<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Derek,<br>
<br>
<div class="moz-cite-prefix">On 26/07/2018 16:07, Pedrosi, Derek G.
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:WM!d55ab3981d9959042f2f6d3562d3ef2949dbed6266dac798c380d4176b00a08a223f10fd61c10d7793623e81d29c3498!@mx.jul.es">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:roboto;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Times New Roman \,serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Jules,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I’m the only
one with ANY access to this system (other than web), and I
was on vacation.</span></p>
</div>
</blockquote>
Hence my suggestion of some*thing*.<br>
Such as your cron daemon, which appears to have been installing
updates (they might well have been tagged as security updates, so
got automatically installed).<br>
<br>
Having read your lines below, have you tried this bit I suggested in
my original reply to you?<br>
<br>
If you want to test it by hand, you need to do this:<br>
Edit the /etc/passwd file and give your apache or www-data user a
real shell such as /bin/bash.<br>
"pwconv" (that makes the /etc/shadow file).<br>
"su - apache" (or "su - www-data") to properly become the web server
user.<br>
clamdscan /var/zendto/*<br>
clamdscan --fdpass /var/zendto/*<br>
<br>
What does that lot output?<br>
<br>
You not only need to get the location of the LocalSocket correct
enough for clamd to start and clamdscan to talk to it, but
freshclam.conf needs to know where it is too, or else freshclam
can't tell clamd that its signatures have been updated and hence
needs to restart itself.<br>
<br>
Cheers,<br>
Jules.<br>
<blockquote type="cite"
cite="mid:WM!d55ab3981d9959042f2f6d3562d3ef2949dbed6266dac798c380d4176b00a08a223f10fd61c10d7793623e81d29c3498!@mx.jul.es">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Nevertheless,
I’ve comment out the stats lines in clamd.conf and then I
received this error.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
/usr/bin/clamdscan preferences.php<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-----------
SCAN SUMMARY -----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Infected
files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Total
errors: 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Time:
0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Likewise in
ZendTo the log shows…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:8.0pt;font-family:"Courier
New";color:#162637">Error: Virus scan of dropped-off
files /var/zendto/incoming/phpSAkd0U for dgpedrosi failed
with ERROR: Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory
----------- SCAN SUMMARY ----------- Infected files: 0 Total
errors: 1 Time: 0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Then from
clamd.conf I commented out these lines<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">#LocalSocket
/var/run/clamav/clamd.ctl<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">#FixStaleSocket
true<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">And now I can
run a command line scan without error:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
/usr/bin/clamdscan preferences.php<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">-----------
SCAN SUMMARY -----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Infected
files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Total
errors: 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Time:
0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">But ZendTo will
still not AV scan, from the ZendTo log:<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New";color:#162637">Error: Virus scan of dropped-off
files /var/zendto/incoming/phpcz1Ojf for dgpedrosi failed
with ----------- SCAN SUMMARY ----------- Infected files: 0
Total errors: 1 Time: 0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Also, I’m
running Ubuntu 16.04.4 LTS no clamd service to be found:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
service --status-all<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] acpid<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] apache-htcacheclean<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] apache2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] apparmor<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] apport<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] atd<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
- ] bootmisc.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
- ] checkfs.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
- ] checkroot-bootclean.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
- ] checkroot.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
- ] clamav-daemon<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] clamav-freshclam<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] console-setup<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[
+ ] cron<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">But I did
reboot the server, and I’m still seeing the issue.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">???</span><span
style="color:red"><o:p></o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:red"><o:p> </o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Jules Field
[<a class="moz-txt-link-freetext" href="mailto:Jules@Zend.To">mailto:Jules@Zend.To</a>]
<br>
<b>Sent:</b> Thursday, July 26, 2018 10:27 AM<br>
<b>To:</b> Pedrosi, Derek G.
<a class="moz-txt-link-rfc2396E" href="mailto:pedrosi@millercanfield.com"><pedrosi@millercanfield.com></a>; ZendTo Users
<a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a><br>
<b>Subject:</b> Re: [ZendTo] ClamAV fail<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Derek,<span
style="font-size:12.0pt"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 26/07/2018 14:50, Pedrosi, Derek G.
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">This is my
production server, and no changes were made;</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif">Ah, the famous "But I didn't change
anything" defence. :-) :-)<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">it just
started throwing the error.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif">Ah, but changes *were* made. Just
possibly not by you. :-)<br>
Someone (or more likely some*thing*) did a "yum upgrade" or
an "apt upgrade", and replaced the copy of ClamAV that was
running.<br>
You see that file "clamd.conf.ucf-dist" in your "ls -al"
output below? That was modified yesterday morning, which is
probably shortly before it all stopped working.<br>
<br>
From your /etc/clamav/clamd.conf file, based on the output
from "clamdscan" below, you should remove the lines that
start "AllowSupplementaryGroups" and "StatsEnabled". Then
restart the clamd service ("service clamd restart" will
*probably* do the trick on almost any Linux variant). Then
try that clamdscan command again and see if it gets further.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Running
clamdscan:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
/usr/bin/clamdscan --stdout preferences.php</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">WARNING: Ignoring
deprecated option AllowSupplementaryGroups at line 11</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">ERROR: Parse error
at line 79: Unknown option StatsEnabled</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">ERROR: Can't parse
clamd configuration file /etc/clamav/clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
clamscan --version</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">ClamAV
0.100.1/24784/Thu Jul 26 04:44:34 2018</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
nano /etc/clamav/clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
ls /etc/clamav -la</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">total 36</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 5 root
root 4096 Jul 26 09:49 .</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 94 root
root 4096 Jul 25 06:06 ..</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1 root
root 2059 Mar 5 10:19 clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1 root
root 1999 Jul 25 06:06 clamd.conf.ucf-dist</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1 root
root 2060 Mar 5 10:19 clamd.conf.zendto</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-r--r--r-- 1 clamav
adm 702 Jul 25 06:06 freshclam.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2 root
root 4096 Jan 29 11:14 onerrorexecute.d</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2 root
root 4096 Jan 29 11:14 onupdateexecute.d</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2 root
root 4096 Jan 29 11:14 virusevent.d</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">derek</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> ZendTo [<a
href="mailto:zendto-bounces@zend.to"
moz-do-not-send="true">mailto:zendto-bounces@zend.to</a>]
<b>On Behalf Of </b>Jules Field via ZendTo<br>
<b>Sent:</b> Wednesday, July 25, 2018 12:26 PM<br>
<b>To:</b> Pedrosi, Derek G. via ZendTo <a
href="mailto:zendto@zend.to" moz-do-not-send="true"><zendto@zend.to></a>;
ZendTo Users
<a href="mailto:zendto@zend.to" moz-do-not-send="true"><zendto@zend.to></a><br>
<b>Cc:</b> Jules Field <a href="mailto:Jules@Zend.To"
moz-do-not-send="true"><Jules@Zend.To></a><br>
<b>Subject:</b> Re: [ZendTo] ClamAV fail</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Derek,<br>
<br>
Testing it with "clamscan" won't help. It's "clamdscan" that
has to work, which is a very different beast.<br>
"clamscan" just does it all at once (which is why it takes
so long).<br>
"clamdscan" uses the "clamd" process to actually do the
scanning, and hence is much faster as there's no startup
time while it loads and compiles all the virus signatures.<br>
<br>
If it works with a small text file, but not an archive or
docx file, then you've probably run out of disk space in
wherever clamd is trying to unpack the archive.<br>
<br>
Otherwise, it is almost always permissions/ownership
problems.<br>
You shouldn't do any harm by fetching a new copy of the
ZendTo installer and *just* doing the "Setup ClamAV"
section.<br>
<br>
If you want to test it by hand, you need to do this:<br>
Edit the /etc/passwd file and give your apache or www-data
user a real shell such as /bin/bash.<br>
"pwconv" (that makes the /etc/shadow file).<br>
"su - apache" (or "su - www-data") to properly become the
web server user.<br>
clamdscan /var/zendto/*<br>
clamdscan --fdpass /var/zendto/*<br>
<br>
If both of those succeed, then start a big upload going in
ZendTo. This will force some data (with the right
permissions) into /var/zendto/incoming. While it's running,
do "clamdscan /var/zendto/incoming/*" and "clamdscan
--fdpass /var/zendto/incoming/*".<br>
<br>
By the time you've done all that lot, you've probably got
some errors from ClamAV which will help narrow down the
cause.<br>
<br>
When you've fixed it, remember to put your "/etc/passwd"
file back so the shell says "/sbin/nologin" and run the
"pwconv" command again.<br>
<br>
Hope that helps,<br>
Jules.<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 25/07/2018 17:04, Pedrosi, Derek G.
via ZendTo wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Suddenly, my drops are no longer being
scanned by AV and users were unable to drop files. No
changes were made.<o:p></o:p></p>
<p class="MsoNormal">User see this…<o:p></o:p></p>
<table class="MsoNormalTable" style="width:100.0%"
width="100%" border="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:7.5pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span
style="font-family:"roboto",serif;color:#162637">Upload
Error</span></b><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:6.0pt .75pt .75pt .75pt"><br>
</td>
<td style="padding:6.0pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span
style="font-family:"roboto",serif;color:#162637">The
attempt to virus-scan your drop-off failed.
Please notify the system administrator.</span></b><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’ve since disable AV scan from the
preferences.php (it was 'clamdscan' =>
'/usr/bin/clamdscan --stdout --fdpass',) and now users can
drop files.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The details…<o:p></o:p></p>
<p class="MsoNormal">From ZendTo log…<o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New"">2018-07-25 08:22:31 172.16.0.103 [XXXX]:
Error: Virus scan of dropped-off files
/var/zendto/incoming/phpLfUrV9
/var/zendto/incoming/phpf6ExDv for USER failed with </span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New""> </span><o:p></o:p></p>
<p class="MsoNormal">From the /var/log/clamav dir:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav#
tail freshclam.log</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:02:09 2018 ->
--------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:24 2018 -> Update process terminated</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:25 2018 ->
--------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:25 2018 -> freshclam daemon 0.100.1 (OS:
linux-gnu, ARCH: x86_64, CPU: x86_64)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:25 2018 -> ClamAV update process started at
Wed Jul 25 11:44:25 2018</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:25 2018 -> main.cvd is up to date (version:
58, sigs: 4566249, f-level: 60, builder: sigmgr)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:25 2018 -> daily.cld is up to date (version:
24781, sigs: 2024541, f-level: 63, builder: neo)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:25 2018 -> bytecode.cld is up to date
(version: 325, sigs: 90, f-level: 63, builder: neo)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 11:44:25 2018 ->
--------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav#
tail clamav.log</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 04:47:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 04:57:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 05:07:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 05:17:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 05:27:13 2018 -> Reading databases from
/var/lib/clamav</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 05:27:27 2018 -> Database correctly reloaded
(6584590 signatures)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 05:37:27 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 05:47:27 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 05:57:27 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul
25 06:05:55 2018 -> --- Stopped at Wed Jul 25
06:05:55 2018</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Now, I can scan files manually via the
command line…<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">clamscan
--verbose /var/log/</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">-----------
SCAN SUMMARY -----------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Known
viruses: 6584590</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Engine
version: 0.100.1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned
directories: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned
files: 43</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Infected
files: 0</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data
scanned: 8.88 MB</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data
read: 1.75 MB (ratio 5.07:1)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Time:
19.976 sec (0 m 19 s)</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Anywhere else to look?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">derek<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman ,serif",serif"><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a href="mailto:ZendTo@zend.to" moz-do-not-send="true">ZendTo@zend.to</a><o:p></o:p></pre>
<pre><a href="http://jul.es/mailman/listinfo/zendto" moz-do-not-send="true">http://jul.es/mailman/listinfo/zendto</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman
,serif",serif"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre>Jules<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Malin, Hebrides: South 5 to 7, occasionally 4 at first. Slight or moderate,<o:p></o:p></pre>
<pre>becoming rough in west. Rain later. Good, occasionally poor.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><br>
<br>
<o:p></o:p></span></p>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>'Ensanguining the skies<o:p></o:p></pre>
<pre> How heavily it dies<o:p></o:p></pre>
<pre> Into the west away;<o:p></o:p></pre>
<pre> Past touch and sight and sound<o:p></o:p></pre>
<pre> Not further to be found,<o:p></o:p></pre>
<pre> How hopeless under ground<o:p></o:p></pre>
<pre> Falls the remorseful day.' - A.E.Houseman<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'We face neither East nor West: we face forward.' - Kwame Nkrumah
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
</html>