Re: [clamav-users] clamav error
Hi there, On Sat, 26 Jun 2021, Tsutomu Oyamada wrote: It's also talked about in this thread CVD version 26199 causes the following error in ClamAV version 0.99.2: Can't open file or directory ERROR We have identified the signature of the problem in CVD version 26199. Win.Loader.Boxter-9870959-0 If you ignore this signature, you can scan without errors. If possible, exclude this signature or modify it. Please help us. Best regards T.O ... I have been unable to find the thread to which you seem to be trying to refer, and your message does not make it clear, at least to me, whether you are asking a question or making a contribution to the discussion. Please follow recognized practices when composing your messages to a mailing list so that they do not cause unnecessary confusion. A link to the referenced thread would help enormously. There is no need to quote extensively from it in your message. https://marc.info/?l=clamav-users&w=2&r=1&s=ClamAV+version+0.99.2&q=b https://marc.info/?l=clamav-users&w=2&r=1&s=Win.Loader.Boxter&q=b If you are asking for help with an old version of ClamAV, the advice must be to upgrade to a supported version, preferably the most recent. At the date of this message, the most recent version is 0.103.3. At the date of this message, version 26199 of the 'daily' database is two weeks old. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav error
Hi all, It's also talked about in this thread CVD version 26199 causes the following error in ClamAV version 0.99.2: Can't open file or directory ERROR We have identified the signature of the problem in CVD version 26199. Win.Loader.Boxter-9870959-0 If you ignore this signature, you can scan without errors. If possible, exclude this signature or modify it. Please help us. Best regards T.O On Thu, 17 Jun 2021 09:41:38 -0400 Michael Orlitzky via clamav-users wrote: > On 2021-06-17 09:00:09, Jigar via clamav-users wrote: > > Hello, > > > > Suddenly, we are getting the following error in clamd.log file > > > > Thu Jun 17 08:52:49 2021 -> > > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: > > Can't create new file ERROR > > Thu Jun 17 08:52:49 2021 -> > > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: > > Can't open file or directory ERROR > > > > We have checked up all the permission and ownership. There is no change in > > it. > > > > If you are (or can be) using a local socket to communicate with clamd, > then I would suggest changing the way that amavisd invokes the virus > scanner in amavisd.conf: > > # Use clamdscan with the --fdpass option so that the "clamav" user > # doesn't need to be able to read amavis's private working > # directory. > @av_scanners = ( > ['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}", > [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], > ); > > This is now the way that amavisd recommends, and assumes that your > clamd socket is writable by the amavis user. > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav error
On 2021-06-17 09:00:09, Jigar via clamav-users wrote: > Hello, > > Suddenly, we are getting the following error in clamd.log file > > Thu Jun 17 08:52:49 2021 -> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: > Can't create new file ERROR > Thu Jun 17 08:52:49 2021 -> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: > Can't open file or directory ERROR > > We have checked up all the permission and ownership. There is no change in it. > If you are (or can be) using a local socket to communicate with clamd, then I would suggest changing the way that amavisd invokes the virus scanner in amavisd.conf: # Use clamdscan with the --fdpass option so that the "clamav" user # doesn't need to be able to read amavis's private working # directory. @av_scanners = ( ['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}", [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ); This is now the way that amavisd recommends, and assumes that your clamd socket is writable by the amavis user. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav error
Hi there, On Thu, 17 Jun 2021, Jigar via clamav-users wrote: We still have the old version of clamav - 0.99 on our mail server. As I said to you in April, if you are using vulnerable software, patch it. Upgrade ClamAV immediately. ClamAV version 0.99 is well past its End Of Life, and aside from some well-publicized security issues, for some months the database servers have prevented 0.99 from updating its copies of the signature databases. New malware signatures are being added at an average a rate of at least one hundred per day, so you may expect that by now you are missing more than ten thousand very recent virus signatures. ... we need to run the server without any issue. So does everyone else. The latest version of ClamAV is 0.103.2. ClamaV 0.100 was released on April 9, 2018, so you are running security software which has now been outdated for more than three years. You have been subscribed to this list since at least April 2021, what have you been doing since then? When you do not take security seriously you become part of the problem. You have been part of the problem for at least three years and everyone here would welcome you if you pulled up your socks. It isn't difficult to upgrade ClamAV, but you will need some of the supporting software to be relatively recent. Presumably your mail server's other software is in need of upgrades too. From the earlier correspondence, I guess also your workstations: https://marc.info/?l=clamav-users&m=161746896209362&w=2 On Thu, 17 Jun 2021, Jigar via clamav-users wrote: On Thu, Jun 17, 2021 at 9:06 AM Gary R. Schmidt wrote: > On 17/06/2021 13:30, Jigar via clamav-users wrote: > > > > Suddenly, we are getting the following error in clamd.log file > > > > Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: Can't create new file ERROR > > Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: Can't open file or directory ERROR > > > > We have checked up all the permission and ownership. There is no change in it. > > Have you checked that whatever file system contains > "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" > has not run out of space? Following is disk space status. It appears no issue with disk space. /dev/sda375G 50G 22G 71% / In 2021 those numbers look small for any server but it is not clear to me from the output of the command you have posted that the directories /var/amavis/tmp/* are in fact on the root partition. You need to check that first. But it could be that there's some other problem. For example there might have been an error resulting in parts of the filesystem being remounted read-only. I'm just guessing here, we need a lot more information. If you can create (and then delete) a fairly large test file in the amavis directory, at least that will tell you that there is free space there and that it's writeable. If you can do it as the user which is running the relevant process(es) that will tell you a bit more. What operating systems and mail server software are you using? -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav error
Hello, Following is disk space status. It appears no issue with disk space. /dev/sda375G 50G 22G 71% / With Regards Jigar Raval On Thu, Jun 17, 2021 at 9:06 AM Gary R. Schmidt wrote: > > On 17/06/2021 13:30, Jigar via clamav-users wrote: > > Hello, > > > > Suddenly, we are getting the following error in clamd.log file > > > > Thu Jun 17 08:52:49 2021 -> > > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: > > Can't create new file ERROR > > Thu Jun 17 08:52:49 2021 -> > > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: > > Can't open file or directory ERROR > > > > We have checked up all the permission and ownership. There is no change in > > it. > > > > We still have the old version of clamav - 0.99 on our mail server. We > > are in the process of upgrading with a new server. Meanwhile, we need > > to run the > > server without any issue. We request kind help. > > > Have you checked that whatever file system contains > "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not > run out of space? > > Cheers, > GaryB-) > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav error
On 17/06/2021 13:30, Jigar via clamav-users wrote: Hello, Suddenly, we are getting the following error in clamd.log file Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: Can't create new file ERROR Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: Can't open file or directory ERROR We have checked up all the permission and ownership. There is no change in it. We still have the old version of clamav - 0.99 on our mail server. We are in the process of upgrading with a new server. Meanwhile, we need to run the server without any issue. We request kind help. Have you checked that whatever file system contains "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not run out of space? Cheers, GaryB-) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav error
Hello, Suddenly, we are getting the following error in clamd.log file Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: Can't create new file ERROR Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: Can't open file or directory ERROR We have checked up all the permission and ownership. There is no change in it. We still have the old version of clamav - 0.99 on our mail server. We are in the process of upgrading with a new server. Meanwhile, we need to run the server without any issue. We request kind help. With Regards Jigar Raval ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav error using YARA
Ok Ged, many thanks again for your reply. As far as I can see, CLAMAV works well. Only this Maldet error seems to me strange as it appeared recently. Until now, I did not even see that link between clamav and maldet. I'm going to look at Maldet installation and YARA integration more precisely and follow your advise. Kind regards, Philippe Le 11/11/2019 à 21:54, G.W. Haywood via clamav-users a écrit : Hello again, On Mon, 11 Nov 2019, Philippe Lefèvre wrote: thanks for your post Ged. You're very welcome. :) ... it seems that neither Clamav nor Maldet installed on my Debian box have the right rfxn.* files I'm not familiar with these programs but I would like to understand if clamav is delivered with an instance of rfxn files or if those files are installed with Maldet (part of Maldet package?) or something else. There are Debian packages for ClamAV. I don't think Debian has its own package for the rfxn signatures but I haven't looked carefully. If you are using a Debian system I would suggest that using the Debian ClamAV packages would be the simplest way to install ClamAV. Then you can install extra signatures very simply, more or less by copying files to the ClamAV database directory. ClamAV does not supply the Maldet files, they are what the supplier of ClamAV calls 'third-party' or 'unofficial' signatures. There are many such sets of signatures which essentially add functionality to ClamAV, for example I use the Sanesecurity signatures on mail servers to catch a lot of spam; I'm less interested in malware as I rule my systems with a rod of iron. :) May be something is/was broken somewhere and it would save me time reinstall maldet or clamav, both, copy the rfxn.* files? Please your advise. The people who produce the Maldet files should be able to help you better than I can, I'm afraid I know nothing about the installation process for Maldet. If ClamAV is scanning files normally then I don't think you need to reinstall it. If ClamAV finds a set of signatures in a suitable form in its database directory then it will try to load and use them unless you tell it otherwise. I looked briefly at the documentation at https://www.rfxn.com/projects/linux-malware-detect/ and I'm afraid it left me asking more questions rather than fewer. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav error using YARA
Hello again, On Mon, 11 Nov 2019, Philippe Lefèvre wrote: thanks for your post Ged. You're very welcome. :) ... it seems that neither Clamav nor Maldet installed on my Debian box have the right rfxn.* files I'm not familiar with these programs but I would like to understand if clamav is delivered with an instance of rfxn files or if those files are installed with Maldet (part of Maldet package?) or something else. There are Debian packages for ClamAV. I don't think Debian has its own package for the rfxn signatures but I haven't looked carefully. If you are using a Debian system I would suggest that using the Debian ClamAV packages would be the simplest way to install ClamAV. Then you can install extra signatures very simply, more or less by copying files to the ClamAV database directory. ClamAV does not supply the Maldet files, they are what the supplier of ClamAV calls 'third-party' or 'unofficial' signatures. There are many such sets of signatures which essentially add functionality to ClamAV, for example I use the Sanesecurity signatures on mail servers to catch a lot of spam; I'm less interested in malware as I rule my systems with a rod of iron. :) May be something is/was broken somewhere and it would save me time reinstall maldet or clamav, both, copy the rfxn.* files? Please your advise. The people who produce the Maldet files should be able to help you better than I can, I'm afraid I know nothing about the installation process for Maldet. If ClamAV is scanning files normally then I don't think you need to reinstall it. If ClamAV finds a set of signatures in a suitable form in its database directory then it will try to load and use them unless you tell it otherwise. I looked briefly at the documentation at https://www.rfxn.com/projects/linux-malware-detect/ and I'm afraid it left me asking more questions rather than fewer. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav error using YARA
Hi all, thanks for your post Ged. I have a maldet 6.1.4 installed under /usr/local: #maldet -version === Linux Malware Detect v1.6.4 (C) 2002-2019, R-fx Networks (C) 2019, Ryan MacDonald This program may be freely redistributed under the terms of the GNU GPL v2 === but when I do # grep -n is__elf /usr/local/maldetect/sigs/rfxn.yara I get === 9112: is__elf and all of ($s*) === same when I do # grep -n is__elf /var/lib/clamav/rfxn.yara === 9112: is__elf and all of ($s*) === I just downloaded maldet 1.6.4 and had a look into my downlowds dir, I can see # grep -n is__elf ~/telechargements/maldetect-1.6.4/files/sigs/rfxn.yara === 9068:private rule is__elf 9105: is__elf and all of ($s*) === So it seems that neither Clamav nor Maldet installed on my Debian box have the right rfxn.* files I'm not familiar with these programs but I would like to understand if clamav is delivered with an instance of rfxn files or if those files are installed with Maldet (part of Maldet package?) or something else. May be something is/was broken somewhere and it would save me time reinstall maldet or clamav, both, copy the rfxn.* files? Please your advise. Thanks Le 11/11/2019 à 14:41, G.W. Haywood via clamav-users a écrit : Hi there, On Mon, 11 Nov 2019, Philippe Lefèvre wrote: # grep -n is__elf /var/lib/clamav/rfxn.yara 9112: is__elf and all of ($s*) Maybe this will help: https://www.rfxn.com/downloads/maldetect-current.tar.gz 8<-- laptop3:~$ >>> grep -n is__elf ~/Downloads/maldetect-1.6.4/files/sigs/rfxn.yara 9068:private rule is__elf 9105: is__elf and all of ($s*) laptop3:~$ >>> 8<-- ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav error using YARA
Hi there, On Mon, 11 Nov 2019, Philippe Lefèvre wrote: # grep -n is__elf /var/lib/clamav/rfxn.yara 9112: is__elf and all of ($s*) Maybe this will help: https://www.rfxn.com/downloads/maldetect-current.tar.gz 8<-- laptop3:~$ >>> grep -n is__elf ~/Downloads/maldetect-1.6.4/files/sigs/rfxn.yara 9068:private rule is__elf 9105:is__elf and all of ($s*) laptop3:~$ >>> 8<-- -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav error using YARA
I'm not entirely familiar with yara, but based on https://yara.readthedocs.io/en/latest/modules/elf.html , there is no such function as "is__elf". Based on a whole search in the yara doc, there's only is_dll, is_32bit and is_64bit. Further googling shows this: https://github.com/Yara-Rules/rules/commit/8130cda6a3cd1b470b59e29a769162600bf1efab It seems is__elf is a private function now, so you can't use it directly anymore I guess. Franky Op Maandag, 11-11-2019 om 09:10 schreef Philippe Lefèvre: Hello, thanks for your reply :-) here is: = # grep -n is__elf /var/lib/clamav/rfxn.yara 9112: is__elf and all of ($s*) = Le 11/11/2019 à 01:02, G.W. Haywood via clamav-users a écrit : > grep -n is__elf /var/lib/clamav/rfxn.yara ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav error using YARA
Hello, thanks for your reply :-) here is: = # grep -n is__elf /var/lib/clamav/rfxn.yara 9112: is__elf and all of ($s*) = Le 11/11/2019 à 01:02, G.W. Haywood via clamav-users a écrit : grep -n is__elf /var/lib/clamav/rfxn.yara ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav error using YARA
Hi there, On Sun, 10 Nov 2019, Philippe Lefèvre wrote: Since some time (less than a month I think) I now get this message when I launch a directory scan. LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 8955 undefined identifier "is__elf" LibClamAV Warning: cli_loadyara: failed to parse or load 1 yara rules from file /var/lib/clamav/rfxn.yara, successfully loaded 784 rules. Please post the output of grep -n is__elf /var/lib/clamav/rfxn.yara -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Clamav error using YARA
Hello, Since some time (less than a month I think) I now get this message when I launch a directory scan. LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 8955 undefined identifier "is__elf" LibClamAV Warning: cli_loadyara: failed to parse or load 1 yara rules from file /var/lib/clamav/rfxn.yara, successfully loaded 784 rules. -- SCAN SUMMARY --- Known viruses: 6703721 Engine version: 0.101.4 Scanned directories: 27 Scanned files: 341 Infected files: 0 Data scanned: 1602.74 MB Data read: 1514.41 MB (ratio 1.06:1) Time: 652.779 sec (10 m 52 s) Anyone already encounter this ? is there something I could do to fix it ? Thanks for you advise. Kind regards Philippe ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[Clamav-users] clamav error
hello all, i am new to this post and i have some post for you ok i have one mail server which clamav and i can send email but i dont receive the mail for wan i see this mistake Clamsmtpd: Can't connect to : /var/run/clamav/clamd.ctl: connection refuse help me please thanks ps: sorry for my bad english. _ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav error - please help
Hi, I am running clam version 0.91.2 in CentOS 5 . For the past 24 hours, I am getting tons of errors of this message Tue Oct 2 10:08:17 2007 -> ERROR: accept() failed: à óÿ¿^? Tue Oct 2 10:08:17 2007 -> ERROR: ScanStream 31440: accept() failed. Tue Oct 2 10:08:17 2007 -> ERROR: ScanStream 31313: accept() failed. Tue Oct 2 10:08:17 2007 -> ERROR: ScanStream 35495: accept() failed. Tue Oct 2 10:08:18 2007 -> ERROR: ScanStream 35858: accept() failed. Tue Oct 2 10:08:18 2007 -> ERROR: ScanStream 35191: accept() failed. Tue Oct 2 10:08:19 2007 -> ERROR: ScanStream 33460: accept() failed. Tue Oct 2 10:08:19 2007 -> ERROR: ScanStream 33550: accept() failed. Tue Oct 2 10:08:19 2007 -> ERROR: ScanStream 30460: accept() failed. There is enough processing power and disk space (under /tmp) for clam to process. It is processing tons of emails , but failing for few giving out the above error. These errors are sometimes abruptly kill my clamav daemon. Any ideas what could be the problem Many Thanks Regards K.Deepak ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav error in mail.log
I use Postfix + amavis + clamav 0.90.2 I have this error in mail.log during about 5 minutes every time I restart postfix. Then there is no error. May 28 21:17:05 meli amavis[32322]: (32322-01) Clam Antivirus-clamd av-scanner FAILED: Too many retries to talk to /opt/Clamav/socket/clamd.socket (Can't connect to UNIX socket /opt/Clamav/socket/clamd.socket: No such file or directory) at (eval 41) line 257. May 28 21:17:05 meli amavis[32327]: (32327-01) Clam Antivirus-clamd: Can't connect to UNIX socket /opt/Clamav/socket/clamd.socket: No such file or directory, retrying (2) May 28 21:17:05 meli amavis[32323]: (32323-01) Clam Antivirus-clamd: Can't connect to UNIX socket /opt/Clamav/socket/clamd.socket: No such file or directory, retrying (2) May 28 21:17:05 meli amavis[32326]: (32326-01) Clam Antivirus-clamd: Can't connect to UNIX socket /opt/Clamav/socket/clamd.socket: No such file or directory, retrying (2) May 28 21:17:05 meli amavis[32324]: (32324-01) Clam Antivirus-clamd: Can't connect to UNIX socket /opt/Clamav/socket/clamd.socket: No such file or directory, retrying (2) I verified : Clamav seems to works correctly. I did'nt modified amavis and clamv configuration files for a long time. In clamd.log, I have : [EMAIL PROTECTED] root]# tail /share/c0d3p1/log/clamd.log SelfCheck: Database status OK. SelfCheck: Database status OK. /share/c0d3p1/amavis/tmp/amavis-20070530T151212-20345/parts/p002: Worm.Mydoom.M FOUND /share/c0d3p1/amavis/tmp/amavis-20070530T151606-20728/parts/p002: Worm.Mydoom.M FOUND SelfCheck: Database status OK. SelfCheck: Database status OK. SelfCheck: Database status OK. /share/c0d3p1/amavis/tmp/amavis-20070530T163048-28869/parts/p001: HTML.Phishing.Pay-36 FOUND /share/c0d3p1/amavis/tmp/amavis-20070530T165324-31353/parts/p002: Worm.Nyxem.E FOUND SelfCheck: Database status OK. and the files are in the quarantine. Could you confirm me that all is OK ? and why I have this error ? Is somebody in the same situation ? Thanks in advance for your help Annie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav error lstat()
Thanks Clifford, I forgot to add clamav user is in the same group as the user running amavis. It worked. Thanks Clifford and Edwin, Somehow, '@bypass_spam_checks_maps' was commented out. I'm able to sucessfully build it on a relay server having virtual aliases. Thanks everyone, Best regards, Shanmuga ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav error lstat()
Shanmuga sundaram Krishnasamy wrote: Hello, I'm trying a configure clamav to work with Postfix ( Taking some hint from http://www.fatofthelan.com/articles/articles.php?pid=22) I've Debian Sarge and postfix 2.1.5. I was able to install clamav but while testing I'm getting the following error. amavis[1648]: (01648-01) Clam Antivirus-clamd FAILED - unknown status: /var/lib/amavis/amavis-20070330T110203-01648/parts: lstat() failed. ERROR\n amavis[1648]: (01648-01) WARN: all primary virus scanners failed, considering backups And postfix is also giving me the error, fatal: open dictionary: need "type:name" form instead of: "-o" Any idea? Thanks, Shan ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html I recently had a problem with this and then realised I forgot to add the clamav user to the virtual group (I'm using virtual users). Check if the clamav user is in the same group as the user running amavis. As for postfix giving an error check if the content_filter is set like this: content_filter = amavis:[127.0.0.1]:10024 I think you maybe have content_filter = amavis -o HTH Clifford ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav error lstat()
Hello, I'm trying a configure clamav to work with Postfix ( Taking some hint from http://www.fatofthelan.com/articles/articles.php?pid=22) I've Debian Sarge and postfix 2.1.5. I was able to install clamav but while testing I'm getting the following error. amavis[1648]: (01648-01) Clam Antivirus-clamd FAILED - unknown status: /var/lib/amavis/amavis-20070330T110203-01648/parts: lstat() failed. ERROR\n amavis[1648]: (01648-01) WARN: all primary virus scanners failed, considering backups And postfix is also giving me the error, fatal: open dictionary: need "type:name" form instead of: "-o" Any idea? Thanks, Shan ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV error with cli_untgz
On Wed, Dec 13, 2006 at 05:42:50PM -0300, Alejandro said: > Dear all, I have a debian etch + postfix + spamassassin + clamav system, > but when I run "/etc/init.d/clamav-daemon start" I get this error mesage > and the daemon doesn't start at all: > > LibClamAV Error: wrote 0 instead of 512 > (/tmp/clamav-67ea3a8be7a9faa9/main.ndb) > cli_untgz: no space left on device > LibClamAV error: cli_cvload (): can't unpack CVD file > LibClamAV error: Can't load /var/lib > clamav main.cvd: CVD extraction failure > ERROR: CVD extarction failure > > My / fie system (when I suppose will be installed de CVD file) has 65MB > free...is it enough ??? Or where will main.cvd file installed in order > to make a new file partition and mount it in this place ??? > > What's wrong on my system Whatever partition TemporaryDirectory points to is almost full. Repoint it. -- -- | Stephen Gran | Humor in the Court: Q: Could you see| | [EMAIL PROTECTED] | him from where you were standing? A: I | | http://www.lobefin.net/~steve | could see his head. Q: And where was| || his head? A: Just above his shoulders. | -- signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV error with cli_untgz
Dear all, I have a debian etch + postfix + spamassassin + clamav system, but when I run "/etc/init.d/clamav-daemon start" I get this error mesage and the daemon doesn't start at all: LibClamAV Error: wrote 0 instead of 512 (/tmp/clamav-67ea3a8be7a9faa9/main.ndb) cli_untgz: no space left on device LibClamAV error: cli_cvload (): can't unpack CVD file LibClamAV error: Can't load /var/lib clamav main.cvd: CVD extraction failure ERROR: CVD extarction failure My / fie system (when I suppose will be installed de CVD file) has 65MB free...is it enough ??? Or where will main.cvd file installed in order to make a new file partition and mount it in this place ??? What's wrong on my system Really thanks, Alejandro ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] CLAMAV Error
hi: Hello to all My name is rodrigo, and i have a little problem when i complie CLAMAV this is the error: gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -I/usr/local/include -g -O2 -MT lzxd.lo -MD -MP -MF .deps/lzxd.Tpo -c mspack/lzxd.c -fPIC -DPIC -o .libs/lzxd.lo gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -I./mspack -I/usr/local/include -g -O2 -MT lzxd.lo -MD -MP -MF .deps/lzxd.Tpo -c mspack/lzxd.c -o lzxd.o >/dev/null 2>&1 make[1]: *** [lzxd.lo] Error 1 make[1]: Leaving directory `/usr/src/RPM/BUILD/clamav-0.86.1/libclamav' make: *** [check-recursive] Error 1 any ideas or experience? THANKS :) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav error
On Sun, 25 Apr 2004 13:22:28 +0200, John van Lit <[EMAIL PROTECTED]> wrote: >All, > > > > > >At this moment I'm using clamav-0.70-rc. When I check my update log is see >the following error. > > > >Your ClamAV installation is OUTDATED - please update immediately ! > > > >How can I resolve this? > >Can I aspect errors in combination with qmail-scanner.pl? > > > >Rgds, > > > >John van Lit Install ClamAV version 0.70, perhaps? -- Steve --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav error
On Sunday, April 25, 2004, 4:40:01 PM, Lionel Bouton wrote: LB> Christopher X. Candreva wrote the following on 04/25/2004 02:51 PM : >>On Sun, 25 Apr 2004, John van Lit wrote: >> >> >> >>>Your ClamAV installation is OUTDATED - please update immediately ! >>> >>> >> >> >> LB> This message is kind of scary, and isn't really detailed enough (but LB> probably better than nothing) : LB> In which way 0.68 (our running version) is "OUTDATED" ? What does it LB> lack that could impact us ? The message doesn't state this so I checked LB> the 0.70 changelog and decided to rely on 0.68 until we have time for LB> testing 0.70. Now if in the future 0.80 brings something critical, this LB> message probably won't change and prompt me to do a changelog check. For LB> us it isn't really a concern as I am subscribed to clamav-users and LB> follows clamav's features, but it might probably be for casual users. LB> Now why we won't upgrade from 0.68 just now : LB> we just (less than 2 months ago) updated to 0.68 to benefit from the LB> signed cvd files and don't want to upgrade again if we don't need to. In LB> our case, upgrading means running various checks with normal files, rar, LB> zip, nested zip files and zip bombs in various conditions. We verify LB> that we have control over the directory clamav uses when uncompressing LB> archives, the error codes returned in various conditions (out of memory, LB> out of disk space), ... LB> Upgrading production systems isn't a matter of simply upgrading a few LB> rpm files... LB> Running 0.70 versus 0.68 seems to bring encrypted archive detection LB> support, we can live without it for now. Is there something else I missed ? LB> Best regards, With the 0.70 release Clam is able to extract VBA-Code from Word and Excel files. We started to add signatures for this and you can´t use them with the 0.68 release. This doesn´t mean that your Clam stops working, it just can´t detect any Macro-Virus inside a MS-Office document. hth -- Best regards, Christophmailto:[EMAIL PROTECTED] --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav error
> In which way 0.68 (our running version) is "OUTDATED" ? CL_FLEVEL is still1 (2 in 0.70) in libclamav/others.c that's why the developers told us to upgrade on or before 04-24, iirc... -- Please avoid sending me Microsoft Office attachments. See http://www.fsf.org/philosophy/no-word-attachments.html --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav error
Christopher X. Candreva wrote the following on 04/25/2004 02:51 PM : On Sun, 25 Apr 2004, John van Lit wrote: Your ClamAV installation is OUTDATED - please update immediately ! This message is kind of scary, and isn't really detailed enough (but probably better than nothing) : In which way 0.68 (our running version) is "OUTDATED" ? What does it lack that could impact us ? The message doesn't state this so I checked the 0.70 changelog and decided to rely on 0.68 until we have time for testing 0.70. Now if in the future 0.80 brings something critical, this message probably won't change and prompt me to do a changelog check. For us it isn't really a concern as I am subscribed to clamav-users and follows clamav's features, but it might probably be for casual users. Now why we won't upgrade from 0.68 just now : we just (less than 2 months ago) updated to 0.68 to benefit from the signed cvd files and don't want to upgrade again if we don't need to. In our case, upgrading means running various checks with normal files, rar, zip, nested zip files and zip bombs in various conditions. We verify that we have control over the directory clamav uses when uncompressing archives, the error codes returned in various conditions (out of memory, out of disk space), ... Upgrading production systems isn't a matter of simply upgrading a few rpm files... Running 0.70 versus 0.68 seems to bring encrypted archive detection support, we can live without it for now. Is there something else I missed ? Best regards, -- Lionel Bouton - inet6 - o Siege social: 51, rue de Verdun - 92158 Suresnes / _ __ _ Acces Bureaux: 33 rue Benoit Malon - 92150 Suresnes / /\ /_ / /_ France \/ \/_ / /_/ Tel. +33 (0) 1 41 44 85 36 Inetsys S.A.Fax +33 (0) 1 46 97 20 10 --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav error
On Sun, 25 Apr 2004, John van Lit wrote: > Your ClamAV installation is OUTDATED - please update immediately ! > How can I resolve this? Stop running the outdated version ? Check the clam web site for a newer version ? Patient: Doctor Doctor -- it hurts when I do this ! Doctor: So don't do that! == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav error
All, At this moment I’m using clamav-0.70-rc. When I check my update log is see the following error. Your ClamAV installation is OUTDATED - please update immediately ! How can I resolve this? Can I aspect errors in combination with qmail-scanner.pl? Rgds, John van Lit
Re: [Clamav-users] Clamav error
On Sunday 25 April 2004 12:21 pm, John van Lit wrote: > All, > > At this moment I'm using clamav-0.70-rc. When I check my update log is see > the following error. > > Your ClamAV installation is OUTDATED - please update immediately ! > > How can I resolve this? Er, upgrade to 0.70? Antony. -- Perfection in design is achieved not when there is nothing left to add, but rather when there is nothing left to take away. - Antoine de Saint-Exupery Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav error
All, At this moment I’m using clamav-0.70-rc. When I check my update log is see the following error. Your ClamAV installation is OUTDATED - please update immediately ! How can I resolve this? Can I aspect errors in combination with qmail-scanner.pl? Rgds, John van Lit
[Clamav-users] Clamav error
Does any body kows why is this happening? 17178 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007258045617052 17201 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007260645617194 17216 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007261145617212 17251 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007262745617247 17258 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007262545617245 17264 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007260645617196 17271 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007253145616904 17284 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007263745617277 17308 ?S 0:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=20 --max-space=9 /var/spool/qmailscan/korn108007264145617300 Thiago Taranto --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [clamav-users] clamav error - how to optimize for heavy duty.
> > Hi Everyone, > > Okay, I do run a very busy server here, so I need some optimal settings > for clamd. > > I get alot of errors like this one: > > > Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. > Fri Nov 15 07:53:54 2002 -> Found free slot 0 > Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. > Fri Nov 15 07:53:54 2002 -> Found free slot 0 > Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. > Fri Nov 15 07:53:54 2002 -> Found free slot 0 > Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. > Fri Nov 15 07:53:54 2002 -> Found free slot 0 > Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. Wash, please add the folowing line to the clamd/server.c file: logg("accept() error: %s\n", strerror(errno)); just after the accept() function call (after logg("accept() failed...)). This message may not be very accurate (because errno is not a thread safe), but will help. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] clamav error - how to optimize for heavy duty.
Hi Everyone, Okay, I do run a very busy server here, so I need some optimal settings for clamd. I get alot of errors like this one: Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. Fri Nov 15 07:53:54 2002 -> Found free slot 0 Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. Fri Nov 15 07:53:54 2002 -> Found free slot 0 Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. Fri Nov 15 07:53:54 2002 -> Found free slot 0 Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. Fri Nov 15 07:53:54 2002 -> Found free slot 0 Fri Nov 15 07:53:54 2002 -> ERROR: accept() failed. May someone running a busy server, and scanning mail in both directions (local|esmtp) suggest some optimization. -Wash -- Odhiambo Washington <[EMAIL PROTECTED]> "The box said 'Requires Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,' Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD." GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-) Pure drivel tends to drive ordinary drivel off the TV screen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]