Hi,
I've just noticed that, you are using clamav user (Thanks to afsin).
After -r4 qsheff creates the spool directory with limited permissions
for local privacy reasons. So clamd need to run under 'root' user to
scan this directories.
Please change clamav user to root and try again.
Note: Since clamd uses local socket, it is not insecure. Don't worry
about it. I have another idea will solve both local privacy problem and
secure running of clamd. It may come with the next revision.
regards,
Baris Simsek
http://www.enderunix.org/simsek/
Developer, debelen dur.
Chris Mlynarski wrote:
Hi Baris,
Baris Simsek <[EMAIL PROTECTED]> writes:
I want to notice that point which is undocumented: If you make tests
with eicar pattern comes from qsheff-r2 source, please consider that, I
added "REMOVETHIS" pattern at the begining of the pattern and the middle
of the pattern. Because of we cannot move/transfer original eicar
pattern over the network. Virus defencers block it. Thats just a remind,
i want to be sure about that, the problem is not connected to it.
No, it isn't this time. :)
To perform my tests I used real wiruses (from one of my users). In fact I've got
these as a full mail messages, I used uudeview to extract the attachments, and
now I have pure .zip archives with real viruses, not a test patterns).
I've just done a test by following way:
- edit eicar.com.txt, remove REMOVETHIS patterns (there are 2)
- zip e.zip eicar.com.txt
- Moved it another mail server (because of the local-user option not
used at compile time.)
- I used mutt to attach it.
- And i sent...
Log is here:
28/03/2006 11:35:11: [qSheff] CLAMD, queue=q-1143534911-558892-12468,
recvfrom=64.90.164.206,
[EMAIL PROTECTED]',
[EMAIL PROTECTED]', subj=`virus test', size=1052,
prog=`clamd', virus=`Eicar-Test-Signature'
So,
If you didn't use eicar pattern from -r2 there are 2 possibility i
should test:
- Patches you applied to clamav
OK. My clamav instalation is built from:
- stable clamav 0.88 release (clamav-0.88.tar.gz),
- libunrar3 (unrarsrc-3.5.3.tar.gz).
Both patched with coresponding patches from:
http://mcmcc.bat.ru/clamav/
(The main site is: http://mcmcc.bat.ru/clam_rar3.html - in Russian ;-))
In fact I used only two patches:
http://mcmcc.bat.ru/clamav/clamav-0.88-libunrar3.patch
and this one for libunrar3:
http://mcmcc.bat.ru/clamav/unrar-3.5.3_fix.patch
I decided not to use the "7zip" patch for my clamav installations.
I've an automake 1.9 installed from official Debian/Sarge .deb package.
Here's the installation process used for clamav:
====
ln -s clamav-0.88 clamav-devel.orig
patch -p0 < clamav-0.88-libunrar3.patch
cd clamav-0.88
aclocal
autoconf
automake
./configure --disable-clamav --disable-clamuko --with-zlib=/usr
--with-{user,group}=clamav
make
# make install-strip
====
- Linux, especially Debian (coz i am bsd user)
;-)
I'll wait for your response.
Thank you very much for your repsonse. If you want more details or files - just
ask me!
Bestest,
-Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
