[hobbit] clamd monitoring

Hubbard, Greg L greg.hubbard at eds.com
Thu Oct 23 17:12:48 CEST 2008 

This would probably be best done as a client-side test, launched
externally from the standard Hobbit client functions.  It is pretty easy
to integrate custom tests with the Hobbit infrastructure.
 
GLH


________________________________

	From: Jon Boede [mailto:jon at shadowsoft.com] 
	Sent: Thursday, October 23, 2008 9:44 AM
	To: hobbit at hswn.dk
	Subject: Re: [hobbit] clamd monitoring
	
	
	While we're on the topic...
	
	It seems that the clamd monitoring just checks to see if clamd
is answering the phone.  
	
	Is there a way to check that clamd is, well, happy as a clam?
This is to say, up to date, hasn't found anything, etc.?
	
	Thanks,
	Jon
	
	Bill Arlofski wrote: 

		Hanrahan, Kevin wrote:
		  

			Hi all,
			  I am having trouble monitoring clamAV. As in
the docs, I put "clamd" in the bb-hosts file for my monitored host but I
get the following result:
			
			Service clamd on server.domain.com is not OK :
Service unavailable (No route to host)
			
			The server is reachable so there really IS a
route to the host.
			
			
			any ideas?
			
			
			kh
			    

		
		Just a guess, but I bet that clamd on the server is
either listening on
		127.0.0.1:3310/TCP or only on a local socket, either of
which would render it
		it inaccessible from a remote monitoring server.
		
		Usually this is the desired configuration since then
only the mail server
		itself can "use" the clamd service. From the
/etc/clamd.conf file:
		
		--[snip]--
		# TCP port address.
		# Default: no
		TCPSocket 3310
		
		# TCP address.
		# By default we bind to INADDR_ANY, probably not wise.
		# Enable the following to provide some degree of
protection
		# from the outside world.
		# Default: no
		#TCPAddr 127.0.0.1
		--[snip]--
		
		You'll have to find your clamd config file and tell it
to bind to all IP
		addresses by commenting out that TCPAddr line and then
either secure it with
		iptables on the local host or recompile it with
tcpwrappers support.
		
		
		Oh and check this option too --> "LocalSocket". It may
be enabled on your
		installation:
		
		--[snip]--
		# The daemon works in a local OR a network mode. Due to
security reasons we
		# recommend the local mode.
		
		# Path to a local socket file the daemon will listen on.
		# Default: disabled (must be specified by a user)
		# LocalSocket /var/run/clamav/clamav.sock
		--[snip]--
		
		
		--
		Bill Arlofski
		Reverse Polarity, LLC
		http://www.revpol.com/
		* Stop the NSA from illegally eavesdropping on your
personal email *
		Learn about PGP and start encrypting your email today
		http://gnupg.org or http://www.pgp.com
		
		To unsubscribe from the hobbit list, send an e-mail to
		hobbit-unsubscribe at hswn.dk
		
		
		
		
		  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20081023/fea30fb6/attachment.html>

More information about the Xymon mailing list