Re: [Clamav-users] Clamd locks up
On Thu, 8 Jan 2004 09:57:18 +1000 Daniel Andersen [EMAIL PROTECTED] wrote: Hi, I'm running clamd on two production mail servers, and it seems to lock up fairly regularly for reasons unknown to me. On one server it only We need more information (version numbers, logs, configuration details).. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 8 08:26:45 CET 2004 pgp0.pgp Description: PGP signature
[Clamav-users] Re: Clamd locks up
Hello Daniel, On 07.01.04, you wrote: every few hours, which is obviously unacceptable. Is there any known solutoin to a problem like this (other than setting up scripts to restart it every No, when you view the archives of the list from app 30 hours ago, you will find enough code and links to get yourself a working restartscript for clamd Regards --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd locks up
On Thursday 08 Jan 2004 7:48 am, Tomasz Kojm wrote: We need more information (version numbers, logs, configuration details).. And operating systems that this appears on. Best regards, Tomasz Kojm -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: [Clamav-users]clamav-milter
On Thursday 08 Jan 2004 2:01 am, Internet Helpdesk wrote: At any rate, is there way to make clamav-milter produce a log or at least produce some output on the terminal screen? The man page for clamav-milter mentions a -x or --debug-level but these options are not recognized. They are recognised if you recompile with CL_DEBUG. It is already on my to do list to correct this inconsistency in the documentation. -Troy -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: AW: [Clamav-users] clamd crash detection ?
Le mer 07/01/2004 à 20:16, [EMAIL PROTECTED] a écrit : On Wed, 2004-01-07 at 10:59, Power-Netz (Schwarz) wrote: Your script code does work, but does not recognize the crashed child :-( The parent task seems to life and answere the PING , but the actual used child does no longer react. Thx to you will can check the clamd a bit better. Try this version: http://mikecathey.com/postfix-cyrus-amavis/clamdwatch-0.3.txt The changes are noted at the top of the file. The main one is the timeout on the scan request. I also added exit codes. Thanks for your work. This script should be add in the contrib directory of clam. I just have a little pb with it. It's about how you find your path at the start of the file. I get the folowing error: [EMAIL PROTECTED] tmp]# /usr/local/bin/clamdwatch.pl Clamd is in an unknown state. It returned: /usr/local/bin/usr/local/bin/clamdwatch.pl: Can't access the file ERROR My solution was to just write $script = $0 Regards. signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Re: [Clamav-users] Virus Descriptions
* Philipp Grosswiler [EMAIL PROTECTED] [2004-01-07 18:42]: I am wondering if there exists any descriptions of the viruses found by ClamAV, similary to McAfee/Symantec/... Many of my customers would like to find out more about the virus they got and how they could protect themselves, and that's why I want to give them a link to the virus in the report (which is automated). It would be nice to have a website which could be accessed with the virus' name in the URL, e.g. www.clamav.net/?virus=Worm.Gibe.F which would list all information available of that virus (maybe even with crosslinking to other virus vendors). Does that exist in some way or could this be done? AFAIK it does not exist. I asked for the same some months ago and got no answer. I would appreciate an online virus desciption database and am more then willing to help creating one. Alex -- Alex Pleiner zeitform Internet Dienste Fraunhoferstrasse 5 64283 Darmstadt, Germany http://www.zeitform.deTel.: +49 (0)6151 155-635 mailto:[EMAIL PROTECTED]Fax: +49 (0)6151 155-634 GnuPG/PGP Key-ID: 0x613C21EA --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Descriptions
On Thu, 8 Jan 2004 11:47:44 +0100 Alex Pleiner [EMAIL PROTECTED] wrote: Does that exist in some way or could this be done? AFAIK it does not exist. I asked for the same some months ago and got no answer. I would appreciate an online virus desciption database and am more then willing to help creating one. Sorry, we have no time to keep online virus descriptions up to date. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 8 11:50:53 CET 2004 pgp0.pgp Description: PGP signature
RE: [Clamav-users] Virus Descriptions
Would it at least be possible to have a reference or alias to other online resources (e.g. McAfee's Virus Information Library)? For example, if I am searching for the virus Worm.Gibe.F on the McAfee Virus Information Library there are no matches found. It would be nice if I could use the alias to find the correct match on the virus there, so I could use their virus description... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Kojm Sent: Thursday, January 08, 2004 11:53 AM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Virus Descriptions On Thu, 8 Jan 2004 11:47:44 +0100 Alex Pleiner [EMAIL PROTECTED] wrote: Does that exist in some way or could this be done? AFAIK it does not exist. I asked for the same some months ago and got no answer. I would appreciate an online virus desciption database and am more then willing to help creating one. Sorry, we have no time to keep online virus descriptions up to date. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\Thu Jan 8 11:50:53 CET 2004 --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Descriptions
On Thursday 08 January 2004 10:47 am, Alex Pleiner wrote: * Philipp Grosswiler [EMAIL PROTECTED] [2004-01-07 18:42]: I am wondering if there exists any descriptions of the viruses found by ClamAV, similary to McAfee/Symantec/... Many of my customers would like to find out more about the virus they got and how they could protect themselves, and that's why I want to give them a link to the virus in the report (which is automated). It would be nice to have a website which could be accessed with the virus' name in the URL, e.g. www.clamav.net/?virus=Worm.Gibe.F which would list all information available of that virus (maybe even with crosslinking to other virus vendors). Does that exist in some way or could this be done? AFAIK it does not exist. I asked for the same some months ago and got no answer. I would appreciate an online virus desciption database and am more then willing to help creating one. I seem to remember last time this came up that there was a plan to include some sort of info regarding the classification of the virus (executable, macro, script, that sort of thing) as well as either a URL or some sort of index number which could be used to reference a list of further details about the specific virus. I think this was associated with the plan to change the database format for the virus signatures, however all of this could just be an indication over my sheer optimism and an over-active imagination. Regards, Antony. -- Software development can be quick, high quality, or low cost. The customer gets to pick any two out of three. Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] 6 viruses in http://www.testvirus.org/ were NOT detected by Clam-AV
Hi all, Hope some guys in grp are NOT fed up from my mails :(( If so i'm apolozise. Yday i had a problem of Clam-AV not detecting viruses sent from http://www.testvirus.org/ === Problem was with /etc/clam.conf #ClamukoIncludePath /home The above line was UN-commented out.Re-reading a clamdoc.pdf again (with patiece) help : Its says: --- Never protect a directory your mail-scanner software uses for attachment unpacking. Access to all infected files will be automagically blocked and the scanner (even clamd) wont be able to detect a virus. The infected mail will be delivered. --- === Lastly follwoing viruses were not detected !! *Eicar virus sent using BinHex encoding *Eicar virus sent using BinHex encoding within a MIME segment *Outlook 'Blank Folding' Vulnerability (does not include Eicar virus, but your mail server still must catch this) *Outlook 'Boundary Space Gap' Vulnerability (does not include Eicar virus, but your mail server still must catch this) *Outlook 'Long Boundary' Vulnerability (does not include Eicar virus, but your mail server still must catch this) *A file with a CLSID extension which may hide the real file extension (does not include Eicar virus, but your mail server still must catch this) Is this common with Clam-AV or am i need take care of some things in Clam-AV ? Kindly Guide... Thanks -Dilip.M --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 6 viruses in http://www.testvirus.org/ were NOT detected by Clam-AV
On Thu, 08 Jan 2004 17:24:57 +0530 Dilip M [EMAIL PROTECTED] wrote: Is this common with Clam-AV or am i need take care of some things in Clam-AV ? Please read the last post from Tomasz Papszun ! Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 8 13:14:27 CET 2004 pgp0.pgp Description: PGP signature
[Clamav-users] clamav vs. other virus scanners
Hi all, Recently I noticed that Norton AV clears more than 60,000 viruses, maybe other virus scanners also have similar numbers, why do we have a very less number? Is it because we do not have big database or we protect against new viruses only and keep new definition updated? I personally had no problems, cos' I have saved few viruses to test with clamav and it detected them all. But then I have a LAN of only few machines. Do other people with big setups and budget prefer commercial antiviruses to clamav? Also, is clamav a bit worried that once the database grows big it will consume more memory and create other problems. Thanks. Regards, -Payal -- For GNU/Linux Success Stories and Articles visit: http://payal.staticky.com --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav vs. other virus scanners
On Thursday 08 January 2004 12:21 pm, Payal Rathod wrote: Hi all, Recently I noticed that Norton AV clears more than 60,000 viruses, maybe other virus scanners also have similar numbers, why do we have a very less number? Two main reasons: 1. ClamAV has a high proportion of recent viruses, and a lower proportion of old viruses. Other products often count ancient viruses in their list of signatures - it looks good for marketing, even if no-one's seen that particular bit of code in the wild for 10 years. 2. Many vendors count minor variations in viruses as multiple signatures, whereas ClamAV often catches several variations with a single signature. Again, the higher number looks good for marketing, even though it really means the product is ratehr less efficient at detecting the viruses and has to search a bigger database of signatures to achieve the same effect. Antony. -- Wanted: telepath. You know where to apply. Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: AW: [Clamav-users] clamd crash detection ?
On Thu, 2004-01-08 at 04:11, Cedric Foll wrote: I just have a little pb with it. It's about how you find your path at the start of the file. I get the folowing error: [EMAIL PROTECTED] tmp]# /usr/local/bin/clamdwatch.pl Clamd is in an unknown state. It returned: /usr/local/bin/usr/local/bin/clamdwatch.pl: Can't access the file ERROR Fixed. I moved the clamdwatch scripts to make it easier for people to see the latest version and grab what they want: http://mikecathey.com/code/clamdwatch/ Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Descriptions
Hello There are places on the web where virus information can be obtained. For example, Google came up with http://www.f-secure.com/virus-info/wild.html. No doubt htere are others. Steve = Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Descriptions
On Thursday 08 January 2004 3:26 pm, Steven King wrote: Hello There are places on the web where virus information can be obtained. For example, Google came up with http://www.f-secure.com/virus-info/wild.html. No doubt htere are others. True, there are plenty of such resources around; the difficulty is that not all anti-virus vendors agree on the name of each virus - there are commonly two or three quite different names for a single virus, together with minor variations such as W32/, .Worm, @MM, etc used as prefixes and suffixes. It would clearly be a fair amount of work to create a ClamAV directory of viruses and their characteristics (and I can't see that this is purposeful given the quantity of information already out on the Internet telling people what they need to know), however it would certainly be very useful to have a cross-reference list of the ClamAV name for a virus, and other A-V vendors' names for the same thing. This at least would allow people to know what to look for in an alternative virus encyclopaedia. Regards, Antony. -- If builders made buildings the way programmers write programs, then the first woodpecker to come along would destroy civilisation. Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Descriptions
On Thu, 08 Jan 2004 at 15:35:43 +, Antony Stone wrote: On Thursday 08 January 2004 3:26 pm, Steven King wrote: There are places on the web where virus information can be obtained. For example, Google came up with http://www.f-secure.com/virus-info/wild.html. No doubt htere are others. Some vendors publish searchable information about viruses they detect, e.g.: http://www.symantec.com/avcenter/vinfodb.html http://cgi.f-secure.com/cgi-bin/search.cgi http://www.sophos.com/ True, there are plenty of such resources around; the difficulty is that not all anti-virus vendors agree on the name of each virus - there are commonly two or three quite different names for a single virus, together with minor variations such as W32/, .Worm, @MM, etc used as prefixes and suffixes. Some vendors show in their announcements also names used by others (Alias, Also Known As etc.). It would clearly be a fair amount of work to create a ClamAV directory of viruses and their characteristics (and I can't see that this is purposeful given the quantity of information already out on the Internet telling people what they need to know), however it would certainly be very useful to have a I fully agree that it would be useful. The problem is that we just haven't got enough time for preparing such directory. Even processing everyday submissions takes much time. cross-reference list of the ClamAV name for a virus, and other A-V vendors' names for the same thing. This at least would allow people to know what to look for in an alternative virus encyclopaedia. In our announcements about database updates we try to inform about names under which viruses are detected by other AV scanners by means of Alias: field. Unfortunately, this information is not always available. Especially when a virus is new and other vendors don't detect it. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RE: More tests from www.testvirus.org
On Thu, Jan 08, 2004 at 01:38:37AM +0100, Tomasz Papszun wrote: In case someone is interested, I'm including here test results of a set: Postfix + Amavisd-new (20030616p5-6) + ClamAV (0.60+BugFixesFromCVS-20030916). From the 1st group of tests on www.antivirus.org, only 1 of 15 test messages was let through: Nr 8. Eicar virus sent using BinHex encoding within a MIME segment. My amavisd-new doesn't seem to decode BinHex encoded attachments. Maybe you should take this up with the amavis-users list. Although the real problem may be that my file-4.07 program identifies the binhex encoded file as Emacs v18 byte-compiled Lisp data From the 2nd group of tests (important only for M$ Outlook), 5 of 7 test messages were let through: Nr 2. Outlook 'Space Gap' vulnerability (includes Eicar virus as hidden attachment), The 'Space Gap' test contains a base-64 encoded attachment named eicar.com, but it doesn't seem to actually be the eicar test file when it's decoded. I wouldn't expect any scanner to catch it. Nr 3. Outlook 'Blank Folding' Vulnerability (does not include Eicar virus), Nr 4. Outlook 'Boundary Space Gap' Vulnerability (does not include Eicar virus), Nr 5. Outlook 'Long Boundary' Vulnerability (does not include Eicar virus), Nr 7. A file with a CLSID extension which may hide the real file extension (does not include Eicar virus). I'm not sure these are exploits we need to be concerned about, but they can probably be blocked with postfix 2.x mime_header_checks. -- Noel Jones --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: [Clamav-users]clamav-milter
Ah, it's as simple as using --enable-debug when compiling. Cool What do the different debug levels log? I see that level 9 logs quite a bit :) Specifically what log level only logs errors? When enabling debug is there an option to direct the output to syslog? -Troy - Original Message - From: Nigel Horne [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 08, 2004 3:05 AM Subject: Re: [Clamav-users] Re: [Clamav-users]clamav-milter On Thursday 08 Jan 2004 2:01 am, Internet Helpdesk wrote: At any rate, is there way to make clamav-milter produce a log or at least produce some output on the terminal screen? The man page for clamav-milter mentions a -x or --debug-level but these options are not recognized. They are recognised if you recompile with CL_DEBUG. It is already on my to do list to correct this inconsistency in the documentation. -Troy -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users !DSPAM:3ffd1dc0251741781116009! --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
On Thursday 08 January 2004 7:17 pm, mantor wrote: Jan 8 13:29:31 filter2 /kernel: pid 63342 (clamscan), uid 1003: exited on signal 11 (core dumped) that happend today dont know what going on but i uninstalled clamscan reinstalled then it started working again but after i manually updated the database i started to get those errors again Clamscan's working fine for me here (Linux 2.4.23, ClamAV 0.60, with the big database update just released, therefore 27645 signatures). What O/S, version of ClamAV etc do you have? Antony. -- All matter in the Universe can be placed into one of two categories: 1. Things which need to be fixed. 2. Things which need to be fixed once you've had a few minutes to play with them. Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
freebsd 4.9 clamav 0.65 might not notice if your just scanning it regularly also i know this might not be clamav problem but was searching through the logs and found this and thats when it started Jan 7 21:08:07 filter2 X-Qmail-Scanner-1.20: [filter2107352768646113762] clamscan: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 and i looked in the documentation and found signal 50 is Virus database initialization error. Probably it doesn't exist at the default location or it's malformed (e.g. broken digital signature) /me shrugs On Thu, 2004-01-08 at 14:25, Antony Stone wrote: On Thursday 08 January 2004 7:17 pm, mantor wrote: Jan 8 13:29:31 filter2 /kernel: pid 63342 (clamscan), uid 1003: exited on signal 11 (core dumped) that happend today dont know what going on but i uninstalled clamscan reinstalled then it started working again but after i manually updated the database i started to get those errors again Clamscan's working fine for me here (Linux 2.4.23, ClamAV 0.60, with the big database update just released, therefore 27645 signatures). What O/S, version of ClamAV etc do you have? Antony. -- All matter in the Universe can be placed into one of two categories: 1. Things which need to be fixed. 2. Things which need to be fixed once you've had a few minutes to play with them. Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- David Peters Network Admin [EMAIL PROTECTED] 727-536-6314 :: NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. :: --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Mimail problem and kudos
I've been running clamd (0.65) through exiscan (exim 4.24) on a RH 9.0 box. I'm also running RAV as a system filter until my subscription runs out. Clamd has been catching everything before it gets to RAV except for Mimail. I looked at the archives and made sure I had ScanArchive active. I don't have ScanRAR on as the docs said this was a bit leaky. Do I need ScanRAR to detect Mimail or do I have some other problem? As a side note, I have to say I am really impressed with the clamav system. Everyone involved seems to be doing a great job and is very responsive to the users. I've found the clamav setup to be faster and easier to configure than RAV. I'm planning to divert the money I was sending to RAV for subscription to the clamav project to help the cause. -- Paul Carpenter [EMAIL PROTECTED] DodgeNet, Inc. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
On Thursday 08 January 2004 8:16 pm, Antony Stone wrote: On Thursday 08 January 2004 8:07 pm, Tomasz Papszun wrote: On Thu, 08 Jan 2004 at 19:25:36 +, Antony Stone wrote: Clamscan's working fine for me here (Linux 2.4.23, ClamAV 0.60, with the big database update just released, therefore 27645 signatures). 27645? How come? The database at the moment contains 19799 signatures. Hm. Good question. On another system I run (which does automatic updates every 12 hours) I do indeed have 19799 sigs. Okay - it turns out I had a symbolic link to another directory in my /usr/local/share/clamav and that directory had an old copy of a .db file :( I think it was left over from when I was experimenting with my own sig files. I now have 19799 sigs as expected :) Antony. -- How I want a drink, alcoholic of course, after the heavy chapters involving quantum mechanics. - 3.14159265358979 Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
On Thursday 08 January 2004 8:23 pm, [EMAIL PROTECTED] wrote: Tomasz, On Thu, 2004-01-08 at 15:07, Tomasz Papszun wrote: 27645? How come? The database at the moment contains 19799 signatures. Here's what I'm seeing on (on 2 different linux/ia32 machines): Thu Jan 8 06:14:11 2004 - Database correctly reloaded (29953 viruses) $ tail -6 clamav-freshclam.log -- ClamAV update process started at Thu Jan 8 15:07:00 2004 main.cvd is up to date (version: 13, sigs: 19603, f-level: 1, builder: ddm) daily.cvd is up to date (version: 78, sigs: 196, f-level: 1, builder: tkojm) Well, 19603+196=19799, so freshclam is accurate. I suggest you do what I did, and very carefully check what's in /usr/local/share/clamav - remember that ClamAV will use any *.db? files it finds there, as well as the newer .cvd format. Regards, Antony. -- Programming is a Dark Art, and it will always be. The programmer is fighting against the two most destructive forces in the universe: entropy and human stupidity. They're not things you can always overcome with a methodology or on a schedule. - Damian Conway, Perl God Please reply to the list; please don't CC me. --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
Tomasz Papszun wrote: On Thu, 08 Jan 2004 at 19:25:36 +, Antony Stone wrote: Clamscan's working fine for me here (Linux 2.4.23, ClamAV 0.60, with the big database update just released, therefore 27645 signatures). 27645? How come? The database at the moment contains 19799 signatures. I think this happens everytime somebody updates an old installation that used the *.db file to the new *.cvd format without deleting the old files. clamd then somehow reports the sum of the signatures in these files(!). Stefan --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
On Thu, 2004-01-08 at 15:40, Stefan Kaltenbrunner wrote: I think this happens everytime somebody updates an old installation that used the *.db file to the new *.cvd format without deleting the old files. clamd then somehow reports the sum of the signatures in these files(!). That's exactly what it was in my case. :\ Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
On 08 Jan 2004 14:40:42 -0500 mantor [EMAIL PROTECTED] wrote: freebsd 4.9 clamav 0.65 might not notice if your just scanning it regularly also i know this might not be clamav problem but was searching through the logs and found this and thats when it started Jan 7 21:08:07 filter2 X-Qmail-Scanner-1.20: [filter2107352768646113762] clamscan: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 I'm now citing my own mail (from yesterday): That's why you should observe your systems and expecially Qmail-Scanner users should increase their softlimit. Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Jan 8 21:45:44 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] is the virus db screwed up ?
on my last reload... SelfCheck: Database modification detected. Forcing reload. Reading databases from /usr/local/share/clamav Database correctly reloaded (29930 viruses) $ clamd -V clamd / ClamAV version 0.65 4.9-RC FreeBSD 4.9-RC #1 on another server... Verbose logging activated. Reading databases from /usr/local/share/clamav Protecting against 31589 viruses. $ clamd -V clamd / ClamAV version 0.65 4.9-STABLE FreeBSD 4.9-STABLE #0 HOwever, the fresh-clam log says... Checking for a new database - started at Thu Jan 8 06:24:08 2004 viruses.db is up to date. Database updated (containing in total 19799 signatures). Database updated from database.clamav.net. and... ClamAV update process started at Thu Jan 8 16:00:18 2004 main.cvd is up to date (version: 13, sigs: 19603, f-level: 1, builder: ddm) daily.cvd is up to date (version: 78, sigs: 196, f-level: 1, builder: tkojm) for the first and second servers, respectively... Both servers report the same version of FreshCLam... Odd that they wouldn't have the same reports...? SUndie... [EMAIL PROTECTED] said: Tomasz, On Thu, 2004-01-08 at 15:07, Tomasz Papszun wrote: 27645? How come? The database at the moment contains 19799 signatures. Here's what I'm seeing on (on 2 different linux/ia32 machines): Server1: SNIP $ grep -Ei 'protecting|reloaded' clamd.log Sun Jan 4 07:37:29 2004 - Protecting against 22167 viruses. Mon Jan 5 15:06:47 2004 - Protecting against 22167 viruses. Tue Jan 6 11:18:50 2004 - Database correctly reloaded (22172 viruses) Wed Jan 7 01:27:18 2004 - Database correctly reloaded (22180 viruses) Wed Jan 7 07:25:32 2004 - Protecting against 22180 viruses. Wed Jan 7 07:29:25 2004 - Protecting against 22180 viruses. Wed Jan 7 10:31:16 2004 - Database correctly reloaded (22181 viruses) Wed Jan 7 14:02:37 2004 - Protecting against 22181 viruses. Wed Jan 7 14:04:28 2004 - Protecting against 22181 viruses. Wed Jan 7 20:08:07 2004 - Database correctly reloaded (29950 viruses) Thu Jan 8 06:14:11 2004 - Database correctly reloaded (29953 viruses) $ clamd --version clamd / ClamAV version devel-20031122 $ tail -6 clamav-freshclam.log -- ClamAV update process started at Thu Jan 8 15:07:00 2004 main.cvd is up to date (version: 13, sigs: 19603, f-level: 1, builder: ddm) daily.cvd is up to date (version: 78, sigs: 196, f-level: 1, builder: tkojm) -- SNIP Server2: SNIP $ grep -Ei 'protecting|reloaded' clamd.log Sun Jan 4 06:25:12 2004 - Protecting against 12013 viruses. Tue Jan 6 10:57:17 2004 - Database correctly reloaded (12018 viruses) Tue Jan 6 21:03:35 2004 - Database correctly reloaded (12026 viruses) Wed Jan 7 09:10:57 2004 - Database correctly reloaded (12027 viruses) Wed Jan 7 19:17:16 2004 - Database correctly reloaded (12038 viruses) Wed Jan 7 21:18:33 2004 - Database correctly reloaded (19796 viruses) Thu Jan 8 07:24:43 2004 - Database correctly reloaded (19799 viruses) $ clamd --version clamd / ClamAV version 0.65-BugFixesFromCVS-20031123 tail -6 clamav-freshclam.log -- Checking for a new database - started at Thu Jan 8 14:29:44 2004 viruses.db is up to date. viruses.db2 is up to date. -- SNIP And here's the snipped where server2 updated this morning: SNIP -- Checking for a new database - started at Thu Jan 8 06:29:39 2004 viruses.db is up to date. Database updated (containing in total 19799 signatures). Database updated from clamav.elektrapro.com. -- SNIP Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
Sorry my bad it really was a qmail-scanner problem. After that big update to the virus database the scanner supposedly pooped and needed more memory so what i did is update the setting from 20 megs to 40 megs in the softlimit seems to fine now. Sorry for that panic On Thu, 2004-01-08 at 15:07, Tomasz Papszun wrote: On Thu, 08 Jan 2004 at 19:25:36 +, Antony Stone wrote: Clamscan's working fine for me here (Linux 2.4.23, ClamAV 0.60, with the big database update just released, therefore 27645 signatures). 27645? How come? The database at the moment contains 19799 signatures. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- David Peters Network Admin [EMAIL PROTECTED] :: NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. :: ohibited. :: --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
On Thu, 08 Jan 2004 at 21:45:47 +0100, Tomasz Kojm wrote: On 08 Jan 2004 14:40:42 -0500 mantor [EMAIL PROTECTED] wrote: also i know this might not be clamav problem but was searching through the logs and found this and thats when it started Jan 7 21:08:07 filter2 X-Qmail-Scanner-1.20: [filter2107352768646113762] clamscan: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 I'm now citing my own mail (from yesterday): That's why you should observe your systems and expecially Qmail-Scanner users should increase their softlimit. And because we care about users of ClamAV and because we are so foreseeing :-) , we didn't release the huge update in the start of the weekend but we were sitting till very late night (rather: early morning) so that to release it in the middle of the week, so that users had a chance to adjust their systems :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
that caught me off guard didn't know what was happening till i really thought bout it well thanks for the update btw great virus scanner and thanks for your time :) On Thu, 2004-01-08 at 16:32, Tomasz Papszun wrote: On Thu, 08 Jan 2004 at 21:45:47 +0100, Tomasz Kojm wrote: On 08 Jan 2004 14:40:42 -0500 mantor [EMAIL PROTECTED] wrote: also i know this might not be clamav problem but was searching through the logs and found this and thats when it started Jan 7 21:08:07 filter2 X-Qmail-Scanner-1.20: [filter2107352768646113762] clamscan: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 I'm now citing my own mail (from yesterday): That's why you should observe your systems and expecially Qmail-Scanner users should increase their softlimit. And because we care about users of ClamAV and because we are so foreseeing :-) , we didn't release the huge update in the start of the weekend but we were sitting till very late night (rather: early morning) so that to release it in the middle of the week, so that users had a chance to adjust their systems :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- David Peters Network Admin [EMAIL PROTECTED] :: NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. :: ohibited. :: --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] database not being updated
Assuming you use recent clamav version (preferable devel), compile clamav with default settings for clamav user, and your database directory is /usr/local/share/clamav, try chown -R clamav /usr/local/share/clamav Newer versions of freshclam will automatically switch to clamav user, or the user specified in freshclam.conf even if you run is at root. Fajar Nugraha Payal Rathod wrote: Hi, On one machine where I had forgotten to update the database for 2 months, I am getting and error, # freshclam Current working dir is /usr/local/share/clamav Checking for a new database - started at Fri Jan 9 08:30:45 2004 Connected to clamav.elektrapro.com. Reading md5 sum (viruses.md5): OK Reading md5 sum (viruses2.md5): OK ERROR: Can't open new file ./36eb2f105cde6e69 to write open: Permission denied ERROR: Can't download viruses.db from clamav.elektrapro.com Checking for a new database - started at Fri Jan 9 08:30:46 2004 Connected to clamav.ozforces.com. Reading md5 sum (viruses.md5): OK Reading md5 sum (viruses2.md5): OK ERROR: Can't open new file ./57663653efc556b7 to write open: Permission denied ERROR: Can't download viruses.db from clamav.ozforces.com Checking for a new database - started at Fri Jan 9 08:30:47 2004 Connected to clamav.essentkabel.com. Reading md5 sum (viruses.md5): ... What is the cause and solution of this? With warm regards, -Payal --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users