RE: [Clamav-users] Sasser Worm Virus not shown with sigtool
| |You probably have 2 versions of the database. Happened to me I finally figured that out when I tried doing sigtool --unpack-current and it prepended the directory it was using to my entry. |and many others. Simple to rectify: search for main.cvd on |your box. Then find which one is being updated by freshclam. |Delete the others and setup symbolic links to the one that's Symolic Links, why didn't I think of that? Sometimes a good poke in the head is in order. |updated by freshclam. I'm sure there are better ways to do |this like recompile with the proper path but I couldn't be bothered. |Works like a charm for me now. | |cheers, |Colin | |Colin A. Bartlett |Kinetic Web Solutions Lots of good discussion on this one. Maybe some improvements will come of it. Thanks L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.4 amavisd-new-20030616-p9 spamassassin 2.63 postfix-2.0.19 ClamAV version 0.70 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Sasser Worm Virus not shown with sigtool
|Subject: [Clamav-users] Sasser Worm Virus not shown with sigtool | |Freshclam reports: | |RELAY:root>[sbin] freshclam |ClamAV update process started at Wed May 5 10:07:25 2004 |Reading CVD header (main.cvd): OK main.cvd is up to date |(version: 22, sigs: 20229, f-level: 1, builder: |tkojm) |Reading CVD header (daily.cvd): OK |daily.cvd is up to date (version: 303, sigs: 1196, f-level: 2, builder: |trog) | |However when I run: | |sigtool -l | grep -i sasser | |I get nothing. Shouldn't Worm.Sasser.A, Worm.Sasser.D and |Worm.Sasser.B all show up using this? | Never Mind! I figured it out. clamav datadir is /var/amavisd/usr/local/share/clamav # because of running in chroot for amavisd sigtool is looking in /usr/local/share/clamav # those files were not up to date. This directory must be # hard coded into sitool --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Sasser Worm Virus not shown with sigtool
Freshclam reports: RELAY:root>[sbin] freshclam ClamAV update process started at Wed May 5 10:07:25 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) Reading CVD header (daily.cvd): OK daily.cvd is up to date (version: 303, sigs: 1196, f-level: 2, builder: trog) However when I run: sigtool -l | grep -i sasser I get nothing. Shouldn't Worm.Sasser.A, Worm.Sasser.D and Worm.Sasser.B all show up using this? Lynn Duerksen Technical Manager Futureware Distributing, Inc --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] wbmclamav
> Henry Harvey > I just found this utility > wbmclamav > http://wbmclamav.labs.libre-entreprise.org/ > A webmin utility for ClamAV > to manage quaratined emails, etc. > It's still in Alpha stage though according to Freshmeat. > > Anyone tried this? The features are neat and just what I wanted. > Thanks for sharing the info. I downloaded and install. Nice utility. Quarantine management could be inproved. Showing only two quarantined files at a time isn't very useful. But other than that, Nice! --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamassassin and procmail config
> > Do someone have an HOWTO for > postfix+clamav+amavis+spamassassin under RH9 ? > > Phil CREATING A SPAMFILTER RELAY SERVER By Scott L. Henderson http://www.geocities.com/scottlhenderson/spamfilter.html Don't know if he has anything on adding Clamav but the rest is there. >From what I read it is easier to add Clamav on a RH box than an OpenBSD box. Adding ClamAV Anti-Virus to an Anti-SPAM Gateway By Kris Nosack http://www.xmission.com/~kn/AddClamAV/ Although not meant for RH the non OpenBSD specific stuff should apply. (i.e. OpenBSD port) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Helmut Schneider > Sent: Wednesday, March 17, 2004 2:40 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files > INFECTED (Worm.Bagle.Gen-rarpwd) > > Lynn Duerksen wrote: > > >> Thats the point, if clamav would have detected the virus in the > >> original mail I wouldn't have posted here... :) > > > > I am experiencing similar problems on my OpenBSD 3.4 box and was > > wondering if there has been any resolution on this issue. > > I'm using 3.4, too. > > I installed the latest csv and everything seems to work ok. I feed a saved-infected message and amavisd-new reported in the log: Mar 17 13:38:17 TECHGATE1 amavis[8104]: (08104-04) INFECTED (Worm.Bagle.Gen-rarpwd), <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, quarantine virus-20040317-133817-08104-04, Message-ID: <[EMAIL PROTECTED]>, Hits: - So it looks like were good to go! Thanks to the Clamav team for the hardwork. L A Duerksen --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
> > Fajar A. Nugraha wrote: > > > Helmut Schneider wrote: > > > >>> seems that the clamav Port (0.67-1) has problems with RAR Files > >>> (e.g. > >>> Bagle.N): > >> > >> To avoid missunderstandings, I know the file is pwd, but > clamav does > >> not recognize the virus within the archive (maybe a DB problem)... > >> > > Sometimes the signatures were created using the complete mail, so > > clamscan won't recognize the attachment alone but it will recognize > > the complete mail. > > > > If you use clamscan, you can work around RAR errors using > > --unrar[=FULLPATH] Enable support for > .rar files > > > > But since the RARs are password-protected, it's useless. > > My suggestion is try feeding the complete virus mail to clamscan > > (instead of just the attachment), and see if it works. > > Thats the point, if clamav would have detected the virus in > the original mail I wouldn't have posted here... :) > I am experiencing similar problems on my OpenBSD 3.4 box and was wondering if there has been any resolution on this issue. I have an OpenBSD 3.3 stable box running in parallel with the OpenBSD 3.4 box that has caught the Worm.Bagle.Gen-rarpwd. 3.3 box running amavisd-new-20030616-p2 patched to allow scanning of full message clamav-0.67-1 unrar-2.50 3.4 box running amavisd-new-20030616-p8 /etc/amavisd.conf settings $keep_decoded_original_re = new_RE( qr'^MAIL$', # retain full original message for virus checking clamav-0.67-1 unrar-3.20beta3 Don't know if any of this information helps but only solution I have right now is to ban all ".rar" files on the 3.4 box. Thanks L. A. Duerksen --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] RE: [AMaViS-user] Zip File Password
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Ted Cabeen
> Yep. Some scanners are now able to detect the virus like
> this, but they have to scan the entire message in order to do
> so. I've written a two line patch that copies the email.txt
> file into the parts directory so that the mail itself gets
> scanned and the virus is detected. Here it is, if you want it:
>
> *** amavisd Sun Jan 4 17:00:19 2004
> --- /usr/local/sbin/amavisd Tue Mar 2 10:54:52 2004
> ***
> *** 4785,4790
> --- 4785,4791
> use Digest::MD5;
> use Net::Server 0.83;
> use Net::Server::PreForkSimple;
> + use File::Copy;
>
> BEGIN {
> import Amavis::Conf qw(:platform :confvars :notifyconf :sa);
> ***
> *** 5305,5310
> --- 5306,5312
> $msginfo->mime_entity(mime_decode($fh,$tempdir));
> prolong_timer($which_section);
> }
> + copy("$tempdir/email.txt",
> "$tempdir/parts/email.txt");
> $which_section = "virus_scan";
> # some virus scanners behave badly if interrupted,
> # so for now just turn off the timer
>
> --
All though I had to make the 2nd part of this patch by hand it seems to
be working well. This morning clamd caught 4 messages that amavisd
quarantined and identified as (Worm.Bagle.F-zippwd-3)
Virus scanner output:
/var/amavisd/tmp/amavis-20040303T081020-01279/parts/email.txt:
Worm.Bagle.F-zippwd-3 FOUND
The message has been quarantined as:
/var/amavisd/quarantine/virus-20040303-082055-01279-08
Good work and Thanks!
Thanks to the clamav folks as well. They have been working hard to stay
ahead of this.
L. A. Duerksen
Technical Manager
Futureware Distributing, Inc
OpenBSD 3.3
amavisd-new-20030616-p2
spamassassin 2.55
postfix-2.0.10
ClamAV version 0.67-1
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OpenBSD Port
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Flinn Mueller
> Sent: Thursday, February 19, 2004 7:12 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] OpenBSD Port
>
>
> Doesn't milter need tcpwrappers?
>
>
> On Feb 19, 2004, at 5:50 AM, LOYET Jerome wrote:
>
> > Hello,
> >
> > I have find a solution to get clamav working fine on openbsd 3.3
> > (OpenBSD
> > ** 3.3 GENERIC#44 i386).
> > I have worked with the port I've made for 3.4 and I have just add a
> > line to
> > the Makefile of the Port, here is a little patch:
> >
> > @@ -44,6 +44,7 @@
> > --with-group=${CLAMGROUP} \
> > --disable-cr \
> > --with-dbdir=${PREFIX}/share/clamav \
> > + --without-tcpwrappers \
This added line worked for my configuration running amavisd-new with
Postfix on OpenBSD 3.3
> >
> > CONFIGURE_ENV+=LDFLAGS=" -L${PREFIX}/lib -pthread"
> > CONFIGURE_ENV+=CPPFLAGS="-I${PREFIX}/include"
> >
> > Clamscan is working good, clamd, clamdscan and freshclam too
> >
> > If someone could test and if the test will be a success, I will
> > publish the
> > port.
> >
> > ++ Jerome
> >
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Undefined symbol "_deny_severity"
> -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Igor Brezac > Sent: Wednesday, February 18, 2004 3:57 PM > To: [EMAIL PROTECTED] > Subject: RE: [Clamav-users] Undefined symbol "_deny_severity" > > > My guess is that your clamd/clam*scan is linked with libwrap. What does > 'ldd clamd' say? > /usr/local/sbin/clamd: -lclamav.1 => /usr/local/lib/libclamav.so.1.3 (0x40025000) -lz.2 => /usr/lib/libz.so.2.0 (0x4003d000) -lbz2.10 => /usr/local/lib/libbz2.so.10.2 (0x4004a000) -lgmp.6 => /usr/local/lib/libgmp.so.6.2 (0x40059000) -lpthread.1 => /usr/lib/libpthread.so.1.0 (0x40083000) -lc.29 => /usr/lib/libc.so.29.0 (0x4009a000) > -Igor > > On Wed, 18 Feb 2004, Lynn Duerksen wrote: > > > I'm not using milter. Why does this affect an install with postfix? --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Undefined symbol "_deny_severity"
I'm not using milter. Why does this affect an install with postfix? > -Original Message- > From: [EMAIL PROTECTED] [mailto:clamav-users- > [EMAIL PROTECTED] On Behalf Of Igor Brezac > Sent: Wednesday, February 18, 2004 3:15 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Undefined symbol "_deny_severity" > > > Clamav assumes that everyone uses a static verison of libwrap. > > Here is a patch for clamav-milter.c. A similar patch needs to be applied > to configure script for the tcpwrappers detection and libwrap needs to be > linked against the clamav-milter binary only. > > --- clamav-milter.c.origWed Feb 18 15:56:29 2004 > +++ clamav-milter.c Mon Feb 16 07:32:02 2004 > @@ -401,6 +401,10 @@ > > #ifdef WITH_TCPWRAP > #include > + > +int allow_severity = LOG_DEBUG; > +int deny_severity = LOG_ERR; > + > #endif > > #if defined(CL_DEBUG) && defined(C_LINUX) > > -Igor > > On Wed, 18 Feb 2004, Lynn Duerksen wrote: > > > Just update a system running .65 to .67-1 > > > > /usr/libexec/ld.so: Undefined symbol "_deny_severity" in > > clamd:/usr/lib/libwrap.so.3.0 > > > > I tried the OpenBSD port as well as the stable code. Same results > > > > Any suggestions? > > > > > > Lynn Duerksen > > Technical Manager > > Futureware Distributing, Inc > > OpenBSD 3.3 > > Amavisd-new > > > > > > > > > > > > --- > > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > > Build and deploy apps & Web services for Linux with > > a free DVD software kit from IBM. Click Now! > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > > ___ > > Clamav-users mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/clamav-users > > > > -- > Igor > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ERROR: You must specify at least one database mirror.
I went back to .66 since .67-1 is having trouble on OpenBSD 3.3 right now but now I get the following when running freshclam ERROR: You must specify at least one database mirror. The command I used is: /usr/local/bin/freshclam -l /var/amavisd/var/log/clam-update.log --datadir=/var/amavisd/usr/local/share/clamav --log-verbose The datadir has the mirrors.txt file in it. Its contents is: RELAY:root>[share] more mirrors.txt database.clamav.net database.clamav.net database.clamav.net I tried it with the user switch just in case it was not reading user info from it RELAY:root>[sbin] /usr/local/bin/freshclam -l /var/amavisd/var/log/clam-update.log --datadir=/var/amavisd/usr/local/share/clamav --log-verbose --user amavisd ERROR: You must specify at least one database mirror. Any ideas on how to make this work? L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 ClamAV version 0.65 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Undefined symbol "_deny_severity"
Just update a system running .65 to .67-1 /usr/libexec/ld.so: Undefined symbol "_deny_severity" in clamd:/usr/lib/libwrap.so.3.0 I tried the OpenBSD port as well as the stable code. Same results Any suggestions? Lynn Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 Amavisd-new --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Autochecking script for clamd
> > > > > > Well, but why run freshclam all the time? > > > > > > > I suppose that I could have run a cron job. But in dealing > > Am I wrong in thinking this way? That: > > You are wasting your bandwidth running freshclam (well, at > some point the virus db files are up to date so no data is > tx-ed to your box) all the time. You are making the database > servers use cpu time that could be used for other purposes. > Nothing personal here though, just a question. ;) I don't understand what you are getting at. My bandwidth is not an issue at this time. If you are suggesting that I am wasting the bandwidth and cpu time on the servers I download from, how would checking for updates 4 times a day be any different if done with a cron job versus a daemon? --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Autochecking script for clamd
> > echo $TIMESTAMP " restarting freshclam daemon" > > /usr/local/bin/freshclam -d -c 4 > > --datadir=/var/amavisd/usr/local/share/clamav --log-verbose > > fi > > > > > > FYI - Since installing 0.65 this has recorded no restarts > > Well, but why run freshclam all the time? > I suppose that I could have run a cron job. But in dealing with the problems with clamd I found this easiest for me to manage and track. This computer's only role is to filter mail and pass it on to the main mail server for 50 users. Not much overhead. I think I tried the cron job at first but went to the daemon when troubleshooting clamd dieing. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Autochecking script for clamd
> Subject: Re: [Clamav-users] Autochecking script for clamd > > > At 08:50 PM 11/27/2003, Brian Bruns wrote: > >Well, I should have put this in the last message. > > > >I guess the one I threw together doesn't require anything special > >(doesn't need daemontools), and only needs bash. I have a habit of > >writing things very simply to be as small and lightweight as > possible > >:) > > daemontools isn't "special", whatever that means, and bash shells are > neither small nor lightweight. so, you lose on all counts. > Special is as Special Does! I use a simple shell script to check for clamd and freshclam since there have been versions where both/either died. Plus I timestamp and log. As far as daemontools, I could never get it to function properly on my OpenBSD - Postfix - Amavisd system. This simple script works great. #!/bin/sh # redirect output to /var/log/messages file exec 1>>/var/log/checkclam exec 2>&1 TIMESTAMP=`date +"%b %e %H:%M:%S"` # Check for clamd daemon if ! (ps -aU amavisd | grep clamd | grep -v grep > /dev/null) then echo $TIMESTAMP "restarting clamd" # Remove Stale Socket rm /var/amavisd/clamd.sock # Start clamd /usr/local/sbin/clamd # Timestamp, log and send me a note echo $TIMESTAMP "restarting clamd" > /tmp/clamrestart.txt cat /tmp/clamrestart.txt | mail -s "clamd restart report" [EMAIL PROTECTED] > /dev/null rm /tmp/clamrestart.txt > /dev/null fi if ! (ps -aU amavisd | grep freshclam | grep -v grep > /dev/null) then echo $TIMESTAMP " restarting freshclam daemon" /usr/local/bin/freshclam -d -c 4 --datadir=/var/amavisd/usr/local/share/clamav --log-verbose fi FYI - Since installing 0.65 this has recorded no restarts L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 ClamAV version 0.65 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] 3 Days on 0.65 and all is well
Installed latest stable version at 9:00 CSt 11/14 and has run without problems. L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 ClamAV version 20030829 --- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] FYI - OpenBSD 3.3 - Postfix - Amavisd-new - SA - clamav-devel-20031023 Up for 4 days without a problem.
4 days without a problem...Knock on wood!! No restarts no stale sockets. Things are looking good. Amavisd-new running chroot as user amavisd in directory /var/amavisd Installed clamav as follows First: run "configure" with shown options ./configure --disable-clamav --enable-dependency-tracking --disable-clamuko --enable-bigstack --with-user=amavisd --with-group=amavisd --disable-cr Next: edit */Makefile and change all pthread to lpthread clamav-milter/Makefile clamd/Makefile clamdscan/Makefile clamscan/Makefile database/Makefile docs/Makefile etc/Makefile freshclam/Makefile libclamav/Makefile sigtool/Makefile Then: /etc/clamav.conf has following settings LogFile /var/amavisd/var/log/clamd.log LogTime LogVerbose PidFile /var/amavisd/var/run/clamd.pid DataDirectory /var/amavisd/usr/local/share/clamav LocalSocket /var/amavisd/clamd.sock FixStaleSocket MaxDirectoryRecursion 15 User amavisd ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 clamav-devel-20031023 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Fwd: Ruh-Roh SOBIG.G?
I had two separate system getting hit pretty hard with SOBIG.G. One a
wholesale distributor and one a trucking company. Both running
Amavisd-new - Postfix - Clamd - OpenBSD 3.3. I noticed that most of the
traffic was from less than a couple dozen IP addresses. I set my packet
filters to reject all traffic from these IPs. I also tracked down the
ISP responsible on about half the offending IPs and most had abuse email
addresses to report them, in which I did. It took my virus traffic down
over 1000%.
I can get away with more than an IP can since both places can usually
identify if they would expect valid mail from those addresses.
I still have them being rejected but no longer see those rules being
acted on according to my pflog. They must have gotten cleaned up.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Ray Slakinski
> Sent: Thursday, September 25, 2003 1:24 PM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Fwd: Ruh-Roh SOBIG.G?
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> FYI:
>
> Begin forwarded message:
>
> > From: Dragos Ruiu <[EMAIL PROTECTED]>
> > Date: Thu Sep 25, 2003 3:01:16 AM Canada/Eastern
> > To: [EMAIL PROTECTED]
> > Subject: Ruh-Roh SOBIG.G?
> >
> > SOBIG was nasty for me. One of my clients was getting more
> than 7MB/s
> > sustained of SOBIG.F, and I had to deal with bandwidth charges for
> > more than 450GB of SOBIG over a ten day period! My client had a
> > particularly nasty problem with this nuisance because the
> malware email address
> > scanner
> > picked up the support email out of their software which is
> estimated to
> > be installed at over 10 million computers. And when you try
> to stuff
> > seven
> > megaBYTES per second into a 1.5 megaBIT per second office T1 some
> > not nice stuff happens. Nevermind their poor Exchange server blowing
> > up trying to deal with 400-700 messages/min (which I still think any
> > reasonable _real_ mail server _should_ be able to cope
> with). Postfix
> > and PCRE on a fat pipe was the solution (albeit at some
> cost) in this
> > instance.
> >
> > (Gave some interesting stats actually, for instance worm activity
> > peaked
> > every day between 6-8 am PST and again nightly at 7pm PST
> which roughly
> > corresponds to morning in Asia. ~10 Million users yielded
> around 30k
> > unique
> > IP hosts that generated that 450Gb of traffic, with the
> average host
> > sending
> > 500-1000 individual copies, but there were about a dozen or
> so notables
> > that sent us 10-30k copies well above the rest. Heavy tailed
> > distribution.
> > Interestingly, there seemed to be no peak for Europe
> morning indicating
> > maybe this thing wasn't such a big problem there.)
> >
> > So anyway let me get to the punchline. After SOBIG.F so nicely shut
> > itself
> > down on Sept 10 according to its built in lycene
> deficiency, we all
> > went
> > phew, and went to pay the silly bandwidth bill (while
> vowing to pour a
> > full beer on the head of the author if he ever turns up).
> >
> > Now I noted with concern this morning that I started getting more
> > wicked
> > screensavers. :-) Analysis indicates that this new nuisance of this
> > the newly ressurected malware does not correspond with any of the
> > earlier
> > variants. (the files show the same variations in length as
> the older
> > SOBIG.F)
> > I did a little poking at it and it seems to be pretty
> similar to the
> > old one.
> > I can provide this to anyone who needs it but you should have a copy
> > of it already. :-(
> >
> > The old one was static across copies usually differing only
> in bytes
> > at the end after the null region and the length.
> >
> > The new one is mildly different. Below are some diffs of hexdumps.
> > (byte per line between the new one and the old one) I
> haven't pulled
> > it apart in disassembly yet, but I wanted to send out a
> heads up, and
> > to flip the bird to whatever cretin spawned this new
> nuisance. I now
> > owe you two beers on your head I think.
> >
> > SOBIG Filter instructions for Postfix
> > ---
> > (compile with pcre - this is in the OpenBSD Ports tree already)
> >
> > 1) Add this to main.cf:
> > mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
> >
> > 2) Then put this in /etc/postfix/mime_header_checks.regexp:
> > /
> >
> filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|v
> be|vbs|vx
> > d|xl)\"?$/
> >REJECT For security reasons we reject attachments of this type
> >
> > Diff of new and old binaries attached below.
> >
> > BTW in case you were wondering how to use diff
> > on binary files this little program is a nice trick to
> > to let you use standard diff on arbitrary binaries... :-)
> >
> > #include
> > main()
> > {
> > int c;
> > while((c = getchar()) != EOF)
> > printf("%02x\n",c);
> > }
> >
> > sigh...
> > --dr
> >
> > --
RE: [Clamav-users] clamd dies
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Tomasz Kojm > Sent: Tuesday, September 16, 2003 10:23 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] clamd dies > > > > I have not seen anyone with a solution so far for my > > Postfix-Spamassassin-Openbsd3.3-Amavisd-new setup. On the latest > > version freshclam even bombs now. Run the following script from > > crontab > > Freshclam bombs ? Can't believe ;) Although it does not happen as often as clamd on occasion it does need to be restarted. It had gone 11 days without needing restarting but this morning it needed restarting twice in 1 hour. I still wonder if it has to do with running amavisd in chroot jail under user amavisd. Is there a guide somewhere for running it in chroot jail. I have gotten all kinds of advice from different sources and I usually have to do some tweaking of each to make it work. I know that the OpenBSD port has the user "_clamd" coded into the port. I modify the Makefile and set it to user amavisd but still have to come back and chown on some files and directories that were set to user "_clamd". My log of restarts: -- -- checkclam log grep "restarting" -- -- Sep 4 22:30:01 restarting clamd daemon Sep 5 09:30:01 restarting clamd daemon Sep 5 14:30:01 restarting freshclam daemon Sep 5 15:00:01 restarting freshclam daemon Sep 5 20:30:01 restarting clamd daemon Sep 9 22:00:01 restarting clamd daemon Sep 10 21:30:01 restarting clamd daemon Sep 11 11:00:01 restarting clamd daemon Sep 14 21:30:01 restarting clamd daemon Sep 16 10:00:02 restarting freshclam daemon Sep 16 10:30:01 restarting freshclam daemon> -- -- end checkclam log -- -- My clamav.conf settings -- -- clamav.conf -- -- LogFile /var/amavisd/var/log/clamd.log LogTime LogVerbose PidFile /var/run/clamd.pid DataDirectory /var/amavisd/usr/local/share/clamav LocalSocket /var/amavisd/clamd.sock MaxConnectionQueueLength 30 MaxThreads 10 MaxDirectoryRecursion 15 User amavisd ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 -- -- end clamav.conf -- -- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd dies
I have not seen anyone with a solution so far for my Postfix-Spamassassin-Openbsd3.3-Amavisd-new setup. On the latest version freshclam even bombs now. Run the following script from crontab --- checkclam start -- #!/bin/sh exec 1>>/var/log/checkclam exec 2>&1 TIMESTAMP=`date +"%b %e %H:%M:%S"` # check for clamd daemon # if skill -n clamd if ps -aU amavisd | grep clamd | grep -v grep > /dev/null then echo $TIMESTAMP " clamd is running" else echo $TIMESTAMP " restarting clamd daemon" rm /var/amavisd/clamd.sock chroot -u amavisd /var/amavisd /usr/sbin/clamd fi if ps -aU amavisd | grep freshclam | grep -v grep > /dev/null then echo $TIMESTAMP " freshclam is running" else echo $TIMESTAMP " restarting freshclam daemon" rm /var/amavisd/clamd.sock chroot -u amavisd /var/amavisd /usr/bin/freshclam -d -c 12 -l /var/log/clam-update.log --datadir=/usr/local/share/clamav --log-verbose Fi --- checkclam end --- I am looking into DFB daemontools as a better solution. http://cr.yp.to/daemontools.html > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Nigel Horne > Sent: Friday, September 12, 2003 1:08 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] clamd dies > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Thursday 11 Sep 2003 7:04 pm, Darek M wrote: > > > 2. clamd dies on me on signal 11 (core dump). Is this a > common issue? > > If so, is there a fix? > > What version of clamav, what operating system (distribution if Linux)? > > > Regardless of the last question, does anyone > > have a solid script that looks for clamd and restarts it if it is > > down? > > Same question as above. > > - -Nigel > > - -- > Nigel Horne. Arranger, Composer, Typesetter. > NJH Music, Barnsley, UK. ICQ#20252325 > [EMAIL PROTECTED] http://www.bandsman.co.uk > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/YWKzhTUd3VwpF6IRAjNHAJsH9BPQXDKtTIykLA6rJkEIZ/zSvwCfaep3 > ZqISYmOhXwYhNWJQLz9/6eM= > =WRYj > -END PGP SIGNATURE- > > > > --- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OpenBSD port: clamav-20030829
This port looks like it has solved my problem with clamd bombing on me. I would like to summarize how I did the setup and install for others running Postfix, Amavisd-new, and Spamassassin on OpenBSD 3.3 in chroot jail that have reported similar problem. Is there an ftp or http site were the previously attached file can be downloaded so I can reference that in my notes? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Wouter de Vries > Sent: Saturday, August 30, 2003 10:42 AM > To: [EMAIL PROTECTED]; Flinn Mueller > Subject: [Clamav-users] OpenBSD port: clamav-20030829 > > > Hi, > > Hereby I attach the port for OpenBSD 3.3 clamav-20030829. It > looks like > Flinn is to busy with other things, so I updated it. > > Wouter. > --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] are there any statistic tools out there?
> > > > I'd like to do some statistics about scanned emails. > > I use postfix + amavisd + clamav + cyrus. > > > Search the list archives. There are so many solutions like > this posted there long ago. > "long ago" solutions are not searchable since the move to sourceforge. There are only 213 archived articles with all but 7 from this month. I too would like to see what others are using. I have the scripts for spam and mail statistics but none for virus statistics. --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Still Fighting Problem with clamd bombing out on Openbsd 3.3 w amavisd-new and postfix
> From: [EMAIL PROTECTED] > > Oh, seems that you already tried to mail it to me and of > course my server rejected it. Lynn, if you haven't an easy > way of placing it on the WWW, drop me a note and I'll > increase the message size limit temporarily. Your wish is my command. I have placed the clamd.core file at http://www.futurewareinc.com/download/clamd.core Any help would be appreciate. Thanks L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 ClamAV version 0.60 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Still Fighting Problem with clamd bombing out on Openbsd 3.3 w amavisd-new and postfix
> > Tomasz Kojm asked for "core" file :-) . I assume the list does not want a 12MB core dump file so I will forward it directly to Tomasz. It took me some time to figure out where the file was stored. It ended up in the root of chroot jail not the clamd working directory. > PS. Please, respond _under_ the original (previous) > message(s), not above them. This is basics of Netiquette. Not sure I follow this. How does one reference comments by others if I reply to the original message? > > Also, remove unneeded fragments of previous message(s), > especially these awful "commercials" by SF. It's really ugly, > space-wasting and hard-answerable to have all that junk > nested a couple of times. Thank you. > Sorry about the junk, just lazy in my haste. L. A. Duerksen Technical Manager Futureware Distributing, Inc OpenBSD 3.3 amavisd-new-20030616-p2 spamassassin 2.55 postfix-2.0.10 ClamAV version 0.60 --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Still Fighting Problem with clamd bombing out on Openbsd 3.3 w amavisd-new and postfix
> > #!/bin/sh > > exec 1>>/var/log/messages > > exec 2>&1 > > TIMESTAMP=`date +"%b %e %H:%M:%S"` > > # check for clamd daemon > > if skill -n clamd > > then > > echo $TIMESTAMP " clamd is running" > > else > > echo $TIMESTAMP " restarting clamd daemon" > > rm /var/amavisd/clamd.sock > > chroot -u amavisd /var/amavisd /usr/sbin/clamd > > fi > > > > *** > > Lynn, what do you mean saying "It starts multiple clamd > daemons"? Isn't this, by chance, the normal clamd behaviour, like in: > > 14528 ?S 0:03 /usr/sbin/clamd > 14529 ?S 0:14 /usr/sbin/clamd > 14530 ?S 0:24 /usr/sbin/clamd > > There are multiple (3) processes (or maybe threads) and it's normal. > > Sorry if I'm asking obvious questions. When run from the command line the if condition works properly and identifies when the clamd daemon is running and just exits with an 2 lines in the message log. i.e.: 22779 Aug 18 12:13:25 clamd is running If it is not running it deletes the clamd.sock and starts clamd daemon, logging : skill: no matching processes Aug 18 12:16:08 restarting clamd daemon rm: /var/amavisd/clamd.sock: No such file or directory Current working dir is /usr/local/share/clamav When run from crontab the if statement always runs the "else" whether clamd is running or not. Thus the multiple copies of clamd. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Still Fighting Problem with clamd bombing out on Openbsd 3.3 w amavisd-new and postfix
I finally got a ktrace trap as well. 13403 clamdGIO fd 6 read 16 bytes "17433d48097703e9" 13403 clamdRET read 8192/0x2000 13403 clamdPSIG SIGSEGV SIG_DFL code 2 addr=0x38383263 trapno=2 13403 clamdPSIG SIGSEGV SIG_DFL code 0 addr=0x0 trapno=0 13403 clamdNAMI "clamd.core" Is there anyone who can decifer these traces and tell me what it means? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Ben Hooper > Sent: Saturday, August 16, 2003 2:43 AM > To: [EMAIL PROTECTED] > Subject: RE: [Clamav-users] Still Fighting Problem with clamd > bombing out on Openbsd 3.3 w amavisd-new and postfix > > > > > If anyone has any suggestions I would love the help. I have two > > > installs doing the exact same thing. So if I made a mistake > > > in my setup > > > I made it more than once. > > > > FWIW, I am seeing the same thing happen under 3.3-stable on > two of my > > machines. > > Ktrace shows clamd bombing out with... > > 26027 clamdRET read 557/0x22d > 26027 clamdPSIG SIGSEGV SIG_DFL code 1 addr=0x3033343d trapno=1 > 26027 clamdPSIG SIGSEGV SIG_DFL code 0 addr=0x0 trapno=0 > > Complete trace avaliable. > > Ben. > > > > --- > This SF.Net email sponsored by: Free pre-built ASP.NET sites > including Data Reports, E-commerce, Portals, and Forums are > available now. Download today and enter to win an XBOX or > Visual Studio .NET. > http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet _072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Still Fighting Problem with clamd bombing out on Openbsd 3.3 w amavisd-new and postfix
Was wondering if anyone had any more suggestions. At this point I would even accept a script that would run from crontab to check if clamd is running. If not start it up again. I tried the script below and works well from a command line but not from crontab. It starts multiple clamd daemons. #!/bin/sh exec 1>>/var/log/messages exec 2>&1 TIMESTAMP=`date +"%b %e %H:%M:%S"` # check for clamd daemon if skill -n clamd then echo $TIMESTAMP " clamd is running" else echo $TIMESTAMP " restarting clamd daemon" rm /var/amavisd/clamd.sock chroot -u amavisd /var/amavisd /usr/sbin/clamd fi *** I have used Scott Vintinner's setup at www.lawmonkey.org/anti-spam.html. Then added clamav using the Openbsd3.3 port from http://activeintra.net/projects/clamav/. I changed the Makefile to set username from _clamd for clamd and freshclam to amavisd because everything is running chroot as user amavisd. Plus made the following changed to chroot directory per Helmut Schneider's suggestions in the amavis user list. cd mkdir usr/local/share/clamav cp /usr/lib/libpthread.so.1.0 usr/lib cp /usr/lib/libz.so.2.0 usr/lib cp /usr/local/lib/libclamav.* usr/lib/ cp -R /usr/local/share/clamav usr/local/share cp /usr/local/bin/freshclam usr/bin cp /usr/local/sbin/clamd usr/sbin cp /root/clamav.conf etc mknodd dev/urandom c 2 2 chown -R amavisd:amavisd /usr/local/share/clamav chmod -R 750 /usr/local/share/clamav Start freshclam: chroot -u amavisd /usr/bin/freshclam -d -c 4 --log-verbose --datadir=/usr/local/share/clamav -l /var/log/clam-update.log Start clamd: chroot -u amavisd /usr/sbin/clamd I later made the following changes and additions mknod dev/urandom c 45 2 mknod dev/randmon c 3 2 Then after still having trouble made sure ScanMail and ScanArchives were commented out in the clamav.conf. If anyone has any suggestions I would love the help. I have two installs doing the exact same thing. So if I made a mistake in my setup I made it more than once. Thanks LA Duerksen --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [clamav-users] Question on clamd and amavis
You should have the same thing here as you have in the clamav.conf.
Below is my configuration.
clamav.conf
# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a
directory
# which is only accessible for a user running daemon.
# LocalSocket /var/run/clamd/clamd.sock
LocalSocket /var/amavisd/clamd.sock
amavisd.conf
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", '/var/amavisd/clamd.sock'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
-Original Message-
From: Jason Williams [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 2:25 PM
To: [EMAIL PROTECTED]
Subject: [clamav-users] Question on clamd and amavis
Hello everyone.
Im currently setting up my mail server with amavis-new and clamav. I've
been making very good progress, but I have a couple of questions that I
wanted to ask this list.
In the amavisd.conf file, there is a section for Clam Antivirus that
looks
like the following:
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", '/var/amavis/clamd'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
My only question, and this may sound very stupid (better safe than sorry
though) is that, for the line that read /var/amavis/clamd im guessing
that
they are assuming that is where clamd is? But since my clamd is located
in
different areas:
/usr/local/sbin/clamd
/etc/rc.d/init.d/clamd
I should just change the path accordingly, correct?
Sorry if this sounds newbish. I've had one heck of a day and I dont see
any
sign of anything getting easier here. :)
I appreciate it.
Cheers,
Jason
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] OpenBSD Port
How well does freshclam work in this release, if clamd is run with amavisd-new in chroot and the following clamav.conf settings - - - - - - - - - - - - - - - - - - - # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. # LocalSocket /var/run/clamd/clamd.sock LocalSocket /var/amavisd/clamd.sock # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. User amavisd - - - - - - - - - - - - - - - - - - - By default it looks like feshclam runs as _clamd. Can I change it to amavisd? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 12:46 PM To: [EMAIL PROTECTED] Subject: [clamav-users] OpenBSD Port Update (07/21/2003) I've updated 0.60 and 20030720 with a small minor bug fix. Many thanks for everyone who sent feedback. clamav tested on 3.3 i386 I've also attached the latest snapshot 20030720 clamav-devel tested on 3.3 i386 Porthome: http://activeintra.net/openbsd/article.php?id=5 Regards, Flinn Mueller - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] clamd dropping out with no aparent reason
Tomasz Kojm <[EMAIL PROTECTED]> wrote .. > > I'm experiencing the same trouble running a similar setup: OpenBSD3.3, > > Postfix, amavisd-new-20030314-p2 (running chrooted), spamassassin, clamd > > > > What I noticed is that the problem occurs after a db update via > > freshclam. I notice that it always seemed to be close to an update, but I update 12 times a day. It bombs out at most once a day. > > Basically after a successful update clamd checks itself and the db for > > updates (by default every 3600 sec). Then it detect the change a write > > in the log: > > > > SelfCheck: Database modification detected. Forcing reload. > > Reading databases from /usr/local/share/clamav > > The two thing may not be connected. Please set the SelfCheck option to > some > small value and touch the database while clamd is running. Does clamd die clamd remained running during this process. I have manually run freshclam and could not make it bomb. > ? > > Best regards, > Tomasz Kojm > -- > oo. [EMAIL PROTECTED] > (\/)\. http://www.konarski.edu.pl/~zolw > \..._ I nie zapomnij kliknac w brzuszek... > //\ /\\ <- C. Amboinensiswww.pajacyk.pl > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] clamd dropping out with no aparent reason
Running OpenBSD3.3, Postfix, amavisd-new-20030616, spamassassin, clamd. Everything seems to run great for awhile and until the maillog indicates "Can't connect to UNIX socket /var/amavisd/clamd:" and by then the dameon process is no longer running. Sometimes it runs for a couple days, sometimes a couple of hours. I have to shutdown amavisd, delete /var/amavisd/clamd, startup clamd again and then amavisd. Then it works for awhile, then I have to go through it again. Any suggestions on how to track this down would be appreciated. Thanks LAD - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
