J.T. Shyman
J.T. Shyman
Thank you for the link to using wazuh-control. However, this led me to a very strange situation. _With debug enabled, the problem does not happen and the mail is sent...
I did some more troubleshooting, including killing wazuh-maild and starting it in the foreground with debug flags. Unfortunately, in that mode I cannot get the mail to be blocked. However,...
There is very little data in the log and there is no difference between a message which is blocked and one that is not: **Non-Blocked message** > 2022/09/08 09:41:14 wazuh-maild[16842]...
I can probably do that. Do you want ossec.conf, then? Not sure if it matters but this was a 4.2.5 with open distro for elasticsearch upgraded to 4.3.7 and the...
Correct, @FrancoRivero. The problem only started after the upgrade. I've attached our ossec.conf. Note that I've removed our email addresses and replaced them with placeholders Our organization's mail domain is...
@FrancoRivero, thank you for all your effort! I have noticed that the issue only occurs when there are multiple entries in ossec.conf and maild.grouping=0 in internal_options.conf. We had two but...
Thanks you for the update, @FrancoRivero. I appreciate all your efforts! As I mentioned, we have workarounds (only using one email_to or setting maild.grouping to 0) so we are in...
Thanks for taking a look at this! **Installed**: wget https://www.clamav.net/downloads/production/clamav-0.104.2.linux.x86_64.rpm --user-agent="Mozilla/5.0" sudo rpm -ivh clamav-0.104.2.linux.x86_64.rpm ### clamconf -n Checking configuration files in /usr/local/etc Config file: clamd.conf ----------------------- LogFile = "/var/log/clamd.scan"...
Thanks for the research and possible workaround. We are on Amazon Linux so this worked for me: As root: ``` mkdir -p ~/.mussels/install/host-static/share ln -s /usr/share/terminfo ~/.mussels/install/host-static/share/terminfo ``` So now...
This has not been fixed. It is still an issue in ClamAV 1.3.0. The fix above, to create a .mussels folder and symlink terminfo, is still necessary to use clamdtop