[Clamav-users] Proxy and Scanning?

[Mark]

Is it possible to scan the traffic (via plug in or so) with SQUID or an
SOCKS-Proxy (like Dante)?
If not: Feature Request -> TrafficScan via PlugIN, own mod or Daemon :)

Mark

p.s.

How to install UNRAR 3.xx on OpenBSD 3.3 STABLE? I can't use the Antivirus
because the prcompilered binarys requiered a newer Version as avaiable
(2.50) in the ports/packages.
And building from source fails every time.. :)

p.s.s

Pls. corect my english because It's sometimes a little bit



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Core dump?

[Jonathan Baker-Bates]

Ahh. That might be it - thanks.

Jonathan

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Tomasz
> Kojm
> Sent: 26 August 2003 14:59
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Core dump?
> 
> 
> > I've just installed ClamAV 0.60 on a RedHat 7.0 i386 machine 
> from source. It
> > seemed to configure and compile OK. I then updated the virus 
> database and
> > tested clamscan on eicar.com.
> > 
> > But clamscan just dumps a core file.
>  
> Hope you're not using that "famous" gcc-2.96 compiler. Please go to the
> rpmfind.net and try to install clamav from a rpm package.
> 
> Best regards,
> Tomasz Kojm
> -- 
>   oo. [EMAIL PROTECTED]
>  (\/)\.   http://www.konarski.edu.pl/~zolw
> \..._ I nie zapomnij kliknac w brzuszek... 
>   //\   /\\   <- C. Amboinensiswww.pajacyk.pl
> 
> 
> ---
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click 
> here:http://www.vmware.com/wl/offer/358/0
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] same error with Linux and BSD

[Olaf Zaplinski]

Hi,

Tomasz Papszun wrote:
I recommend Amavisd-new ( http://www.ijs.si/software/amavisd/ ) as the
interface between a MTA and clamd/clamscan (Amavisd-new enables you to
use _both_ clamd and clamscan in case clamd fails for some reason).
Ah, now we are getting somewhere! ;-)

I tried to to email virus scanning with clamav-milter which obviously does 
not work well. I will try amavisd-new.

Thanks!

Olaf



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Olaf Zaplinski]

[EMAIL PROTECTED] wrote:
Does anyone have a signature that will catch
the current version of this virus?
Did you check your logs? Here, Sobig is detected:

binky:~# grep -i sobig /var/clamav/*log
/var/clamav/clamav.log:Fri Aug 22 10:47:54 2003 -> stream: Worm.Sobig.F FOUND
Olaf



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems installing on OS X

[Ken Gordon]

I am trying to install clamav-0.60 on my Mac running OS10.1.5, and I 
encounter an error in the Make. I have configured with and without 
pthreads - taking a hint from some previous messages here.

If I use
./configure --disable-pthreads
I do not get the error, but it doesn't compile clamd. I get clamscan, 
and it works, but I don't get clamd.

If I use
./configure
I get a couple of warnings (which are not fatal) and the error shown at 
the end of the following transcript. (I have elided most of the Make, 
leaving in the warnings and the final error).

In addition, when the Make does succeed (i.e. when I configure without 
pthreads), I can't find the man pages anywhere.

Any suggestions?

Transcript follows-

[localhost:local/src/clamav-0.60] kengordo% ./configure
checking build system type... powerpc-apple-darwin5.5
checking host system type... powerpc-apple-darwin5.5
checking target system type... powerpc-apple-darwin5.5
creating target.h - canonical system defines
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets ${MAKE}... yes
checking for gawk... (cached) awk
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for style of include used by make... GNU
checking dependency style of gcc... gcc
checking for a BSD-compatible install... /usr/bin/install -c
checking whether ln -s works... yes
checking whether make sets ${MAKE}... (cached) yes
checking for ld used by GCC... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... no
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -p
checking how to recognise dependant libraries... file_magic Mach-O 
dynamically linked shared library
checking command to parse /usr/bin/nm -p output... ok
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... no
checking dlfcn.h presence... no
checking for dlfcn.h... no
checking for ranlib... ranlib
checking for strip... strip
checking for objdir... .libs
checking for gcc option to produce PIC... -fno-common
checking if gcc PIC flag -fno-common works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.lo... yes
checking if gcc supports -fno-rtti -fno-exceptions... yes
checking whether the linker (/usr/bin/ld) supports shared libraries... 
yes
checking how to hardcode library paths into programs... unsupported
checking whether stripping libraries is possible... no
checking dynamic linker characteristics... darwin5.5 dyld
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
creating libtool
checking for ANSI C header files... (cached) yes
checking for stdint.h... (cached) yes
checking for unistd.h... (cached) yes
checking sys/int_types.h usability... no
checking sys/int_types.h presence... no
checking for sys/int_types.h... no
checking for dlfcn.h... (cached) no
checking for inttypes.h... (cached) yes
checking sys/inttypes.h usability... no
checking sys/inttypes.h presence... no
checking for sys/inttypes.h... no
checking for memory.h... (cached) yes
checking ndir.h usability... no
checking ndir.h presence... no
checking for ndir.h... no
checking for stdlib.h... (cached) yes
checking for strings.h... (cached) yes
checking for string.h... (cached) yes
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking for sys/stat.h... (cached) yes
checking for sys/types.h... (cached) yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking for off_t... yes
checking size of short... 2
checking size of int... 4
checking size of long... 4
checking pthread.h usability... yes
checking pthread.h presence... yes
checking for pthread.h... yes
checking zlib.h usability... yes
checking zlib.h presence... yes
checking for zlib.h... yes
checking bzlib.h usability... no
checking bzlib.h presence... no
checking for bzlib.h... no
checking for bzReadOpen in -lbz2... n

[Clamav-users] Compil error clamav 0.60 on HP-UX 11

[guy lafaille]

Hello

I get the following error during 'make' , when i compile clamav version 0.60
on HP-UX 11  with gcc compiler 3.02 and zlib 1.1.14

gcc -g -O2 -o .libs/clamd options.o cfgfile.o clamd.o tcpserver.o
localserver.o
server.o scanner.o others.o clamuko.o dazukoio.o tests.o
../clamscan/getopt.o  -
L/bureau/clam/clamav-0.60/libclamav
/bureau/clam/clamav-0.60/libclamav/.libs/lib
clamav.sl -lz -lpthread -Wl,+b -Wl,/bureau/clam/clamav-0.60/libclamav/.libs:
/usr
/local/lib
/usr/ccs/bin/ld: Unsatisfied symbols:
   vsyslog (code)
collect2: ld returned 1 exit status
*** Error exit code 1

Stop.
*** Error exit code 1

Any ideas?

Or is there a way to download a  binary version of clamav 0.60  for HP-UX 11
?


Thank's

Guy




---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav & FreeBSD - arghh ;-)

[Olaf Zaplinski]

ODHIAMBO Washington wrote:
Hi Olaf,

I run FreeBSD, both 5.1-RELEASE and 4.8-STABLE and in bot cases I have installed
clamav. [...]
Hi Odhiambo,

it was all my fault - just a typo in the config file...

Anyway, now here I have the same problem with clamav-milter that I have on 
Linux.

Olaf



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Nigel Horne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> After I changed your sample into mbox format (by inserting 1 line
 > beginning with "From [EMAIL PROTECTED]"), '

Adding a "From" line isn't enough. You also need to change the file so that
all subsequent lines starting with "From" have a ">" prepended.

- -Nigel

- -- 
Nigel Horne. Arranger, Composer, Conductor, Typesetter.
Owner of the brass band group of the Internet. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk/music.htm
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/S5m5Ov/MqfDWaY8RAochAKCAX6skdjQ0XSEijy+h2mTxS8M50QCeLEe5
j5iJz8v5VVv/oFWg04qyrXs=
=hpeQ
-END PGP SIGNATURE-



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] are there any statistic tools out there?

[Lynn Duerksen]

> > 
> > I'd like to do some statistics about scanned emails.
> > I use postfix + amavisd + clamav + cyrus.
> 
> 
> Search the list archives. There are so many solutions like 
> this posted there long ago.
> 

"long ago" solutions are not searchable since the move to sourceforge.
There are only 213 archived articles with all but 7 from this month.

I too would like to see what others are using.  I have the scripts for
spam and mail statistics but none for virus statistics.



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Tomasz Papszun]

On Tue, 26 Aug 2003 at  8:24:41 -0700, [EMAIL PROTECTED] wrote:
> Quoting Tomasz Papszun <[EMAIL PROTECTED]>:
> > 
> > About the sample you sent to me: this is a message in Maildir format,
> > not Mailbox. As it has been already written a couple of times here
> > lately, clamscan does not (yet) recognizes messages other than mbox
> > format (but work is being done to extend '--mbox' capabilities).
> > 
> > After I changed your sample into mbox format (by inserting 1 line
> > beginning with "From [EMAIL PROTECTED]"), 'clamscan --mbox' *does*
> > detect Sobig.F in it. I also extracted the attachment from that message
> > and clamscan (without any additional option) detects Sobig.F
> > successfully. I use usual databases.
> > 
> > So I'd like to make sure: was _that particular_ sample (which you sent
> > to me) really allowed by a live mail system using clamav? Or you take
> > some infected message and manually check it with clamscan? In the latter
> > case, a virus will not be detected in it obviously, due to described
> > reason.
> > 
> Tomasz,
> 
> This is a file that has already been received by the mail system.
> I now under stand that this file type is unsupported by the scanner.
> 
> Thanks for the answer.

Well, I must say that the origin of that sample is still unclear for me
after your reply.

When you wrote "file that has already been received by the mail system",
do you mean that this mail system has no antivirus protection and that
you checked the message _later_, by hand?
Or that the mail system has AV scanning and it permitted the virus
anyway?
The second possibility would make me worry so I want to have this case
clarified.

P.S. 
Sorry, Mr Smith but I must return to my please. When I wrote that you
quoted a few levels of marketing footers, I meant that you should
remove them when you reply (as well as other unnecessary fragments).
In this (your) reply, they occupy 1.5 screenfuls already :-( .

Things are getting better though, as you answered below my message, not
above it :-) .  Thank you for this.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav & FreeBSD - arghh ;-)

[ODHIAMBO Washington]

* Olaf Zaplinski <[EMAIL PROTECTED]> [20030826 02:38]: wrote:
> Hi,
> 
> since we had much problems with milter scanners running on Linux (including 
> clamav) I installed my 1st FreeBSD box now (5.1-RELEASE).
> 
> Now we installed clamav-0.60 from the ports collection, but clamd won't 
> start:
> 
> [EMAIL PROTECTED]:/usr/local/var/clamav# clamd
> ERROR: Database initialization error.
> 
> What does this mean? freshclam updated the definition files properly.


Hi Olaf,

I run FreeBSD, both 5.1-RELEASE and 4.8-STABLE and in bot cases I have installed
clamav. I never install from the ports though, but it always runs. I am used
to running the snapshots so that I can bug the developers with it ;-)
Anyway, the only question I would like to ask you is if you have looked at
clamav.conf and verified that the path specified for the dbs is correct and
that the DB files are actually there.



-Wash

-- 
Odhiambo Washington   <[EMAIL PROTECTED]>  "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD."   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)


Dare to be naive.
-- R. Buckminster Fuller


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Win32 Virii Scanner

[Gerardo Reynoso Cobos]

Adam Williams wrote:
I'm curious if there is, or anyone is working on, a Win32 client
filesystem scanner that uses clamd?  Or if there is a good trick for
scanning Win32 workstations with clam?
If you share (and mount) the disk via samba, you can use clamscan to 
scan files a win disk.


True, I was just wondering if there was something more elegant.

Take a look this article:

http://www.linux-mag.com/2003-01/guru_01.html

It is about using samba pseudoprinters, I think this concept could be 
used for virii scan with clam.

You could have a pseudoprinter where files are submited for scanning.
It also requieres some work but I think it could be easier than 
installing cygnus tools.
Also, it is also a more elegant solution...:-)

Anyway, just sugesting another option...


You can mount the win share in linux via smbmount, for details check the 
manual.
Also, I think you could compile clam in win using cygnus tools, is this 
rigth? Does someone have tryed this?


Thar requires installing mountains of stuff on ~200 Win32 workstations. 
Not fun.  I was just curious if there was a way to use a clamd listening
on an IP port as a centralized way of virus scanning.  A client that
could submit for testing all local files changed with the last 24 hours,
etc...  If not, hopefully someone will write such a thing someday.

You are wrigth I also think this is overkilled for the task...


Can someone else tell us about porting clam to win?
I also would like to know about it.
Sorry, should I supplyed few responses and too many questions to your 
query, :-(


Thats Ok.





---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Suggestions for build process

[Tomasz Papszun]

On Tue, 26 Aug 2003 at 18:15:52 +0200, Tomasz Kojm wrote:
> > 1) clamav-milter links with -lmilter but that (at least on RedHat) references
> > a function strlcpy which is in libsmutil.a (also from the sendmail-devel
> > rpm), so I needed to add -lsmutil in clamav-milter/Makefile
> > I'm not sure if this is specific to this version of RedHat's sendmail 
> > packaging or a more generic feature.
>  
> I can't find this library on Debian. I need some function name from it to
> be able to add the support for -lsmutil linking in configure.

Maybe in this:

http://packages.debian.org/stable/devel/libmilter-dev.html

which contains the file  usr/lib/libmilter/libsmutil.a

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Suggestions for build process

[Tomasz Kojm]

> 1) clamav-milter links with -lmilter but that (at least on RedHat) references
> a function strlcpy which is in libsmutil.a (also from the sendmail-devel
> rpm), so I needed to add -lsmutil in clamav-milter/Makefile
> I'm not sure if this is specific to this version of RedHat's sendmail 
> packaging or a more generic feature.
 
I can't find this library on Debian. I need some function name from it to
be able to add the support for -lsmutil linking in configure.

> 2) after the install i noticed a suspicious lack of intercepted Sobig.F
> virusses. turns out the 'make install' had overwritten viruses.db and
> viruses.db2 with an older version. Of course easily fixed once the
> problem was noticed, but maybe the build process could either not
> overwrite what is there, check the versions of an already installed
> virus database, run freshclam during make install' or some other clever
> trick.

You're right, it should check time stamps or something like this.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [clamd ]

[Tomasz Kojm]

> I'm trying to use clamav-milter.  But clamd goes walk about after awhile
> -
> 
> [EMAIL PROTECTED] root]# ps ax | grep clam
>  6878 ?S  0:00 clamd
>  6879 ?Z  0:00 [clamd ]
> 15107 pts/1S  0:00 grep clam
> [EMAIL PROTECTED] root]# rpm -q clamd
> clamd-0.60-4
> [EMAIL PROTECTED] root]#
> 
> I've dug up numerous other reports of this on google, but no apparent
> solutions.  Is this fixed in CVS perhaps.

Clamd crashed due to a broken mail file. Please use some newer version -
it should be more tolerant. The mbox code is still under extensive
development.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Socket Already Exist Error [REPOST]

[Tomasz Kojm]

> As I don't usually do networking in C, and there were one/some style 
> complaints: Tomasz, are you accepting the patch as-is?
 
Of course, I do. However I'd like to see Mark's version and after that
we can update the CVS with the better one ;)

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Socket Already Exist Error [REPOST]

[Thomas Lamy]

ODHIAMBO Washington wrote:
* Thomas Lamy <[EMAIL PROTECTED]> [20030825 00:26]: wrote:

[..]

OK, but this will be an option (something like FixSocket or so) in
clamav.conf.
Ok, the diff against snapshot 20030823 is attached. The new option is
named "FixStaleSocket".


No snapshot by that name. Did you mean the -devel one?
Now some of us are so scared we cannot run -devel in production ;)
Will hang around for a snapshot.

Yep, you're right - I used 
http://clamav.sourceforge.net/snapshot/clamav-devel-20030823.tar.gz

As I don't usually do networking in C, and there were one/some style 
complaints: Tomasz, are you accepting the patch as-is?

Thomas



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[mrsmith]

Quoting Tomasz Papszun <[EMAIL PROTECTED]>:

> On Mon, 25 Aug 2003 at 20:12:46 -0700, [EMAIL PROTECTED] wrote:
> > Jay,
> > 
> > This one doesn't seem to match either.  I am literally getting
> > hundreds of these every day.  Thanks for the details.
> > 
> > Mike
> 
> Mr Smith, could you please stop doing "top-posting"? Answering should be
> done _under_ the previous message, not above it.
> You quote a few levels of nested marketing footers of SF.net, also,
> which adds junk and makes answering you harder.
> Thank you. 
> 
> About the sample you sent to me: this is a message in Maildir format,
> not Mailbox. As it has been already written a couple of times here
> lately, clamscan does not (yet) recognizes messages other than mbox
> format (but work is being done to extend '--mbox' capabilities).
> 
> After I changed your sample into mbox format (by inserting 1 line
> beginning with "From [EMAIL PROTECTED]"), 'clamscan --mbox' *does*
> detect Sobig.F in it. I also extracted the attachment from that message
> and clamscan (without any additional option) detects Sobig.F
> successfully. I use usual databases.
> 
> So I'd like to make sure: was _that particular_ sample (which you sent
> to me) really allowed by a live mail system using clamav? Or you take
> some infected message and manually check it with clamscan? In the latter
> case, a virus will not be detected in it obviously, due to described
> reason.
> 
> -- 
>  Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
>  [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
> 
> 
> ---
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 
Tomasz,

This is a file that has already been received by the mail system.
I now under stand that this file type is unsupported by the scanner.

Thanks for the answer.




-
This mail sent through IMP: http://horde.org/imp/



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Compressed files not being scanned

[Matlock , Justin]

No go on catching eicar in a ZIP file; sending from Yahoo, Hotmail, and
another server.  

Grr...  I have three separate servers, and all three are missing ZIP files.
Clamscan catches everything in ZIP files if I run it from the command line,
and it catches everything in emails that is uncompressed...

I'm going to blow away one of the servers, reinstall Solaris, and start from
the beginning, and try one more time... :)

Justin

-Original Message-
From: Jason Englander [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 22, 2003 4:47 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Clamav-users] Compressed files not being scanned


On Fri, 22 Aug 2003, Matlock , Justin wrote:

> I'm seeing the same thing here using MIMEdefang 2.36, and ClamAV 0.60. 
> Uncompressed files get caught, but ZIP's do not.  I've run 'clamscan' 
> manually on ZIP files, and it works fine.
>
> So you're not the only one seeing this -- I've reinstalled everything 
> twice over, making absolutely positively sure I've installed 
> everything 'to the letter'.

[ I missed earlier message(s) in this thread, sorry if I'm off because of it
]

Some messages have totally mutilated mangled invalid MIME encoding. When
MIME::tools doesn't even recognize it as an attachment, it'll get through.
MIME::tools has to be able to extract it into a file before MD can have a
virus scanner scan it.  I also use MD 2.36, I was running clamav 0.60, now I
think I'm running the 0806 snapshot.  Zip files do work for me with MD and
clamd otherwise.  Try zipping up eicar and sending it to yourself, I just
did and it caught it.  Unfortunately MIME::tools can't be modified to catch
the broken ones too, reliably... You may want to check out the MD list
archive, there have been several threads about MIME::tools and broken
messages in the past.

  Jason

-- 
Jason Englander <[EMAIL PROTECTED]>
394F 7E02 C105 7268 777A  3F5A 0AC0 C618 0675 80CA



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same
time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Win32 Virii Scanner

[Adam Williams]

> > I'm curious if there is, or anyone is working on, a Win32 client
> > filesystem scanner that uses clamd?  Or if there is a good trick for
> > scanning Win32 workstations with clam?
> If you share (and mount) the disk via samba, you can use clamscan to 
> scan files a win disk.

True, I was just wondering if there was something more elegant.

> You can mount the win share in linux via smbmount, for details check the 
> manual.
> Also, I think you could compile clam in win using cygnus tools, is this 
> rigth? Does someone have tryed this?

Thar requires installing mountains of stuff on ~200 Win32 workstations. 
Not fun.  I was just curious if there was a way to use a clamd listening
on an IP port as a centralized way of virus scanning.  A client that
could submit for testing all local files changed with the last 24 hours,
etc...  If not, hopefully someone will write such a thing someday.

> Can someone else tell us about porting clam to win?
> I also would like to know about it.
> Sorry, should I supplyed few responses and too many questions to your 
> query, :-(

Thats Ok.



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] [clamd ]

[Adam Williams]

I'm trying to use clamav-milter.  But clamd goes walk about after awhile
-

[EMAIL PROTECTED] root]# ps ax | grep clam
 6878 ?S  0:00 clamd
 6879 ?Z  0:00 [clamd ]
15107 pts/1S  0:00 grep clam
[EMAIL PROTECTED] root]# rpm -q clamd
clamd-0.60-4
[EMAIL PROTECTED] root]#

I've dug up numerous other reports of this on google, but no apparent
solutions.  Is this fixed in CVS perhaps.



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Win32 Virii Scanner

[Adam Williams]

> > I'm curious if there is, or anyone is working on, a Win32 client
> > filesystem scanner that uses clamd?  Or if there is a good trick for
> > scanning Win32 workstations with clam?
> I'm going to write a simple (graphical) win32 client for clamd in September.

Excellent!

> Currently you can mount windows directories via smbfs and scan them from
> linux.

Right, but it is a bit clumsy to check lots of machines.



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] scan not picking up SoBig, help?

[Yuval Kogman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, 24 Aug 2003, Marc Balmer wrote:

> clamav requires a mail file to begin with "From " to be recognised as
> a mail message.  It is certainly not a good solution.

In case you ment that's not what it's going to do:

[eris:~] nothingmuch% cat < To: [EMAIL PROTECTED]
> From: [EMAIL PROTECTED]
> Subject: fish
>
> fish are very pretty, you can dance with them.
>
> DING
>From [EMAIL PROTECTED]  Tue Aug 26 14:41:44 2003
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: fish

fish are very pretty, you can dance with them.

[eris:~] nothingmuch%

In case you ment "I don't want my files being MBOXes":

pipes are your friends...

None of the solutions i proposed rewrites the files... The find one
simply prints out a list of infected files, tested on my own Maildir,
with the test signature mailed to myself.

Good luck
- -- 
Yuval Kogman  ( [EMAIL PROTECTED] | [EMAIL PROTECTED] )
kung foo master: /me climbs a brick wall: neeyah!!!
et perl hacker. [EMAIL PROTECTED] http://nothingmuch.woobling.org/ gpg:0xEBD27418
http://wecanstopspam.org/http://www.habeas.com/

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (Darwin)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAj9LSogACgkQVCwRwOvSdBhO/ACgtj9A3ulsHzrJIYirNy0UMyPC
Vs8An2RvRa/2MOs0kDz0e/i8jcBtrCDK
=C/1u
-END PGP SIGNATURE-


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-Milter - Not Working?

[Nigel Horne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ian Scott <[EMAIL PROTECTED]> wrote:
> Sent myself an email with a virus.. and it arrived.
>
> So, I'm not sure what I've done wrong.  I'm running Sendmail 8.12.9 on
> RH 8.

Have you installed the sendmail-devel RPM?

- -Nigel

- -- 
Nigel Horne. Arranger, Composer, Conductor, Typesetter.
Owner of the brass band group of the Internet. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk/music.htm
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/S0ovOv/MqfDWaY8RAqjGAJ0cVA4ntwps4I5M2vBxbZkt1XzpQACgxTdh
kELgzCTxEHS3dZNR6TW/Fuk=
=l6Gy
-END PGP SIGNATURE-



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-Milter - Not Working?

[Ian Scott]

On Tue, 2003-08-26 at 03:06, Marc Balmer wrote:

> 
> Maybe your sendmail has no milter support.  Enter the following command and seed if 
> you "Compiled with: ... MILTER ...":
> 
> sendmail -bt -d0.4 
Goal Centered Internet Solutions
http://www.pairowoodies.com

All About Fly Fishing
http://www.about-flyfishing.com

PGP/GPG Key ID: 319CE936



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Win32 Virii Scanner

[Tomasz Kojm]

> I'm curious if there is, or anyone is working on, a Win32 client
> filesystem scanner that uses clamd?  Or if there is a good trick for
> scanning Win32 workstations with clam?

I'm going to write a simple (graphical) win32 client for clamd in September.
Currently you can mount windows directories via smbfs and scan them from
linux.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Core dump?

[Tomasz Kojm]

> I've just installed ClamAV 0.60 on a RedHat 7.0 i386 machine from source. It
> seemed to configure and compile OK. I then updated the virus database and
> tested clamscan on eicar.com.
> 
> But clamscan just dumps a core file.
 
Hope you're not using that "famous" gcc-2.96 compiler. Please go to the
rpmfind.net and try to install clamav from a rpm package.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Socket Already Exist Error

[Tomasz Kojm]

> Do you need a patch?
 
Mark, all patches are welcome. Please send it to the devel ml and we will
check it. Thanks.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] How stable is 0.60?

[Tomasz Kojm]

> Hi all
> 
> I am using clamav 0.60 on OpenBSD/sparc64.  I have written a sendmail
> milter in C which connects to clamd to have emails scanned.
> 
> This morning I found that clamd was no longer running.  Is this software
> considered stable (I am a relatively new user of clamav...)?  
>
> 
> In my maillog I find the following entry:
> 
> Aug 25 13:53:36 harbart smtp-vilter[19777]: smtp-vilter: accept()
> returned invalid socket (Too many open files), try again
 
Hi Marc,


there are known problems with clamd + OpenBSD. The log above suggests
your software is lacking descriptors (and probaby clamd received some
critical signal from the system). Could you investigate it with the "lsof"
utility ?

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Tomasz Papszun]

On Mon, 25 Aug 2003 at 20:12:46 -0700, [EMAIL PROTECTED] wrote:
> Jay,
> 
> This one doesn't seem to match either.  I am literally getting
> hundreds of these every day.  Thanks for the details.
> 
> Mike

Mr Smith, could you please stop doing "top-posting"? Answering should be
done _under_ the previous message, not above it.
You quote a few levels of nested marketing footers of SF.net, also,
which adds junk and makes answering you harder.
Thank you. 

About the sample you sent to me: this is a message in Maildir format,
not Mailbox. As it has been already written a couple of times here
lately, clamscan does not (yet) recognizes messages other than mbox
format (but work is being done to extend '--mbox' capabilities).

After I changed your sample into mbox format (by inserting 1 line
beginning with "From [EMAIL PROTECTED]"), 'clamscan --mbox' *does*
detect Sobig.F in it. I also extracted the attachment from that message
and clamscan (without any additional option) detects Sobig.F
successfully. I use usual databases.

So I'd like to make sure: was _that particular_ sample (which you sent
to me) really allowed by a live mail system using clamav? Or you take
some infected message and manually check it with clamscan? In the latter
case, a virus will not be detected in it obviously, due to described
reason.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Socket Already Exist Error [REPOST]

[ODHIAMBO Washington]

* Thomas Lamy <[EMAIL PROTECTED]> [20030825 00:26]: wrote:

[..]
> >OK, but this will be an option (something like FixSocket or so) in
> >clamav.conf.
> >
> Ok, the diff against snapshot 20030823 is attached. The new option is
> named "FixStaleSocket".


No snapshot by that name. Did you mean the -devel one?
Now some of us are so scared we cannot run -devel in production ;)

Will hang around for a snapshot.

PS: For Nigel Horne - the problem we were discussing last weekend was not
about me doig manual scans. It was clamd itself.




-Wash

-- 
Odhiambo Washington   <[EMAIL PROTECTED]>  "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD."   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)


In Pocatello, Idaho, a law passed in 1912 provided that "The carrying
of concealed weapons is forbidden, unless same are exhibited to public
view."


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] can't read mail after clamav scan

[Taliesin]

Hi to you all. I've installed clamav in conjuction with qmail & qmail scanner. It 
works well, but I can display only the header of every mail (with sylpheed, but the 
same problem is on the web mail too) end not the body. To see the body I must display 
the message source.
How can I stop clamav to modify email?

Thank you

-- 


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Diego d'Ambra]

There're so many different copies of damaged Sobig.F that a new
signature will only detect a portion of them.

Some mail-scanners strip the offending portion of the e-mail and send
the rest through. In Sobig.F' case the only thing left is an almost
empty e-mail with a subject and some text in the body. These messages
are not virus but more like SPAM. Creating a signature that detects some
part of the executable will not stop these. 

I vote for letting ClamAV detect virus and other scanning routines
should handle the removal of these damaged or unwanted e-mails.

But this is only my opinion - I'll have no problem in creating a
signature that stops a large part of the damaged Sobig.F.

Best regards,
Diego d'Ambra

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] 
> Sent: 26. august 2003 05:13
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] [EMAIL PROTECTED] Undetected by 
> current signature
> 
> 
> Jay,
> 
> This one doesn't seem to match either.  I am literally 
> getting hundreds of these every day.  Thanks for the details.
> 
> Mike
> Quoting Jay Swackhamer <[EMAIL PROTECTED]>:
> 
> > On Monday, August 25, 2003 8:57 PM, Butch Evans wrote:
> > > I am not sure if this is the same one, but my uvscan has detected 
> > > what it calls "Sobig.f.dam" and this is missed by clamav.  I will 
> > > try to get a sample of the file, but do not have one at this time.
> > 
> > I submitted a new Sobig-f signature a couple days ago that detects 
> > complete and damaged SoBig-F's -- this is especially common 
> with mail 
> > bounces, which Sobig generates *a lot* of.  I haven't received any 
> > feedback on it, so here it is:
> > 
> > 
> W32/Sobig.F=272156774070d0772fb22d86ea94b6d91b688e6da16fcc6bd7111305c9
> > af
> > 66c62b159448b0753c821a4b4d51
> > 
> > 
> > 
> > --
> > Jay Swackhamer <[EMAIL PROTECTED]>
> > Nebularis Inc 
> > Tel: 1-613-843-9358  Fax: 1-613-825-5960
> > 
> > 
> > 
> > ---
> > This SF.net email is sponsored by: VM Ware
> > With VMware you can run multiple operating systems on a single 
> > machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> > machines at the same time. Free trial click 
> > here:http://www.vmware.com/wl/offer/358/0
> > ___
> > Clamav-users mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/clamav-users
> > 
> 
> 
> 
> 
> -
> This mail sent through IMP: http://horde.org/imp/
> 
> 
> 
> ---
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a 
> single machine. WITHOUT REBOOTING! Mix Linux / Windows / 
> Novell virtual machines at the same time. Free trial click 
> here:http://www.vmware.com/wl/offer/358/0
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Socket Already Exist Error

[Tomasz Kojm]

> clamd shouldn't be checking whether the file exists. I suspect that simply
> removing that check will eliminate the problem. The proposed patch chooses

I don't see any race condition there. We simply check if the socket exists
just after bind() fails.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED]
 (\/)\. http://www.konarski.edu.pl/~zolw
\..._   I nie zapomnij kliknac w brzuszek... 
  //\   /\\ <- C. Amboinensiswww.pajacyk.pl


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Core dump?

[Jonathan Baker-Bates]

Hi - I've been having a look on the archives and can't seem to see anything
relevant - so any help much appreciated.

I've just installed ClamAV 0.60 on a RedHat 7.0 i386 machine from source. It
seemed to configure and compile OK. I then updated the virus database and
tested clamscan on eicar.com.

But clamscan just dumps a core file.

Is this a known issue? When I ran freshclam before I ran the above test, it
took a while to update but said "done" in the end. It didn't take me back to
the prompt though so I did a CTRL-C. Could that be the problem?

Jonathan






---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Antony Stone]

On Tuesday 26 August 2003 4:12 am, [EMAIL PROTECTED] wrote:

> Jay,
>
> This one doesn't seem to match either.  I am literally getting
> hundreds of these every day.  Thanks for the details.

Well, please send at least one of us a copy of one of these files which is 
not being recognised, and we can generate you a signature for it.

What other antivirus engine/s are recognising them as Sobig.F?

Antony.

-- 

Success is a lousy teacher.   It seduces smart people into thinking they 
can't lose.

 - William H Gates III


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[mrsmith]

Jay,

This one doesn't seem to match either.  I am literally getting
hundreds of these every day.  Thanks for the details.

Mike
Quoting Jay Swackhamer <[EMAIL PROTECTED]>:

> On Monday, August 25, 2003 8:57 PM, Butch Evans wrote:
> > I am not sure if this is the same one, but my uvscan has detected
> > what it calls "Sobig.f.dam" and this is missed by clamav.  I will
> > try to get a sample of the file, but do not have one at this time.
> 
> I submitted a new Sobig-f signature a couple days ago that detects
> complete and damaged SoBig-F's -- this is especially common with mail
> bounces, which Sobig generates *a lot* of.  I haven't received any
> feedback on it, so here it is:
> 
> W32/Sobig.F=272156774070d0772fb22d86ea94b6d91b688e6da16fcc6bd7111305c9af
> 66c62b159448b0753c821a4b4d51
> 
> 
> 
> --
> Jay Swackhamer <[EMAIL PROTECTED]>
> Nebularis Inc 
> Tel: 1-613-843-9358  Fax: 1-613-825-5960
> 
> 
> 
> ---
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 




-
This mail sent through IMP: http://horde.org/imp/



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-Milter - Not Working?

[Marc Balmer]

On Tue, 26 Aug 2003 02:54:05 -0400
Ian Scott <[EMAIL PROTECTED]> wrote:

> Sent myself an email with a virus.. and it arrived.
> 
> So, I'm not sure what I've done wrong.  I'm running Sendmail 8.12.9 on
> RH 8.
> 
> Any thoughts or suggestions or places where I went wrong?

Maybe your sendmail has no milter support.  Enter the following command and seed if 
you "Compiled with: ... MILTER ...":

sendmail -bt -d0.4 http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamav-Milter - Not Working?

[Ian Scott]

Hi Again!

I cannot seem to get Clamav-Milter working.  I am postive I have
followed the directions to a 'T', and yet I can send an email with a
virus and it is not blocked/returned/quarantined or whatever
clamav-milter is supposed to do.  It's delivered normally.

I configured with --enable-milter.

Built clamd, and ran the tests successfully.

Added the lines as per the instructions in my sendmail.mc file, and
rebuilt sendmail.cf:

define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clmilter.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')

I changed the conf file so that the following were uncommented:
LocalSocket /var/run/clamd.sock
ScanMail
SaveStreamToDisk

I started clamd.

I then started clamv-milter:
/usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock

Restarted sendmail.

Permissions in /var/run:
srwxrwxrwx1 root root0 Aug 26 01:35 clamd.sock
srwxr-xr-x1 root root0 Aug 26 01:38 clmilter.sock

Sent myself an email with a virus.. and it arrived.

So, I'm not sure what I've done wrong.  I'm running Sendmail 8.12.9 on
RH 8.

Any thoughts or suggestions or places where I went wrong?


-- 
Ian Scott <[EMAIL PROTECTED]>
Goal Centered Internet Solutions
http://www.pairowoodies.com

All About Fly Fishing
http://www.about-flyfishing.com

PGP/GPG Key ID: 319CE936



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Build Problems - RH 8- DISREGARD!!

[Ian Scott]

Please disregard my last message this email refers to.  It seems that
for some reason, my copy of libmilter.a was an old one.  I built a new
and everything seemed to work.

Please accept my apologies for the extra and un-needed noise!
-- 
Ian Scott <[EMAIL PROTECTED]>
Goal Centered Internet Solutions
http://www.pairowoodies.com

All About Fly Fishing
http://www.about-flyfishing.com

PGP/GPG Key ID: 319CE936



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Build Problems - RH 8

[Ian Scott]

Hi Folks,

I managed to compile and install Clamav on RH 7.3 with Qmail and
qmail-scanner.  Works like a charm - great job, and thank you!

I'm now trying to compile it on a box with RH 8 and Sendmail 8.12.9.  I
configured with --enable-milter.

However, make quits with an error:

/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
function `smfi_register':
main.o(.text+0x74): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
function `smfi_setconn':
main.o(.text+0x12f): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(listener.o): In function 
`mi_milteropen':
listener.o(.text+0x184): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(engine.o):
In function `st_connectinfo':
engine.o(.text+0x83a): undefined reference to `strlcpy'
collect2: ld returned 1 exit status
make[1]: *** [clamav-milter] Error 1

Not sure what to do next, and I've Googled for this error - the only
thing I could come up with something that appeared similar on a Russian
mailing list, with someone trying to install DrWeb.  Unfortunately, I
don't understand Russian, or maybe the answer would point me in the
right direction!

Thanks for any assistance.

-- 
Ian Scott <[EMAIL PROTECTED]>
Goal Centered Internet Solutions
http://www.pairowoodies.com

All About Fly Fishing
http://www.about-flyfishing.com

PGP/GPG Key ID: 319CE936



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] How stable is 0.60?

[Marc Balmer]

Hi all

I am using clamav 0.60 on OpenBSD/sparc64.  I have written a sendmail
milter in C which connects to clamd to have emails scanned.

This morning I found that clamd was no longer running.  Is this software
considered stable (I am a relatively new user of clamav...)?  

In my maillog I find the following entry:

Aug 25 13:53:36 harbart smtp-vilter[19777]: smtp-vilter: accept()
returned invalid socket (Too many open files), try again

My software does not use accept(), so this must come from libmilter
which is compiled in.

If there are any ideas, please hit the reply button ;-)

Regards,
Marc


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Using Clam from a non-standard MTA

[Toby Reiter]

Hello all,
Just joined the list. I just downloaded Clam AV and am impressed with 
its speed and its autodownload capabilities (freshclam).

I need some help, though. I use XMail, which I really like as an MTA 
but it doesn't offer any of the hooks that QMail or Postfix have 
which Clam already caters to.

XMail works by passing messages to outside filter programs, which can 
pretty much do anything they want, and then return an exit code. 
XMail then can choose what to do on the basis of that code.

At the basic level, I'd need help figuring out what the command line 
is that I'll be wanting to pass in to Clam AV (I don't even know if 
it should be clamscan, clamd, clamdscan, etc).  It should scan the 
message for attachments, and give me some kind of feedback that I can 
then parse to create appropriate reactions (rejecting/accepting 
messages, bouncing messages back, etc.).

If you all think I should use Amavis, I'd appreciate any one's help 
in setting that up (I'll have to contact the XMail folks on their 
list to see how to get XMail and Amavis to talk to each other...).

Thanks in advance for any help,

Toby
--
Toby Reiter  mailto:[EMAIL PROTECTED]
Breezing Internet Communications http://www.breezing.com
1106 West Main Stphone:434.295.2050
Charlottesville, VA 22903fax:603.843.6931
---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ask help

[edy]

 
any body want to help me?
i am newbie in linux, i just finished install mail 
server using qmail and under linux redhat 7.1
and now i want to install antivirus and anti spam 
to mail server?
i want to ask some question
1 . when we finished install mail server using 
qmail is it           have a 
scanner included with it.
2.when we install daemontools we activated the 
                
    svscanboot, what this use for?
and any body want to give explanation step by step 
install clamav or the address to get it.
 
thanks 
 
regard,
Edy

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Antony Stone]

On Tuesday 26 August 2003 1:57 am, Butch Evans wrote:

> On Tue, 26 Aug 2003, Antony Stone wrote:
> >Which other antivirus engine/s tell you the file contains Sobig.F?
>
> I am not sure if this is the same one, but my uvscan has detected
> what it calls "Sobig.f.dam" and this is missed by clamav.  I will
> try to get a sample of the file, but do not have one at this time.

Hm.   Somebody else sent me a sample of Sobig.F.dam this evening, which isn't 
recognised by McAfee at all (although AntiVir, BitDefender and Kaspersky all 
thought it was some form of Sobig.F).

If you can get a sample of your file to me I'd be interested to see if they 
can both get recognised by a single signature.

Regards,

Antony.

-- 

Software development can be quick, high-quality, or low-cost.

The customer gets to pick any two out of three.


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Jay Swackhamer]

On Monday, August 25, 2003 8:57 PM, Butch Evans wrote:
> I am not sure if this is the same one, but my uvscan has detected
> what it calls "Sobig.f.dam" and this is missed by clamav.  I will
> try to get a sample of the file, but do not have one at this time.

I submitted a new Sobig-f signature a couple days ago that detects
complete and damaged SoBig-F's -- this is especially common with mail
bounces, which Sobig generates *a lot* of.  I haven't received any
feedback on it, so here it is:

W32/Sobig.F=272156774070d0772fb22d86ea94b6d91b688e6da16fcc6bd7111305c9af
66c62b159448b0753c821a4b4d51



--
Jay Swackhamer <[EMAIL PROTECTED]>
Nebularis Inc 
Tel: 1-613-843-9358  Fax: 1-613-825-5960



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] W32.Sobig.F@mm Undetected by current signature

[Butch Evans]

On Tue, 26 Aug 2003, Antony Stone wrote:

>Which other antivirus engine/s tell you the file contains Sobig.F?

I am not sure if this is the same one, but my uvscan has detected
what it calls "Sobig.f.dam" and this is missed by clamav.  I will
try to get a sample of the file, but do not have one at this time.

-- 
Butch Evans
BPS Networks
Bernie, MO
573.293.2638



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Suggestions for build process

[David Jansen]

When upgrading clamav 0.60 to the latest devel snapshot (20030820) I
encountered a few problems with the build and install process, so here
are some suggestions.

The mail server is running RedHat Linux 7.2 with all available patches
installed, sendmail 8.11.6-25.72

1) clamav-milter links with -lmilter but that (at least on RedHat) references
a function strlcpy which is in libsmutil.a (also from the sendmail-devel
rpm), so I needed to add -lsmutil in clamav-milter/Makefile
I'm not sure if this is specific to this version of RedHat's sendmail 
packaging or a more generic feature.

2) after the install i noticed a suspicious lack of intercepted Sobig.F
virusses. turns out the 'make install' had overwritten viruses.db and
viruses.db2 with an older version. Of course easily fixed once the
problem was noticed, but maybe the build process could either not
overwrite what is there, check the versions of an already installed
virus database, run freshclam during make install' or some other clever
trick.

David Jansen
-- 
David Jansenmailto:[EMAIL PROTECTED]
Leiden Observatory( Sterrewacht Leiden )
P.O. Box 9513,  2300 RA Leiden,  The Netherlands
Phone: (+31) 71 5275810Fax: (+31) 71 5275819


---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Win32 Virii Scanner

[Gerardo Reynoso Cobos]

Adam Williams wrote:
I'm curious if there is, or anyone is working on, a Win32 client
filesystem scanner that uses clamd?  Or if there is a good trick for
scanning Win32 workstations with clam?
If you share (and mount) the disk via samba, you can use clamscan to 
scan files a win disk.

You can mount the win share in linux via smbmount, for details check the 
manual.

Also, I think you could compile clam in win using cygnus tools, is this 
rigth? Does someone have tryed this?

Can someone else tell us about porting clam to win?
I also would like to know about it.
Sorry, should I supplyed few responses and too many questions to your 
query, :-(

Regards...



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users





---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users