[clamav-users] Using OnAccess scanning with Selinux
Hi, I'm trying to run clamav with ScanOnAccess on the / mount on a box running selinux. I've enabled antivirus_can_scan_system in selinux but shortly after startup clamav stops scanning reporting the following : ERROR: ScanOnAccess: Internal error (failed to read data) ... Permission denied Initially I was getting no AVC events but discovered selinux dontaudit rules, on disabling these and making the antivirus context permissive, I can see a whole load of policy denials around access to /etc/shadow and /var/log/audit/audit.log. I'd like to avoid writing a whole load of custom policies around these individual files, I might be a constant task as the so gets updated Has anybody successfully run ScanOnAccess across the whole file system whilst having selinux enabled? Is there a way to tell clamav to continue after encountering a Permission Denied? Currently it appears clamav stops it's scanning and my box eventually grinds to a halt, I guess as the fanotify queue continues to build Any other suggestions on how to run the two together? Regards Rob ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] (no subject)
> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check > permissions!). > ERROR: Problem with internal logger (UpdateLogFile = > /var/log/clamav/freshclam.log). I expect you solved this already? > WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net Whenever I see this and freshclam cannot resolve it by itself, what I usually do is just remove all signature files (or move them elsewhere) and re-run freshclam. Then it will download all signature files again and be fully updated. I don't know if there's another/better solution; it just works for me. -- Rob ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] checking for OpenSSL installation... /usr
You also installed the accompanying development OpenSSL package? -- Rob -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of bondo vine Sent: Friday, 20 May 2016 13:18 To: clamav-users@lists.clamav.net Subject: [clamav-users] checking for OpenSSL installation... /usr Hello There, First timer here so please excuse my novice-ness. I am trying to configure ClamVA on OEL 6.7 but keep hitting the aforementioned issue. Although openssl exists on the machine and in the PATH, it still complains. Not sure if I am missing something obvious here. Appreciate any feedback. Cheers VK ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] can I check for CreditCards but NOT check for SSNs?
Well, I feel dumb now... not sure why I didn't try that before. Thanx Mickey! Rob. On 05/04/2016 06:00 PM, Mickey Sola wrote: Hi Rob, Just tested this, and it seems setting both "StructuredSSNFormatNormal" and "StructuredSSNFormatStripped" to "no" in clamd.conf should give you the behaviour you want. Let me know if that works for you. Cheers, Mickey On Wed, May 4, 2016 at 5:41 PM, Rob McKennon wrote: Hello! We are getting some false positive results with Heuristics.Structured.SSN. Is there a way to disable the SSN check, but keep the CreditCard check? For now I have just increased the SSN count to 1000 to get around this. Setting it to 0 did not disable it :( Rob. StructuredDataDetection yes StructuredMinCreditCardCount 1 StructuredMinSSNCount 1000 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] can I check for CreditCards but NOT check for SSNs?
Hello! We are getting some false positive results with Heuristics.Structured.SSN. Is there a way to disable the SSN check, but keep the CreditCard check? For now I have just increased the SSN count to 1000 to get around this. Setting it to 0 did not disable it :( Rob. StructuredDataDetection yes StructuredMinCreditCardCount 1 StructuredMinSSNCount 1000 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Structured.CreditCardNumber bounce
On 04/01/2016 11:40 AM, Bowie Bailey wrote: On 4/1/2016 11:16 AM, Rob McKennon wrote: On 04/01/2016 11:01 AM, Vladislav Kurz wrote: On Friday 01 of April 2016 Rob McKennon wrote: Hello, One of the reasons we use clamav is to not accept emails with credit card numbers. And it works great to bounce the message back to the sender. However, according to PCI, sending the original message back with the same credit card numbers they sent us, is just as bad as them sending it to us in the first place. Is there a way to tell clamav to send the bounce message with the "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include the original email? Hi, this is not setting of clamav itself. It should be configurable in SMTP server or its antivirus interface like Amavis. Clamav just decides if the file is infected or not. It is the SMTP server that decides what is sent back. Ah, ok. Thank you for pointing me in the right direction! On the other hand, you shouldn't be sending bounce messages at all (assuming you are using the correct terminology). It is much better to reject unwanted emails. Bounce - Your MTA accepts the message, determines that it's not wanted, and sends a message back to the sender. Reject - Your MTA determines that the message is not wanted before accepting it from the sending server and returns an error to the sending server. It is then up to the sending server to determine what to do with the message. Once your MTA accepts the message, you have no reliable information about the sender of the message. Any bounce message you send is not guaranteed to go back to the real sender of the message. This can turn your server into a source of bounceback spam. It is much better to simply reject the message and let the sender deal with it. Legitimate messages will still have a bounce message sent from the sending server and you don't have to worry about your server sending a pile of bounce messages to an innocent third party whose email address is being used by a spambot. Thanx! Guess I used the term bounce incorrectly. After looking at my amavisd.conf file, I realized I have: $final_virus_destiny = D_REJECT; So it is properly configured, just not behaving the way we want it to yet. Rob. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Structured.CreditCardNumber bounce
On 04/01/2016 11:01 AM, Vladislav Kurz wrote: On Friday 01 of April 2016 Rob McKennon wrote: Hello, One of the reasons we use clamav is to not accept emails with credit card numbers. And it works great to bounce the message back to the sender. However, according to PCI, sending the original message back with the same credit card numbers they sent us, is just as bad as them sending it to us in the first place. Is there a way to tell clamav to send the bounce message with the "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include the original email? Hi, this is not setting of clamav itself. It should be configurable in SMTP server or its antivirus interface like Amavis. Clamav just decides if the file is infected or not. It is the SMTP server that decides what is sent back. Ah, ok. Thank you for pointing me in the right direction! Rob ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Structured.CreditCardNumber bounce
Hello, One of the reasons we use clamav is to not accept emails with credit card numbers. And it works great to bounce the message back to the sender. However, according to PCI, sending the original message back with the same credit card numbers they sent us, is just as bad as them sending it to us in the first place. Is there a way to tell clamav to send the bounce message with the "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include the original email? Thank you, Rob McKennon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No supported database files found
So there *is* a clamav user in /etc/passwd, which has /var/lib/clamav as home directory. It is probably configured by apt-get. I don't know where clamd.conf5 comes from: the file is usually called clamd.conf. Install from source or from apt-get, not both, so remove either one. If you remove the apt package, the clamav user will probably be removed and have to be created afterwards. If you're new to all this I suggest you use the package from apt-get and go from there. -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of farbod emami Sent: Wednesday, 9 March 2016 17:19 To: ClamAV users ML Subject: Re: [clamav-users] No supported database files found hi I have done both: compiling manually and by apt-grt install and I even install the graphic panel. I do not have any clamd.conf but clamd.conf5 which there is not any DatabaseOwner entry in it ! in my passwd, I just have "clamav:x*::/var/lib/clamav:/bin/false" On Wednesday, March 9, 2016 7:37 PM, Matus UHLAR - fantomas wrote: On 09.03.16 14:54, farbod emami wrote: >I encountered this error when running the " sudo clamscan -r " command >LibClamAV Error: cli_loaddbdir(): No supported database files found in >/usr/local/share/clamav >ERROR: Can't open file or directory did you compile clamav manually? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No supported database files found
I don't know what username you need to use. - Check your freshclam.conf for the DatabaseOwner to know which username you need. - Check your /etc/passwd file to make sure this username does not exist. - If it doesn't exist, check if another username exist that has almost the same name and was meant for you to use. - If still can't find such username, create it. - If such username does exist, modify your freshclam.conf and/or clamd.conf to use this username. - chown the directory and set permissions accordingly. This is basic *nix stuff, not really ClamAV related.. -- Rob -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of farbod emami Sent: Wednesday, 9 March 2016 16:34 To: ClamAV users ML Subject: Re: [clamav-users] No supported database files found Dear Rob, I have created the clamav directory with mkdir command, but its owner is "roort" ,Do I must change its owner to "clamav " ? as I have not any user by this name in my system On Wednesday, March 9, 2016 7:59 PM, Rob Sterenborg wrote: You skipped my first step: "make sure the directory exists". This means: if it doesn't exist, create it and set the owner/group to the user clamav runs as and permissions accordingly. When you've done that, run freshclam again. -- Rob -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of farbod emami Sent: Wednesday, 9 March 2016 16:17 To: ClamAV users ML Subject: Re: [clamav-users] No supported database files found Dear Rob, hi. there is no /usr/local/share/clamav directory exist!freshclamcommand did not work:ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf On Wednesday, March 9, 2016 6:36 PM, Benny Pedersen wrote: On 9. mar. 2016 15.56.30 farbod emami wrote: > please help Run freshclam If it fails, what settings are shown in clamconf Dont post clamconf here, if need more help pastebin it and share link to it ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No supported database files found
You skipped my first step: "make sure the directory exists". This means: if it doesn't exist, create it and set the owner/group to the user clamav runs as and permissions accordingly. When you've done that, run freshclam again. -- Rob -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of farbod emami Sent: Wednesday, 9 March 2016 16:17 To: ClamAV users ML Subject: Re: [clamav-users] No supported database files found Dear Rob, hi. there is no /usr/local/share/clamav directory exist!freshclamcommand did not work:ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf On Wednesday, March 9, 2016 6:36 PM, Benny Pedersen wrote: On 9. mar. 2016 15.56.30 farbod emami wrote: > please help Run freshclam If it fails, what settings are shown in clamconf Dont post clamconf here, if need more help pastebin it and share link to it ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] No supported database files found
- Make sure directory /usr/local/share/clamav exists. - Start freshclam to update your virus definition databases. -- Rob -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of farbod emami Sent: Wednesday, 9 March 2016 15:55 To: clamav-users@lists.clamav.net Subject: [clamav-users] No supported database files found Dear sir, hi I encountered this error when running the " sudo clamscan -r " command LibClamAV Error: cli_loaddbdir(): No supported database files found in /usr/local/share/clamav ERROR: Can't open file or directory --- SCAN SUMMARY --- Known viruses: 0 Engine version: 0.99.1 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 0.002 sec (0 m 0 s) please help ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On 09/25/2013 07:47 PM, Shawn Webb wrote: Hey Francis, Can you add the --disable-silent-rules option to your configure script and re-run make? It'd be helpful to see what's being passed to the compiler. I didn't do this, but.. Here's a small patch that might help. Can you give this a try and let me know how it goes? http://ix.io/8fk This seems to solve the problem for me; no more compile error. -- Rob ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On 09/24/2013 03:51 PM, Shawn Webb wrote: On Mon, Sep 23, 2013 at 5:04 PM, Dennis Peterson wrote: On 9/23/13 1:59:42PM, Shawn Webb wrote: Maybe this time I'll actually attach the patch. ;) I believe the list server discourages attachments. dp Did the patch not go through? No it didn't. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'
On 09/23/2013 05:45 PM, Shawn Webb wrote: This is due to a change I had made in November 2012 to how the zlib linking checks are done in the configure script. If you have a few extra moments, can you apply the below-pasted patchfile and re-run configure? If your compile works with just this patch (and without the changes you made to zconf.h), we will better know how to proceed from here. The diff is in unified diff format. If you need me to convert the diff from unified to traditional, let me know. Thanks, Shawn The patch: diff --git a/configure b/configure index 0158088..4109375 100755 [..snip..] As it's just a few lines I applied the patch manually because of wrapping. I believe I did it right, but I get the same error: CC libclamav_la-pe.lo CC libclamav_la-pe_icons.lo CC libclamav_la-disasm.lo CC libclamav_la-upx.lo In file included from 7z/LzmaDec.h:7, from lzma_iface.h:26, from upx.c:59: 7z/Types.h:58: error: redefinition of typedef 'Byte' /usr/local/zlib/include/zconf.h:368: error: previous declaration of 'Byte' was here make[4]: *** [libclamav_la-upx.lo] Error 1 make[4]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/clamav/clamav-0.98' make: *** [all] Error 2 This is on CentOS 5.5. However, I'm using --with-zlib=/usr/local/zlib which contains zlib-1.2.8. When I use --with-zlib=/usr or not use --with-zlib=... at all (configure will then find /usr which contains zlib-1.2.3), then clamav will compile successfully. Other software compiles and works just fine when using zlib from /usr/local/zlib. CentOS 5 zlib = 1.2.3-7 (mine is) CentOS 6 zlib = 1.2.3-29 (according to the CentOS packages website) -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] vscan-clamav
On 16-05-13 14:06, jens s wrote: Dear If I do understand you I'll have to make a cronjob with clamscan command in it wich will scann my whole system specifying the folders I want it to scan. That would be clamdscan (notice the d in between) instead. - Clamscan is the standalone command line scanner which loads the database every time it is called. - Clamdscan just tells clamd to scan something and what to scan. Check 'man clamscan' and 'man clamdscan' for differences between the two. (Of course clamdscan will only work if clamd is started.) Because i've been looking into the clamd.conf file but there is no option to specify the folders it has to scan. Which is why clamdscan is used, instead of clamscan. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] What is the maximum file size ClamAV supports ??
On Fri, Sep 14, 2012 at 10:05 AM, Siranjeevi wrote: > Hi All, > > I have tried to scan the file which is of 75 MB file.. I need to know > whether it is scanned or not. Because Data Scanned is coming as 0.00 MB. > Please help me in this regard. I have to proceed further. <---SNIP---> > What is the maximum file size ClamAV supports ?? Please reply with the > maximum file size limit. I couldn't found this information in google. You can however find the information in the man page ;) Look for --max-filesize and --max-scansize -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Detection of Win32 Trojan / Dorifel
On 08/22/2012 08:51 PM, Alain Zidouemba wrote: > Look for the signature: WIN.Worm.Dorifel Great, thanks a bunch! -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Detection of Win32 Trojan / Dorifel
On 08/20/2012 02:43 PM, Joel Esler wrote: > On Aug 20, 2012, at 7:46 AM, "Birgelen, Jeroen van" > wrote: > >> LS, >> >> I would kindly like to request some information on whether ClamAV is >> detecting the Dorifel Trojan/virus which is currently spreading (at least in >> The Netherlands), since two weeks or so. >> >> At the moment, according to an overview on the website of virustotal.com, >> most major anti-virus tools can detect the virus, unfortunately ClamAV >> cannot (yet). If I'm correct, the specific virus has been submitted to your >> Anti Virus database. >> >> Any information would be much appreciated. >> >> Kind regards, >> Jeroen > > > I'll take a look this morning, thanks for emailing. I'd like to know if there's any news on this. TIA.. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Clamav update problem
On Mon, 2012-08-13 at 13:53 +0400, Ильяс Досхожаев wrote: > i updated clamav to last 0.97.5 on debian , nevertheless it show error > #freshclam > ClamAV update process started at Mon Aug 13 15:49:41 2012 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.97.3 Recommended version: 0.97.5 > DON'T PANIC! Read http://www.clamav.net/support/faq > main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: > sven) > WARNING: Can't download daily.cvd from 10.2.3.21 > Trying again in 5 secs... > ... > > Is it ok? Well, yes and no. Read the text: - Freshclam says that ClamAV is version 0.97.3 instead of your new 0.97.5. Make sure you're running the binaries from 0.97.5 (you clearly don't). - Freshclam says main.cvd is up to date, so that should be fine. Although freshclam can't download daily.cvd from some mirror, it will be trying other mirrors for that. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Can't download v0.97.5 source code
On Thu, 2012-07-26 at 15:35 -0400, Ruiyuan Jiang wrote: > Hi, > > I could not download the ClamAV v0.97.5 source code since yesterday. Does > anyone know what happened? When I try to download I'm redirected to SourceForge and I can download 0.97.5 just fine. http://sourceforge.net/projects/clamav/files/clamav/0.97.5/clamav-0.97.5.tar.gz/download Direct download link: http://downloads.sourceforge.net/project/clamav/clamav/0.97.5/clamav-0.97.5.tar.gz?r=http%3A%2F%2Fwww.clamav.net%2Flang%2Fen%2Fdownload%2Fsources%2F&ts=134997&use_mirror=kent -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] 10 years of ClamAV
> Dear ClamAV Users, > > This year, ClamAV celebrates its 10th anniversary. The first release > was > on May 8, 2002, and included the basic command line scanner "clamscan" > and database update tool "freshclam". With your help, the project that > started as a hobby has become a complete antivirus solution and one of > the most popular Open Source security tools. Today, ClamAV has more > than > 2 million active installations and scans hundreds of millions of files > every day. > > We are incredibly proud of this project and of the development work we > have been able to do since joining Sourcefire via acquisition in 2007. > We've had the opportunity to build out the bytecode engine and logical > signatures, and implement dozens of other major improvements that make > ClamAV a powerful tool. > > While we are incredibly proud of this, it is time for us to make a > change. ClamAV is now mature software and we are confident that > Sourcefire will successfully continue its development, move it forward > and maintain the integrity of its infrastructure. Matt Watchinski, who > has headed Sourcefire's Vulnerability Research Team (VRTT) for 10 > years, > will continue to lead this project. Joel Esler, the company's Open > Source community manager, will also be your main point of contact and > advocate. > > We cannot fully express how grateful we are to all of the people, > organizations and companies that have supported us and who will > continue > to support the project. This includes all the individuals who have > contributed virus signatures and the developers who have contributed > code to ClamAV throughout the years, the public mirrors that host our > virus databases worldwide, the entities that hosted our web site, > nameservers and build farm; the developers and package maintainers who > have integrated ClamAV into various Open Source products and > distributions and, of course, the Open Source community as a whole. > > Finally, we would like to thank all who have trusted ClamAV for > scanning > and protecting some of the most valuable data on their networks. > > Sincerely, > > Tomasz Kojm (twitter: @tkojm) > Luca Gibelli (twitter: @nervous) > Alberto Wu > Edwin Török Congratulations on your 10 year anniversary, and thanks for making the product as good as it is now! Good luck with anything you start working on! -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] clamd network mode
On Wed, 2012-04-18 at 12:13 -0500, Tom Goerger wrote: > Hi, > > We're running clamav on our mta servers right now, each in local mode. > We're experiencing some high loads causing mail delays on these servers, I can imagine if you're using clamscan. > and are trying to offload some of their resources. It seems from some of > the language in the clamd conf file that there's a way to use clamd in a > network fashion. Is this just a matter of changing the socket being used > to point to the external box? Or are there other variables that need to be > set to accomplish this? You have to configure clamd using clamd.conf and then start clamd. Clamd can use a socket or an IP:port connection, that's up to you. Personally, I find clamd.conf descriptive enough to be able to find out how to configure it. After starting clamd, you can use clamdscan instead of clamscan for scanning (the file(s) in) your email. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Untit Testing
On Mon, 2012-02-06 at 11:39 -0800, Reynolds, David C. wrote: > I've recently installed .97.3 on an SGI Origin 3000 running TRIX > v6.5.28 using gcc 3.2.1. (I did need to make some source file > modifications). I was able to run clamscan against a directory > seemingly without error. > > However, I would like to run some tests which would indicate > catching an infected file without actually putting an infected > file on our system. This is a totally Trusted Irix environment. > > I've had problems trying to build the check package as > recommended in the ClamAV documentation in this IRIXS environment. > Any suggestions as to how run some unit tests that would indicate > that an infected file would actually be found? You could use the Eicar test file. It's not a virus and meant to check if a/your virusscanner is working. http://www.eicar.org/86-0-Intended-use.html -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] How can I have clamd reject items that can't be scanned?
On Wed, 2011-11-09 at 10:31 +0100, Per Jessen wrote: > Peter Bradeen wrote: > > > I see that there are ways to limit the level of archive that will be > > scanned as well as the size of the entities to be scanned. Is there a > > way for CLAMAV to then flag them as not allowed? Seem that if you > > can't scan it, it should be rejected. > > It's not about not being able to scan, it's about not wanting to scan. > Regardless, clamav doesn't reject or approve mails, that's for your MTA > to do. If you use ClamAV as milter, it's up to ClamAV to tell the MTA what to do so I guess there's a task for ClamAV too.. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] problem with internet browser
On Sun, Apr 10, 2011 at 18:08, rexer wrote: > My problem is cant access www.clamwin.com/ error 404 is found please help Works for me. You could always use http://www.downforeveryoneorjustme.com/ to check a site: http://www.downforeveryoneorjustme.com/www.clamwin.com -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] No debian woody support anymore?
Erwan David wrote: > Message of freshclam did not specify that older versions would stop. > It was the same message as for minor upgrades. This did not give the > information that something different than usual was planned. It still means you should upgrade and the message was ignored long enough that ClamAV stopped working. The fact that there is no *immediate* need to upgrade when the message is first seen, does not mean you can wait that long. The OP use(s|d) an EOL Debian and an EOL ClamAV. If the OP upgrades ClamAV to a more recent version then he's back in business, even with an EOL Debian. Simple as that. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] No debian woody support anymore?
> OK, how's this then. 9.5.3 (IIRC) came out about the time the notice OK, how's this then. If you used freshclam, everytime you updated the signatures you got a message about ClamAV being outdated. The gap between 0.94 and now it quite big. The people who *chose* to ignore it are to blame. If you're stupid enough *not* to upgrade your virusscanner while it's for free (that's probably why you chose ClamAV in the first place), it's your fault. If you're running a mailserver and got bitten because you don't know how to upgrade, then IMO you shouldn't be running a mailserver because of lack of knowledge about the system. I can't help that, you can't help that, SourceFire can't help that. They can help themselves however by learning how to do things and that won't be helped by keeping a hand over their heads, preventing from 'bad things to happen'.. (IMO, running an outdated virusscanner *is* a Bad Thing(tm).) Or, if people do *not* (want to) learn about their system, they should buy an appliance with support contract that takes care of this. Disclaimer: by "you" and "your" I don't mean specifically *you*. Everytime a posting pops up asking why their ClamAV doesn't work anymore, the thread gets hijacked by rants like these. This is not helping the OP want way OT. If you'd just stay in the already polluted threads and post your rants there, the list would be cleaner. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-daemon didn't recognise attached virus
On Thu, Apr 22, 2010 at 07:16, Thomas Herzog wrote: > > Thanks for your reply, just to get this right. > The virus is detected by the binaries clamdscan or clamscan, but not by the > deamon called through amavis -> see the attachment of my first post. Then you have a problem with the way Amavis is calling ClamAV. The few lines in that log file aren't sufficient to identify the cause of the problem. Amongst other things, check that you don't have multiple copies of ClamAV installed and that Amavis isn't running one while you're manually running a different one. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] illegal or not, make a valid argument (was "no subject")
On Wed, Apr 21, 2010 at 17:26, Christopher X. Candreva wrote: > > Let me drive this home. In the state of New York, until recently if the > government wanted to use eminant domain to take your property, all they had > to do was take out an ad in the paper. They do not need to track down the > owner of the building or land, just take out an ad. If you don't read the > paper that day, the first you hear that your building was being knocked down > may be when the wrecking ball shows up. The last I checked the legal notification requirements in the UK aren't terribly different. All that is required is reasonable effort to notify and while I'm not a lawyer I'm pretty confident that the ClamAV's teams efforts would be described as reasonable (based upon dealings with real lawyers). -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-daemon didn't recognise attached virus
On Wed, Apr 21, 2010 at 16:02, Thomas Herzog wrote: > > Hello, > We're running clamav 0.95.3 with amavisd-new-2.6.1and postfix 2.5.5. > > Sending a message with a virus attached clamav-daemon didn't find it. -> http://www.clamav.net/lang/en/sendvirus/ -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] No debian woody support anymore?
> After the last signature update, clam av stopped working on our woody > installation. Your ClamAV is probably EOL. Please upgrade. http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/ If your distro does not have a recent ClamAV package, you should be able to build it from source. (I saw a post here mentioning that the build even succeeds on a distro as old as RH7.2.) > Is there no more support for this Debian Release? Debian Woody (Debian 3.0) is also pretty old and EOL'ed.. -- Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (no subject)
> > In the interest of eliminating any further waste of my time or > > computer resources, I am now instigating a kill filter on this > > thread. > > +1 +1 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] The EOL tweets
On Mon, Apr 19, 2010 at 17:34, Paul Reading wrote: > Sorry to but-in.. I have just wasted a day trying to get my companies mail > working again. We have an Apple xServe and knew nothing about clamav until > we stopped receiving our email this morning. I don't know how you could have > communicated with us on this one but perhaps it would have been better if > you had somehow got Apple to update their customers by software update so > that the un-initiated would not have needed to worry about this. It's entirely possible that the ClamAV team didn't know that Apple had taken the decisions to: 1) Install ClamAV on xServe 2) Not keep people even vaguely up to date -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Empy queue
On Sun, Apr 18, 2010 at 10:59, _beb_ wrote: > Hi everyone, > I didn't know about the update, and it has been such a mess. > It's okay, now. Emails in/out going. > The thing is: what about the thousands of emails still in the > /var/spool/qscan/working/new and /var/spool/qscan/tmp directories? > Is there a way to reinject all of them as new emails? It sounds like the answer would be specific to QMail, it's probably best to check it's documentation/lists. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-0.96 compile error
On Wed, Apr 7, 2010 at 11:31, Jan Kratochvíl wrote: > Hi, > > make fails Clamav 0.96 on system RedHat kernel 2.2.27-rc2 #10 > > gcc version egcs-2.91.66 <---SNIP---> > This problem is new in Clamav 0.96, > clamav-0.95.3 does compile an run with these settings. Kernel 2.2.27-rc2 was released in January 2005 - just over 5 years ago. GCC egcs-2.91.66 is even older (I've seen bug reports from 1999). I'm guessing you're running RedHat 7 (the last version released with a 2.2 kernel) or older, making your base OS potentially 10 years old. I think it may be time for an upgrade to your OS - you'll run into many similar problems with other packages that assume you've got a vaguely recent set of packages or kernel. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] infos
On Wed, Mar 24, 2010 at 15:33, Del Monte Paolo wrote: > Hi Alain, > Yes I think that's a good solution. I supposed that this is not possible > dues to the different platform between linux and hpux on itanium > architecture. They are signature files, there's nothing architecture specific about them. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Clamav not working in OS X 10.6.2 server
I work for a school district and our new xserves have just been updated to the 10.6 server operating system. The problem I am experiencing on all 4 of these servers which are in different schools is the same. The log files are filling up with error messages like this1/21/10 4:39:43 PMorg.clamav.freshclam[56]nonblock_connect: connect timing out (30 secs)1/21/10 4:39:43 PMorg.clamav.freshclam[56]Can't connect to port 80 of host database.clamav.net (IP: 130.59.10.36)1/21/10 4:39:43 PMorg.clamav.freshclam[56]Trying host database.clamav.net (193.1.193.64)...1/21/10 4:40:13 PMorg.clamav.freshclam[56]nonblock_connect: connect timing out (30 secs)1/21/10 4:40:13 PMorg.clamav.freshclam[56]Can't connect to port 80 of host database.clamav.net (IP: 193.1.193.64)1/21/10 4:40:13 PMorg.clamav.freshclam[56]WARNING: getpatch: Can't download daily-9451.cdiff from database.clamav.net1/21/10 4:40:13 PMorg.clamav.freshclam[56]WARNING: Incremental update failed, trying to download daily.cvd1/21/10 4:40:44 PMorg.clamav.freshclam[56]nonblock_connect: connect timing out (30 secs)1/21/10 4:40:44 PMorg.clamav.freshclam[56]Can't connect to port 80 of host database.clamav.net (IP: 130.59.10.36)1/21/10 4:40:44 PMorg.clamav.freshclam[56]Trying host database.clamav.net (193.1.193.64)...1/21/10 4:41:14 PMorg.clamav.freshclam[56]nonblock_connect: connect timing out (30 secs)1/21/10 4:41:14 PMorg.clamav.freshclam[56]Can't connect to port 80 of host database.clamav.net (IP: 193.1.193.64)1/21/10 4:41:14 PMorg.clamav.freshclam[56]WARNING: Can't download daily.cvd from database.clamav.net1/21/10 4:41:14 PMorg.clamav.freshclam[56]Trying again in 5 secs...1/21/10 4:41:19 PMorg.clamav.freshclam[56]ClamAV update process started at Thu Jan 21 16:41:19 20101/21/10 4:41:24 PMorg.clamav.freshclam[56]WARNING: Your ClamAV installation is OUTDATED!1/21/10 4:41:24 PMorg.clamav.freshclam[56]WARNING: Local version: 0.95.2 Recommended version: 0.95.31/21/10 4:41:24 PMorg.clamav.freshclam[56]DON'T PANIC! Read http://www.clamav.net/support/faqThis keeps on going for pages. After a while it seems to slow down the server and it will lock up and I have to restart the server. I don't use the mail service on the server because the state handles our email. I have read that the current version of clamav on the server is incompatible with 10.6 server. So can this be fixed or can clamav be turned off or removed. Any help or suggestions would be greatly appreciated. Thanks, Rob Jennings. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamdscan setup
On Sun, Dec 6, 2009 at 09:41, Mark Gregory wrote: > Hi Rob, > > Thank you for the information. > > I should mention that I have clamd running as a service under windows > server 2003. From my reading and I may be confusing things, I thought I > had to use clamdscan in this scenario. > > What is the key difference between clamdscan and clamscan? I'm pretty sure the documentation covers it, but in summary: clamscan - stand alone, runs as the user running it, does not use any of clamd's configuration clamdscan - an interface to clamd, clamd does all the work -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamdscan setup
On Sun, Dec 6, 2009 at 06:27, Mark Gregory wrote: > > I would like to setup a scheduled task for clamdscan to do scans every > couple of hours. > > I would appreciate an example config file for clamdscan that would > include setting a log file and scanning the entire c: drive > > And moving bad files to a quarantine folder. You'll need to configure clamd that way, since clamdscan uses clamd (the hint is in the name). The man page for clamd.conf will give you what you want, but key lines would included: LogFile c:\example\log.file.txt Note that clamd isn't a full AV product and doesn't include quarantining. For that you'll want clamscan. Again the man page tells you what you want, but something like: clamscan -l=c:\example\log.file.txt --move c:\quarantine\ c:\ -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav databases
On Wed, Sep 9, 2009 at 07:00, Wong wrote: > Dear List, > > I installed Simscan with ClamAV. But I found error. > > configure: error: Unable to find your clamav databases, specify > --enable-clamavdb-path > > Would you tell me where the clamav database placed (by default)? That depends on how you installed ClamAV (and possibly on the version) - did you install it from source? What version did you install? What OS did you install it on? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
On Mon, Aug 24, 2009 at 18:30, Scott Mohnkern wrote: > Did the 770, no luck. df -h /var/clamav df -i /var/clamav -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
On Mon, Aug 24, 2009 at 18:17, Scott Mohnkern wrote: > r...@zambezi:/var# ls -lnd /var/clamav > drwxrwxrwx 2 441 204 4096 2009-08-21 10:02 /var/clamav > r...@zambezi:/var# id clamav > uid=441(clamav) gid=204(clamav) groups=204(clamav) Try changing it to 770 instead of 777. If that doesn't work, what other kernel modules do you have loaded (apparmour etc)? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
On Mon, Aug 24, 2009 at 17:55, Scott Mohnkern wrote: > Thanks for catching that, I'd accidentally set the clamav group number to > 441. However, after correcting. I'm still seeing the problem: > o...@zambezi:/var# ls -alt | grep clamav > drwxrwxrwx 2 clamav clamav 4096 2009-08-21 10:02 clamav > > r...@zambezi:/var# freshclam > ClamAV update process started at Mon Aug 24 12:54:47 2009 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.94.2 Recommended version: 0.95.2 > DON'T PANIC! Read http://www.clamav.net/support/faq > ERROR: getfile: Can't create new file > /var/clamav/clamav-37cffbcbac17f3fecf92527459691294 in /var/clamav > Hint: The database directory must be writable for UID 441 or GID 204 What do the following show: ls -lnd /var/clamav id clamav -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] I have trouble with freshclam
On Tue, Jun 23, 2009 at 21:41, Александр Тягливый wrote: > I upgrade to 0.95.2, but when I have started freshclam: > > "Can't open/parse the config file /usr/etc/freshclam.conf" How did you upgrade - from a binary package, from a source install - how? Did you check the contents of the file - the error message does include the fact that it's also about the contents, not just the file permissions. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems with clamdscan : access denied
On Thu, Apr 2, 2009 at 14:47, Dale Patterson wrote: > As for using clamscan, the reason I installed clamav is to work with another > piece of software which apparently uses clamdscan in its call. That does, but that doesn't mean that you can *only* use clamdscan. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Problems with clamdscan : access denied
On Wed, Apr 1, 2009 at 18:59, Dale Patterson wrote: <---SNIP---> > When I invoke clamdscan [filename or folder] I get > dpatt...@quarantine:~$ clamdscan po.conf > /home/dpatters/po.conf: Access denied. ERROR > > This happens on all directories except /tmp. My directories are world > readable and executable, as are the files. The clamd user is clamav. So, the user clamav almost certainly doesn't have access to the file. Have you considered using clamscan (as a user with access to the file) instead? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Updating clamav
On Sat, Mar 14, 2009 at 22:38, David Jewell wrote: > Hi, > > I am trying to update my clamav install from 0.93 to 0.94.2 on an > Ubuntu based server. Running the make && make check I am have been > meet with a series of errors. Some I have fixed by installing/updating > some libs but I am still at a loss as to why the make check is not > successful. Following is output from the make && make check. Looks like you don't have the bzip2 headers or libraries installed. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] please remove
On Thu, Feb 19, 2009 at 13:43, Eric J. Wisti wrote: > > The ONLY way to prevent reading unsubscribe messages (which annoy me > too), is to remove all users from the mailing list now. Sadly I agree with Eric. I've seen this same problem on lists with the unsubscribe link at the bottom of every list email - you can't do anything about stupidity I'm afraid. I'll now go back to watching the thread spiral out of control ;) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Your ClamAV installation is OUTDATED
On Sun, Feb 15, 2009 at 11:45, chen wrote: > > clamscan --version > ClamAV 0.93/6688/Wed Apr 9 16:40:38 2008 Then you haven't removed your old version of ClamAV. How did you install 0.93? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] New to Clamav
On Thu, Feb 5, 2009 at 15:52, Madhuri Somavarapu wrote: > How can we invoke clamd from java if not the API? > > The app that uses clamd will be deployed on the same unix machine. Will I > have problem with firewall even then? Should I ask admin to open the port so > that users access the app? Maybe - as the administrator what (if any) firewall rules they have in place for the loopback interface. > If the virus is found will it delete the file other than response? If not how > should I take care of it myself? It (clamd) won't do anything, that's entirely up to you to handle in any way you chose. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] No clmilter.sock
On Fri, Jan 2, 2009 at 07:14, Rem P Roberti wrote: > I have just installed clamav on my FreeBSD 7.1RC2 system as per the > Wheldon Whipple instructions > (http://www.technoids.org/clamav-milter.html#2). I double checked > everything (I think!), but clmilter.sock never showed up in > /var/run/clamav. The only files in that directory are clamd.pid, > freshclam.pid, and clamd.sock. What happened to clmilter.sock? The instructions there look like they're very out of date. A quick look at the freshports.org change entries suggests that there is a separate script to start the milter - look in /usr/local/etc/rc.d/. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How to test ClamAV?
On Fri, Dec 05, 2008 at 03:06:41PM -0800, Aleksey Tsalolikhin wrote: > Ok, so how do I test ClamAV? > > So where do people get viruses to test ClamAV with? Are you wanting to see that ClamAV is properly configured in your environment or are you ensuring it finds the viruses that you test it with? If you're looking to test your configuration, the easiest is with the EICAR test file. You can find out more about it at http://www.eicar.org/anti_virus_test_file.htm ClamAV should report the following when the file is scanned: clamdscan ~/eicar.com eicar.com: Eicar-Test-Signature FOUND Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Why is ClamAV signature file so unpopular?
On Fri, Nov 28, 2008 at 15:12, Paul Kosinski <[EMAIL PROTECTED]> wrote: > When I go to the download page for ClamAV at SourceForge, > I observe that the signature file ("clamav-0.*.*.tar.gz.sig") > is downloaded less than 10% of the time that the source code > ("clamav-0.*.*.tar.gz") is downloaded. I find this strange, > especially for anti-malware software, whose users presumably > think about security more than the average SourceForge visitor. Some of that may be down to things like FreeBSD, where the package maintainer fingerprints the download when they prepare the package/port and it is that fingerprint that is checked when you install. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche Mark Twain - "It usually takes me more than three weeks to prepare a good impromptu speech." ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5
On Sun, Nov 16, 2008 at 15:31, Jerry <[EMAIL PROTECTED]> wrote: <---SNIP---> > In any case, FreeBSD-5.5 is quite old and I believe no longer > supported, although I might be wrong about that. FreeBSD 5.5, the last in the FreeBSD 5.x series, reached EOL in March 2008. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5
On Wed, Nov 12, 2008 at 13:43, Juergen Dankoweit <[EMAIL PROTECTED]> wrote: > > Yes. The reason is, that FBSD 6 or 7 does not run anymore on my hardware > (SCSI problems). Did you report those so that they can be looked into? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5
On Wed, Nov 12, 2008 at 12:53, Juergen Dankoweit <[EMAIL PROTECTED]> wrote: > Hello to the list, > > on my FreeBSD system I have strange problems with clamav: > During detection a virus clamav blocks the whole mail traffic for ever. > Only a restart of postfix, amavis and clamav solves this until the next > virus. > > With clamav 0.93.3 there are no problems but it is too outdated. > > Because the ports tree is unupgradable I must use the original source > from the web site. I compile clamav with the following options: > ./configure --disable-clamuko --disable-ipv6 Is there a good reason you can't upgrade to at least FreeBSD 6, or even better FreeBSD 7? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Maximum file size
On Mon, Oct 13, 2008 at 16:10, Sam Smith <[EMAIL PROTECTED]> wrote: > Hello there! > > I am running ClamAV engine ver 0.93.1 That's an old version, you should update. > When trying to scan Outlook PST files I receive this error: > > "archive.pst: Value too large for defined data type" > > The file size is close to 6 GB. Is this more than the maximum size > allowed by the program? <---SNIP---> > Any help on increasing the limit would be much appreciated. Have a look in the clamd.conf file, under the Limits section. At a rough guess the MaxScanSize and MaxFileSize will be relevant to you. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Updating OS X Server version of clamav
Is there an explanation anywhere of how to update the version that's included with OS X Server (Tiger)? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] trying upgrade clamav 0.93 to 0.94 on i386 FreeBSD
On Tue, Sep 23, 2008 at 14:30, <[EMAIL PROTECTED]> wrote: > > Or you can just delete --enable-gethostbyname_r from the CONFIGURE_ARGS > section of the port Makefile and everything will work fine. I would > advise that you stick with 6.3 as it has a longer support cycle than > anything so far in the 7.x cycle. Right now the EOL for 6.3 is based upon it being the last 6.x. However, 6.4 is scheduled to be released next month, at which point the EOL for 6.3 will be 12 months from it's release - January 2009, a month before 7.0 (February 2009). Details of how the EOL process works can be found at http://www.freebsd.org/security/#sup -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] trying upgrade clamav 0.93 to 0.94 on i386 FreeBSD
On Tue, Sep 23, 2008 at 08:37, Sam Lin <[EMAIL PROTECTED]> wrote: > > Hello list, > > i try pkg_add -r clamav and it's show me the package are the same > Fetching > ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/clamav.tbz > pkg_add: package 'clamav-0.93.3' or its older version already installed > > then i try use ports to compile clamav 0.94 on my i386 FreeBSD 6.1- > STABLE and have some error message: FreeBSD 6.1 is no longer supported by the ports system - if you want to continue using the ports you need to upgrade to 6.3 or 7.0 (6.4 and 7.1 are due for release next month), or track RELENG_7 or RELENG_6. I would advise that 7.x is a better choice as 6.x is the legacy release. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (senza oggetto)
2008/8/9 [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > Salve, > cliccando su Virus Database Update Report la finestra che si apre riporta il > seguente messaggio: > Warning: Current functionality level = 31, recommendet = 33. > Vorrei sapere cosa vuol dire e come posso ovviare. http://www.clamav.net/support/faq/ http://wiki.clamav.net/Main/FAQ#What_does_WARNING_Current_functi -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] simplest replacement for ancient amavis-perl
On Thu, Aug 7, 2008 at 16:40, David F. Skoll <[EMAIL PROTECTED]> wrote: > > I recommend MIMEDefang. (Of course, I'm the author, so I would > recommend it...) I use both amavisd-new and MIMEDefang. Of those I'd recommend MD over amavisd-new. It's easy to customise the heck out of (I don't know perl and I can manage) and "just works". The MD mailing list is also pretty helpful for those times when you discover that you're not so much in over your head, but you no longer know which way "up" is supposed to be ;) -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] unsubscribe
On Mon, Jul 7, 2008 at 18:22, Don Singh <[EMAIL PROTECTED]> wrote: > please unsubscribe me from this mailing list. How to do this was included in the welcome email you received when you signed up and is in the headers of every list email (a standard location): List-Id: ClamAV users ML List-Unsubscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>, <mailto:[EMAIL PROTECTED]> List-Post: <mailto:clamav-users@lists.clamav.net> List-Help: <mailto:[EMAIL PROTECTED]> List-Subscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>, <mailto:[EMAIL PROTECTED]> -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] (no subject)
On Mon, Jun 2, 2008 at 9:18 PM, alex liveti <[EMAIL PROTECTED]> wrote: > Hi there? is not a viros is just a pape work just to take look at correcy > and send it bac to > please just test can i send t. You may want to read the reply to your post yesterday. -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] commad between unix and linux
On Sat, May 31, 2008 at 9:46 PM, alex liveti <[EMAIL PROTECTED]> wrote: > hi there? iam haven a problem with one of 2 operating system UNIX and Linux. > the question is are this two the same or not is it possable to use the same > commad or are the difrent between them in commad? Yes/Maybe. If you were a little more specific it might be possible to provide an answer. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.93.1RC1
On Wed, May 28, 2008 at 3:08 PM, Nigel Horne <[EMAIL PROTECTED]> wrote: > Dear All, > > As you may have seen, the first release candidate of 0.93.1 was > published earlier this week. > > 0.93.1 <http://downloads.sourceforge.net/clamav/clamav-0.93.1rc1.tar.gz> > is a maintenance release with bug fixes for issues raised with 0.93 for > example portability > problems and other issues discovered by our internal auditing process. > It also features improved > handling of PDF, CAB, RTF, OLE2 and HTML files. > > We welcome any feedback and bugs on this RC prior to the release > of 0.93.1, which is currently scheduled for 6th June. It doesn't matter > if you don't have a test environment, you can still help us for example by > downloading the release candidate and checking it compiles on your > system even if you don't > install it; we particularly welcome reports on platform compatibility. Compiles on FreeBSD 6.3 and 7.0. I was able to give it a quick test on 7.0 and freshclam, clamscan, clamd and clamdscan all work. -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] I can´t upgrade clamav
On Mon, May 12, 2008 at 1:55 PM, Emilio Campos <[EMAIL PROTECTED]> wrote: > i am clamav 0.92 versión in a SMTP system, i can´t update clamav because > this is a close project in the client instalations, i would like to know > what can append with those clamav if i dont upgrade with new version of > new clamav? If nothing else, at some point you'll stop getting signature updates and will then start letting malware through. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] WARNING: Suspicious recipient address blocked
On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen <[EMAIL PROTECTED]> wrote: > > ClamAV is rejecting messages where the recipient address contains a | (pipe > character).. > > Why is this? Is | a virus now? > > Can this behaviour be disabled? > > Are you planning on blocking other random characters from appearing in the > recipient adres? Are you certain that clamav is behind this? What other software are you using with your mailserver and exactly what is the error message? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv-Milter Configuration Troubles
On Fri, Apr 11, 2008 at 7:00 PM, James Kosin <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > > James Kosin wrote: > | Everyone, > | > | I've got clamav-milter using a .sock file and would like to change it to > | use the IP socket address interface to clamd. > | Any ideas on what I have to do? If I just change clamav-milter options > | to use --external and remove the local socket file from the options, > | clamav-milter complains. I want it to use the local machine's IP > | 127.0.0.1 with clamd running. Anyone have a good configuration to > | share, the documentation is a bit sparse in this area. > | > | James > Hey... anyone out there??? A quick read of the clamav-milter man page suggests you missed the "--server" option: --server=HOSTNAME/ADDRESS, -s HOSTNAME/ADDRESS IP address or hostname of server(s) running clamd (when using TCPsocket and --external). ... -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] I hate people who do this but...
On Sun, Apr 6, 2008 at 8:35 PM, Christopher Burkhart <[EMAIL PROTECTED]> wrote: > How do I get off this list? > > I have searched the archives and I have not found a way to delete my > self, may have just missed. You mean the information that lurks in the header of every posting: List-Id: ClamAV users ML List-Unsubscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>, <mailto:[EMAIL PROTECTED]> List-Post: <mailto:clamav-users@lists.clamav.net> List-Help: <mailto:[EMAIL PROTECTED]> List-Subscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>, <mailto:[EMAIL PROTECTED]> And the "Visit subscriptions page" button that's found from the URL at the bottom of every posting: http://lurker.clamav.net/list/clamav-users.html ;-) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Integrating ClamAV in Squid 2.6
On Wed, Mar 26, 2008 at 3:18 PM, Dennis Peterson <[EMAIL PROTECTED]> wrote: > > And I wonder still if as delivered it can be built statically. > Obviously if it is only dynamically linked it will not survive a > ClamAV upgrade. At no time did I mention using clamd as a option. It > was such a simple question. Yes it was a very simple question: >> So does this have to be rebuilt each time ClamAV has an upgrade? > A simple answer might have been "it [ can > | cannot ] be linked statically". The answer to my question was rtfm > which I attempted to do, mind you. The answer to the question I did > not ask was "use clamd". I can use clamd now without this product. Until today you made no mention of static linking in this thread, if you had you may have had different answers ;) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Integrating ClamAV in Squid 2.6
On Wed, Mar 26, 2008 at 2:45 PM, Dennis Peterson <[EMAIL PROTECTED]> wrote: > You learned from that answer that as distributed it can be statically > linked to libclamav? I shall read it again and again until I find that > elusive factoid. No, you asked if HAVP had to be rebuild when you upgraded clamav, not whether or not it could be statically linked. The response: > Well - have a look and find out for yourself. It supports both linking > against libclamav and merely calling clamd like clamdscan does. So "yes" > and "no" are the answer. gave you the full answer: Link against libclamav - yes you have to rebuild Call clamd - no you don't -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd.conf question.
On Mon, Mar 24, 2008 at 9:03 PM, Erik P. Olsen <[EMAIL PROTECTED]> wrote: > Hi, > > I am new on clamav and I have a few questions on some of the items in the > clamd.conf file: > > 1. LocalSocket must be specified, it says, but what is it used for and what > would it normally be? > > 2. TCPAddr. Again, I don't know what it is used for and what INADDR_ANY is. These are used by other applications (such as clamav-milter, clamdscan etc) to connect to clamd. > 3. DetectPUA. What sort of applications is detected with this setting? Potentially Unwanted Applications: http://www.clamav.org/2007/09/03/detection-of-potentially-unwanted-applications/ -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam GMP3 vs GMP4
On Fri, Mar 14, 2008 at 11:34 AM, Andy Smith <[EMAIL PROTECTED]> wrote: > Hi list, > > I was trying to resolving the "NO SUPPORT FOR DIGITAL SIGNATURES" error > from freshclam, I am running FreeBSD 6.1. > In the ports collection the package I found was GMP4, the clam FAQ says I > need GMP3. Well I tried putting on GMP4 as, > first its the current release, and second I didnt have the option of > installing V3 from ports. I re-built clamav from source and > installed, but still the same error. Does anyone know if freshclam can work > with GMP4 or not and if so how? Have you tried installing ClamAV from ports, so that it handles this for you? -- Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Scan All incoming attactment
On Wed, Mar 12, 2008 at 7:11 AM, Tarak Ranjan <[EMAIL PROTECTED]> wrote: > No, i just want to be specific on on clamAV, is there any plugin or > parameter in clamAV to do the Attachment scanning. ClamAV is just a virus scanner - if you want to integrate it into your mail server you need to use something to provide that integration - as others have told you. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Snedmail clamav timeout before data read, where=mail
On Feb 5, 2008 5:43 PM, Pawel Rutkowski <[EMAIL PROTECTED]> wrote: > Hello, > > Sometimes i have problem to send email from my sendmail. Ehlo command > ok, mail from: command hangup. > When kill all sendmail process and start again daemon work propertly. It is > possible to clamav problem ? Errors from sendmail logs below: Version of Sendmail? Version of ClamAV? Operating System? Which milter are you using? Are there any other log entries? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamd doesn't create pid and socket file, no error output.
On Feb 4, 2008 9:51 PM, David Liang <[EMAIL PROTECTED]> wrote: > It runs OK before. But this Saturday, it stop work. When I restarted > clamd, The clamd seems run normally, but no pid, and socket files created > in /var/run/clamdav/, no error message output to log files. Does anybody > know why? With so little information, nobody will be able to help you. Maybe if you provided details such as the version of clamav, what OS you're using, whether there is anything in the log files and other such information. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Update Database
On Jan 25, 2008 12:53 PM, Clovis Tristao <[EMAIL PROTECTED]> wrote: > Hi All, > > I'm using Clamav in Server Fedora Core. > Please, How I up to date clamav databases automatically and I receive > e-mails saying that the system was brought up to date? Take a look at OnUpdateExecute in freshclam.conf -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav rpm package
On Jan 23, 2008 5:58 PM, Andrea Bencini <[EMAIL PROTECTED]> wrote: > clamav-0.92-6.fc8.i386.rpm and clamav-0.91.2-3.fc8.i386.rpm packages > haven't clamd.conf and freshclam.conf files. > clamav-0.92-33.fc8.i386.rpm package has clamd.conf and freshclam.conf files. > Why are there these differences? Try asking the person who created the packages. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV vs. Wildlist
On Jan 18, 2008 1:42 PM, Brandon Perry <[EMAIL PROTECTED]> wrote: > Hrm, why is clamdscan faster than clamscan? Lack of startup time overhead (as clamd is already running), though I'd expect that to be fairly static and probably largely irrelevant for large (multi GB) scans. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] problem installing clamav 0.92
On Jan 11, 2008 8:50 AM, SINDELAR Stefan <[EMAIL PROTECTED]> wrote: > Morning everyone, > > I have problems to install clamav 0.92 on Solaris 8 with GCC 3.4.6. > Below you can see the messages while configure and install it: > > ./configure --enable-milter > configure: WARNING: Unable to determine FPU endianess, some features may > not be available in this build <---SNIP---> > Has anyone an idea to get rid of the configure-Warning message? Search the list archive - there was a thread about this just the other day. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav virus signature update
On Jan 6, 2008 8:42 AM, Alessandro Volturno <[EMAIL PROTECTED]> wrote: > Hello guys, > > I'm using Clamav 0.92 installed from the Debian Volatile repository. > on a Debian testing distro kernel 2.6.22-3-686 kept daily updated. <---SNIP---> > Build: ClamAV 0.92/5385/Sun Jan 6 02:13:06 2008 > > Signatures: 148100 > (20 Aug 2007) That looks to be about a little old. > Current working dir is /var/lib/clamav/ So, where is ClamTK looking for the signatures? I suspect there's a mis-match between where ClamAV is storing the signatures and where ClamTK is looking for them. It's also possible that you have a mis-match between the clamd and freshclam configurations. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Failure to detect first time
On Jan 4, 2008 3:20 PM, Phil Chambers <[EMAIL PROTECTED]> wrote: <---SNIP---> > So, clamscan detects the signature but clamdscan does not! Note that some > examples of this signature do get detected by clamd.) File permissions problem (assuming you're not running clamd as root)? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)
On Jan 3, 2008 6:08 PM, Mark <[EMAIL PROTECTED]> wrote: > > a): Clamav were to run as root (and consequently run > ..progname.day-of-month as root too), which is plain stupid. There's lots of stupid people out there ;) > Also, where does the idea come from that a symlink will magically bring > the attacker root access? If .progname.day-of-month were a symlink, then > please, anyone, show me to what sort of file this symlink could point to > that would suddenly allow the attacker to gain root-access? It's not magic, but it's possible. Plenty of effective attacks, in the real world, have used this approach as part of a chain that results in gaining root access. > Also, on FreeBSD, we set /tmp +t, which means items in /tmp can be renamed > or deleted only by the item's owner. I think that's been standard on all unix type systems for a long time now. > In short, I fail to see what the fuss is all about. O_EXCL should have > been there, but it's a minor bug -- especially since the TS initially > failed to realize there was randomness, after all (though it could be > improved upon). I see no realistic possibilities for exploits. But I'm of > course open to hearing how someone thinks a realistic attack could be > mounted with it. A minor vulnerability here, a minor vulnerability there and pretty soon you're talking something bigger ;) As David said, attackers are creative - they're also often very persistent and highly skilled. At the end of the day there would be real money behind an exploit that could give any form of remote access to a host running ClamAV. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)
On Jan 3, 2008 4:09 PM, Dennis Peterson <[EMAIL PROTECTED]> wrote: > The success of this requires a bit of serendipity as well. If for reasons of > convenience the new TMPDIR is globally writeable then nothing has been > accomplished > which is why a global TMPDIR declaration is pointless. Well, yes and no. Let's take the following case: 1) You're using software which creates then executes a temporary file as .progname.day-of-month 2) The attacker knows this and has a remote attack to populate this file in /tmp to give themselves root access 3) You've globally defined TMPDIR to be /tmp/42/ 4) Attack fails Ok, it doesn't help against a local attacker (and then you're in trouble anyway), but against any remote attack making assumptions about the location of temporary files it has some value. Besides, I made no statement about global declarations ;) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)
On Jan 3, 2008 3:09 PM, Bowie Bailey <[EMAIL PROTECTED]> wrote: > Then this may be something that could use some explanation. > > Exactly what temp dir setting are you referring to and why should it be > changed? If the environment variable TMPDIR is defined then well behaved programs will use that instead of /tmp (as mentioned in David's initial post with this subject) for temporary files. Using this means that you break assumptions about temporary files appearing in /tmp, which complicates an attackers life. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to find infected file
I usually don't post but I just can't resist this insulting troll.. > wasn't provided with your question. I suspect that you ran 'clamscan' > and you were rewarded with a _very_ large list of file names, to each > of which was appended the four characters ": OK", and at the end of [...snip things about grep, editor and pager...] To make a really long story short; you mean something like: $ clamscan /home/ | grep -v ": OK" | less Of course, the OP would probably see a # instead of $ because he's logged in as root, not as a mortal user like he should, considering his experience. However, I'm not familiar with a clam.conf/clamscan.conf/whatever.conf file and I'm quite sure that it doesn't exist. There is of course the clamd.conf file that the OP might want to locate (hint) if he were using clamdscan instead of clamscan (OP: mind the little difference). But, then the OP would need an up-to-date locate database (hint). Ah wel, since it's almost Christmas eve (and before the OP starts trolling and top-posting again) these are the lines to find clamd.conf: (I haven't seen a recent distro that lacks these..) # updatedb # locate clamd.conf OP: - Don't tell us that you can't find updatedb, locate, grep and/or less. In that case, please go seek help elsewhere. This list is about ClamAV, not about learning to use Linux. - You need to cleanup your act if you want help. It's you who's insulting people that try to help you. If you can't use the help given, it might be you who's not competent enough to perform basic tasks. This would be your problem, not ours. - If you don't want to learn how to work with *nix and it's apps, please delete your Linux partition and stick with Windows as that would then be best for all of us (including you). > Compliments of the season to all. Perhaps a bit early, but, merry Christmas to everyone! Grts, Rob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV Vulnerability
On Nov 20, 2007 4:20 PM, tBB <[EMAIL PROTECTED]> wrote: > David F. Skoll wrote: > > > Tomasz Kojm wrote: > > > >> This is getting boring! > > > > I'm sorry you find it so. I actually find this to be exciting reading: > > > > http://www.securityfocus.com/cgi-bin/index.cgi?o=0&l=30&c=12&op=display_list&vendor=Clam%20Anti-Virus&version=&title=&CVE= > > Oh, then I'm sure you will find this an interesting reading too: > > http://search.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&query=roaring+penguin+software+vulnerabil%2A&x=0&y=0 Five vulnerabilities of which only 3 are for MIMEDefang, one this year, one in 2004 and one in 2002 compared to the 2 pages of hits for Clam - I don't think that was the comparison you were hoping for ;) Either way, yes, like every product there are vulnerabilities in both. David's original comment about ClamAV's vulnerability history doesn't appear too far from the mark, regardless of the obviously high emotions on either "side". -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Error message appended to subject line
On Nov 13, 2007 10:42 AM, Tony Baker <[EMAIL PROTECTED]> wrote: > > Apologies if I have sent this to the wrong list, but the message > started occurring after an upgrade of ClamAV. > > I have also upgraded spamassassin and amavis-new, but the messages > started after upgrading ClamAV. > <---SNIP---> > Do you think I should be trying the amavis or spamassassin lists then?? As you're probably using amavis for calling clamav I'd suggest you try the amavis list. Be sure to provide details that you've missed on this thread, like actual version numbers and how you're calling clamav from amavis ;) -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How quickly do I need to upgrade when a new version is released and when do warnings appear
On Nov 7, 2007 10:30 AM, Sandeep Sachdev <[EMAIL PROTECTED]> wrote: > Hi, > > I'm new to using clam and I've got a few questions I was hoping I could get > answered.I had a quick look around the FAQ, documentation and mail list > archives but didn't find information on these questions. > > 1. When a new binary is released. How quickly will I need to update to it > before I might be unprotected from the latest viruses. Is it usually a matter > or days/weeks/months? I assume you mean version, rather than binary. In theory the answer is that you're already behind on protection so you need to upgrade as soon as possible. > 2.How quickly will clamscan or clamdscan warn me that I am using an older > binary. I'm assuming something will be output when i run clamscan or > clamdscan. Is this assumption correct? Does this only occur once the virus > database contains virus signatures that aren't supported with the older > binary. Freshclam will warn you when your installed version is out of date. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
On 10/31/07, Milton Calnek <[EMAIL PROTECTED]> wrote: > Hello all, > > About a month or so ago, freshclam stopped working for me. At first I > thought it might be a short outage, unfortunately that was not the case. > > First freshclams's query for current.cvd.clamav.net fails, but the query > works when done from the command line. > > It also seems to fail getting info on db.ca.clamav.net, I'm not sure of > the query involved for the db... but from the command line I can get > address records. > > I have also tried using db.us.clamav.net and a couple of European > mirrors too. > > This gateway server uses an internal server that queries root name > servers and other authoritative name servers. > > I have also tried using my ISP's name server. > > With all combinations, I get more or less the same result. > > Any suggestions? Two things, 1) You may be able to go standard DNS lookups, but can you lookup TXT records? Is DNS over TCP supported by your DNS server (many organisations block it in the mistaken belief that it improves security and breaks nothing) 2) See the last post in the thread titled "ClamAV patch download not working in South Africa" -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Recent viruses
On 10/25/07, Gomes, Rich <[EMAIL PROTECTED]> wrote: > Dennis, > Thanks for the reply. I understand all of what you are saying, having > worked as a sysadmin for many years now. My issue is that even with most > vendors using different naming conventions, they are "usually" > cross-reference in any technical info that is out there. I can't find any > data on these messages and would like to know what other malware names they > match up to so I can present it to management. At this point I can't even > give a risk assessment. The trouble is, that takes time, time that has to be paid for (or donated free). One option would be to submit the viruses to the likes of VirusTotal, to see what the other vendor's call it. You, and others, could then create a comparison page that allowed you to search for a virus signature name and see what other products call it. Somebody else used to manage a page like this, but I don't know if it's still being done. Not perfect I know, but right now I suspect it's the only way. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] (no subject)
On 10/23/07, oboltus <[EMAIL PROTECTED]> wrote: > > Could You set an example of practical realization with use clamav-milter? See the documentation/man page/google. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] (no subject)
On 10/23/07, oboltus <[EMAIL PROTECTED]> wrote: > > > Yes - the solution of course will depend on your mail server, which > > you make no mention of. > > OS - Linux RedHat 7.3 > MTA - sendmail Then you have a range of options, including clamav-milter, MIMEDefang and amavisd-new, to name but a few. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] (no subject)
On 10/16/07, oboltus <[EMAIL PROTECTED]> wrote: > Hello! > I address with a question, the answer on which could not find in FAQ. whether > can clamav check on viruses outcoming mail? If yes, as it to realize? > thank you in advance. Yes - the solution of course will depend on your mail server, which you make no mention of. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] outdated version?
On 10/15/07, zbigniew szalbot <[EMAIL PROTECTED]> wrote: > Hello, > > In my log I read: > > Oct 15 12:57:17 lists freshclam[733]: Received signal: wake up > Oct 15 12:57:17 lists freshclam[733]: ClamAV update process started at > Mon Oct 15 12:57:17 2007 > Oct 15 12:57:17 lists freshclam[733]: Your ClamAV installation is OUTDATED! > Oct 15 12:57:17 lists freshclam[733]: Local version: 0.90.3 Recommended > version: 0.91.2 > > However, > > $ clamd -V > ClamAV 0.91.2/4540/Sun Oct 14 03:43:55 2007 > > $ pkg_info -Ix clamav > clamav-0.91.2 Command line virus scanner written entirely in C > > Why would I be getting information that the local version is 0.90.3? Because you previously installed from source and now you're using the port/package. You'd already know that if you'd taken the time to search the list archive ;) Remove the old versions from your system. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Does clamav protect against rootkits?
On 10/14/07, Aniruddha <[EMAIL PROTECTED]> wrote: > Thanks for the answers, does anyone know this for sure? Quoting the ClamAV home page: ...designed especially for e-mail scanning on mail gateways. So no, it's not designed to detect rootkits. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Some question on freshclam
On 10/12/07, Pieter <[EMAIL PROTECTED]> wrote: > Hi, > > I saw indeed that this info is shown upon running freshclam. However I do > not want to trigger an update to the servers. I only want this info. Just > running freshclam will add more load to your pattern file servers which is > not needed in this case. Hence the request ... No, freshclam will check DNS to see whether an update is required. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Logging to /var/spool/mail/root
On 9/24/07, McGlynn, Sean (DOB) <[EMAIL PROTECTED]> wrote: > Rob, > > Thank you for your reply. > > So to be clear, cron is calling a script (below). I assume even though > cron is calling a script, rather than the individual commands in the > script, your same suggestion applies? If so, would it be a matter of > adding 1>/dev/null to the end of each line? I'm somewhat new to Linux, > so forgive my elementary queries. Thank you. The easiest approach is to append the following to the line in cron (so you can run the script interactively and see the output): ">/dev/null 2>/dev/null" Alternatively, replace your script with the following: >>>>> #!/bin/sh PARTITIONS="/ /_admin /bin /boot /etc /lib /mnt /opt /sbin /srv /tmp /usr /var" for PARTITION in ${PARTITIONS} do clamscan -r --move=/var/log/clam/infected -l /var/log/clam/dailyclamscan ${PARTITION} >/dev/null 2>&1 done <<<<< Much easier to change where the output is directed now :) If you simply want to scan all disk partitions replace the second line with: PARTITIONS=`df -lP | grep ^/` That will list all the mounted disk partitions that are local to the host in question. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html