02 92 watchdog[20515]: ISPmanager config was changed
Jan 26 20:25:01 92 watchdog[20884]: ISPmanager config was changed
Jan 26 20:30:01 92 watchdog[21304]: ISPmanager config was changed
Jan 26 20:35:01 92 watchdog[21796]: ISPmanager config was changed
Jan 26 20:40:01 92 watchdog[22171]: ISPmanager config was changed
Jan 26 20:43:27 92 rsyslogd-2177: imuxsock begins to drop messages from pid 22369 due to rate-limiting
Jan 26 20:43:45 92 rsyslogd-2177: imuxsock lost 309 messages from pid 22369 due to rate-limiting
Jan 26 20:45:01 92 watchdog[22585]: ISPmanager config was changed
Jan 26 20:50:01 92 watchdog[23094]: ISPmanager config was changed
Jan 26 20:50:36 92 named[991]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:60::30#53
Jan 26 20:50:36 92 named[991]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:4f8:0:2::20#53
Jan 26 20:55:01 92 watchdog[23606]: ISPmanager config was changed
Jan 26 21:00:01 92 watchdog[24063]: ISPmanager config was changed
Jan 26 21:01:01 92 rotated[24155]: Checking links to log files
Jan 26 21:01:01 92 rotated[24155]: Checking links finished
Jan 26 21:01:01 92 rotated[24155]: Rotation finished. 0 log files was processed. 0 seconds left
Jan 26 21:05:01 92 watchdog[24587]: ISPmanager config was changed
Jan 26 21:10:01 92 watchdog[25060]: ISPmanager config was changed
Jan 26 21:15:01 92 watchdog[25406]: ISPmanager config was changed
Jan 26 21:20:01 92 watchdog[25846]: ISPmanager config was changed
Jan 26 21:20:49 92 yum[25861]: Installed: clamav-db-0.97.6-1.el6.rf.x86_64
Jan 26 21:20:51 92 yum[25861]: Installed: clamav-0.97.6-1.el6.rf.x86_64
Jan 26 21:21:10 92 yum[26027]: Installed: clamd-0.97.6-1.el6.rf.x86_64
Jan 26 21:21:23 92 freshclam[26098]: ClamAV update process started at Sat Jan 26 21:21:23 2013
Jan 26 21:21:23 92 freshclam[26098]: main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Jan 26 21:21:23 92 freshclam[26098]: getfile: daily-15077.cdiff not found on remote server (IP: 84.17.12.94)
Jan 26 21:21:23 92 freshclam[26098]: getpatch: Can't download daily-15077.cdiff from db.ru.clamav.net
Jan 26 21:21:24 92 freshclam[26098]: getfile: daily-15077.cdiff not found on remote server (IP: 193.169.234.215)
Jan 26 21:21:24 92 freshclam[26098]: getpatch: Can't download daily-15077.cdiff from db.ru.clamav.net
Jan 26 21:21:25 92 freshclam[26098]: getfile: daily-15077.cdiff not found on remote server (IP: 194.186.47.19)
Jan 26 21:21:25 92 freshclam[26098]: getpatch: Can't download daily-15077.cdiff from db.ru.clamav.net
Jan 26 21:21:25 92 freshclam[26098]: Incremental update failed, trying to download daily.cvd
Jan 26 21:21:25 92 freshclam[26098]: Downloading daily.cvd [100%]
Jan 26 21:21:27 92 freshclam[26098]: daily.cvd updated (version: 16574, sigs: 631511, f-level: 63, builder: neo)
Jan 26 21:21:27 92 freshclam[26098]: bytecode.cld is up to date (version: 210, sigs: 39, f-level: 63, builder: neo)
Jan 26 21:21:29 92 freshclam[26098]: Database updated (1675937 signatures) from db.ru.clamav.net (IP: 62.181.33.229)
Jan 26 21:21:29 92 freshclam[26098]: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock
Jan 26 21:21:29 92 clamd[26111]: clamd daemon 0.97.6 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 26 21:21:29 92 clamd[26111]: Running as user clamav (UID 496, GID 497)
Jan 26 21:21:29 92 clamd[26111]: Log file size limited to -1 bytes.
Jan 26 21:21:29 92 clamd[26111]: Reading databases from /var/clamav
Jan 26 21:21:29 92 clamd[26111]: Not loading PUA signatures.
Jan 26 21:21:29 92 clamd[26111]: Bytecode: Security mode set to "TrustSigned".
Jan 26 21:21:33 92 clamd[26111]: Loaded 1670539 signatures.
Jan 26 21:21:33 92 clamd[26111]: TCP: Bound to address 127.0.0.1 on port 3310
Jan 26 21:21:33 92 clamd[26111]: TCP: Setting connection queue length to 30
Jan 26 21:21:33 92 clamd[26111]: LOCAL: Removing stale socket file /var/run/clamav/clamd.sock
Jan 26 21:21:33 92 clamd[26111]: LOCAL: Unix socket file /var/run/clamav/clamd.sock
Jan 26 21:21:33 92 clamd[26111]: LOCAL: Setting connection queue length to 30
Jan 26 21:21:33 92 clamd[26111]: daemonize() failed: Cannot allocate memory
Jan 26 21:21:33 92 clamd[26111]: Socket file removed.
Jan 26 21:21:46 92 yum[26138]: Installed: clamav-milter-0.97.6-1.el6.rf.x86_64
Jan 26 21:21:52 92 clamav-milter[26226]: +++ Started at Sat Jan 26 21:21:52 2013
Jan 26 21:21:52 92 clamav-milter[26227]: No clamd server appears to be available
Jan 26 21:22:52 92 clamav-milter[26227]: No clamd server appears to be available
Jan 26 21:22:52 92 rsyslogd-2177: imuxsock begins to drop messages from pid 26283 due to rate-limiting
Jan 26 21:23:43 92 clamd[26491]: clamd daemon 0.97.6 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 26 21:23:43 92 clamd[26491]: Running as user clamav (UID 496, GID 497)
Jan 26 21:23:43 92 clamd[26491]: Log file size limited to -1 bytes.
Jan 26 21:23:43 92 clamd[26491]: Reading databases from /var/clamav
Jan 26 21:23:43 92 clamd[26491]: Not loading PUA signatures.
Jan 26 21:23:43 92 clamd[26491]: Bytecode: Security mode set to "TrustSigned".
Jan 26 21:23:48 92 clamd[26491]: Loaded 1670539 signatures.
Jan 26 21:23:48 92 clamd[26491]: TCP: Bound to address 127.0.0.1 on port 3310
Jan 26 21:23:48 92 clamd[26491]: TCP: Setting connection queue length to 30
Jan 26 21:23:48 92 clamd[26491]: LOCAL: Unix socket file /var/run/clamav/clamd.sock
Jan 26 21:23:48 92 clamd[26491]: LOCAL: Setting connection queue length to 30
Jan 26 21:23:48 92 clamd[26491]: daemonize() failed: Cannot allocate memory
Jan 26 21:23:48 92 clamd[26491]: Socket file removed.
Jan 26 21:23:52 92 clamav-milter[26227]: No clamd server appears to be available
Jan 26 21:23:58 92 clamd[26524]: clamd daemon 0.97.6 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 26 21:23:58 92 clamd[26524]: Running as user clamav (UID 496, GID 497)
Jan 26 21:23:58 92 clamd[26524]: Log file size limited to -1 bytes.
Jan 26 21:23:58 92 clamd[26524]: Reading databases from /var/clamav
Jan 26 21:23:58 92 clamd[26524]: Not loading PUA signatures.
Jan 26 21:23:58 92 clamd[26524]: Bytecode: Security mode set to "TrustSigned".
Jan 26 21:24:01 92 clamd[26524]: Loaded 1670539 signatures.
Jan 26 21:24:02 92 clamd[26524]: TCP: Bound to address 127.0.0.1 on port 3310
Jan 26 21:24:02 92 clamd[26524]: TCP: Setting connection queue length to 30
Jan 26 21:24:02 92 clamd[26524]: LOCAL: Unix socket file /var/run/clamav/clamd.sock
Jan 26 21:24:02 92 clamd[26524]: LOCAL: Setting connection queue length to 30
Jan 26 21:24:02 92 clamd[26524]: daemonize() failed: Cannot allocate memory
Jan 26 21:24:02 92 clamd[26524]: Socket file removed.
MarcusTven:
Чекинг базы каждые 10 минут делать нот логикал. 30 минут достаточно.

Как это настроить?

MT
На сайте с 15.01.2013
Offline
49
MarcusTven
#14

Продюсер

: daemonize() failed: Cannot allocate memory

Память? Не всегда как оказалось.

Начни с команды freshclam

Продолжи: atop, free -m, top, df -h

Продюсер
На сайте с 09.11.2010
Offline
36
Продюсер
#15
MarcusTven:
Начни с команды freshclam
Продолжи: atop, free -m, top, df -h

щас попробую:

[root@92 ~]# freshclam
ClamAV update process started at Sat Jan 26 21:57:35 2013
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd is up to date (version: 16574, sigs: 631511, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 210, sigs: 39, f-level: 63, builder: neo)
[root@92 ~]# free -m
total used free shared buffers cached
Mem: 512 464 47 0 10 180
-/+ buffers/cache: 273 238
Swap: 0 0 0
[root@92 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/xvda1 9.9G 6.6G 2.8G 71% /
tmpfs 257M 0 257M 0% /dev/shm
[root@92 ~]#
Andreyka
На сайте с 19.02.2005
Offline
822
Andreyka
#16
Продюсер:
может кто-то поделится знаниями бесплатно?

Я поделюсь! Для этого завел специальный сайт.

Не стоит плодить сущности без необходимости
12

Авторизуйтесь или зарегистрируйтесь, чтобы оставить комментарий