[hobbit] clamd monitoring

Jon Boede jon at shadowsoft.com
Thu Oct 23 16:44:12 CEST 2008


While we're on the topic...

It seems that the clamd monitoring just checks to see if clamd is 
answering the phone. 

Is there a way to check that clamd is, well, happy as a clam?  This is 
to say, up to date, hasn't found anything, etc.?

Thanks,
Jon

Bill Arlofski wrote:
> Hanrahan, Kevin wrote:
>   
>> Hi all,
>>   I am having trouble monitoring clamAV. As in the docs, I put "clamd" in the bb-hosts file for my monitored host but I get the following result:
>>
>> Service clamd on server.domain.com is not OK : Service unavailable (No route to host)
>>
>> The server is reachable so there really IS a route to the host.
>>
>>
>> any ideas?
>>
>>
>> kh
>>     
>
> Just a guess, but I bet that clamd on the server is either listening on
> 127.0.0.1:3310/TCP or only on a local socket, either of which would render it
> it inaccessible from a remote monitoring server.
>
> Usually this is the desired configuration since then only the mail server
> itself can "use" the clamd service. From the /etc/clamd.conf file:
>
> --[snip]--
> # TCP port address.
> # Default: no
> TCPSocket 3310
>
> # TCP address.
> # By default we bind to INADDR_ANY, probably not wise.
> # Enable the following to provide some degree of protection
> # from the outside world.
> # Default: no
> #TCPAddr 127.0.0.1
> --[snip]--
>
> You'll have to find your clamd config file and tell it to bind to all IP
> addresses by commenting out that TCPAddr line and then either secure it with
> iptables on the local host or recompile it with tcpwrappers support.
>
>
> Oh and check this option too --> "LocalSocket". It may be enabled on your
> installation:
>
> --[snip]--
> # The daemon works in a local OR a network mode. Due to security reasons we
> # recommend the local mode.
>
> # Path to a local socket file the daemon will listen on.
> # Default: disabled (must be specified by a user)
> # LocalSocket /var/run/clamav/clamav.sock
> --[snip]--
>
>
> --
> Bill Arlofski
> Reverse Polarity, LLC
> http://www.revpol.com/
> * Stop the NSA from illegally eavesdropping on your personal email *
> Learn about PGP and start encrypting your email today
> http://gnupg.org or http://www.pgp.com
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20081023/99281017/attachment.html>


More information about the Xymon mailing list