Re: [Clamav-users] eicar test

2004-02-05 Thread Troy Monaghen 
On Thu, 2004-02-05 at 20:30, Edmund wrote:
> Hi,
> 
> Recently I read somewhere(this list?) about
> a website that can send eicar tests in different
> formats to an email address.  www.testvirus.org.
> 
> I did all 22 tests (16-22 were Outlook vulnerabilities
> which I also have an interest in filtering, but it's
> quite OT here) and out of the 15 eicar tests,
> 5 failed.

I just ran all the tests against ClamAV version devel-20040205 and
clamav-milter version 0.66k.  All 15 of the Eicar tests were caught by
Clamav!  It also caught #16 which also includes the Eicar test virus. 
The only test that includes a test virus (Eicar) that it did not catch
was #17... and as for as I can tell after a brief look that one does not
really have the Eicar test but exploits an Outlook bug to cause it to
incorrectly interpret the data as the Eicar virus.

Try upgrading to the 20040205 development version.

Troy





---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] MD5 error

2004-02-05 Thread Thomas Kinghorn 
Hi List.


My platform is RH8, using clamav0.65

This morning I got the log message below:


ERROR: Verification: MD5 verification error.

This is the first time this has happened.
Are there any issues with the database this morning?

Thanks in advance.

Regards, 
Tom Kinghorn




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] eicar test

2004-02-05 Thread russ 
On Thu, 2004-02-05 at 21:30, Edmund wrote:

> 
> Test #11: Eicar virus within a ZIP file
> Test #13: Eicar virus sent in a Microsoft TNEF file (winmail.dat)

Have you edited the clamav.conf file to scan zip files? You also need to
install the tnef package for tnef capabilities.

HTH
-- 
Russel Oliver
[EMAIL PROTECTED]



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] eicar test

2004-02-05 Thread Edmund 
Hi,

Recently I read somewhere(this list?) about
a website that can send eicar tests in different
formats to an email address.  www.testvirus.org.
I did all 22 tests (16-22 were Outlook vulnerabilities
which I also have an interest in filtering, but it's
quite OT here) and out of the 15 eicar tests,
5 failed.
The 3 that failed were:

Test #11: Eicar virus within a ZIP file
Test #13: Eicar virus sent in a Microsoft TNEF file (winmail.dat)
Test #15: Eicar string in HTML, to ensure that your mail server scans 
HTML segments

I think #15 should be a filter job and not clamscan?  But I
don't understand why #11 and #13 failed (ESPECIALLY #11).
I'm using MIMEDefang 2.39 w/ ClamAV 0.65 and latest databases.

Any help appreciated.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Can't seem to get clamav-milter to scan mail

2004-02-05 Thread Michael St. Laurent 
Nigel Horne  wrote:
>> Unfortunately, I am *not* having good luck.  None of the emails are
>> actually being scanned by clamav.
> 
> If you do a ps is clamav-milter running?

Yes.  ps -elf | grep clamav-milter returns:

1 S clamav1857 1  0  75   0-  2479 schedu 13:40 ?
00:00:00 clamav-milter --max-children=10 -lo -q
local:/var/run/clamav/clamav-milter.sock

A ps -elf | grep clamd returns:

1 S clamav1842 1  0  78   0-  7360 schedu 13:40 ?
00:00:00 /usr/sbin/clamd

> Any clues in /var/log/maillog and /var/log/messages?

All I'm getting are startup or shutdown messages in /var/log/messages, for
instance:

Feb  5 12:21:18 guardian clamd: clamd shutdown succeeded
Feb  5 13:07:56 guardian clamd: clamd startup succeeded
..
Feb  5 13:08:05 guardian clamav-milter: clamav-milter startup succeeded

I can find nothing at all that is related to clamav-milter or clamd in the
maillog file.

> Is clamd running?

Yes.

> When you say they're not being scanned, how do you know? What are you
> looking for and not finding? Do the /sbin/service lines say OK?

I'm not seeing the X-Virus-Scanned header, the EICAR test signature gets
through, nothing is getting logged to the /var/log/clamav/* files, etc.
Other than in the process list I can find no sign anywhere that
clamav-milter is alive and actually scanning emails.

About the /sbin/service question... are you asking if I've started the
services running?  Yes, absolutely.  I mentioned it it the original post.
If that's not your question then I'm afraid I don't understand you.

> Have you correctly set up clamav.conf? You haven't mentioned so.

H... correctly... I'm not sure if I've set it up correctly.  I'm using
the default file included in the RPM, which looked fine to me.  It seemed to
use all the settings required for mail scanning, but I could be wrong.  It's
a bit long but here is the file:

##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
##


# Comment or remove the line below.
# Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
#LogFile /tmp/clamd.log
LogFile /var/log/clamav/clamav.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
#LogFileMaxSize 2M
LogFileMaxSize 0

# Log time with an each message.
#LogTime
LogTime

# Log also clean files. May be useful in debugging but will drastically
# increase the log size.
#LogClean

# Use system logger (can work together with LogFile).
#LogSyslog

# Enable verbose logging.
#LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
#PidFile /var/run/clamd.pid
PidFile /var/run/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default is system specific - usually /var/tmp or /tmp.
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# but it depends on installation options).
#DatabaseDirectory /var/lib/clamav
DatabaseDirectory /var/lib/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a
directory
# which is only accessible for a user running daemon.
# LocalSocket /tmp/clamd
LocalSocket /var/run/clamav/clamd.sock

# Remove stale socket after unclean shutdown.
#FixStaleSocket
FixStaleSocket

# TCP port address.
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to disk
before
# scanning - this allows scanning within archives.
#StreamSaveToDisk
StreamSaveToDisk

# Close the connection if this limit is exceeded.
#StreamMaxLength 10M

# Use processes instead of threads (thread directives apply to processes
too)
#UseProcesses

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10
MaxThreads 100

RE: [Clamav-users] Error when running make for version 0.66k

2004-02-05 Thread Christopher Lindley 








Operating system is Redhat ES 3.0  

Parameters given to configure were --enable-milter

 

I did not “make distclean” 
I extracted the latest stable clamav tar and replaced the files in the clamav-milter
directory with the new versions found at  http://cvs.sourceforge.net/viewcvs.py/clamav/clamav-devel/clamav-milter/
then I ran “configure --enable-milter” and ran “make”
as if it was a new install and clamav-milter did not compile and kicked out the
error below.

 

I did read old posts about modifying the
code in the makefile.  I tried that too…no luck

 

Sorry about the HTML language.  It’s
fixed now.

 

Chris

 

-Original Message-

From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nigel Horne

Sent: Thursday, February 05, 2004 5:53 PM

To: [EMAIL PROTECTED]

Subject: Re: [Clamav-users] Error when
running make for version 0.66k

 

On Thursday 05 Feb 2004 8:48 pm, Christopher Lindley wrote:

> I am trying to upgrade to clamav-milter
0.66k  when I run "make" I get

> the following errors:

 

> /home/clindley/clamav-0.65/clamav-milter/clamav-milter.c:877:
undefined

> reference to `cli_strtok'

>

> clamav-milter.o(.text+0x79f):/home/clindley/clamav-0.65/clamav-milter/cl

> amav-milter.c:894: undefined reference
to `cli_strtok'

 

What operating system?

What parameters did you give to
"configure"?

You say 'upgrade', did you 'make distclean;
configure' first?

 

> Chris

 

-Nigel

 

-- 

Nigel Horne. Arranger, Composer,
Typesetter.

NJH Music, Barnsley, UK.  ICQ#20252325

[EMAIL PROTECTED] http://www.bandsman.co.uk

 

 

 

---

The SF.Net email is sponsored by EclipseCon
2004

Premiere Conference on Open Tools
Development and Integration

See the breadth of Eclipse activity. February
3-5 in Anaheim, CA.

http://www.eclipsecon.org/osdn

Re: [Clamav-users] Accessing the virus-db via php or perl

2004-02-05 Thread Tomasz Papszun 
On Fri, 06 Feb 2004 at  0:05:50 +0100, Luc de Louw wrote:
> Tomasz Kojm wrote:
> >
> >The simplest way to get the virus list is to execute sigtool -l (CVS
> >version required).
> 
> I "cvs co" the latest CVS version compilation was fine, and I tried:
> 
> bond:/usr/local/clamav-devel # sigtool -l /usr/local/share/clamav/main.cvd
> bond:/usr/local/clamav-devel #
> 
> L'il empty output
> 
> I  also tried to provide no file and the main file with the same result :-(
> 

Let me guess: main.cvd doesn't exist or has 0 in size? :-)

One _must_ execute freshclam after compilation!

One more tip for the future: make sure what is the correct syntax of
this option. I don't know about the newest CVS version, but yet 2 days
ago a space between -l and the path wasn't permitted:

--list-sigs[=FILE] -l[FILE]List signature names
^^
-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Ryan 
Michael St. Laurent wrote to '[EMAIL PROTECTED]':

> Ryan <mailto:[EMAIL PROTECTED]> wrote:
> > OK. I tested and am now running the following:
> >
> > ttyp0 [EMAIL PROTECTED]:/etc/mail #> clamav-milter --version
> > ClamAV version devel-20040205, clamav-milter version 0.66k
> >
> > It seems to, thus far, be working perfectly... bouncing about a dozen
> > SCO worms every minute for the last hour or so without breaking a
> > sweat. Previously, it would have ground to a halt by now. Needless to
> > say, we'll still be monitoring it closely. ;-)
>
> H... OK, maybe it's time I tried it again.
>
> OK, it seems to be behaving itself so far.  I'll report later after it's
> been running for a while.

I haven't had so much luck. It ran fine for a few hours... and then,
without any error messages, sendmail now times out before responding to
MAIL FROM:, or eventually (10-15 seconds) replies with 471 Try again
later, and drops the connection. After disabling the milter, sendmail
accepts mail again. clamd is running, clamav-milter is running, load
averages are low (~1.00), and the system is otherwise responsive.
clamscan and clamdscan from the command line both work fine.  Neither
/var/log/messages nor clamd.log indicate that anything might be wrong.

However, the system *does* now seem to need swap when the load
increases, which could be causing some thrashing, or maybe even
deadlock...  I'm going to try quadrupling the physical RAM in this
server and tweak a few settings (namely --max-children) to see if it
helps. It'd sure be nice if it failed a little more gracefully, though.

I'll post again with my success/failure.

Thank ${diety} for redundant MXs. :-)

- Ryan

-- 
  Ryan Thompson <[EMAIL PROTECTED]>

  SaskNow Technologies - http://www.sasknow.com
  901-1st Avenue North - Saskatoon, SK - S7K 1Y4

Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
  Toll-Free: 877-727-5669 (877-SASKNOW) North America




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Can't seem to get clamav-milter to scan mail

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 10:31 pm, Michael St. Laurent wrote:

> Unfortunately, I am *not* having good luck.  None of the emails are
> actually being scanned by clamav.

If you do a ps is clamav-milter running?
Any clues in /var/log/maillog and /var/log/messages?
Is clamd running?
When you say they're not being scanned, how do you know? What are you looking for and 
not finding?
Do the /sbin/service lines say OK?
Have you correctly set up clamav.conf? You haven't mentioned so.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Accessing the virus-db via php or perl

2004-02-05 Thread Luc de Louw 
Tomasz Kojm wrote:
On Thu, 05 Feb 2004 22:43:41 +0100
Luc de Louw <[EMAIL PROTECTED]> wrote:

What I need to know is: What format has the database? bdb? gnudb? 
somthing else?


The simplest way to get the virus list is to execute sigtool -l (CVS
version required).
I "cvs co" the latest CVS version compilation was fine, and I tried:

bond:/usr/local/clamav-devel # sigtool -l /usr/local/share/clamav/main.cvd
bond:/usr/local/clamav-devel #
L'il empty output

I  also tried to provide no file and the main file with the same result :-(

rgds

Luc



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Error when running make for version 0.66k

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 8:48 pm, Christopher Lindley wrote:
> I am trying to upgrade to clamav-milter 0.66k  when I run "make" I get
> the following errors:

> /home/clindley/clamav-0.65/clamav-milter/clamav-milter.c:877: undefined
> reference to `cli_strtok'
>
> clamav-milter.o(.text+0x79f):/home/clindley/clamav-0.65/clamav-milter/cl
> amav-milter.c:894: undefined reference to `cli_strtok'

What operating system?
What parameters did you give to "configure"?
You say 'upgrade', did you 'make distclean; configure' first?

> Chris

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter (notifications setup)

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 8:12 pm, Sergey wrote:

> I need to disable user notification then virus detected... I See key in
> man, but it's not work. :-(
>
> # ps ax|grep clamav-mi
> 22331 ?SN 0:00 clamav-milter -obl local:/var/run/clmilter.sock
> -p [EMAIL PROTECTED] --postmaster-only

Try setting the options *before* the socket name, thus:
clamav-milter -obl [EMAIL PROTECTED] --postmaster-only 
local:/var/run/clmilter.sock

I'm not *sure* that'll do what you want, but it is worth trying.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Accessing the virus-db via php or perl

2004-02-05 Thread Tomasz Kojm 
On Thu, 05 Feb 2004 22:43:41 +0100
Luc de Louw <[EMAIL PROTECTED]> wrote:

> What I need to know is: What format has the database? bdb? gnudb? 
> somthing else?

The simplest way to get the virus list is to execute sigtool -l (CVS
version required).

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED] www.ClamAV.net
 (\/)\. http://www.clamav.net/gpg/tkojm.gpg
\..._   0DCA5A08407D5288279DB43454822DC8985A444B
  //\   /\  Thu Feb  5 23:23:50 CET 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Can't seem to get clamav-milter to scan mail

2004-02-05 Thread Michael St. Laurent 
I've installed the:

https://www.olen.net/downloads/clamav-20040204-1.i386.rpm
https://www.olen.net/downloads/clamav-milter-20040204-1.i386.rpm

packages and followed the directions at:

/usr/share/doc/clamav-milter-20040204/RPM-clamav-milter.txt

These instructions are:


clamav-milter rpm package for Fedora Core 1
===

1) Install clamav and clamav-milter rpm packages

2) Add services to apropriate levels:

/sbin/chkconfig --level 2345 clamd on
/sbin/chkconfig --level 2345 freshclam on
/sbin/chkconfig --level 2345 clamav-milter on

3) Edit /etc/sysconfig/freshclam config and start freshclam to update DB:

/sbin/service freshclam start

4) Start clamd daemon and clamav-milter:

/sbin/service clamd start
/sbin/service clamav-milter start

5) Add next line to /etc/mail/sendmail.mc:

INPUT_MAIL_FILTER(`clamav-milter',
`S=local:/var/run/clamav/clamav-milter.sock,
F=,T=S:4m;R:4m;E:10m')

6) Restart sendmail:
/sbin/service sendmail restart

7) Good Luck!


Unfortunately, I am *not* having good luck.  None of the emails are actually
being scanned by clamav.

Does anyone have an idea what might be going wrong?

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Troy Monaghen 

On Thu, 2004-02-05 at 15:30, Michael St. Laurent wrote:
> Ryan  wrote:

> I would like to test by sending myself the test signature.  Could someone
> let me know the best way to do that?


Send yourself one of the EICAR test files from:

http://www.eicar.org/anti_virus_test_file.htm


Troy




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Tomasz Kojm 
On Thu, 05 Feb 2004 19:38:26 +0100
Gianmarco Giovannelli <[EMAIL PROTECTED]> wrote:

> Thu Feb  5 11:34:54 2004 -> Accepted connection on port 57892, fd 35
> Thu Feb  5 11:35:27 2004 -> Accepted connection on port 9254, fd 35
> Thu Feb  5 11:41:32 2004 -> Session 1 stopped due to timeout.
> Thu Feb  5 11:42:13 2004 -> Session 2 stopped due to timeout.

We are now testing a new implementation of the thread manager in clamd
that should fix the "timeout" problem. Your patience will be
appreciated.

Best regards,
Tomasz Kojm
-- 
  oo.   [EMAIL PROTECTED] www.ClamAV.net
 (\/)\. http://www.clamav.net/gpg/tkojm.gpg
\..._   0DCA5A08407D5288279DB43454822DC8985A444B
  //\   /\  Thu Feb  5 22:36:13 CET 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Accessing the virus-db via php or perl

2004-02-05 Thread Luc de Louw 
Hi all,

I want to set up a website were people can check if a particular virus 
is allready in the database.

I know, there is the r/o mailinglist on sourceforge, but most of my 
customers do not speak english.

I most propably will set up a multi-language website for checking that.

What I need to know is: What format has the database? bdb? gnudb? 
somthing else?

thanks a lot for your answers.

rgds

Luc



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Michael St. Laurent 
Ryan <mailto:[EMAIL PROTECTED]> wrote:
> OK. I tested and am now running the following:
> 
> ttyp0 [EMAIL PROTECTED]:/etc/mail #> clamav-milter --version
> ClamAV version devel-20040205, clamav-milter version 0.66k
> 
> It seems to, thus far, be working perfectly... bouncing about a dozen
> SCO worms every minute for the last hour or so without breaking a
> sweat. Previously, it would have ground to a halt by now. Needless to
> say, we'll still be monitoring it closely. ;-)

H... OK, maybe it's time I tried it again.

OK, it seems to be behaving itself so far.  I'll report later after it's
been running for a while.

One question, I'm not seeing the X-Virus-Scanned header in the messages and
a "ps -elf | grep clamav-milter" does not seem to indicate that it's running
with the -n option.  Shouldn't I be seeing that header if it is indeed
working?

I would like to test by sending myself the test signature.  Could someone
let me know the best way to do that?

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Error when running make for version 0.66k

2004-02-05 Thread Christopher Lindley 








 

I am trying to upgrade to clamav-milter 0.66k 
when I run “make” I get the following errors:

 

/home/clindley/clamav-0.65/clamav-milter/clamav-milter.c:877:
undefined reference to `cli_strtok'

clamav-milter.o(.text+0x79f):/home/clindley/clamav-0.65/clamav-milter/clamav-milter.c:894:
undefined reference to `cli_strtok'

 

Here is the full output:

 

[EMAIL PROTECTED] clamav-milter]# make

/bin/sh ../libtool --mode=link gcc  -g
-O2   -o clamav-milter  clamav-milter.o ../clamd/cfgfile.o ../clamd/others.o
../clamscan/getopt.o -L../libclamav -lclamav -L/usr/lib/libmilter -lmilter -lpthread

gcc -g -O2 -o .libs/clamav-milter clamav-milter.o
../clamd/cfgfile.o ../clamd/others.o ../clamscan/getopt.o 
-L/home/clindley/clamav-0.65/libclamav
/home/clindley/clamav-0.65/libclamav/.libs/libclamav.so -lz -lbz2 -lgmp -L/usr/lib/libmilter
-lmilter -lpthread -Wl,--rpath -Wl,/usr/local/lib

clamav-milter.o(.text+0x739): In function
`main':

/home/clindley/clamav-0.65/clamav-milter/clamav-milter.c:877:
undefined reference to `cli_strtok'

clamav-milter.o(.text+0x79f):/home/clindley/clamav-0.65/clamav-milter/clamav-milter.c:894:
undefined reference to `cli_strtok'

collect2: ld returned 1 exit status

make: *** [clamav-milter] Error 1

 

I have sendmail-devel 8.12.8-9.90
installed.  Is there something else I need to do?

 

Thanks in advance for your help

 

 

Chris

[Clamav-users] clamav-milter (notifications setup)

2004-02-05 Thread Sergey 
Hello.

I need to disable user notification then virus detected... I See key in man, but it's 
not work. :-(

# ps ax|grep clamav-mi
22331 ?SN 0:00 clamav-milter -obl local:/var/run/clmilter.sock -p [EMAIL 
PROTECTED] --postmaster-only

but it's send not only postmaster :-( :
Feb  5 23:46:39 host clamav-milter[24411]: clamfi_envfrom: <[EMAIL PROTECTED]>
Feb  5 23:46:39 host clamav-milter[24411]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Feb  5 23:46:39 host clamav-milter[24411]: clamfi_envrcpt: <[EMAIL PROTECTED]>

I use curient snapshot (clamav-devel-20040205)

Where I wrong ?

-- 
Regards,
Sergey



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Ryan 
Ryan wrote to Nigel Horne:

> > This is very old, but it is true that it is the most up to date
> > release version.  The new version of clamAV, 0.66, will include many
> > bug fixes, including one for this.  I suggest either waiting for it
> > or, if you need the bug fix now, downloading a pre-release snapshot
> > from CVS.
>
> Well, sure.. I'll jump on that this afternoon. It couldn't be less
> stable than what I'm using now. :-)

OK. I tested and am now running the following:

ttyp0 [EMAIL PROTECTED]:/etc/mail #> clamav-milter --version
ClamAV version devel-20040205, clamav-milter version 0.66k

It seems to, thus far, be working perfectly... bouncing about a dozen
SCO worms every minute for the last hour or so without breaking a sweat.
Previously, it would have ground to a halt by now. Needless to say,
we'll still be monitoring it closely. ;-)

- Ryan

-- 
  Ryan Thompson <[EMAIL PROTECTED]>

  SaskNow Technologies - http://www.sasknow.com
  901-1st Avenue North - Saskatoon, SK - S7K 1Y4

Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
  Toll-Free: 877-727-5669 (877-SASKNOW) North America






---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Gianmarco Giovannelli 
At 05/02/2004, you wrote:
Hi,

I've made the odd bit of noise about this on the list before, but I'm
repeating myself because this particular problem is inordinately painful
for me...
Running Clamav and clamav-milter (now the 20040204 snapshot, but this is
an ongoing issue) with sendmail 8.12.10, and I get regular problems with
ClamAV spawning huge numbers of child processes, and generally falling over.
I have the same problem with a box with clamav (66k, cvs 20040204) and 
clamav milter,
FreeBSD 4.9-STABLE ,  sendmail 8.12.10

The box is:
CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz (2399.59-MHz 686-class CPU)
[...]
real memory  = 1073676288 (1048512K bytes)
avail memory = 1042358272 (1017928K bytes)
When the mail server stop working I have a lot of clamav-milter process 
hunged and the sendmail is unable to deliver.
The last logs are:

---> clamav.log <---
[...]
Thu Feb  5 11:34:54 2004 -> Accepted connection on port 57892, fd 35
Thu Feb  5 11:35:27 2004 -> Accepted connection on port 9254, fd 35
Thu Feb  5 11:41:32 2004 -> Session 1 stopped due to timeout.
Thu Feb  5 11:42:13 2004 -> Session 2 stopped due to timeout.
Thu Feb  5 12:23:37 2004 -> SelfCheck: Database status OK.
Thu Feb  5 12:23:37 2004 -> SelfCheck: Integrity OK
Thu Feb  5 12:47:48 2004 -> Signal 15 caught -> exiting.
Thu Feb  5 12:47:48 2004 -> Shutting down the main socket.
Thu Feb  5 12:47:48 2004 -> Closing the main socket.
Thu Feb  5 12:47:48 2004 -> Socket file removed.
Thu Feb  5 12:47:48 2004 -> Pid file removed.
Thu Feb  5 12:47:48 2004 -> Freeing stat structure.
Thu Feb  5 12:47:48 2004 -> Exit level 2, ThreadWatcher termination.
Thu Feb  5 12:47:48 2004 -> --- Stopped at Thu Feb  5 12:47:48 2004
---> end <---
I have stopped clamav-milter by iussue a killall -9 clamav-milter.

--> messages <---
> [...]
> pid 71506 (clamav-milter), uid 999: exited on signal 11
> pid 71514 (clamav-milter), uid 999: exited on signal 11
> pid 71519 (clamav-milter), uid 999: exited on signal 11
> pid 71524 (clamav-milter), uid 999: exited on signal 11
> pid 71531 (clamav-milter), uid 999: exited on signal 11
> pid 71534 (clamav-milter), uid 999: exited on signal 11
> pid 71546 (clamav-milter), uid 999: exited on signal 11
> pid 71557 (clamav-milter), uid 999: exited on signal 11
> pid 71567 (clamav-milter), uid 999: exited on signal 11
> pid 71571 (clamav-milter), uid 999: exited on signal 11
> pid 71579 (clamav-milter), uid 999: exited on signal 11
> pid 71581 (clamav-milter), uid 999: exited on signal 11
> pid 71591 (clamav-milter), uid 999: exited on signal 11
> pid 71602 (clamav-milter), uid 999: exited on signal 11
> pid 71603 (clamav-milter), uid 999: exited on signal 11
> pid 71675 (clamav-milter), uid 999: exited on signal 11
> pid 71691 (clamav-milter), uid 999: exited on signal 11
> pid 71701 (clamav-milter), uid 999: exited on signal 11
> pid 71709 (clamav-milter), uid 999: exited on signal 11
> pid 71721 (clamav-milter), uid 999: exited on signal 11
> pid 71742 (clamav-milter), uid 999: exited on signal 11
> pid 71756 (clamav-milter), uid 999: exited on signal 11
> pid 71783 (clamav-milter), uid 999: exited on signal 11
> pid 71790 (clamav-milter), uid 999: exited on signal 11
> pid 71802 (clamav-milter), uid 999: exited on signal 11
> pid 71810 (clamav-milter), uid 999: exited on signal 11
> pid 71831 (clamav-milter), uid 999: exited on signal 11
> pid 71842 (clamav-milter), uid 999: exited on signal 11
> pid 71846 (clamav-milter), uid 999: exited on signal 11
> pid 71882 (clamav-milter), uid 999: exited on signal 11
> pid 71887 (clamav-milter), uid 999: exited on signal 11
> pid 71892 (clamav-milter), uid 999: exited on signal 11
> pid 71905 (clamav-milter), uid 999: exited on signal 11
[...]
My configs :

---> clamav.conf <---
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamav/clamd.pid
DataDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket
MaxConnectionQueueLength 30
StreamSaveToDisk
StreamMaxLength 30M
MaxThreads 10
ThreadTimeout 500
MaxDirectoryRecursion 15
SelfCheck 3600
VirusEvent /usr/local/sbin/clamav-report.sh %f %v >> /var/log/clamav/report.log
User clamav
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
DatabaseMirror database.clamav.net
---> end <--
Perhaps I should increase the MaxThreads=10 to something more (20, 50 ...) ?

cvs-src is built on a FreeBSD 4.9-STABLE with :
./configure --enable-milter
--sysconfdir=/usr/local/etc
--prefix=/usr/local
--with-dbdir=/usr/local/share/clamav
--disable-clamav
Thanks...



Best Regards,
Gianmarco Giovannelli ,  "Unix expert since yesterday"
http://www.gufi.org/~gmarco


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anah

RE: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Michael St. Laurent 
Mike Brodbelt <mailto:[EMAIL PROTECTED]> wrote:
> Hi,
> 
> I've made the odd bit of noise about this on the list before, but I'm
> repeating myself because this particular problem is inordinately
> painful for me...

Me too.

> Running Clamav and clamav-milter (now the 20040204 snapshot, but this
> is 
> an ongoing issue) with sendmail 8.12.10, and I get regular problems
> with ClamAV spawning huge numbers of child processes, and generally
> falling over. 
> 
> To gove an example, I upgraded to the CVS snapshot this morning, with
> clamav-milter 0.66k, and started the daemon at about 11:30:-

So it's *still* doing this eh?

> Feb  5 11:34:42 castor clamav-milter[790]: ClamAV version 'clamd /
> ClamAV version devel-20040205', clamav-milter version '0
> .66k'
> 
> The first problems showed up just over an hour later:-
> 
> Feb  5 12:39:54 castor clamav-milter[10759]: hit max-children limit (5
>> = 5): waiting for some to exit
> Feb  5 12:40:28 castor clamav-milter[11254]: hit max-children limit (5
>> = 5): waiting for some to exit
> Feb  5 12:40:54 castor clamav-milter[10759]: ClamAv: private data not
> NULL Feb  5 12:41:28 castor clamav-milter[11254]: ClamAv: private
> data not NULL 
> 
> This carries on until I notice, and restart it. In an hour, it had got
> to this:-
> 
> Feb  5 13:23:42 castor clamav-milter[16550]: ClamAv: private data not
> NULL Feb  5 13:23:43 castor clamav-milter[16567]: hit max-children
> limit (136 
>> = 5): waiting for some to exit
> Feb  5 13:23:46 castor clamav-milter[16572]: hit max-children limit
> (136 
>> = 5): waiting for some to exit
> 
> The number of processes grows beyond the max-children limit, though at
> least some of them die, as the actual process count doesn't keep pace
> with the logged number.

Yep.

> While it's in this state, messages aren't virus checked, as sendmail
> just waits for the milter to time-out, and then gives up on it. I've
> had these problems since I installed ClamAv, about 4 1/2 months ago.
> They 
> used to result in it going belly up every 2-3 days, but they seem to
> have got worse - I now rarely get more than a couple of hours "life"
> out 
> of it.
> 
> I'm happy to provide any more information if it would help, but I'm
> seriously considering uninstalling it at this stage - it's only
> working about half the time because of this, and it causes mail slow
> downs the 
> rest of the time, while sendmail waits for the timeouts. Surely I
> can't 
> be the only person experiencing this - I'm not running anything that
> weird and wonderful?

No, you're not the only person seeing this behaviour.  I ran into the same
problem a while back and had to give up on Clamav.  I decided not to revisit
the program until I had a good reason to believe that the problem was really
fixed this time as I had heard several times from the list that it had been
corrected but each time found that it was not.  I blew about 60 hours trying
to get it to work and my supervisor was getting really pissed at how much
time I was using up.

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 4:15 pm, Mike Brodbelt wrote:

> > Have you set userprocesses in clamav.conf?
>
> No. First I've heard of it - what does it do?

Not work.

> Mike.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Ryan 
Nigel Horne wrote to [EMAIL PROTECTED]:

> On Thursday 05 Feb 2004 3:38 pm, you wrote:
>
> > ttyp1 [EMAIL PROTECTED]:/staff/ryan $> clamav-milter --version ClamAV
> > version 0.65, clamav-milter version 0.60p
>
> This is very old, but it is true that it is the most up to date
> release version.  The new version of clamAV, 0.66, will include many
> bug fixes, including one for this.  I suggest either waiting for it
> or, if you need the bug fix now, downloading a pre-release snapshot
> from CVS.

Well, sure.. I'll jump on that this afternoon. It couldn't be less
stable than what I'm using now. :-)

Thanks Nigel.

- Ryan

-- 
  Ryan Thompson <[EMAIL PROTECTED]>

  SaskNow Technologies - http://www.sasknow.com
  901-1st Avenue North - Saskatoon, SK - S7K 1Y4

Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
  Toll-Free: 877-727-5669 (877-SASKNOW) North America



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 4:15 pm, Mike Brodbelt wrote:

> No - clamdscan still works, or did last time I tested it. 

What operating system?
What arguments are you giving to clamav-milter?
Are you using UNIX or TCP sockets to talk to clamd?

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: ClamAV process seems to be taking forever

2004-02-05 Thread Chris Barnes 
Ing. Germán González B. <[EMAIL PROTECTED]> wrote:
> In RH
> /etc/sysconfig/clamav-milter

Gracias.


--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes AOL IM: CNBarnes
[EMAIL PROTECTED]  Yahoo IM: chrisnbarnes
Computer Systems Manager ph: 979-845-7801
Department of Physics   fax: 979-845-2590
Texas A&M University





---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Logrotate won't restart clamd

2004-02-05 Thread Frank Richter 
Hi,
I have the same problem (0.65 and devel).
It seems the signal handling isn't sufficient.

In clamd/server.c sighup is set, but it seems it's never really 
used to re-open the logfile.

case SIGHUP:
sighup = 1;

- Frank
-- 
Email: [EMAIL PROTECTED]  http://www.tu-chemnitz.de/~fri/
Work:  Computing Services,  Chemnitz University of Technology,  Germany


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Mike Brodbelt 
Nigel Horne wrote:
> On Thursday 05 Feb 2004 2:03 pm, Mike Brodbelt wrote:
> 
> 
>>I've made the odd bit of noise about this on the list before, but I'm
>>repeating myself because this particular problem is inordinately painful
>>for me...
> 
> 
> Two other questions - has clamd died?

No - clamdscan still works, or did last time I tested it. I haven't
tested it with the new version, but I'll do that next time. However,
clamav-milter does start having problems communicating with it. I'm
getting messages like this:-

Feb  5 15:34:55 castor clamav-milter[2829]: No data received from clamd
in 180 seconds
Feb  5 15:34:55 castor clamav-milter[2826]: Expected port information
from clamd, got ''

These appear new - I don't remember them happening with the previous
version I was using, which was a CVS snapshot from early December.

> Have you set userprocesses in clamav.conf?

No. First I've heard of it - what does it do?

Mike.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: downgraded to 0.60 - 0.65 didnt work for me at all sind last days

2004-02-05 Thread mario kammerer 
Am Thu, 05 Feb 2004 21:36:02 +0700 hat Fajar A. Nugraha  
<[EMAIL PROTECTED]> geschrieben:

mario kammerer wrote:

_hi_  all!

i have to say that i had to go back to version 0.60. 0.65 didnt work @  
all for me last days since the new worm is out.
high processor, everytime messages from clam concerning low memory,
socket error, cant save pid and so on and so on. couldnt solve any
problem i had with 0.65.
Too bad. I really think the latest devels (not 0.65. Latest devel) is  
much better.
What OS are you using? Have you tried precompiled packages? Lots of  
precompiled versions available on  
http://www.clamav.net/binary.html#pagestart
i tried 0.65 and the latest devel (clamav-devel-20040204) - both have the
same errors on my system. im running suse 8.2 - kernel 2.4.20-4GB-athlon -  
the
standard one. never had troubles - even with 0.65 but since the new  
worm is
out, my system gets crazy concerning the clamav installation.

nope - i dont like pre-compiled stuff - my complete server is compiled by  
hand, so mostly
the pathes will not fit. on compiling clamav i didnt get any error -  
everything compiles
very,very fine.

i got a athlon 1000
free -t reports
total 773964 - free 22000 - cached 363232 /seems more then enough to work/
As long as you're happy. You have to upgrade eventually though. Support  
for viruses.db* could be discontinued in the future.

thants the only thing which will me make unhappy! hope newer devels in the  
future
will work prob on my system.

hmm, is it necessary to run the clamav-0.65 with tcpserver? maybe there is  
the problem

best regards,
mario


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 3:38 pm, you wrote:

> ttyp1 [EMAIL PROTECTED]:/staff/ryan $> clamav-milter --version
> ClamAV version 0.65, clamav-milter version 0.60p

This is very old, but it is true that it is the most up to date release version.
The new version of clamAV, 0.66, will include many bug fixes, including one for this.
I suggest either waiting for it or, if you need the bug fix now, downloading a 
pre-release snapshot from CVS.

> - Ryan

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Ryan 
Nigel Horne wrote to [EMAIL PROTECTED]:

> On Thursday 05 Feb 2004 1:00 am, Ryan wrote:
> > Hi again,
> >
> > Please see my original post for background information:
> > http://www.mail-archive.com/[EMAIL PROTECTED]/msg04704.htm
>
> I couldn't see the version of clamav-milter in either this post or the
> background information one. Please do "clamav-milter --version".

Oops. :-)

ttyp1 [EMAIL PROTECTED]:/staff/ryan $> clamav-milter --version
ClamAV version 0.65, clamav-milter version 0.60p

This is all from the FreeBSD port security/clamav, from the
clamav-0.65.tar.gz distfile.

This sounds quite similar to the thread started by Mike Brodbelt
(runaway clamav-milter processes). I've since had to turn the milter off
completely (and let all of the virii through) because that's better than
having our primary MX crash every hour or two. I really hope we can
figure this out!

Thanks,
- Ryan

-- 
  Ryan Thompson <[EMAIL PROTECTED]>

  SaskNow Technologies - http://www.sasknow.com
  901-1st Avenue North - Saskatoon, SK - S7K 1Y4

Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
  Toll-Free: 877-727-5669 (877-SASKNOW) North America




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] CVD location on database Mirror : / or /database (WAS Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error)

2004-02-05 Thread Ignasi Prat 

> I guess it's safe to conclude that new versions (mine is devel-20040204)
> looks for *.cvd in /, not in /database.
> However OLDER versions (in this case devel-20031125, the one used to
> make Win32 binary) seems to looks for *.cvd in /database,
> which would explain the "Verification: MD5 verification error" : it
> can't find the cvd it was looking for.
>
> So, to make devel-20031125 work you should set your mirrors.txt manually
> to clamav.gossamer-threads.com, clamav.e-admin.de, or other mirrors
> which still have *.cvd on /database.
>
> I look at ChangeLog, but there's no mentioning database location change.
> Did I miss the documentation somehere, or is it simply undocumented?
>
> Regards,
>
> Fajar A. Nugraha
>

Hi Fajar:

Just tested changing mirror table and see what happens:

C:\CLAMAV~1\bin>freshclam -v
Current working dir is /cygdrive/c/clamav-devel/share/clamav
ClamAV update process started at Thu Feb  5 16:13:55 2004
Connected to clamav.gossamer-threads.com (64.69.64.158).
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
ClamAV update process started at Thu Feb  5 16:14:28 2004
Connected to clamav.e-admin.de (212.162.12.159).
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...

C:\CLAMAV~1\bin>

The problem persists. On the other hand I must say that I can see the
download progress in the temp dir, and the 1Mbyte file is effectively
downloaded, but when is tested and found 'faulty' MD5 signature it is
discarded and deleted.

Best regards,

 Ignasi Prat



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Ignasi Prat 



>No ideas about how to solve this, but I get exactly the 
same behavior running 0.65, as well as 20040203 devel version.  Running on 
Win32 as well (Windows 2k server) and CygWin.
 
>Tim McGarvey
 
I'm running here at 
WinXP.
 
Ignasi 
Prat

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Ignasi Prat 

> > And after this 'freshclam' says that databases are updated. But if I
erase
> > anyone of the 'cvd' files the files 'freshclam' will download the file
in a
> > temp file at share/clamav. Is there anyway to catch the temp file before
> > freshclam erases the temp ? This way I could run the sigtool over it and
see
> > if there is any corruption in downloaded file (unless freshclam uses the
> > same sigtool to test it... in wich case the explanation is that
'freshcam'
> > does not download the file correctly).
> >
> > Any ideas ?
> >
>
> I don't quite understand the above. I see that you run 'sigtool -i' over
> files downloaded "manually" and they were OK.
> But have you run it over files downloaded by freshclam? Or aren't any
> files retrieved by freshclam left after "freshclaming"?
>

There is not any file after 'freshclam'. 'freshclam' finds the file at the
servers and downloads it
(I can see a temporary file that grows until the correct size of about
1Mbyte for main.cvd) but
at MD5 verification stage fails, and then 'freshclam' deletes the temporary
file.

If I pick the files directly from the server and download them to
'share\clamav' the antivirus works
fine, and of course the sigtool verifies them correctly.

Best regards,

 Ignasi Prat



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] downgraded to 0.60 - 0.65 didnt work for me at all sind last days

2004-02-05 Thread Fajar A. Nugraha 
mario kammerer wrote:

_hi_  all!

i have to say that i had to go back to version 0.60. 
0.65 didnt work @ all for me last days since the new worm is out.
high processor, everytime messages from clam concerning low memory,
socket error, cant save pid and so on and so on. couldnt solve any
problem i had with 0.65. 


Too bad. I really think the latest devels (not 0.65. Latest devel) is 
much better.
What OS are you using? Have you tried precompiled packages? Lots of 
precompiled versions available on 
http://www.clamav.net/binary.html#pagestart

thanx anyway to users who tried to help me out.

0.60 running now perfectly.


As long as you're happy. You have to upgrade eventually though. Support 
for viruses.db* could be discontinued in the future.

Regards,

Fajar A. Nugraha

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 2:03 pm, Mike Brodbelt wrote:
> Hi,

> Running Clamav and clamav-milter (now the 20040204 snapshot, but this is
> an ongoing issue) with sendmail 8.12.10, and I get regular problems with
> ClamAV spawning huge numbers of child processes, and generally falling
> over.

What operating system?
What arguments are you giving to clamav-milter?
Are you using UNIX or TCP sockets to talk to clamd?

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 2:03 pm, Mike Brodbelt wrote:

> I've made the odd bit of noise about this on the list before, but I'm
> repeating myself because this particular problem is inordinately painful
> for me...

Two other questions - has clamd died?
Have you set userprocesses in clamav.conf?

-Nigel


-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] CVD location on database Mirror : / or /database (WAS Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error)

2004-02-05 Thread Fajar A. Nugraha 
Ignasi Prat wrote:

Directly http (at avmirror2.prod.rxgsys.com/database/) downloaded files give
this beautiful result:
 

You know what, your post (and a recent short "fiasco" on my server) made 
me try out most ClamAV mirrors. The result is quite surprising

As I recalled, there was an entry on 
http://www.clamav.net/doc/mirrors/clamav-mirror-howto.txt which saids 
that database are located on /database directory (the content of the 
file has changed, along with the preferred method of mirroring so I 
can't find that particular line anymore).
Seeing that you download it from avmirror2.prod.rxgsys.com/database/, I 
guess I'm not the only one that notice the "/database".

So, every mirror SHOULD have /database/main.cvd and /database/daily.cvd, 
right? WRONG!

clamav.datahost.com.ar has *.cvd in /, not in /database

So I try something else.
I put an entry in /etc/hosts for database.clamav.net that point to 
several mirrors one by one, and run freshclam.
I also check *.cvd presence in / and /database.

Here's the result :

200.32.4.47 (clamav.datahost.com.ar) : OK (*.cvd exists only in /, not 
in /database)
203.17.15.197 (clamav.ozforces.com) : NOK. (figures. 
http://www.clamav.net/mirrors.html shows all red anyway).
64.69.64.158 (clamav.gossamer-threads.com) : OK (*.cvd exists in both / 
and /database)
62.210.153.202 (clamav.inet6.fr) : OK ( cvd exists on /, /database/*.cvd 
denied)
212.162.12.159 (clamav.e-admin.de) : OK (*.cvd exists in both / and 
/database)
195.70.36.141 (clamav.fisher.hu) : OK (*.cvd exists in both / and /database)

=== stop working here. Seems all which freshclam says work are ones with 
*.cvd in / ==

Now I try your particular mirror (the ones that made your freshclam 
failed) :
199.239.233.95 (clamav-du.viaverio.com) : OK (*.cvd exists only in /, 
not in /database)
64.18.100.4 (clamav.catt.com) : OK (*.cvd exists only in /, not in 
/database)
213.184.16.3 (clamav.man.olsztyn.pl) : OK (*.cvd exists only in /, not 
in /database)

= end test 

Havent tried old viruses.db*. Some mirrors were not tested.

I guess it's safe to conclude that new versions (mine is devel-20040204) 
looks for *.cvd in /, not in /database.
However OLDER versions (in this case devel-20031125, the one used to 
make Win32 binary) seems to looks for *.cvd in /database,
which would explain the "Verification: MD5 verification error" : it 
can't find the cvd it was looking for.

So, to make devel-20031125 work you should set your mirrors.txt manually 
to clamav.gossamer-threads.com, clamav.e-admin.de, or other mirrors 
which still have *.cvd on /database.

I look at ChangeLog, but there's no mentioning database location change. 
Did I miss the documentation somehere, or is it simply undocumented?

Regards,

Fajar A. Nugraha

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] MailScanner and Clam Av

2004-02-05 Thread Allan Machado 
I installed the Clamav and MailScanner, now this is appearing in maillog:
ProcessClamAVOutput: unrecognised line "Full path:
/var/spool/MailScanner/incoming/18195/.". Please contact the authors.
What´s worng?

Best Regards,
Allan Machado
Linux User 154453




-- 
Esta mensagem foi verificada pelo sistema de antivirus da
Band Bahia e acredita-se estar livre de perigo.
Postmaster Band Bahia
-- 
This message has been scanned for viruses and dangerous 
content by Antivirus, and is believed to be clean.
Postmaster Band Bahia



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamav-milter runaway process problems

2004-02-05 Thread Mike Brodbelt 
Hi,

I've made the odd bit of noise about this on the list before, but I'm
repeating myself because this particular problem is inordinately painful
for me...

Running Clamav and clamav-milter (now the 20040204 snapshot, but this is
an ongoing issue) with sendmail 8.12.10, and I get regular problems with
ClamAV spawning huge numbers of child processes, and generally falling over.

To gove an example, I upgraded to the CVS snapshot this morning, with
clamav-milter 0.66k, and started the daemon at about 11:30:-

Feb  5 11:34:42 castor clamav-milter[790]: ClamAV version 'clamd /
ClamAV version devel-20040205', clamav-milter version '0
.66k'

The first problems showed up just over an hour later:-

Feb  5 12:39:54 castor clamav-milter[10759]: hit max-children limit (5
>= 5): waiting for some to exit
Feb  5 12:40:28 castor clamav-milter[11254]: hit max-children limit (5
>= 5): waiting for some to exit
Feb  5 12:40:54 castor clamav-milter[10759]: ClamAv: private data not NULL
Feb  5 12:41:28 castor clamav-milter[11254]: ClamAv: private data not NULL

This carries on until I notice, and restart it. In an hour, it had got
to this:-

Feb  5 13:23:42 castor clamav-milter[16550]: ClamAv: private data not NULL
Feb  5 13:23:43 castor clamav-milter[16567]: hit max-children limit (136
>= 5): waiting for some to exit
Feb  5 13:23:46 castor clamav-milter[16572]: hit max-children limit (136
>= 5): waiting for some to exit

The number of processes grows beyond the max-children limit, though at
least some of them die, as the actual process count doesn't keep pace
with the logged number.

While it's in this state, messages aren't virus checked, as sendmail
just waits for the milter to time-out, and then gives up on it. I've had
these problems since I installed ClamAv, about 4 1/2 months ago. They
used to result in it going belly up every 2-3 days, but they seem to
have got worse - I now rarely get more than a couple of hours "life" out
of it.

I'm happy to provide any more information if it would help, but I'm
seriously considering uninstalling it at this stage - it's only working
about half the time because of this, and it causes mail slow downs the
rest of the time, while sendmail waits for the timeouts. Surely I can't
be the only person experiencing this - I'm not running anything that
weird and wonderful?

Mike.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] downgraded to 0.60 - 0.65 didnt work for me at all sind last days

2004-02-05 Thread mario kammerer 




hi all!

i have to say that i had to go back to version 0.60. 
0.65 didnt work @ all for me last days since the new worm is out.
high processor, everytime messages from clam concerning low memory,
socket error, cant save pid and so on and so on. couldnt solve any
problem i had with 0.65. 

thanx anyway to users who tried to help me out.

0.60 running now perfectly.

mario 



-
Google ist Gott. Opfere ihr deine Zeit und werde erleuchtet.

RE: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Tim McGarvey 



No 
ideas about how to solve this, but I get exactly the same behavior running 0.65, 
as well as 20040203 devel version.  Running on Win32 as well (Windows 2k 
server) and CygWin.
 
Tim 
McGarvey

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Ignasi 
  PratSent: Thursday, February 05, 2004 2:47 AMTo: 
  [EMAIL PROTECTED]Subject: [Clamav-users] Freshclam 
  on Win32 issues MD5 verification error
  
  Hi Clamav users:
   
  I'm running the Clamav Win32 version and it is 
  working pretty well until I try to automatically update the database with 
  freshclam.
   
  If I update the database by downloading manually 
  the .CVD files to the "\share\clamav" dir everything is 
fine.
   
  But when I try to run the automatic update tool 
  the result is the following:
   
  C:\clamav-devel\bin>freshclam -vCurrent 
  working dir is /cygdrive/c/clamav-devel/share/clamavClamAV update process 
  started at Thu Feb  5 08:27:13 2004Connected to database.clamav.net 
  (213.184.16.3).Reading CVD header (main.cvd): OKmain.cvd is up to date 
  (version: 19, sigs: 19987, f-level: 1, builder: ddm)Connected to 
  database.clamav.net (213.184.16.3).Reading CVD header (daily.cvd): 
  OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification 
  error.Waiting 10 seconds...ClamAV update process started at Thu 
  Feb  5 08:27:27 2004Connected to database.clamav.net 
  (207.201.202.73).Reading CVD header (main.cvd): OKmain.cvd is up to 
  date (version: 19, sigs: 19987, f-level: 1, builder: ddm)Connected to 
  database.clamav.net (207.201.202.73).Reading CVD header (daily.cvd): 
  OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification 
  error.Waiting 10 seconds...ClamAV update process started at Thu 
  Feb  5 08:27:42 2004Connected to database.clamav.net 
  (207.201.202.73).Reading CVD header (main.cvd): OKmain.cvd is up to 
  date (version: 19, sigs: 19987, f-level: 1, builder: ddm)Connected to 
  database.clamav.net (207.201.202.73).Reading CVD header (daily.cvd): 
  OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification 
  error.Waiting 10 seconds...
   
  C:\clamav-devel\bin>
   
   
   
  As you can see the "main.cvd" file is updated, 
  but that is because I updated it manually yesterday.
   
  The round robin technique works fine and 
  everytime I flush DNS database freshclam tryes to update with a diferent 
  server, but the MD5 verification error still apears anyway so I suspect this 
  is not a corrupted file problem in a particular server.
   
  Did I forget anything or Win32 freshclam has a 
  problem with this ?
   
  Regards,
   
   Ignasi 
Prat

Re: [Clamav-users] Clamav and quoted-printable

2004-02-05 Thread Bruno Treguier 
On Thu, Feb 05, 2004 at 12:35:06PM +0100, Tomasz Papszun wrote:
> On Thu, 05 Feb 2004 at 12:09:00 +0100, Bruno Treguier wrote:
> [...]
> > 
> > Here is my problem: I submitted yesterday a new version of the paypal
> > trojan, which has been accepted as "Trojan.Spy.Paypal.A". My submission
> > was made via the web service.
> > 
> > The mail was an text/html one, with a quoted-printable encoding. So when
> > I run clamscan or clamdscan on a file containing the raw email, the
> > detection is correct.
> > 
> > The problem is that I run clamav as a virus scanner via amavis, and
> > amavis does all the decoding before calling the scanners. So when clamav
> > is called, it does NOT detect the trojan anymore, as it is no longer
> > quoted-printable encoded...
> > 
> > Is there a solution to this problem ?
> 
> The solution is probably a correcting the signature by us ;-) .

Thanks for your quick answer. To be really honest, I suspected this, but
didn't want to suggest it at first, as I'm not a very experienced user !


> Thank you for pointing this out!

You're welcome ! Thanks to _you_, the "dream team", for bringing us this
nice tool !

Best regards,

Bruno

-- 
-- Service Hydrographique et Oceanographique de la Marine ---  EPSHOM/CIS/MIC
-- 13, rue du Chatellier ---  BP 30316  --- 29603 Brest Cedex, FRANCE
--Phone: +33 2 98 22 17 49  ---  Email: [EMAIL PROTECTED]


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] CVD (virus database) format & fields

2004-02-05 Thread Mariano Absatz 
El 5 Feb 2004 a las 9:55, Fajar A. Nugraha escribió:

> 
> >My question is towared the following: there was a recent discussion in 
> >the MailScanner mailing list because Julian Field (the developer) is not 
> >only deprecating, but also eliminating, the possibility of 'bouncing' a 
> >mail containing a virus back to its (aparent) originator.
> >
> >  
> >
> What I do is :
> -   reject virus with 550 SMTP error message at SMTP time, so there is 
> no need to create a bounce message
_I_ can do this (not within MailScanner, but with 
ZMailer+ZMScanner+ClamAv), however there are customers (or bosses, 
depending on where you are), that insist in stupid configurations... I'm 
trying to get a tool that can even survive a moderate level of stupdness 
;-)

> -   if your server can't reject virus at SMTP (CGPro cant), then send 
> bounces for all virus EXCEPT if the name is Worm.*
I had not thought of this one... does ClamAv's database entries names 
allways start with 'Worm.' when a virus is e-mail borne? I guess I can 
handle that.

Thanx a lot, Fajar!

--
Mariano Absatz
El Baby
--
This email is ROT26 encrypted, by reading it you are in violation of the
DMCA, and should turn yourself in to the authorities immediately.




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Tomasz Papszun 
On Thu, 05 Feb 2004 at 13:15:24 +0100, Ignasi Prat wrote:
> >
> > Yes, 'sigtool -i main.cvd ; sigtool -i daily.cvd'.
> >
> Directly http (at avmirror2.prod.rxgsys.com/database/) downloaded files give
> this beautiful result:
> 
> C:\clamav-devel\bin>sigtool -i
> /cygdrive/c/clamav-devel/share/clamav/main.cvd
> Build time: 27 Jan 2004 12-31 +0100
> Version: 19
> # of signatures: 19987
> Functionality level: 1
> Builder: ddm
> MD5: 46b4b24055925f69a6d5d7802dbd1479
> Digital signature:
> QwI5dHA0EuDyu+nTowuaUtj30yqEKhpbcV1o5XdkXDiRvqTYowbqh4by/Burp
> QOPF15XXXODL7b4jY4n9I8Kw/7gdPLwjLgeaqDUA5WRyMtZIlOJFJcCznw/ZYmkk+FQAM9URLmCe
> pwtL
> ZN9uynsUKXdmZE6SVBtk4Dkg//w5Mf
> Verification OK.
> 
> C:\clamav-devel\bin>sigtool -i
> /cygdrive/c/clamav-devel/share/clamav/daily.cvd
> Build time: 05 Feb 2004 01-32 +0100
> Version: 121
> # of signatures: 637
> Functionality level: 1
> Builder: tomek
> MD5: eaaf2a25d6a0dbc16c934aaf71c3bf0f
> Digital signature:
> ivDCu1Snv8shmSMQc/F1Rgsi3qspAu6IGxBmFxPay4f2Zi2emGwi6MrSYr/a9
> Ql1EYha351vChibsW+sxDwERFNgUtTaP8sphI0LpU5IP9bgBqiWOSLb6Nn+Z5OFEbYIQU+hHF8gB
> Uy6O
> ZqtYBicItHrB+og2gECzm+Tqitumzk
> Verification OK.
> 
> C:\clamav-devel\bin>
> 
> And after this 'freshclam' says that databases are updated. But if I erase
> anyone of the 'cvd' files the files 'freshclam' will download the file in a
> temp file at share/clamav. Is there anyway to catch the temp file before
> freshclam erases the temp ? This way I could run the sigtool over it and see
> if there is any corruption in downloaded file (unless freshclam uses the
> same sigtool to test it... in wich case the explanation is that 'freshcam'
> does not download the file correctly).
> 
> Any ideas ?
> 

I don't quite understand the above. I see that you run 'sigtool -i' over
files downloaded "manually" and they were OK.
But have you run it over files downloaded by freshclam? Or aren't any
files retrieved by freshclam left after "freshclaming"?

> > Also, generate MD5 checksums of downloaded files and show them to us.
> > Usually with 'md5sum', though I don't know if your system has this
> > program.
> 
> Haven't found any MD5 tool in Windows yes. But as sigtool grants the http
> download of cvd files, might we focus on the download routines ?

Sure, I mentioned 'md5sum' in case sigtool would give strange result.

Let's see if Tomasz Kojm has any idea. I haven't any left at the moment.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Ignasi Prat 
> > Is MD5 signature packed with CVD files ? could I force a signature test
with
> > a downloaded file to try to separate a download problem of another kind
of
> > problem ?
>
> Yes, 'sigtool -i main.cvd ; sigtool -i daily.cvd'.
>
Directly http (at avmirror2.prod.rxgsys.com/database/) downloaded files give
this beautiful result:

C:\clamav-devel\bin>sigtool -i
/cygdrive/c/clamav-devel/share/clamav/main.cvd
Build time: 27 Jan 2004 12-31 +0100
Version: 19
# of signatures: 19987
Functionality level: 1
Builder: ddm
MD5: 46b4b24055925f69a6d5d7802dbd1479
Digital signature:
QwI5dHA0EuDyu+nTowuaUtj30yqEKhpbcV1o5XdkXDiRvqTYowbqh4by/Burp
QOPF15XXXODL7b4jY4n9I8Kw/7gdPLwjLgeaqDUA5WRyMtZIlOJFJcCznw/ZYmkk+FQAM9URLmCe
pwtL
ZN9uynsUKXdmZE6SVBtk4Dkg//w5Mf
Verification OK.

C:\clamav-devel\bin>sigtool -i
/cygdrive/c/clamav-devel/share/clamav/daily.cvd
Build time: 05 Feb 2004 01-32 +0100
Version: 121
# of signatures: 637
Functionality level: 1
Builder: tomek
MD5: eaaf2a25d6a0dbc16c934aaf71c3bf0f
Digital signature:
ivDCu1Snv8shmSMQc/F1Rgsi3qspAu6IGxBmFxPay4f2Zi2emGwi6MrSYr/a9
Ql1EYha351vChibsW+sxDwERFNgUtTaP8sphI0LpU5IP9bgBqiWOSLb6Nn+Z5OFEbYIQU+hHF8gB
Uy6O
ZqtYBicItHrB+og2gECzm+Tqitumzk
Verification OK.

C:\clamav-devel\bin>

And after this 'freshclam' says that databases are updated. But if I erase
anyone of the 'cvd' files the files 'freshclam' will download the file in a
temp file at share/clamav. Is there anyway to catch the temp file before
freshclam erases the temp ? This way I could run the sigtool over it and see
if there is any corruption in downloaded file (unless freshclam uses the
same sigtool to test it... in wich case the explanation is that 'freshcam'
does not download the file correctly).

Any ideas ?

> Also, generate MD5 checksums of downloaded files and show them to us.
> Usually with 'md5sum', though I don't know if your system has this
> program.

Haven't found any MD5 tool in Windows yes. But as sigtool grants the http
download of cvd files, might we focus on the download routines ?

Best regards,

 Ignasi Prat



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav and quoted-printable

2004-02-05 Thread Tomasz Papszun 
On Thu, 05 Feb 2004 at 12:09:00 +0100, Bruno Treguier wrote:
[...]
> 
> Here is my problem: I submitted yesterday a new version of the paypal
> trojan, which has been accepted as "Trojan.Spy.Paypal.A". My submission
> was made via the web service.
> 
> The mail was an text/html one, with a quoted-printable encoding. So when
> I run clamscan or clamdscan on a file containing the raw email, the
> detection is correct.
> 
> The problem is that I run clamav as a virus scanner via amavis, and
> amavis does all the decoding before calling the scanners. So when clamav
> is called, it does NOT detect the trojan anymore, as it is no longer
> quoted-printable encoded...
> 
> Is there a solution to this problem ?

The solution is probably a correcting the signature by us ;-) .

Thank you for pointing this out!

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 1:00 am, Ryan wrote:
> Hi again,
>
> Please see my original post for background information:
> http://www.mail-archive.com/[EMAIL PROTECTED]/msg04704.htm

I couldn't see the version of clamav-milter in either this post or the background
information one. Please do "clamav-milter --version".

> - Ryan

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: [OT] signatures longer than text [was: clamav-milter compilation problems again]

2004-02-05 Thread Nigel Horne 
On Thursday 05 Feb 2004 12:03 am, Kevin Spicer wrote:

> BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.

The question here is, who decides what does and does not
directly relate to your business? Are the criteria publically
viewable (say on your website)? If not how would I know whether
or not your company accepts liability?

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter compilation problems again

2004-02-05 Thread Nigel Horne 
On Wednesday 04 Feb 2004 11:29 pm, Stevens, John wrote:

> Anyhoo, I cannot find a reference to in_port_t in any of the many in.h
> files on my system.  Remember, it is a Cobalt (Sun) RAQ3 box, pretty close
> to redhat linux.  So if there is a package or glibc update that I should
> have, please point it out.  I can then try and find it and install it. 
> From memory this has been a problem with one other piece of software I
> tried to compile once.

Try looking for in_port_t in all headers.
It's probably in some "*-devel" RPM, but I'm sorry to say I don't know what.
I can only suggest either handcrafting into clamav-milter.c:
typedef unsigned short in_port_t;
or asking the distributors of your O/S for guidance.

> John Stevens

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Tomasz Papszun 
On Thu, 05 Feb 2004 at 11:52:35 +0100, Ignasi Prat wrote:
> 
> > Back to your question:
> > try running freshclam with -v option. It'll show more details.
> >
> 
> I did this!  I had given the verbose mode before and the main change is the
> explicit IP reference of the server used.
> 
> freshclam -v gives this results:
> 
> C:\clamav-devel\bin>freshclam -v
> Current working dir is /cygdrive/c/clamav-devel/share/clamav
> ClamAV update process started at Thu Feb  5 11:32:51 2004
> Connected to database.clamav.net (199.239.233.95).
> Reading CVD header (main.cvd): OK
> Downloading main.cvd [*]
> ERROR: Verification: MD5 verification error.
> Waiting 10 seconds...
> ClamAV update process started at Thu Feb  5 11:33:22 2004
> Connected to database.clamav.net (64.18.100.4).
> Reading CVD header (main.cvd): OK
> Downloading main.cvd [*]
> ERROR: Verification: MD5 verification error.
> Waiting 10 seconds...
> ClamAV update process started at Thu Feb  5 11:33:53 2004
> Connected to database.clamav.net (213.184.16.3).
> Reading CVD header (main.cvd): OK
> Downloading main.cvd [*]
> ERROR: Verification: MD5 verification error.
> Waiting 10 seconds...

I don't know what is wrong...

> C:\clamav-devel\bin>
> 
> The woking dir is granted full rights to everyone to avoid conflicts in this
> test stage.
> 
> Is MD5 signature packed with CVD files ? could I force a signature test with
> a downloaded file to try to separate a download problem of another kind of
> problem ?

Yes, 'sigtool -i main.cvd ; sigtool -i daily.cvd'.

Also, generate MD5 checksums of downloaded files and show them to us.
Usually with 'md5sum', though I don't know if your system has this
program.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] intercepted mails

2004-02-05 Thread Krzysztof Snopek 
On Thu, 5 Feb 2004, Japhet Samson wrote:

> I have installed clamav with clamav-milter enabled, and it is working fine.
> It intercepts mails with Sco.A virus, but it sends a copy of alert to the sender,
> recipient and postmaster. I get alot bounce messages because most of senders 
> addresses

Run clamav-milter -q

Krzysztof Snopek



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Ignasi Prat 
> Please don't "top-post". Answer _below_ previous messages, not above
> them.
>
> Remove unneeded fragments of previous messages when quoting. Especially
> commercial footers, mailing list footers, big signatures.
>
> Note that I haven't removed them in this message deliberately - to show
> you how ugly and noisy your message is.
>

Thanks Tomasz. I see I have a lot to learn ! Sorry for any inconvenience.

> Back to your question:
> try running freshclam with -v option. It'll show more details.
>

I did this!  I had given the verbose mode before and the main change is the
explicit IP reference of the server used.

freshclam -v gives this results:

C:\clamav-devel\bin>freshclam -v
Current working dir is /cygdrive/c/clamav-devel/share/clamav
ClamAV update process started at Thu Feb  5 11:32:51 2004
Connected to database.clamav.net (199.239.233.95).
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
ClamAV update process started at Thu Feb  5 11:33:22 2004
Connected to database.clamav.net (64.18.100.4).
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
ClamAV update process started at Thu Feb  5 11:33:53 2004
Connected to database.clamav.net (213.184.16.3).
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...

C:\clamav-devel\bin>

The woking dir is granted full rights to everyone to avoid conflicts in this
test stage.

Is MD5 signature packed with CVD files ? could I force a signature test with
a downloaded file to try to separate a download problem of another kind of
problem ?

Best regards,

 Ignasi Prat



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamav and quoted-printable

2004-02-05 Thread Bruno Treguier 
Hi everyone,

First of all, I'm a recent clamav user (I know, I know, I should NOT
be ! :-) ), so please be indulgent with me. I however, of course
searched the archives in order to see whether my problem had a solution,
but found nothing relevant. I may have missed something, though.

Here is my problem: I submitted yesterday a new version of the paypal
trojan, which has been accepted as "Trojan.Spy.Paypal.A". My submission
was made via the web service.

The mail was an text/html one, with a quoted-printable encoding. So when
I run clamscan or clamdscan on a file containing the raw email, the
detection is correct.

The problem is that I run clamav as a virus scanner via amavis, and
amavis does all the decoding before calling the scanners. So when clamav
is called, it does NOT detect the trojan anymore, as it is no longer
quoted-printable encoded...

Is there a solution to this problem ?

Thanks in advance for any pointer/solution/etc. !

Best regards,

Bruno

-- 
-- Service Hydrographique et Oceanographique de la Marine ---  EPSHOM/CIS/MIC
-- 13, rue du Chatellier ---  BP 30316  --- 29603 Brest Cedex, FRANCE
--Phone: +33 2 98 22 17 49  ---  Email: [EMAIL PROTECTED]


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Wait for next stable version or use CVS

2004-02-05 Thread Nigel Horne 
On Wednesday 04 Feb 2004 8:14 pm, Ola Thoresen wrote:

> I have now tested the latest tar.gz from
> http://www.clamav.net/snapshot/clamav-devel-20040204.tar.gz and can
> verify that the problem with memory allocations on special binhex-files
> has been fixed.
> I have about 10 different files that triggered the bug, and all of them
> are now scanned without any problem.

Many thanks to Thomas Lamy for this one in helping to focus my grey matter
when it was all over the place.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] spamass-milter falls down every few hours

2004-02-05 Thread Alexander Piavka 

 This is what i get in the syslog

Feb  5 09:59:21 indigo spamass-milter[26602]: SpamAssassin: accept()
returned invalid socket (Too many open files), try again
Feb  5 09:59:21 indigo spamass-milter[26602]: pipe error: Too many open
files
Feb  5 09:59:21 indigo spamass-milter[26602]: pipe error: Too many open
files
Feb  5 09:59:21 indigo spamass-milter[26602]: pipe error: Too many open
files
Feb  5 09:59:22 indigo spamass-milter[26602]: pipe error: Too many open
files
Feb  5 09:59:22 indigo spamass-milter[26602]: pipe error: Too many open
files
Feb  5 09:59:22 indigo spamass-milter[26602]: pipe error: Too many open
files

 What could be the problem



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Ignasi Prat 
> I specifically delete all .cvd and adjust my mirros.txt again and it
> still works fine
>
> C:\clamav-devel\bin>freshclam
> ClamAV update process started at Thu Feb  5 16:57:43 2004
> Reading CVD header (main.cvd): OK
> Downloading main.cvd [*]
> main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm)
> Reading CVD header (daily.cvd): OK
> Downloading daily.cvd [*]
> daily.cvd updated (version: 120, sigs: 634, f-level: 1, builder: ddm)
> Database updated (20621 signatures) from 207.201.202.73 (207.201.202.73).
>
> Try granting everyone full control to c:\clamav\devel\share\clamav
> folder and files. Don't know what else can cause this.
>
> Regards,
>
> Fajar A. Nugraha
>
>
Hi Fajar:

Rights were granted to everyone, but I checked again all files and foldes
(with no surprise).

I tested both with habitual users, and also administrator, with the same
results.

Tried also deleting *.cvd, this leaded to force also reading again main.cvd,
wich fails also at MD5 check.

Best regards,

Ignasi Prat



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Fajar A. Nugraha 
Ignasi Prat wrote:

I'm running clamav on a Windows XP machine.

 

Same here

I've granted all rights to the user in all the clamav tree.

The ClamAV was downloaded yesterday, and the compilation seems the same
(isn't it ?):
C:\clamav-devel\bin>freshclam -V
freshclam / ClamAV version devel-20031125
 

Yup. Should be.

C:\clamav-devel\bin>freshclam
ClamAV update process started at Thu Feb  5 10:36:53 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
ClamAV update process started at Thu Feb  5 10:37:08 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
ClamAV update process started at Thu Feb  5 10:37:22 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
 

I specifically delete all .cvd and adjust my mirros.txt again and it 
still works fine

C:\clamav-devel\bin>freshclam
ClamAV update process started at Thu Feb  5 16:57:43 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 120, sigs: 634, f-level: 1, builder: ddm)
Database updated (20621 signatures) from 207.201.202.73 (207.201.202.73).
Try granting everyone full control to c:\clamav\devel\share\clamav 
folder and files. Don't know what else can cause this.

Regards,

Fajar A. Nugraha

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] intercepted mails

2004-02-05 Thread Japhet Samson 
I have installed clamav with clamav-milter enabled, and it is working fine.
It intercepts mails with Sco.A virus, but it sends a copy of alert to the sender,
recipient and postmaster. I get alot bounce messages because most of senders addresses
are not valid addresses. can somebody show me how to remove the sender address so that 
i
don't get these bounce messages.


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Ignasi Prat 
I'm running clamav on a Windows XP machine.

I've granted all rights to the user in all the clamav tree.

The ClamAV was downloaded yesterday, and the compilation seems the same
(isn't it ?):

C:\clamav-devel\bin>freshclam -V
freshclam / ClamAV version devel-20031125

C:\clamav-devel\bin>freshclam
ClamAV update process started at Thu Feb  5 10:36:53 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
ClamAV update process started at Thu Feb  5 10:37:08 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...
ClamAV update process started at Thu Feb  5 10:37:22 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
ERROR: Verification: MD5 verification error.
Waiting 10 seconds...

C:\clamav-devel\bin>

Best regards,

 Ignasi

> Which version are you using? I downloaded one from
> http://www.sosdg.org/clamav-win32/index.php some time ago and it works
fine.
> (never mind the prompt. It's cygwin's bash). I customized mirrors.txt to
> use my own mirror first.
>
> $ freshclam.exe
> ClamAV update process started at Thu Feb  5 15:55:03 2004
> Reading CVD header (main.cvd): OK
> Downloading main.cvd [*]
> main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm)
> Reading CVD header (daily.cvd): OK
> Downloading daily.cvd [*]
> daily.cvd updated (version: 120, sigs: 634, f-level: 1, builder: ddm)
> Database updated (20621 signatures) from clamav.antispam.or.id
> (202.134.0.71).
>
> [EMAIL PROTECTED] /c/clamav-devel/bin
> $ freshclam.exe -V
> freshclam / ClamAV version devel-20031125
>
> Regards,
>
> Fajar A. Nugraha
>
>
> ---
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] CG Pro and ClamAV finds virus but can't find it when scanning with clamscan manually

2004-02-05 Thread Tomasz Papszun 
On Thu, 05 Feb 2004 at 10:07:24 +0100, Kristof Hardy wrote:
> 
> >Interesting. Can you make the .msg file available online? I'd like too 
> >see it.
> 
> Thanks, it's available at http://pot.catsanddogs.com/~kristof/40820.msg
> 

Clamscan doesn't find a virus because this file is not in the standard
email message format.
These headers are guilty:

P I 04-02-2004 16:35:40    <[EMAIL PROTECTED]>
R W 04-02-2004 16:35:40   _FY_ <[EMAIL PROTECTED]>
O L

and then standard headers follow:

Received: by mail.area013.be (CommuniGate Pro PIPE 4.1.4)
  with PIPE id 4033392; Wed, 04 Feb 2004 17:35:40 +0100

After I removed first 4 lines:

$ clamscan --mbox 40820.msg
40820.msg: Worm.SCO.A FOUND

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] CG Pro and ClamAV finds virus but can't find it when scanning with clamscan manually

2004-02-05 Thread Fajar A. Nugraha 
This is simply because CGP uses non-standar mbox format.

e.g. it adds these lines on top :

P I 04-02-2004 16:35:40    <[EMAIL PROTECTED]>
R W 04-02-2004 16:35:40   _FY_ <[EMAIL PROTECTED]>
O L
Before the header

Received: by mail.area013.be (CommuniGate Pro PIPE 4.1.4)
 with PIPE id 4033392; Wed, 04 Feb 2004 17:35:40 +0100
which makes clamscan --mbox unable to parse it. cgpav was able to rip 
attachment from that email anyway.
If you want to test it yourself, try deleting all lines before 
"Received" and use clamscan --mbox

Kristof Hardy wrote:



Thanks, it's available at http://pot.catsanddogs.com/~kristof/40820.msg


[snip]

I've only implemented cgpav for ClamAV, our McAfee (1000msg/hour) was 
always reaching limits, so now ClamAV does a much faster job without 
delaying the mails :)

So I assume you're not using McAfee anymore? I started with ClamAV since 
I can't afford other AV and connector license for over 1 million users.
Regards,

Fajar A. Nugraha

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] CG Pro and ClamAV finds virus but can't find it when scanning with clamscan manually

2004-02-05 Thread Kristof Hardy 
Fajar A. Nugraha wrote:
Interesting. Can you make the .msg file available online? I'd like too 
see it.
Thanks, it's available at http://pot.catsanddogs.com/~kristof/40820.msg

System is Red Hat 9,
running CgPro and cgpav-1.3 
What? A 1.3 already? I didn't know. Thanks for mentioning.
I've only implemented cgpav for ClamAV, our McAfee (1000msg/hour) was 
always reaching limits, so now ClamAV does a much faster job without 
delaying the mails :)

Thanks for looking into it, i'm curious..

--

Best regards,
Kristof
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Fajar A. Nugraha 
Ignasi Prat wrote:

Hi Clamav users:
 
I'm running the Clamav Win32 version and it is working pretty well 
until I try to automatically update the database with freshclam.
 
If I update the database by downloading manually the .CVD files to the 
"\share\clamav" dir everything is fine.
 
But when I try to run the automatic update tool the result is the 
following:
 
C:\clamav-devel\bin>freshclam -v
Current working dir is /cygdrive/c/clamav-devel/share/clamav
ClamAV update process started at Thu Feb  5 08:27:13 2004
Connected to database.clamav.net (213.184.16.3).
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 19, sigs: 19987, f-level: 1, builder: 
ddm)
Connected to database.clamav.net (213.184.16.3).
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
ERROR: Verification: MD5 verification error.
Which version are you using? I downloaded one from 
http://www.sosdg.org/clamav-win32/index.php some time ago and it works fine.
(never mind the prompt. It's cygwin's bash). I customized mirrors.txt to 
use my own mirror first.

$ freshclam.exe
ClamAV update process started at Thu Feb  5 15:55:03 2004
Reading CVD header (main.cvd): OK
Downloading main.cvd [*]
main.cvd updated (version: 19, sigs: 19987, f-level: 1, builder: ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 120, sigs: 634, f-level: 1, builder: ddm)
Database updated (20621 signatures) from clamav.antispam.or.id 
(202.134.0.71).

[EMAIL PROTECTED] /c/clamav-devel/bin
$ freshclam.exe -V
freshclam / ClamAV version devel-20031125
Regards,

Fajar A. Nugraha

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Contents of DBDIR {Scanned}

2004-02-05 Thread Jo Mills 
On Wed, Feb 04, 2004 at 11:44:05AM -0600, Justin wrote:
> On Wed, 4 Feb 2004, Jo Mills wrote:
> 
> > Justin,
> > 
> >Just a thought - what was the return code from freshclam?  Was it 
> > "1" by any chance?  I would be interested to know.
> 
> Thanks for the reply, Jo.  It looks like it's exiting with a 1.  

To my mind, I don't think it should be exiting with a "1".  man
freshclam shows:

 RETURN CODES
0 : Database succesfully updated.

1 : Database is up-to-date.

and freshclam gives a return code of 1 even though the update process
failed.  Surely this is not correct?

Jo.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Wait for next stable version or use CVS

2004-02-05 Thread Tom Walsh 
> 
> Hi,
> 
> I wonder if i have to wait for the next stable version or use 
> the last cvs. I've download the last cvs of clamav and i'm 
> reading the changelog and found very interesting things 
> there. Is the current CVS is stable for an use in production 
> environment ? Is the next stable will done quicly ?
> 
> Regards

Cedric,

Stable is clearly dated not only in functionality but also in bug fixes
(see SCO.A in nested mime formats).

There are many new features in clamav-cvs that aren't in clamav-stable
(ScanMail, SaveStreamToDisk come to mind), not to mention new methods of
freshclam (the entire commandline switches have been changed to a
freshclam.conf file now)... As well as the database format and database
retrieval method have changed from stable to cvs versions.

As for stability... Well... I do admit there are some stability issues
with clamd-cvs (at least on FreeBSD), but I think the newer bug fixes
along with the additional feature sets are worth the price...

Plus the stability problems I have experienced are easily solved by
placing clamd under supervise (DJB http://cr.yp.to/daemontools.html -
still the coolest domain name I have seen to date...)

I think this brings up a good point for the maintainers of this
fantastic project (never hurts to flatter). I believe an update to the
stable is needed.

Just this morning I had a friend of mine that I convinced to install
clamav... He used stable... Because it was for a production
environment... He came to me later this morning complaining that while
clamav was easy to install and setup, he wasn't catching all the SCO.A
viruses... I explained to him about the newer version of CVS fixes that
exact problem... If I hadn't been on this list, I wouldn't have had the
answer to his dilemma, and possibly tarnished this projects reputation
in that individual's eyes...

Now while the SCO.A problem will become a moot point in about 12 days, I
think it illustrates a clear (albeit unique) problem with the divergence
between the stable product and the cvs product.

Sorry for somewhat hijacking your thread Cedric... It just started me
down a thought process that I wanted to explore a little bit...

To answer your question... Go with CVS... The good out weighs the bad.

Tom Walsh
Network Administrator
http://www.ala.net/

SCO.A count for yesterday: 29,456 filtered messages.
SCO.A peak one day total: 36,089 filtered messages (January 30th, 2004).




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Freshclam on Win32 issues MD5 verification error

2004-02-05 Thread Ignasi Prat 




Hi Clamav users:
 
I'm running the Clamav Win32 version and it is 
working pretty well until I try to automatically update the database with 
freshclam.
 
If I update the database by downloading manually 
the .CVD files to the "\share\clamav" dir everything is fine.
 
But when I try to run the automatic update tool the 
result is the following:
 
C:\clamav-devel\bin>freshclam -vCurrent 
working dir is /cygdrive/c/clamav-devel/share/clamavClamAV update process 
started at Thu Feb  5 08:27:13 2004Connected to database.clamav.net 
(213.184.16.3).Reading CVD header (main.cvd): OKmain.cvd is up to date 
(version: 19, sigs: 19987, f-level: 1, builder: ddm)Connected to 
database.clamav.net (213.184.16.3).Reading CVD header (daily.cvd): 
OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification 
error.Waiting 10 seconds...ClamAV update process started at Thu 
Feb  5 08:27:27 2004Connected to database.clamav.net 
(207.201.202.73).Reading CVD header (main.cvd): OKmain.cvd is up to date 
(version: 19, sigs: 19987, f-level: 1, builder: ddm)Connected to 
database.clamav.net (207.201.202.73).Reading CVD header (daily.cvd): 
OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification 
error.Waiting 10 seconds...ClamAV update process started at Thu 
Feb  5 08:27:42 2004Connected to database.clamav.net 
(207.201.202.73).Reading CVD header (main.cvd): OKmain.cvd is up to date 
(version: 19, sigs: 19987, f-level: 1, builder: ddm)Connected to 
database.clamav.net (207.201.202.73).Reading CVD header (daily.cvd): 
OKDownloading daily.cvd [*]ERROR: Verification: MD5 verification 
error.Waiting 10 seconds...
 
C:\clamav-devel\bin>
 
As you can see the "main.cvd" file is updated, but 
that is because I updated it manually yesterday.
 
The round robin technique works fine and everytime 
I flush DNS database freshclam tryes to update with a diferent server, but the 
MD5 verification error still apears anyway so I suspect this is not a corrupted 
file problem in a particular server.
 
Did I forget anything or Win32 freshclam has a 
problem with this ?
 
Regards,
 
 Ignasi 
Prat

Re: [Clamav-users] Re: clamd: cant save pid in file & socket file is in use by another process

2004-02-05 Thread Thomas Lamy 
mario kammerer wrote:

Am Thu, 5 Feb 2004 00:11:23 +0100 hat Tomasz Kojm <[EMAIL PROTECTED]>  
geschrieben:

On Wed, 04 Feb 2004 23:40:35 +0100
"mario kammerer" <[EMAIL PROTECTED]> wrote:
1)ERROR: Socket file /tmp/clamd exists. Either remove it, or configure
a  different one.
Enable FixStaleSocket in clamav.conf.
i already have this is enabled in clamav.conf - it was the first i did!
what else can that be - even if i delete manually the file - next time 
i  start, the error is the same.

You don't use "UseProcesses", don't you? This is currently broken...
Also, the error message must be different if you enabled FixStaleSocket.

2)ERROR: Can't save PID in file /var/run/clamd.pid
That must be a permission problem.
the /var/run is 0755 root:uucp - right, there should be problems for  
qscand to place a pid file!
but even i make a /clamd_pid dir unter / and do chmod qscand:qscand and  
0777 - pid file is NOT placed
but no error message appears.

maybe its because of the socket error, that pid file is not placed.

Maybe you have two configuration files in your system, and you're 
editing the wrong one?





---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users