<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:roboto;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Times New Roman \,serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Jules,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I’m the only one with ANY access to this system (other than web), and I was on vacation.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Nevertheless, I’ve comment out the stats lines in clamd.conf and then I received this error.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config# /usr/bin/clamdscan preferences.php<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">----------- SCAN SUMMARY -----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Infected files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Total errors: 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Time: 0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Likewise in ZendTo the log shows…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:8.0pt;font-family:"Courier New";color:#162637">Error: Virus scan of dropped-off files /var/zendto/incoming/phpSAkd0U for dgpedrosi failed with ERROR: Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory ----------- SCAN SUMMARY ----------- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Then from clamd.conf I commented out these lines<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">#LocalSocket /var/run/clamav/clamd.ctl<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">#FixStaleSocket true<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">And now I can run a command line scan without error:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config# /usr/bin/clamdscan preferences.php<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">----------- SCAN SUMMARY -----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Infected files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Total errors: 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">Time: 0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">But ZendTo will still not AV scan, from the ZendTo log:<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Courier New";color:#162637">Error: Virus scan of dropped-off files /var/zendto/incoming/phpcz1Ojf for dgpedrosi failed with ----------- SCAN SUMMARY ----------- Infected
files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Also, I’m running Ubuntu 16.04.4 LTS no clamd service to be found:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config# service --status-all<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] acpid<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] apache-htcacheclean<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] apache2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] apparmor<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] apport<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] atd<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ - ] bootmisc.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ - ] checkfs.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ - ] checkroot-bootclean.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ - ] checkroot.sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ - ] clamav-daemon<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] clamav-freshclam<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] console-setup<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;color:#1F497D">[ + ] cron<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">But I did reboot the server, and I’m still seeing the issue.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">???</span><span style="color:red"><o:p></o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:red"><o:p> </o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> Jules Field [mailto:Jules@Zend.To]
<br>
<b>Sent:</b> Thursday, July 26, 2018 10:27 AM<br>
<b>To:</b> Pedrosi, Derek G. <pedrosi@millercanfield.com>; ZendTo Users <zendto@zend.to><br>
<b>Subject:</b> Re: [ZendTo] ClamAV fail<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Derek,<span style="font-size:12.0pt"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 26/07/2018 14:50, Pedrosi, Derek G. wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">This is my production server, and no changes were made;</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">Ah, the famous "But I didn't change anything" defence. :-) :-)<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">it just started throwing the error.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">Ah, but changes *were* made. Just possibly not by you. :-)<br>
Someone (or more likely some*thing*) did a "yum upgrade" or an "apt upgrade", and replaced the copy of ClamAV that was running.<br>
You see that file "clamd.conf.ucf-dist" in your "ls -al" output below? That was modified yesterday morning, which is probably shortly before it all stopped working.<br>
<br>
From your /etc/clamav/clamd.conf file, based on the output from "clamdscan" below, you should remove the lines that start "AllowSupplementaryGroups" and "StatsEnabled". Then restart the clamd service ("service clamd restart" will *probably* do the trick on
almost any Linux variant). Then try that clamdscan command again and see if it gets further.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Running clamdscan:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config# /usr/bin/clamdscan --stdout preferences.php</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">WARNING: Ignoring deprecated option AllowSupplementaryGroups at line 11</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR: Parse error at line 79: Unknown option StatsEnabled</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR: Can't parse clamd configuration file /etc/clamav/clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config# clamscan --version</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ClamAV 0.100.1/24784/Thu Jul 26 04:44:34 2018</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config# nano /etc/clamav/clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config# ls /etc/clamav -la</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">total 36</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 5 root root 4096 Jul 26 09:49 .</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 94 root root 4096 Jul 25 06:06 ..</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1 root root 2059 Mar 5 10:19 clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1 root root 1999 Jul 25 06:06 clamd.conf.ucf-dist</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1 root root 2060 Mar 5 10:19 clamd.conf.zendto</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">-r--r--r-- 1 clamav adm 702 Jul 25 06:06 freshclam.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2 root root 4096 Jan 29 11:14 onerrorexecute.d</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2 root root 4096 Jan 29 11:14 onupdateexecute.d</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2 root root 4096 Jan 29 11:14 virusevent.d</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">derek</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> ZendTo [<a href="mailto:zendto-bounces@zend.to">mailto:zendto-bounces@zend.to</a>]
<b>On Behalf Of </b>Jules Field via ZendTo<br>
<b>Sent:</b> Wednesday, July 25, 2018 12:26 PM<br>
<b>To:</b> Pedrosi, Derek G. via ZendTo <a href="mailto:zendto@zend.to"><zendto@zend.to></a>; ZendTo Users
<a href="mailto:zendto@zend.to"><zendto@zend.to></a><br>
<b>Cc:</b> Jules Field <a href="mailto:Jules@Zend.To"><Jules@Zend.To></a><br>
<b>Subject:</b> Re: [ZendTo] ClamAV fail</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Derek,<br>
<br>
Testing it with "clamscan" won't help. It's "clamdscan" that has to work, which is a very different beast.<br>
"clamscan" just does it all at once (which is why it takes so long).<br>
"clamdscan" uses the "clamd" process to actually do the scanning, and hence is much faster as there's no startup time while it loads and compiles all the virus signatures.<br>
<br>
If it works with a small text file, but not an archive or docx file, then you've probably run out of disk space in wherever clamd is trying to unpack the archive.<br>
<br>
Otherwise, it is almost always permissions/ownership problems.<br>
You shouldn't do any harm by fetching a new copy of the ZendTo installer and *just* doing the "Setup ClamAV" section.<br>
<br>
If you want to test it by hand, you need to do this:<br>
Edit the /etc/passwd file and give your apache or www-data user a real shell such as /bin/bash.<br>
"pwconv" (that makes the /etc/shadow file).<br>
"su - apache" (or "su - www-data") to properly become the web server user.<br>
clamdscan /var/zendto/*<br>
clamdscan --fdpass /var/zendto/*<br>
<br>
If both of those succeed, then start a big upload going in ZendTo. This will force some data (with the right permissions) into /var/zendto/incoming. While it's running, do "clamdscan /var/zendto/incoming/*" and "clamdscan --fdpass /var/zendto/incoming/*".<br>
<br>
By the time you've done all that lot, you've probably got some errors from ClamAV which will help narrow down the cause.<br>
<br>
When you've fixed it, remember to put your "/etc/passwd" file back so the shell says "/sbin/nologin" and run the "pwconv" command again.<br>
<br>
Hope that helps,<br>
Jules.<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 25/07/2018 17:04, Pedrosi, Derek G. via ZendTo wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Suddenly, my drops are no longer being scanned by AV and users were unable to drop files. No changes were made.<o:p></o:p></p>
<p class="MsoNormal">User see this…<o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellpadding="0" width="100%" style="width:100.0%">
<tbody>
<tr>
<td style="padding:7.5pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span style="font-family:"roboto",serif;color:#162637">Upload Error</span></b><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:6.0pt .75pt .75pt .75pt"></td>
<td style="padding:6.0pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span style="font-family:"roboto",serif;color:#162637">The attempt to virus-scan your drop-off failed. Please notify the system administrator.</span></b><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’ve since disable AV scan from the preferences.php (it was 'clamdscan' => '/usr/bin/clamdscan --stdout --fdpass',) and now users can drop files.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The details…<o:p></o:p></p>
<p class="MsoNormal">From ZendTo log…<o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Courier New"">2018-07-25 08:22:31 172.16.0.103 [XXXX]: Error: Virus scan of dropped-off files /var/zendto/incoming/phpLfUrV9 /var/zendto/incoming/phpf6ExDv for USER failed
with </span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Courier New""> </span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Courier New""> </span><o:p></o:p></p>
<p class="MsoNormal">From the /var/log/clamav dir:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav# tail freshclam.log</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:02:09 2018 -> --------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:24 2018 -> Update process terminated</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:25 2018 -> --------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:25 2018 -> freshclam daemon 0.100.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:25 2018 -> ClamAV update process started at Wed Jul 25 11:44:25 2018</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:25 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:25 2018 -> daily.cld is up to date (version: 24781, sigs: 2024541, f-level: 63, builder: neo)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:25 2018 -> bytecode.cld is up to date (version: 325, sigs: 90, f-level: 63, builder: neo)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 11:44:25 2018 -> --------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav# tail clamav.log</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 04:47:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 04:57:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 05:07:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 05:17:22 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 05:27:13 2018 -> Reading databases from /var/lib/clamav</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 05:27:27 2018 -> Database correctly reloaded (6584590 signatures)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 05:37:27 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 05:47:27 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 05:57:27 2018 -> SelfCheck: Database status OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25 06:05:55 2018 -> --- Stopped at Wed Jul 25 06:05:55 2018</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Now, I can scan files manually via the command line…<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">clamscan --verbose /var/log/</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">----------- SCAN SUMMARY -----------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Known viruses: 6584590</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Engine version: 0.100.1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned directories: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned files: 43</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Infected files: 0</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data scanned: 8.88 MB</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data read: 1.75 MB (ratio 5.07:1)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Time: 19.976 sec (0 m 19 s)</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Anywhere else to look?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">derek<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman ,serif",serif"><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><o:p></o:p></pre>
<pre><a href="http://jul.es/mailman/listinfo/zendto">http://jul.es/mailman/listinfo/zendto</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman ,serif",serif"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre>Jules<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Malin, Hebrides: South 5 to 7, occasionally 4 at first. Slight or moderate,<o:p></o:p></pre>
<pre>becoming rough in west. Rain later. Good, occasionally poor.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre><a href="http://www.Zend.To">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>
<br>
<o:p></o:p></span></p>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>'Ensanguining the skies<o:p></o:p></pre>
<pre> How heavily it dies<o:p></o:p></pre>
<pre> Into the west away;<o:p></o:p></pre>
<pre> Past touch and sight and sound<o:p></o:p></pre>
<pre> Not further to be found,<o:p></o:p></pre>
<pre> How hopeless under ground<o:p></o:p></pre>
<pre> Falls the remorseful day.' - A.E.Houseman<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://www.Zend.To">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</div>
</body>
</html>