Re: [clamav-users] Which is the latest snapshop?
> It's a bit confused here, from the http://www.clamav.org/snapshot/ > the most recent seem to be clamav-20030317.tar.gz, but I have here a > snapshot clamav-20030331.tar.gz. > Please use the snapshot clamav-20030605.tar.gz from http://clamav.elektrapro.com. I am in the mist of updating clamav.org regards - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] clamav install
I use Clam with
qmail-scanner and the setup is quite simple.
Just download and install
the Clamav with the default options (configure, make, make install). You can run
configure with the option --disable-clamuko if you don’t need this. Depending
on mail load I can highly recommend that you use the Clam daemon. Just
configure Clam to run as user qmailq (User qmailq) and socket (LocalSocket
/var/spool/qmailscan/clamd if you want qmail-scanner to communicate with Clam
via a socket).
After this, just run the
qmail-scanner install. It should detect the av-scanner automatically, but you
will have to change qmail-scanner to let it use either clamdscan or the socket
created through the conf-file. Attached you will find a subroutine you can use
in qmail-scanner to let it use socket (I haven’t tested it with RH8.0 but
it should work) – you will need some Perl understanding to implement this.
If this seems too difficult, I suggest you go with clamdscan.
Best regards,
Diego d'Ambra
-Original
Message-
From: Daniel Arjona
[mailto:[EMAIL PROTECTED]
Sent: 10. juni 2003 22:20
To: [EMAIL PROTECTED]
Subject: [clamav-users] clamav
install
Hi, from Panama!!!
I'm a newbie using Linux and i got a
server with RH8.0, Qmail and Squid.
I need to install a Antivirus and
many users invitedme to use qmail-scanner, but to install qmail-scanner i must
install first clamav.
I'm using the tutorial publicated in
the home page of Clam AV and i need don´t wanna run clamscan in superuser mode.
Can anybody help me?
Sorry, but my english is
little.
DANIEL A. ARJONA V.
email: [EMAIL PROTECTED]
�sub clamscan_scanner {
#Clam scanner modification
use IO::Socket;
my($start_clam_time)=[gettimeofday];
my($keep_scanning, $response, $virus_name, $stop_clam_time, $clam_time,
$path);
&debug("clam: starting scan of directory \"$scandir/$file_id\"...");
$keep_scanning = 1;
if(!(socket(\*sock, AF_UNIX, SOCK_STREAM, 0))) {
&debug("Couldn\'t create clam socket\($!\)\n");
&tempfail("Couldn\'t create clam socket\($!\)\n");
}
if(!(connect(\*sock, pack_sockaddr_un $clam_socket))) {
&debug("Couldn\'t connect\(\) to the clam socket TSOCKET \($!\)\n");
&tempfail("Couldn\'t connect\(\) to the clam socket TSOCKET \($!\)\n");
}
# Scan directory
$path = "SCAN $scandir/$file_id\n";
syswrite(\*sock, $path, length($path));
sysread(\*sock, $response, 256);
if($response =~ /OK$/) {
&debug("STATUS: $scandir/$file_id is clean! - response = $response\n");
} elsif($response =~ /FOUND$/) {
# Virus found, find out what it is
if ($response =~ m/: .* FOUND$/) {
($quarantine_description) = ($response =~ m/: (.*) FOUND$/);
$quarantine_description=~s/\0//g;
}
&debug("There be a virus! ($quarantine_description)");
($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="Clam:".substr($quarantine_event,0,$QE_LEN);
};
$description .= "\n---Clam daemon results ---\n";
$description .= "FILE/DIR INFECTED : $scandir/$file_id\n";
$description .= "VIRUS FOUND : $quarantine_description\n";
} else {
#This implies a corrupt set of files or resource problems...
&tempfail("corrupt or unknown Clam scanner/resource problems");
}
$stop_clam_time=[gettimeofday];
$clam_time = tv_interval ($start_clam_time, $stop_clam_time);
&debug("clam: finished scan of dir \"$scandir/$file_id\" in $clam_time s
ecs");
}
###Comment###
Please note this subrutine uses a new variabel $clam_socket="/pathto/socket" (see
below). Add this to top of the qmail-scanner script.
Clamd config file (clamav.conf) should contain "LocalSocket
/var/spool/qmailscan/clamd" (or path to qmail-scanner $scandir) and "User qmailq" (or
user used by qmail-scanner). -
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] Which is the latest snapshop?
I didn't even know that you could download Clam there. Try this instead http://clamav.elektrapro.com Best regards, Diego d'Ambra -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 10. juni 2003 23:30 To: [EMAIL PROTECTED] Subject: [clamav-users] Which is the latest snapshop? Hi, It's a bit confused here, from the http://www.clamav.org/snapshot/ the most recent seem to be clamav-20030317.tar.gz, but I have here a snapshot clamav-20030331.tar.gz. How/where to get the last one? - Marcelo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] Which is the latest snapshop?
Hi, It's a bit confused here, from the http://www.clamav.org/snapshot/ the most recent seem to be clamav-20030317.tar.gz, but I have here a snapshot clamav-20030331.tar.gz. How/where to get the last one? - Marcelo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] clamav install
Hi, from Panama!!! I'm a newbie using Linux and i got a server with RH8.0, Qmail and Squid. I need to install a Antivirus and many users invitedme to use qmail-scanner, but to install qmail-scanner i must install first clamav. I'm using the tutorial publicated in the home page of Clam AV and i need don´t wanna run clamscan in superuser mode. Can anybody help me? Sorry, but my english is little. DANIEL A. ARJONA V.email: [EMAIL PROTECTED]
Re: [clamav-users] What are the various options to help in the CLAMAnti Virus project?
> Hi > > What are the various options to help in the CLAM Anti Virus project? Please read: http://clamav.elektrapro.com/doc/signatures.pdf and you can help us with database updates. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] What are the various options to help in the CLAM Anti Virus project?
Hi What are the various options to help in the CLAM Anti Virus project? Regards Rishi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] What happened with elecktrapro.com ?
What happened with clamav.elektrapro.com that caused the extended downtime? I didn't see anything posted to that effect. And what about hosting this project on sourceforge? F - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] mirrors.txt
use the lastest snapshot. 0.54 and below do not have the mirror.txt - Original Message - From: "Ed Greenberg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 11, 2003 12:35 AM Subject: Re: [clamav-users] mirrors.txt > My /usr/local/share/clamav contains only viruses.db and viruses.db2. Is the > mirrors file optional? If so, what is it's file format? > > > > --On Tuesday, June 10, 2003 6:13 PM +0200 Tomasz Kojm <[EMAIL PROTECTED]> > wrote: > > >> Where does mirrors.txt live? It's not in /usr/local/etc, along with > >> clamav.conf. > > > > Check /usr/local/share/clamav (the database directory). BTW, > > clamav.ozforces.com is down. > > > > Best regards, > > Tomasz Kojm > > -- > > oo. [EMAIL PROTECTED] > > (\/)\.http://www.konarski.edu.pl/~zolw > > \..._ I nie zapomnij kliknac w brzuszek... > > //\ /\\ <- C. Amboinensiswww.pajacyk.pl > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] mirrors.txt
My /usr/local/share/clamav contains only viruses.db and viruses.db2. Is the mirrors file optional? If so, what is it's file format? --On Tuesday, June 10, 2003 6:13 PM +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: Where does mirrors.txt live? It's not in /usr/local/etc, along with clamav.conf. Check /usr/local/share/clamav (the database directory). BTW, clamav.ozforces.com is down. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] mirrors.txt
> Where does mirrors.txt live? It's not in /usr/local/etc, along with > clamav.conf. Check /usr/local/share/clamav (the database directory). BTW, clamav.ozforces.com is down. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [clamav-users] mirrors.txt
You will find it in the same dir as the virus database (/usr/local/share/clamav/) Best regards, Diego d'Ambra -Original Message- From: Ed Greenberg [mailto:[EMAIL PROTECTED] Sent: 10. juni 2003 18:07 To: [EMAIL PROTECTED] Subject: [clamav-users] mirrors.txt Where does mirrors.txt live? It's not in /usr/local/etc, along with clamav.conf. --On Tuesday, June 10, 2003 5:40 PM +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: >> I'd also love to see a clamav project on SF. I want to see CVS >> access too. > > Generally I'm very happy with ElektraPro and I don't need to take care > for the mailing lists and other issues (thanks NERvOUs!). There's a > database mirror updated manually - clamav.ozforces.com, so you can > just put it in the first line of mirrors.txt if you prefer it. Another > official mirrors are clamav.essentkabel.com (updated from elektrapro) > and clamav.sxs-linux.org (rsync from ozforces). > > CVS access will be available in the next month. > > BTW, Flinn, some time ago you mentioned a libtool problem - I just > realised the libtool script has been patched (and this is a possible > bug on OpenBSD): > > Fri Sep 20 02:37:04 CEST 2002 > - > .. > * libtool fix - now it allows old style -pthread BSD flag (you can find > the changes by searching my name in ltmain.sh/libtool). > > Also please send me ./configure output from OpenBSD 3.1 and 3.3. I > can't incorporate your patches, because they're platform dependent and > I don't know how to detect openbsd versions in configure.in. Thanks. > > Best regards, > Tomasz Kojm > -- > oo. [EMAIL PROTECTED] > (\/)\. http://www.konarski.edu.pl/~zolw > \..._ I nie zapomnij kliknac w brzuszek... > //\ /\\ <- C. Amboinensiswww.pajacyk.pl > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[clamav-users] mirrors.txt
Where does mirrors.txt live? It's not in /usr/local/etc, along with clamav.conf. --On Tuesday, June 10, 2003 5:40 PM +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote: I'd also love to see a clamav project on SF. I want to see CVS access too. Generally I'm very happy with ElektraPro and I don't need to take care for the mailing lists and other issues (thanks NERvOUs!). There's a database mirror updated manually - clamav.ozforces.com, so you can just put it in the first line of mirrors.txt if you prefer it. Another official mirrors are clamav.essentkabel.com (updated from elektrapro) and clamav.sxs-linux.org (rsync from ozforces). CVS access will be available in the next month. BTW, Flinn, some time ago you mentioned a libtool problem - I just realised the libtool script has been patched (and this is a possible bug on OpenBSD): Fri Sep 20 02:37:04 CEST 2002 - .. * libtool fix - now it allows old style -pthread BSD flag (you can find the changes by searching my name in ltmain.sh/libtool). Also please send me ./configure output from OpenBSD 3.1 and 3.3. I can't incorporate your patches, because they're platform dependent and I don't know how to detect openbsd versions in configure.in. Thanks. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] clamav update problem
> I'd also love to see a clamav project on SF. I want to see CVS access > too. Generally I'm very happy with ElektraPro and I don't need to take care for the mailing lists and other issues (thanks NERvOUs!). There's a database mirror updated manually - clamav.ozforces.com, so you can just put it in the first line of mirrors.txt if you prefer it. Another official mirrors are clamav.essentkabel.com (updated from elektrapro) and clamav.sxs-linux.org (rsync from ozforces). CVS access will be available in the next month. BTW, Flinn, some time ago you mentioned a libtool problem - I just realised the libtool script has been patched (and this is a possible bug on OpenBSD): Fri Sep 20 02:37:04 CEST 2002 - .. * libtool fix - now it allows old style -pthread BSD flag (you can find the changes by searching my name in ltmain.sh/libtool). Also please send me ./configure output from OpenBSD 3.1 and 3.3. I can't incorporate your patches, because they're platform dependent and I don't know how to detect openbsd versions in configure.in. Thanks. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] (\/)\. http://www.konarski.edu.pl/~zolw \..._ I nie zapomnij kliknac w brzuszek... //\ /\\ <- C. Amboinensiswww.pajacyk.pl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] am I understanding this right?
Bouncing virus emails is useless... it will likely just result in a huge backlog of bounce messages in your mail queue. There typically aren't any useful return addresses in a virus email to send to anyway... Ed On Mon, 9 Jun 2003, Flinn Mueller wrote: > Date: Mon, 9 Jun 2003 15:44:20 -0400 > From: Flinn Mueller <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: [clamav-users] am I understanding this right? > > This is not the job of Clamav. I think you could write a script of > your own to bounce messages if they are infected. > > > On Monday, June 9, 2003, at 12:44 PM, Stephen White wrote: > > > Original Message > >> From Raymond Norton <[EMAIL PROTECTED]> > >> Date: Monday, 09 Jun 2003, 16:56 > >> > >> I am trying to see how this is a benefit to run over sophos. > >> I need to cover 500 + mailboxes, so even a > >> few bucks per user is a big deal.. > > > > I think you've just found a benefit. I can't afford to run a > > commercial > > virus scanner on the mailing list server I run for a couploe of > > non-commercial reasons (eg for the benefit of my local Scout Group) ... > > however clamav should provide reasonable protection against members of > > the lists infecting each other via the messages to one of the lists. > > > > I don't need to disinfect the messages, I just want to make a > > reasonable > > attempt to stop infected ones being delivered to the intended > > victims^Wrecipients. The sender will see the bounce, disinfect their > > computer (with whatever anti-virus software they have, or purchase some > > if not) and send out a clean version themselves. It's not my job to > > clean the attachments, in fact that's entirely counter productive > > because it removes one of the immediate reasons that the sender would > > have for disinfecting themselves - and if the email isn't disinfected > > properly it would shift some of the reponsibility for the distribution > > of the virus onto me. I'm suspect that 90% of mailserver > > administrators > > probably have similar objectives. > > > > -- > > Stephen White <[EMAIL PROTECTED]> > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082 Systems Programmer III, Network and Systems Services finger -l [EMAIL PROTECTED] for PGP public key - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] False Positives
Tomasz, Yes. That seems to work now. Many thanks, Steve On Mon, 2003-06-09 at 17:58, Tomasz Kojm wrote: > > I tried downloading some of the "Reportedly infected" files again and > > clanscan again reports them as being infected. > > > > Norton AV for a PC, however, does not!! > > That was fixed, but I wasn't able to upload the database to the main server > till now. > > Best regards, > Tomasz Kojm -- Steven J. Reilly, EDA Engineer Allegro Microsystems Europe Ltd Stuart House, Eskmills Park, Musselburgh, EH21 7PB, Scotland. Tel: +44 (0)131 273 4306 Fax: +44 (0)131 273 4301 e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [clamav-users] am I understanding this right?
On Monday 09 June 2003 18:44, Stephen White wrote: > The sender will see the bounce, Also note that most of the recent worms forge the From: address, so all the bounce message does is increase net traffic and confuse uninvolved parties. Jeffrey Moskot System Administrator [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
