Re: [Clamav-users] [clamav-milter] Domain of sender address does not exist

[Nicolas de La Chaise]

Sorry, I'm really stupid

Nigel Horne wrote:

  -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 08 Oct 2003 1:46 am, Nicolas de La Chaise wrote:
  
  
Hello,

I am not sure if this is the good mailing list for that question but ...

  
  
You've not really given enough information to help us to help you.

What operating system/distribution? 

I am testing now with Linux Mandrake 9.1. I might try to move to AIX if
everything goes fine but it is not the point for now.

  What version of clamav? 

Sendmail is 8.12.10 and clamav is 0.60
I didn't use any RPM. I downloaded the latest sources this week. 

  What is the contents of /etc/sysconfig/clamav-milter?

There is no such file or directory...

  
If I use the standard conf, everything is fine BUT if I use the milter conf, I always get "Please try again later..".

  
  
Where does this message appear? A logfile or the terminal? What is the full text of the message?

I test by telnetting the server on port 25. I can send the "HELO"
command but when I send the "MAIL FROM:" I get :
451 4.7.1 Please try again later

In the same time, I receive :
In the mail server logfile:
sendmail[7599]: h98JdmDo007599: Milter: [EMAIL PROTECTED],
reject=451 4.7.1 Please try again later

And, on the console :
clamfi_connect: connection from nc.nexantis.net [10.0.1.237]
recv: Connection reset by peer

One more thing, I read the PDF UserManual saying to check clamav.conf. 
The user manual says to change LocalSocket to /var/run/clamd.sock.
Instead the the value " /var/run/clamd.sock" I put
"/var/run/clmilter.sock" because I had no clamd.sock. and it was
complaining about it.

Well, if you need more information, please let me know.

Thanks a lot,

Nicolas

  

  
  
Nicolas

  
  
- -Nigel

- -- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/g6lphTUd3VwpF6IRAvblAJ9xMe+6qqD2JLGKLgHAgzSimSRYugCgsRRb
lRlOzeaHIBtbPccF6hCT+PE=
=cgMB
-END PGP SIGNATURE-



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


  

Re: [Clamav-users] Need help for config sendmail with Clamav-milter .

[Nigel Horne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 08 Oct 2003 5:00 am, BB wrote:

> Anyone can give me advice the config sendmail ? I had install the rpm
> package for clamav (include clamav-milter) . basic function works but
> there's few information about reconfig sendmail with clamav-milter .

See clamav/clamav-milter/INSTALL

> Thanks very much !!

- -Nigel

- -- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/g6pNhTUd3VwpF6IRAipHAJ9O8zqDjodu8WJUfTIanGkDqS+PAQCfd7QT
y9hAFrDakdfpVKKDPhsASp0=
=8tO5
-END PGP SIGNATURE-



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [clamav-milter] Domain of sender address does not exist

[Nigel Horne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 08 Oct 2003 1:46 am, Nicolas de La Chaise wrote:
> Hello,
>
> I am not sure if this is the good mailing list for that question but ...

You've not really given enough information to help us to help you.

What operating system/distribution? What version of clamav? What is the contents of 
/etc/sysconfig/clamav-milter?

> If I use the standard conf, everything is fine BUT if I use the milter conf, I 
> always get "Please try again later..".

Where does this message appear? A logfile or the terminal? What is the full text of 
the message?

> Nicolas

- -Nigel

- -- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/g6lphTUd3VwpF6IRAvblAJ9xMe+6qqD2JLGKLgHAgzSimSRYugCgsRRb
lRlOzeaHIBtbPccF6hCT+PE=
=cgMB
-END PGP SIGNATURE-



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Need help for config sendmail with Clamav-milter .

[BB]

Hi all ,
Anyone can give me advice the config sendmail ? I had install the rpm
package for clamav (include clamav-milter) . basic function works but
there's few information about reconfig sendmail with clamav-milter .
Thanks very much !!



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems under load?

[Rick Macdougall]

Hi,

Top posting cause I like it :)

I've had clamd die twice in the last 6 month's using the same setup.  It 
caused almost the same symptoms as you are describing and was fixed by a 
killall -9 clamd (it's running under daemontools).  I have sirens go off 
in my bedroom when the load average goes above 10 or the free mem drops 
below 200 meg.

It hasn't caused a hard lock yet but it would have if the sirens hadn't 
gone off.  Having said that, I've had the same experience with ravlin8 
and kaspersky.  Actually, ravlin is even worse, I had to switch a client 
today to clamav because ravlin was using 2.5 gigs (yes gigs) of memory 
for some unknown reason.

Regards,

Rick

Daniel Andersen wrote:

On Wednesday 08 October 2003 10:35, Thomas Lamy wrote:

Hi,

in general spamassassin needs much more CPU power than clam. But no
software is supposed to lock up a server :-). What MTA (and other
related software) do you use? Which OS?
Thomas


Yeah the locking up was a bit of a shock to us too :) I mean, we thought maybe 
mail would crash and burn, which is relatively easy to fix, but machines 
completely locking up is a bit of a rarity. The worst part was having to do 
an fsck on 40 gigs of mail when it rebooted, not fun at all :)

Our MTA is qmail 1.03, modified in places to suit our needs (which means we 
can't really use any off the shelf virus checking software because the 
patches no longer work with our code :) The server is also running apache to 
run imp webmail, but i doubt that would be causing any problems.  Binc IMAP 
is running in the background as well, but thats been running with no problems 
for a while now so probably isn't part of the equation either. The OS 
Slackware 8.1 running kernel 2.4.18.

Daniel





---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems under load?

[Alex Krohn]

Hi,

> Yeah the locking up was a bit of a shock to us too :) I mean, we thought maybe 
> mail would crash and burn, which is relatively easy to fix, but machines 
> completely locking up is a bit of a rarity. The worst part was having to do 
> an fsck on 40 gigs of mail when it rebooted, not fun at all :)
> 
> Our MTA is qmail 1.03, modified in places to suit our needs (which means we 
> can't really use any off the shelf virus checking software because the 
> patches no longer work with our code :) The server is also running apache to 
> run imp webmail, but i doubt that would be causing any problems.  Binc IMAP 
> is running in the background as well, but thats been running with no problems 
> for a while now so probably isn't part of the equation either. The OS 
> Slackware 8.1 running kernel 2.4.18.

What are you using to decode the message? We found several emails would cause
clamd to lock up when trying to parse (assertion errors would throw a SIGABRT
that would lock up the threads). We ended up turning off ScanMail option, and
instead use ripmime to decode the mail and scan the attachments. Works great
at very high rates (over 30 messages a second).

If you are interested, I can email you our qmail-antivirus we put together. It's
a qmail-queue replacement that decodes the email attachments, scans them via
clamd, and then calls the real qmail-queue if it's clean, otherwise's exits if
it's a virus (causing qmail-smtpd to not accept the message). Email me if you
are interested.

Cheers,

Alex

-- 
Alex Krohn <[EMAIL PROTECTED]>



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems under load?

[Thomas Lamy]

Daniel Andersen wrote:

On Wednesday 08 October 2003 10:35, Thomas Lamy wrote:

Hi,

in general spamassassin needs much more CPU power than clam. But no
software is supposed to lock up a server :-). What MTA (and other
related software) do you use? Which OS?
Thomas


Yeah the locking up was a bit of a shock to us too :) I mean, we thought maybe 
mail would crash and burn, which is relatively easy to fix, but machines 
completely locking up is a bit of a rarity. The worst part was having to do 
an fsck on 40 gigs of mail when it rebooted, not fun at all :)

Our MTA is qmail 1.03, modified in places to suit our needs (which means we 
can't really use any off the shelf virus checking software because the 
patches no longer work with our code :) The server is also running apache to 
run imp webmail, but i doubt that would be causing any problems.  Binc IMAP 
is running in the background as well, but thats been running with no problems 
for a while now so probably isn't part of the equation either. The OS 
Slackware 8.1 running kernel 2.4.18.

Daniel

I'm sorry, I can't help you here. I'm too much into Postfix... You may 
have more lock by searching the archives w/ resp to qmail/qmail-scanner(?).

Thomas



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems under load?

[Daniel Andersen]

On Wednesday 08 October 2003 10:35, Thomas Lamy wrote:
> Hi,
>
> in general spamassassin needs much more CPU power than clam. But no
> software is supposed to lock up a server :-). What MTA (and other
> related software) do you use? Which OS?
>
> Thomas

Yeah the locking up was a bit of a shock to us too :) I mean, we thought maybe 
mail would crash and burn, which is relatively easy to fix, but machines 
completely locking up is a bit of a rarity. The worst part was having to do 
an fsck on 40 gigs of mail when it rebooted, not fun at all :)

Our MTA is qmail 1.03, modified in places to suit our needs (which means we 
can't really use any off the shelf virus checking software because the 
patches no longer work with our code :) The server is also running apache to 
run imp webmail, but i doubt that would be causing any problems.  Binc IMAP 
is running in the background as well, but thats been running with no problems 
for a while now so probably isn't part of the equation either. The OS 
Slackware 8.1 running kernel 2.4.18.

Daniel


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] [clamav-milter] Domain of sender address does not exist

[Nicolas de La Chaise]

Hello, 

I am not sure if this is the good mailing list for that question but ...

I just installed clam and intend to use clamav-milter. This is almost
done, I still have some troubles left. 
I made two sendmail .mc (sendmail_MILTER and sendmail_STD): 
sendmail_MILTER contains
 INPUT_MAIL_FILTER(‘clmilter’,‘S=local:/var/run/clmilter.sock,F=,
T=S:4m;R:4m’)dnl
 define(‘confINPUT_MAIL_FILTERS’, ‘clmilter’)
and sendmail_STD doesn't.
I generated the corresponding .cf files and could start sendmail with
both.

Now, I guess sendmail should behave almost the same with both
configuration but it seems that it's quite different.
If I use the standard conf, everything is fine BUT if I use the milter
conf, I always get "Please try again later..".

Anybody ran in that problem ?

Thaks for your help.

Nicolas

Re: [Clamav-users] Problems under load?

[Thomas Lamy]

Daniel Andersen wrote:
Hi,

I was just wondering how much load clamav will generate under constant usage? 
The reason i ask is we updated our mail server to check all mail being 
delivered locally for viruses, and after a couple of hours of operation the 
server froze up and had to be manually rebooted (after 300 days of uptime no 
less :) We receive messages at the rate of about 5-10 a second, so clamd is 
pretty much constantly busy, but doesn't seem to be using much actual cpu 
time.

I'm not entirely sure it was clamd that caused the crash, as we also updated 
spamassassin to run in client server mode so that could have been causing the 
problems too, but i figured i would ask here in case there *were* any known 
issues. Note that spamassassin is showing up as using most of the cpu on the 
box, but we've had spamassassin running for the better part of 6 months 
without a problem so clamd looks to be the most likely culprit.

The machine in question is a dual 1Ghz p3 box with a gig of ram in case it 
makes any difference. Any suggestions would be much appreciated.

Daniel Andersen

Hi,

in general spamassassin needs much more CPU power than clam. But no 
software is supposed to lock up a server :-). What MTA (and other 
related software) do you use? Which OS?

Thomas



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems under load?

[Daniel Andersen]

Hi,

I was just wondering how much load clamav will generate under constant usage? 
The reason i ask is we updated our mail server to check all mail being 
delivered locally for viruses, and after a couple of hours of operation the 
server froze up and had to be manually rebooted (after 300 days of uptime no 
less :) We receive messages at the rate of about 5-10 a second, so clamd is 
pretty much constantly busy, but doesn't seem to be using much actual cpu 
time.

I'm not entirely sure it was clamd that caused the crash, as we also updated 
spamassassin to run in client server mode so that could have been causing the 
problems too, but i figured i would ask here in case there *were* any known 
issues. Note that spamassassin is showing up as using most of the cpu on the 
box, but we've had spamassassin running for the better part of 6 months 
without a problem so clamd looks to be the most likely culprit.

The machine in question is a dual 1Ghz p3 box with a gig of ram in case it 
makes any difference. Any suggestions would be much appreciated.

Daniel Andersen


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan paranoid?

[Tomasz Papszun]

On Tue, 07 Oct 2003 at 11:22:01 -0400, Adam Williams wrote:
> > > I have a samba fileserver, and I run clamscan every night as a cron job,
> > > moving infected files to a quanrantine directory (to help prevent any
> > > virii that have made it in from spreading).
> > > The next morning I look in quarantine and see some files.  So I
> > > disinfect them from a Win32PC with either Macafee or Solo,  rescan them
> > > and it says they are clean.  Then I attempt to e-mail them back to their
> > > owners.  but clamav-milter rejects them as infected.
> > > If I check them with clamscan it says they are still infected,  if I
> > > check them with Solo or Macafee both applications say they are clean.
> > > clamav-milter and clamscan are running on the same host (file server &
> > > mail relay).
> > > This seems really conflicted.  Who is at fault?  CLAM or both Solo &
> > > Macafee.
> > Both reasons are possible:
> > 1) ClamAV's signature may be not optimal, causing false positives, or
> > 2) AV scanners used for disinfecting may not clean infections
> >completely, leaving some fragment of virus in the cleaned file and
> >clamscan finds them still.
> > Anyway, you are encouraged to submit such samples (with a description
> > of the problem!) to the database developers in the usual way, i.e. by
> > http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
> 
> Done.  It said it accepted submission #609.  Is there any mechanism for
> tracking what becomes of or is determined about a submission?

Yes, observing the  clamav-virusdb  mailing list.

List-Subscribe:
,


> > Oh, one more general remark:
> > before submitting a sample please verify it using "clamav online
> > specimen scanner" at  http://www.gietl.com/test-clamav/ .
> 
> Done,  that site recognized the "cleaned" file as still infected.
> 
> > Though you (Adam) may already know it, I'm writing about it as a general
> > advice - because we sometimes (too frequently) receive samples of
> > viruses which are already detected by ClamAV, but are thought by senders
> > as unknown - seemingly people don't check them, but only judge from a
> > virus name or what...
> 
> Right, the problem is it detects a virus that supposedly isn't there any
> longer.

I've just removed this improper signature (W97/Marker) from the database
(it was in viruses.db2 file).

Thank you, Adam, for the report and the sample.

BTW, folks, there's a new virus in the wild since today (oh,
already yesterday): Trojan.IRCBot.M (alias W32.IRCBot.B,
Win32.SdBot.18976, Backdoor.IRCBot.gen etc.).
We have received several submissions with it.
So please update your databases.

And you need not submit next samples :-), we have enough of them :-).

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problem with clamav milter

[Flinn Mueller]

For the record, I have never tested the milter configuration.  ;-)

On Tuesday, October 7, 2003, at 05:55 PM, Scott Deacon wrote:

Good day,

I've been trying to implement Flinn Meuller's Clamav Milter (20030926)
packages on OpenBSD 3.3 (stable). I've worked through a number of 
issues
but I'm stumped on this one.My emails show the following in the header:

X-Virus-Scanned: sh: clamdscan: not found

I have verified that clamdscan exists, runs and that the directory
(/usr/local/bin) is in the path for the user (currently root).
A ps -aux | grep clam shows (somewhat truncated on the right):

root 18102  0.0 20.8 14600 10128 ??  Ss 2:08AM2:33.65
/usr/local/sbin/clamd
root 13597  0.0  0.7   336   324 C0- S  2:08AM0:06.23
/usr/local/sbin/clamav-milter -blo /var/
_clamd   32715  0.0  0.0   268 4 ??  Is 2:08AM0:11.71
/usr/local/bin/freshclam -d -c 2 -l /var
Anybody seen this and got a solution?

Scott



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] problem with clamav milter

[Scott Deacon]

Good day,

I've been trying to implement Flinn Meuller's Clamav Milter (20030926)
packages on OpenBSD 3.3 (stable). I've worked through a number of issues
but I'm stumped on this one.My emails show the following in the header:

X-Virus-Scanned: sh: clamdscan: not found

I have verified that clamdscan exists, runs and that the directory
(/usr/local/bin) is in the path for the user (currently root).

A ps -aux | grep clam shows (somewhat truncated on the right):

root 18102  0.0 20.8 14600 10128 ??  Ss 2:08AM2:33.65
/usr/local/sbin/clamd
root 13597  0.0  0.7   336   324 C0- S  2:08AM0:06.23
/usr/local/sbin/clamav-milter -blo /var/
_clamd   32715  0.0  0.0   268 4 ??  Is 2:08AM0:11.71
/usr/local/bin/freshclam -d -c 2 -l /var

Anybody seen this and got a solution?

Scott




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan paranoid?

[Adam Williams]

> > I have a samba fileserver, and I run clamscan every night as a cron job,
> > moving infected files to a quanrantine directory (to help prevent any
> > virii that have made it in from spreading).
> > The next morning I look in quarantine and see some files.  So I
> > disinfect them from a Win32PC with either Macafee or Solo,  rescan them
> > and it says they are clean.  Then I attempt to e-mail them back to their
> > owners.  but clamav-milter rejects them as infected.
> > If I check them with clamscan it says they are still infected,  if I
> > check them with Solo or Macafee both applications say they are clean.
> > clamav-milter and clamscan are running on the same host (file server &
> > mail relay).
> > This seems really conflicted.  Who is at fault?  CLAM or both Solo &
> > Macafee.
> Both reasons are possible:
> 1) ClamAV's signature may be not optimal, causing false positives, or
> 2) AV scanners used for disinfecting may not clean infections
>completely, leaving some fragment of virus in the cleaned file and
>clamscan finds them still.
> Anyway, you are encouraged to submit such samples (with a description
> of the problem!) to the database developers in the usual way, i.e. by
> http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi

Done.  It said it accepted submission #609.  Is there any mechanism for
tracking what becomes of or is determined about a submission?

> Oh, one more general remark:
> before submitting a sample please verify it using "clamav online
> specimen scanner" at  http://www.gietl.com/test-clamav/ .

Done,  that site recognized the "cleaned" file as still infected.

> Though you (Adam) may already know it, I'm writing about it as a general
> advice - because we sometimes (too frequently) receive samples of
> viruses which are already detected by ClamAV, but are thought by senders
> as unknown - seemingly people don't check them, but only judge from a
> virus name or what...

Right, the problem is it detects a virus that supposedly isn't there any
longer.



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Fwd: Ruh-Roh SOBIG.G?

[Lynn Duerksen]

I had two separate system getting hit pretty hard with SOBIG.G. One a
wholesale distributor and one a trucking company.  Both running
Amavisd-new - Postfix - Clamd - OpenBSD 3.3.  I noticed that most of the
traffic was from less than a couple dozen IP addresses.  I set my packet
filters to reject all traffic from these IPs.  I also tracked down the
ISP responsible on about half the offending IPs and most had abuse email
addresses to report them, in which I did.  It took my virus traffic down
over 1000%.

I can get away with more than an IP can since both places can usually
identify if they would expect valid mail from those addresses.

I still have them being rejected but no longer see those rules being
acted on according to my pflog.  They must have gotten cleaned up.

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Ray Slakinski
> Sent: Thursday, September 25, 2003 1:24 PM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Fwd: Ruh-Roh SOBIG.G?
> 
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> FYI:
> 
> Begin forwarded message:
> 
> > From: Dragos Ruiu <[EMAIL PROTECTED]>
> > Date: Thu Sep 25, 2003  3:01:16 AM Canada/Eastern
> > To: [EMAIL PROTECTED]
> > Subject: Ruh-Roh SOBIG.G?
> >
> > SOBIG was nasty for me. One of my clients was getting more 
> than 7MB/s 
> > sustained of SOBIG.F, and I had to deal with bandwidth charges for 
> > more than 450GB of SOBIG over a ten day period! My client had a 
> > particularly nasty problem with this nuisance because the 
> malware email address
> > scanner
> > picked up the support email out of their software which is 
> estimated to
> > be installed at over 10 million computers. And when you try 
> to stuff  
> > seven
> > megaBYTES per second into a 1.5 megaBIT per second office T1 some
> > not nice stuff happens. Nevermind their poor Exchange server blowing
> > up trying to deal with 400-700 messages/min (which I still think any
> > reasonable _real_ mail server _should_ be able to cope 
> with). Postfix
> > and PCRE on a fat pipe was the solution (albeit at some 
> cost) in this
> > instance.
> >
> > (Gave some interesting stats actually, for instance worm activity
> > peaked
> > every day between 6-8 am PST and again nightly at 7pm PST 
> which roughly
> > corresponds to morning in Asia.  ~10 Million users yielded 
> around 30k  
> > unique
> > IP hosts that generated that 450Gb of traffic, with the 
> average host  
> > sending
> > 500-1000 individual copies, but there were about a dozen or 
> so notables
> > that sent us 10-30k copies well above the rest. Heavy tailed  
> > distribution.
> > Interestingly, there seemed to be no peak for Europe 
> morning indicating
> > maybe this thing wasn't such a big problem there.)
> >
> > So anyway let me get to the punchline. After SOBIG.F so nicely shut
> > itself
> > down on Sept 10 according to its built in lycene 
> deficiency, we all  
> > went
> > phew, and went to pay the silly bandwidth bill (while 
> vowing to pour a
> > full beer on the head of the author if he ever turns up).
> >
> > Now I noted with concern this morning that I started getting more
> > wicked
> > screensavers. :-) Analysis indicates that this new nuisance of this
> > the newly ressurected malware does not correspond with any of the  
> > earlier
> > variants. (the files show the same variations in length as 
> the older  
> > SOBIG.F)
> > I did a little poking at it and it seems to be pretty 
> similar to the  
> > old one.
> > I can provide this to anyone who needs it but you should have a copy
> > of it already. :-(
> >
> > The old one was static across copies usually differing only 
> in bytes 
> > at the end after the null region and the length.
> >
> > The new one is mildly different. Below are some diffs of hexdumps. 
> > (byte per line between the new one and the old one) I 
> haven't pulled 
> > it apart in disassembly yet, but I wanted to send out a 
> heads up, and 
> > to flip the bird to whatever cretin spawned this new 
> nuisance.  I now 
> > owe you two beers on your head I think.
> >
> > SOBIG Filter instructions for Postfix
> > ---
> > (compile with pcre - this is in the OpenBSD Ports tree already)
> >
> > 1) Add this to main.cf:
> > mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
> >
> > 2) Then put this in /etc/postfix/mime_header_checks.regexp:
> > /
> > 
> filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|v
> be|vbs|vx 
> > d|xl)\"?$/
> >REJECT For security reasons we reject attachments of this type
> >
> > Diff of new and old binaries attached below.
> >
> > BTW in case you were wondering how to use diff
> > on binary files this little program is a nice trick to
> > to let you use standard diff on arbitrary binaries... :-)
> >
> > #include 
> > main()
> > {
> > int c;
> > while((c = getchar()) != EOF)
> > printf("%02x\n",c);
> > }
> >
> > sigh...
> > --dr
> >
> > --

Re: [Clamav-users] Can't connect to clamd

[Michael Lai]

I think I know what the problem is but not sure how to fix it.  When I look
at the code for clamd in init.d, it is looking for /usr/sbin/clamd but there
is no such file in that path.  This is odd since I installed clam using the
clam rpm.  I did a search with 'find' and still couldn't find clamd (besides
the one in init.d).  Should I reinstall clam?

> [Pardon, here is the message again in plain text]
>
> I think freshclam is fine.  It is owned by clamav and when I ran freshclam
> with verbose, I get the following messages:
>
> Checking for a new database - started at Tue Oct  7 23:19:53 2003
> Current working dir is /usr/share/clamav
> Connected to clamav.elektrapro.com.
> Reading md5 sum (viruses.md5): OK
> viruses.db is up to date.
> Reading md5 sum (viruses2.md5): OK
> viruses.db2 is up to date.
>
> I think the problem is maybe with clamd.  When I go into init.d and run
> 'clamd start', I get the following errors:
>
> ./clamd: line 26: msg_starting: command not found
> execvp: No such file or directory
>
> Regards,
> Michael.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Can't connect to clamd

[Michael Lai]

[Pardon, here is the message again in plain text]

I think freshclam is fine.  It is owned by clamav and when I ran freshclam
with verbose, I get the following messages:

Checking for a new database - started at Tue Oct  7 23:19:53 2003
Current working dir is /usr/share/clamav
Connected to clamav.elektrapro.com.
Reading md5 sum (viruses.md5): OK
viruses.db is up to date.
Reading md5 sum (viruses2.md5): OK
viruses.db2 is up to date.

I think the problem is maybe with clamd.  When I go into init.d and run
'clamd start', I get the following errors:

./clamd: line 26: msg_starting: command not found
execvp: No such file or directory

Regards,
Michael.


> You need to do a freshclam as the user clamav is using:
>
> freshclam -u clamav (or whatever user you're using)
>
> Rob Evers
>
>
>
> ---
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Can't connect to clamd

[Michael Lai]

I think freshclam is fine.  It is owned by clamav and when I ran
freshclam with verbose, I get the following messages:Checking for a new database - started
at Tue Oct  7 23:19:53 2003Current working dir is /usr/share/clamavConnected to clamav.elektrapro.com.Reading md5 sum (viruses.md5):
OKviruses.db is up to date.Reading md5 sum (viruses2.md5): OKviruses.db2 is up to date.I think the problem is maybe
with clamd.  When I go into init.d and run 'clamd start', I get the
following errors:./clamd: line 26: msg_starting: command not foundexecvp: No
such file or directoryRegards,Michael.> You need to do a freshclam as the user clamav is
using: > > freshclam -u clamav (or whatever user you're
using) > > Rob Evers 


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Can't connect to clamd

[Rob Evers]

Michael Lai wrote:
I setup freshclam as a cron job to update its antivirus database.  However, I 
keep getting the following error in my cron log:

/etc/cron.daily/clamav:

connect(): No such file or directory
ERROR: Can't connect to clamd.
In my clam-update.log, it says:
--
Checking for a new database - started at Tue Oct  7 08:00:00 2003
viruses.db is up to date.
Database updated (containing in total 9807 signatures).
However in clamav.log, it says:
--
Checking for a new database - started at Tue Oct  7 04:02:05 2003
viruses.db is up to date.
Database updated (containing in total 9795 signatures).
ERROR: Can't connect to clamd.
Any help is appreciated.

--- This sf.net email is 
sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf 
___ Clamav-users mailing list 
[EMAIL PROTECTED] 
https://lists.sourceforge.net/lists/listinfo/clamav-users
You need to do a freshclam as the user clamav is using:

freshclam -u clamav (or whatever user you're using)

Rob Evers



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Can't connect to clamd

[Michael Lai]

I setup freshclam as a cron job to update its antivirus database. 
However, I keep getting the following error in my cron log:/etc/cron.daily/clamav:connect(): No such file or
directoryERROR: Can't connect to clamd.In my clam-update.log, it says:--Checking for a new database -
started at Tue Oct  7 08:00:00 2003viruses.db is up to date.Database updated (containing in total 9807 signatures).However in clamav.log, it says:--Checking for a new database -
started at Tue Oct  7 04:02:05 2003viruses.db is up to date.Database updated (containing in total 9795 signatures).ERROR: Can't
connect to clamd.Any help is appreciated.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] building from cvs

[Niklas Saers Mailinglistaccount]

> There's a patch in the ports tree,

Thanks, I discovered it in the mail archive and applied it and it worked
fabulous. (not that it solved the problem at hand, clamd dieing, but still
:) )

Cheers

  Nik


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd+daemontools update

[Jesse Guardiani]

Howdy ClamAV Maintainers,

Please update this URL:
http://clamav.sourceforge.net/doc/clamd_supervised/clamd-daemontools-guide.txt

To display the txt file attached to this email:
http://article.gmane.org/gmane.comp.security.virus.clamav.user/2467

I've tried to make the txt file as pluggable as possible.
The only thing I forgot to do was protect my email address
in the /usr/local/clamav/supervise/clamd/run script.

Thanks!

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamd dies forever!

[Jesse Guardiani]

Ed Vazquez wrote:

> On Thu, 2 Oct 2003 09:55:04 +0300 Odhiambo Washington <[EMAIL PROTECTED]>
> wrote:
> 
>> Okay, I know this is not good at all, that I run the CVS version of
>> clamav
>> on a production box. It's suicide. I've run the daily snapshots for
>> some
>> time without disappointment when it comes to supervising the
>> service with
>> daemontools. However, something in CVS seems to completely defy
>> daemontools!
>> For two days now, this has happened, but unfortunately I have not
>> captured
>> any data. Not core dump at all.
>> Which one amongst the snapshots do people find more stability in?
>> I think clamav-devel-20030929 was the last one that never died
>> completely on me.
>> 
>> 
>> 
>> -Wash
>> 
>> --
>> Odhiambo Washington   <[EMAIL PROTECTED]>  "The box said 'Requires
>> Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or
>> better,'
>> Tel: +254 2 313985-9  +254 2 313922 so I installed
>> FreeBSD."
>> GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)
>> 
>> This fortune is false.
>> 
>> 
>> ---
>> This sf.net email is sponsored by:ThinkGeek
>> Welcome to geek heaven.
>> http://thinkgeek.com/sf
> 
> I know this has been covered extensively, but nonetheless I feel I
> should ask:
> 
> Could you post your daemontools run and log/run files?  I've been
> trying to use svscan to keep clamd active, and I have run into one of
> two scenarios:
> 
> 1 - The service starts another child of itself every second or so
> until the process table is full
> 2 - The service re-starts itself every second or so until the log file
> / partition is full
> 
> I have tried all the variants I have come across in the list archive,
> the settings from
> http://clamav.elektrapro.com/doc/clamd_supervised/clamd-daemontools-guide.txt,
> etc. all to no avail.
> 
> Perhaps there should be a doc/clamd_supervised page that lists all the
> varients that have worked for people by OS?

Which version of ClamAV are you running?

I think I saw some unintended line wrapping in:

http://clamav.elektrapro.com/doc/clamd_supervised/clamd-daemontools-guide.txt

which might cause problems controlling and/or starting the service.

Try the attached howto instead. I have gzipped it in the hope that mail archives
like GMANE won't display the attachment with improperly line wrapped text.

The new howto has been updated to be compliant with the UID change in
qmail-scanner-1.20rc3. clamd now runs as user 'qscand'.

Also, I have added a "ClamAV Install" section to the top of the file. This section
provides a cut-and-paste method of adding the clamav user to the FreeBSD password
database. You'll probably have to use different syntax/commands under a different
OS.

In addition, I've made a slight change at the bottom of the howto to better
indicate the end of the /usr/local/clamav/supervise/clamd/run file.

NOTE: I run this EXACT setup on a production FreeBSD 4.8-RELEASE box and a
development 5.1-RELEASE laptop. It works, but let me know if anyone has
problems with it. I'll be happy to help.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net


clamd-supervise-install-notes-0_002.txt.gz
Description: GNU Zip compressed data

Re: [Clamav-users] building from cvs

[Odhiambo Washington]

* Rob Evers <[EMAIL PROTECTED]> [20031007 15:28]: wrote:
> Yes this patch applies only to FreeBSD (see +#ifdef __FreeBSD__)
> but this doesn't mean other OS's will use this.

Very embarassed! Whacking myself hard on the ass!!
Alot of confusion reigning in the mind.


-Wash

-- 
Odhiambo Washington   <[EMAIL PROTECTED]>  "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD."   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)

Unquestionably, there is progress.  The average American now pays out
twice as much in taxes as he formerly got in wages.
-- H. L. Mencken


smime.p7s
Description: S/MIME cryptographic signature


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] building from cvs

[Rob Evers]

Odhiambo Washington wrote:
* Rob <[EMAIL PROTECTED]> [20031007 14:16]: wrote:


There's a patch in the ports tree,
--
It's named patch-zziplib.h (security/clamav-devel/files)


Hi Rob,

Thanks. I'm wondering whether this patch is for FreeBSD only???

-Wash

Yes this patch applies only to FreeBSD (see +#ifdef __FreeBSD__)
but this doesn't mean other OS's will use this.
Rob Evers



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] building from cvs

[Odhiambo Washington]

* Rob <[EMAIL PROTECTED]> [20031007 14:16]: wrote:

> There's a patch in the ports tree,
> --
> It's named patch-zziplib.h (security/clamav-devel/files)

Hi Rob,

Thanks. I'm wondering whether this patch is for FreeBSD only???


-Wash

-- 
Odhiambo Washington   <[EMAIL PROTECTED]>  "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD."   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)

After a number of decimal places, nobody gives a damn.


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] building from cvs

[Rob]

Odhiambo Washington wrote:
* Niklas Saers Mailinglistaccount <[EMAIL PROTECTED]> [20031007 02:06]: wrote:

Hi, for a few days now I've been getting the following error when
compiling clamav from CVS on a FreeBSD 5-system. Any  ideas as to how to
resolve this issue?
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\"
-DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"clamav\"
-DVERSION=\"20030829\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
-DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
-DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
-DHAVE_DLFCN_H=1 -DBUFFSIZE=131072 -DFBUFFSIZE=16384 -DSTDC_HEADERS=1
-DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DHAVE_INTTYPES_H=1
-DHAVE_MEMORY_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRINGS_H=1 -DHAVE_STRING_H=1
-DHAVE_SYS_MMAN_H=1 -DHAVE_SYS_PARAM_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_SYS_TYPES_H=1 -DSIZEOF_SHORT=2 -DSIZEOF_INT=4 -DSIZEOF_LONG=4
-DHAVE_ZLIB_H=1 -DHAVE_BZLIB_H=1 -DCLAMD_USE_SYSLOG=1
-DCLAMAVUSER=\"clamav\" -DCLAMAVGROUP=\"clamav\" -DC_BIGSTACK=1
-DDB1NAME=\"viruses.db\" -DDB2NAME=\"viruses.db2\"
-DDATADIR=\"/usr/local/share/clamav\" -DCONFDIR=\"/usr/local/etc\"
-DC_URANDOM=1 -DCL_THREAD_SAFE=1 -DC_BSD=1 -DWORDS_LITTLEENDIAN=1 -I. -I.
-I.. -I./zziplib -Wall -c zziplib/zzip-dir.c -MT zzip-dir.lo -MD -MP -MF
.deps/zzip-dir.TPlo  -fPIC -DPIC -o .libs/zzip-dir.lo
In file included from zziplib/zzip.h:21,
from zziplib/zzip-dir.c:13:
zziplib/zziplib.h:83: syntax error before "zzip_ssize_t"
zziplib/zziplib.h:83: warning: type defaults to `int' in declaration of
`zzip_ssize_t'
zziplib/zziplib.h:83: warning: data definition has no type or storage
class
zziplib/zziplib.h:184: syntax error before "zzip_file_read"
zziplib/zziplib.h:184: warning: type defaults to `int' in declaration of
`zzip_file_read'
zziplib/zziplib.h:184: warning: data definition has no type or storage
class
zziplib/zziplib.h:191: syntax error before "zzip_read"
zziplib/zziplib.h:191: warning: type defaults to `int' in declaration of
`zzip_read'
zziplib/zziplib.h:191: warning: data definition has no type or storage
class
*** Error code 1


Same here on a 5.1-RELEASE system. I believe it's something being worked on.



-Wash

There's a patch in the ports tree,
--
--- libclamav/zziplib/zziplib.h.origMon Sep 29 13:44:52 2003
+++ libclamav/zziplib/zziplib.h Fri Oct  3 15:45:22 2003
@@ -19,6 +19,9 @@
 #ifndef _ZZIP_ZZIP_H /* zziplib.h */
 #define _ZZIP_ZZIP_H
+#ifdef __FreeBSD__
+#include 
+#endif
 #include 
 #include 
--
It's named patch-zziplib.h (security/clamav-devel/files)
Rob Evers





---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] bzip2 support

[borpeter]

Hi, 

Does anybody know what exactly is reguired for bzip2 support for
clamav 0.60? And how can I determine if my installation of clamav
is compiled with this support. I did just ./configure, make, make
install.

Thanks.
Peter

-- 
Potrebujete vice prostoru pro vase stranky?
Ptejte se na http://sluzby.volny.cz/cs/product/ftp_paid




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] bzip2 support

[borpeter]

Hi, 

Does anybody know what exactly is reguired for bzip2 support for
clamav 0.60? And how can I determine if my installation of clamav
is compiled with this support. I did just ./configure, make, make
install.

I tried tests which came with clamav. Rar file, zip file, badext,
was detected, but .bz2 file wasn't.

Thanks.
Peter


-- 
Potrebujete vice prostoru pro vase stranky?
Ptejte se na http://sluzby.volny.cz/cs/product/ftp_paid




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] building from cvs

[Odhiambo Washington]

* Niklas Saers Mailinglistaccount <[EMAIL PROTECTED]> [20031007 02:06]: wrote:
> Hi, for a few days now I've been getting the following error when
> compiling clamav from CVS on a FreeBSD 5-system. Any  ideas as to how to
> resolve this issue?
> 
> gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\"
> -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"clamav\"
> -DVERSION=\"20030829\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
> -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
> -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
> -DHAVE_DLFCN_H=1 -DBUFFSIZE=131072 -DFBUFFSIZE=16384 -DSTDC_HEADERS=1
> -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DHAVE_INTTYPES_H=1
> -DHAVE_MEMORY_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRINGS_H=1 -DHAVE_STRING_H=1
> -DHAVE_SYS_MMAN_H=1 -DHAVE_SYS_PARAM_H=1 -DHAVE_SYS_STAT_H=1
> -DHAVE_SYS_TYPES_H=1 -DSIZEOF_SHORT=2 -DSIZEOF_INT=4 -DSIZEOF_LONG=4
> -DHAVE_ZLIB_H=1 -DHAVE_BZLIB_H=1 -DCLAMD_USE_SYSLOG=1
> -DCLAMAVUSER=\"clamav\" -DCLAMAVGROUP=\"clamav\" -DC_BIGSTACK=1
> -DDB1NAME=\"viruses.db\" -DDB2NAME=\"viruses.db2\"
> -DDATADIR=\"/usr/local/share/clamav\" -DCONFDIR=\"/usr/local/etc\"
> -DC_URANDOM=1 -DCL_THREAD_SAFE=1 -DC_BSD=1 -DWORDS_LITTLEENDIAN=1 -I. -I.
> -I.. -I./zziplib -Wall -c zziplib/zzip-dir.c -MT zzip-dir.lo -MD -MP -MF
> .deps/zzip-dir.TPlo  -fPIC -DPIC -o .libs/zzip-dir.lo
> In file included from zziplib/zzip.h:21,
>  from zziplib/zzip-dir.c:13:
> zziplib/zziplib.h:83: syntax error before "zzip_ssize_t"
> zziplib/zziplib.h:83: warning: type defaults to `int' in declaration of
> `zzip_ssize_t'
> zziplib/zziplib.h:83: warning: data definition has no type or storage
> class
> zziplib/zziplib.h:184: syntax error before "zzip_file_read"
> zziplib/zziplib.h:184: warning: type defaults to `int' in declaration of
> `zzip_file_read'
> zziplib/zziplib.h:184: warning: data definition has no type or storage
> class
> zziplib/zziplib.h:191: syntax error before "zzip_read"
> zziplib/zziplib.h:191: warning: type defaults to `int' in declaration of
> `zzip_read'
> zziplib/zziplib.h:191: warning: data definition has no type or storage
> class
> *** Error code 1


Same here on a 5.1-RELEASE system. I believe it's something being worked on.



-Wash

-- 
Odhiambo Washington   <[EMAIL PROTECTED]>  "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com  Windows 95, NT, or better,'
Tel: +254 2 313985-9  +254 2 313922 so I installed FreeBSD."   
GSM: +254 72 743223   +254 733 744121   This sig is McQ!  :-)

One good reason why computers can do more work than people is that they
never have to stop and answer the phone.


smime.p7s
Description: S/MIME cryptographic signature