[clamav-users] Encrypted Word doc/phishing attack

Reindl Harald h.reindl at thelounge.net
Wed Oct 5 14:57:01 EDT 2016



Am 05.10.2016 um 20:52 schrieb Dennis Peterson:
> On 10/5/16 11:37 AM, Alex wrote:
>> Can you explain how you configured systemd to start two instances of
>> the same clamd binary using different config files?
>>
> Create a second config file and give it a unique name or place it in a
> different directory than the original. Edit the new file to change as
> needed the tcpip port if used, or the socket name and location. Make any
> other changes that accomplish what you need from the second instance. Be
> especially attentive of log files, how they're created, how they're
> managed, and how they're populated.
>
> Edit your startup script to start a second instance (and to stop it) and
> use the --config-file="xxxxx" for both instances where xxxx is the
> appropriate name and path of your config files.
>
> Make what ever changes are needed in your processes that call clam
> services so that they call the correct instance.
>
> You will have to modify  the freshclam script to send a reload command
> to the second instance of clamd as well as the original instance

or better consider when is the right moment and just leave out the 
reload logic - we update signatures on a completly different machine and 
deploy them with rsync

i know the two points per hour when that happens

so i know when i have to schedule the reloads on the machines running 
clamd given that the signature update hardly exceeds 5 minutes
________________________________

/etc/crontab:
# Reload der ClamAV-Signaturen
28,58 * * * *                               root      /usr/bin/bash 
/usr/local/bin/reload-clamd.sh
________________________________

[root at mail-gw:/etc/systemd/system]$ cat /usr/local/bin/reload-clamd.sh
#!/usr/bin/bash

OLD_HASH=`sha512sum /tmp/clamd-sig-instance1-status.txt 2> /dev/null`
sha512sum /var/lib/clamav/* > /tmp/clamd-sig-instance1-status.txt
NEW_HASH=`sha512sum /tmp/clamd-sig-instance1-status.txt`
if [ "$OLD_HASH" != "$NEW_HASH" ]; then
  /usr/bin/systemctl condreload clamd.service
  sleep 15
fi

OLD_HASH=`sha512sum /tmp/clamd-sig-instance2-status.txt 2> /dev/null`
sha512sum /var/lib/clamav-spam/* > /tmp/clamd-sig-instance2-status.txt
NEW_HASH=`sha512sum /tmp/clamd-sig-instance2-status.txt`
if [ "$OLD_HASH" != "$NEW_HASH" ]; then
  /usr/bin/systemctl condreload clamd-sa.service
fi


More information about the clamav-users mailing list