Can't get Virusscan working with e2guardian
211 views
Skip to first unread message
new2e2g...@gmail.com
Aug 15, 2019, 7:57:38 AM8/15/19
to e2guardian
Hi,
I am using e2guardian 5.2.2 on Ubuntu 18.04.3
I have installed clamav and clamav-deamon
When I scan an virus testfile on disk clamav reports it is infected,
but when I download an testfile from http://www.eicar.org/download/eicar.com.txt
(note that this is http and not https) the file just gets downloaded without warning or message
I don't see anything appearing in the clamav log so it seems it is not scanning at all.
What have I done so far:
I have enabled the contentscanner in e2guardian.conf:
contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'
Let e2guardian run as user and group clamav in e2guardian.conf
deamonuser='clamav'
deamongroup='clamav'
In /etc/e2guardian/contentscanners/clamdscan.conf I have set the socket to the correct location (Same as in clamav.conf)
clamdudsfile = '/var/run/clamav/clamd.ctl'
I chowned the folders and subfolders /etc/e2guardian to user clamav and group clamav:
sudo chown -R clamav:clamav /etc/e2guardian
I chowned the folders and subfolders of the log using:
sudo chown -R clamav:clamav /var/log/e2guardian
E2guardian seems to be running fine and filters blocked sites, just the virusscan doesn't seem to be working.
Is there any step/configuration I have forgotten?
I am using e2guardian 5.2.2 on Ubuntu 18.04.3
I have installed clamav and clamav-deamon
When I scan an virus testfile on disk clamav reports it is infected,
but when I download an testfile from http://www.eicar.org/download/eicar.com.txt
(note that this is http and not https) the file just gets downloaded without warning or message
I don't see anything appearing in the clamav log so it seems it is not scanning at all.
What have I done so far:
I have enabled the contentscanner in e2guardian.conf:
contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'
Let e2guardian run as user and group clamav in e2guardian.conf
deamonuser='clamav'
deamongroup='clamav'
In /etc/e2guardian/contentscanners/clamdscan.conf I have set the socket to the correct location (Same as in clamav.conf)
clamdudsfile = '/var/run/clamav/clamd.ctl'
I chowned the folders and subfolders /etc/e2guardian to user clamav and group clamav:
sudo chown -R clamav:clamav /etc/e2guardian
I chowned the folders and subfolders of the log using:
sudo chown -R clamav:clamav /var/log/e2guardian
E2guardian seems to be running fine and filters blocked sites, just the virusscan doesn't seem to be working.
Is there any step/configuration I have forgotten?
Remco B
Jun 28, 2021, 6:36:00 AM6/28/21
to e2guardian
No reply on this post, did you ever manage to resolve it? I have the exact same issue. I'm running Ubuntu 20.04 with clam + e2guardian installed from apt.
e2guardian/focal,now 5.3.4-1 amd64 [installed]
e2guardian -v says :
e2guardian 5.3.4
Built with: '--build=x86_64-linux-gnu' '--includedir=${prefix}/include' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--prefix=/usr' '--enable-clamd=yes' '--with-proxyuser=e2guardian' '--with-proxygroup=e2guardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--enable-sslmitm=yes' '--enable-pcre=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 'build_alias=x86_64-linux-gnu' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/e2guardian-TeKtg5/e2guardian-5.3.4=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/e2guardian-TeKtg5/e2guardian-5.3.4=. -fstack-protector-strong -Wformat -Werror=format-security'
Built with: '--build=x86_64-linux-gnu' '--includedir=${prefix}/include' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--prefix=/usr' '--enable-clamd=yes' '--with-proxyuser=e2guardian' '--with-proxygroup=e2guardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--enable-sslmitm=yes' '--enable-pcre=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' 'build_alias=x86_64-linux-gnu' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/e2guardian-TeKtg5/e2guardian-5.3.4=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/e2guardian-TeKtg5/e2guardian-5.3.4=. -fstack-protector-strong -Wformat -Werror=format-security'
There is *nothing* in the log files about virus scanning and/or clamav
Thanks!!
Remco B
Jun 28, 2021, 9:13:03 AM6/28/21
to e2guardian
I enabled debugging which apparently seems to OK to everything :
hw121: 1624885329 CLAMAV debug : hw121: Got from clamdscan: /tmp/cs7ebQOZ: OK
hw121: 1624885329 CLAMAV debug : hw121: clamdscan - he say yes (clean)
hw121: 1624885354 CLAMAV debug : hw121: hw121: clamdscan command:SCAN /tmp/csIM6om3
hw121: 1624885329 CLAMAV debug : hw121: clamdscan - he say yes (clean)
hw121: 1624885354 CLAMAV debug : hw121: hw121: clamdscan command:SCAN /tmp/csIM6om3
Remco B
Jun 29, 2021, 3:48:25 PM6/29/21
to e2guardian
Sorry for replying to my own post but for whomever reads this in the future : it didn't work because e2guardian cannot peek inside encrypted SSL pages. After I enabled MITM it works, scans everything inside encrypted pages!
Reply all
Reply to author
Forward
0 new messages