Re: [Clamav-users] "Too many open files" Error :-(
On Saturday 06 March 2004 02:08, Nigel Horne wrote: > > For restore work I need to restart clamd and clamav-milter... > > Have you any idea ? > > Not unless you let us know the version of clamav-milter (clamav-milter --version) > and clamd and whether you can reproduce with the latest version from CVS. Sorry for missing information. On last month i work with CVS snapshots only. Last probed on RH 6.2: ClamAV version devel-20040303, clamav-milter version 0.67j And I can't reproduce it on new distribution (while I probe Alt Linux Sisyphus only, but I will be probe Red Hat 7.3 and Trustx 2.0 soon) -- Regards, Sergey --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: duh, ignore my last question
On Friday 05 March 2004 09:30 pm, Starbane wrote: > Jim Maul wrote: > > my apologies, it was almost 5pm on a friday and for some reason i asked > > if sendmail supports maildirs. musta been a brain fart cause obviously > > thats not the mta's job. Feel free to point and laugh. > > > > Thanks > > Jim > > Since we're sharing, I recently spent an hour trying to figure out why > my cron job wasn't running. > > Of course, after editing the job and scratching my head watching syslog, > I eventually DID notice that crond was not running. > > Definitely goes along with having to crack the case on a PC, only to > discover the reason it wasn't POSTing was the lack of an attached power > cable. > > :) > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users (sigh) it's the little things that make this career worth it, isn't it? :) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: duh, ignore my last question
Jim Maul wrote: my apologies, it was almost 5pm on a friday and for some reason i asked if sendmail supports maildirs. musta been a brain fart cause obviously thats not the mta's job. Feel free to point and laugh. Thanks Jim Since we're sharing, I recently spent an hour trying to figure out why my cron job wasn't running. Of course, after editing the job and scratching my head watching syslog, I eventually DID notice that crond was not running. Definitely goes along with having to crack the case on a PC, only to discover the reason it wasn't POSTing was the lack of an attached power cable. :) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] duh, ignore my last question
To cheer everyone up (virus can be so depressing sometimes) *points at Jim and laughs* Carl - Original Message - From: "Jim Maul" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 05, 2004 4:44 PM Subject: [Clamav-users] duh, ignore my last question > my apologies, it was almost 5pm on a friday and for some reason i asked if > sendmail supports maildirs. musta been a brain fart cause obviously thats > not the mta's job. Feel free to point and laugh. > > Thanks > Jim > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] network scanning questions
Hello, I'm looking at implementing clamav for a somewhat large userbase. Due to that, I need to run multiple clamds on seperate machines so as not to eat all the resources on the main mail server. Think "spamd/spamc"... >From what I can tell, the client included with clamav does not allow for this; it's network support is limited to telling the remote machine what files to scan on the remote machine. I have found this client: ftp://victor.teaser.fr/pub/lwa/clamd-stream-client/ Is anyone aware of any others? I also can't find any information on the network protocol in the docs or the list archives. I did find some posts stating that it's "difficult to firewall" because it behaves similar to ftp. I've also found mention in the docs that the current STREAM mode stuff is due to be replaced soon. Is this actively being developed, and if so, where can I find the docs dealing with that? Thanks, Charles --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] worm in zip file
>> Hi, >> >> Is clamav catching this latest worm that has a password >> protected zip file? > Yes, it is. Thank you. Are there multiple versions of this worm? I have seen some come into my mailbox and not be detected... but I no longer have the files in order to test. Ricardo --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with clamd
On Mar 5, 2004, at 02:41, Trog wrote: On Fri, 2004-03-05 at 01:15, Doug Hardie wrote: I just uncommented the thread timeout the last time I restarted clamd a couple minutes ago so I don't know what effect that will have. ThreadTimeout isn't used in the current CVS version. Here is some more information: After running with the timeout set to 500, clamd no longer dies. It chugs along for quite awhile (about 10 minutes) at full cpu usage and then returns to normal use. I don't see anything different in the load between the periods. However a ktrace of clamd shows a significant difference. Normally clamd shows nothing much when idle and it shows the messages being received (read) when processing a message. However, when its running at full cpu utilization, ktrace shows thousands of sequences like: 8313 clamdPSIG SIGPROF caught handler=0x28116228 mask=0x0 code=0x0 8313 clamdCALL gettimeofday(0x2815fe4c,0) 8313 clamdRET gettimeofday 0 8313 clamdCALL sigprocmask(0x3,0x2815fed8,0) 8313 clamdRET sigprocmask 0 8313 clamdCALL sigaltstack(0x2817c000,0) 8313 clamdRET sigaltstack 0 8313 clamdCALL poll(0x806f000,0x1,0) 8313 clamdRET poll 0 8313 clamdCALL sigreturn(0x808ac64) 8313 clamdRET sigreturn JUSTRETURN and then there will be one message processed and then back to a few more thousand of those sequences. This looks entirely broken. Your trace indicates that the last argument to poll (the timeout) is zero. The code looked like this count = poll(poll_data, 1, CL_DEFAULT_SCANTIMEOUT*1000); i.e. the timeout *can't* be zero unless you changed the value of CL_DEFAULT_SCANTIMEOUT or your system is fundamentally broken. unless your system is using poll to spin somewhere. -trog That was my thought also. I don't know why its zero. When clamd is only using about 2% of the cpu, the number is on the order of 5 to 10 seconds. However, something is very unusual here. The line of code above is not in the version I am using. I am using the snapshot from the morning of 4 Mar. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] worm in zip file
On Fri, 5 Mar 2004 14:37:18 -0800 (PST) ricardo <[EMAIL PROTECTED]> wrote: > Hi, > > Is clamav catching this latest worm that has a password > protected zip file? Yes, it is. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat Mar 6 00:03:27 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] sendmail devel?
El vie, 05-03-2004 a las 12:20, Eric escribió: > How do I tell if I have sendmail-devel installed. the clamav milter tells > me to ensure that it is there. I know I am using sendmail 8.12.5 but how do > I know if its devel? which sendmail and which sendmail-devel show nothing. > > > Eric Hello: If you use debian: a)apt-cache search sendmail dev b)dpkg -s package You need libmilter, and the support for this is only in sendmail 8.12 or newer. Saludos!! --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] duh, ignore my last question
my apologies, it was almost 5pm on a friday and for some reason i asked if sendmail supports maildirs. musta been a brain fart cause obviously thats not the mta's job. Feel free to point and laugh. Thanks Jim --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
> Some "pop3" services work of the system accounts (/etc/passwd) while > others > are database driven and use a "seperate" system. The only thing you need > to > make sure is that the pop3 system your using works on the same level that > your MTA does. qpopper, courier, ipop all seem to work off system user > accounts while other things such as hive work off a database driven mail > system. > I dont know about courier pop, but courier imap works with virtual users (neither system nor database driven accounts). But that is together with vpopmail so... --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] worm in zip file
Hi, Is clamav catching this latest worm that has a password protected zip file? I've seen a bunch of these come through and it doesn't seem like clamdscan has caught it. I don't have one of these messages around to manually test it. Thanks Ricardo --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Password-protected .zip file viruses
On Fri, 5 Mar 2004 13:31:35 -0800 (PST) [EMAIL PROTECTED] wrote: > > uvscan is detecting zipped/passworded bagle zip's as > Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this? Please don't top post. That's not your uvscan but ClamAV detecting the worm. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 5 23:10:04 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Occasionally missing viruses
On Friday 05 Mar 2004 9:47 pm, Dominic Mazzoni wrote: > >> Try running 'clamscan --mbox email' > > Actually I should note that this almost completely fixes my > problem. Now it's catching 99% of my viruses. The only > question now is why it still misses 1 or 2 of them when > the virus is found when base64-decoding the attachment and > scanning that. I you forward copies of the e-mails in which clamAV fails to locate the viruses that would help. Send them by private e-mail to me. > Dominic -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
Some "pop3" services work of the system accounts (/etc/passwd) while others are database driven and use a "seperate" system. The only thing you need to make sure is that the pop3 system your using works on the same level that your MTA does. qpopper, courier, ipop all seem to work off system user accounts while other things such as hive work off a database driven mail system. Carl - Original Message - From: "Hanford, Seth" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 05, 2004 2:56 PM Subject: Re: [Clamav-users] sendmail devel? > > Why does multiple or single domains matter to the POP3 server? > > The only thing I can imagine off the top of my head is user accounts -- if > you have [EMAIL PROTECTED] and [EMAIL PROTECTED], you need to make sure that > your POP3 server doesn't think they both necessarily use the same mailbox > b/c they are both named Joe. Granted, a lot of other pieces (MTA, MDA, > etc.) also need to have the exact same idea of who is who. > > Seth > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] "Too many open files" Error :-(
On Friday 05 Mar 2004 6:18 pm, Sergey wrote: > For restore work I need to restart clamd and clamav-milter... > Have you any idea ? Not unless you let us know the version of clamav-milter (clamav-milter --version) and clamd and whether you can reproduce with the latest version from CVS. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Occasionally missing viruses
Try running 'clamscan --mbox email' Actually I should note that this almost completely fixes my problem. Now it's catching 99% of my viruses. The only question now is why it still misses 1 or 2 of them when the virus is found when base64-decoding the attachment and scanning that. Thanks, Dominic --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] "Too many open files" Error :-(
On Fri, 2004-03-05 at 13:18, Sergey wrote: > Hello. > > I run Clam AV on RedHat 6.2. > Some time after (about one hour) running clamav-milter is stop scanning with error: > For restore work I need to restart clamd and clamav-milter... > Have you any idea ? What is important is how many file descriptors the user clamav runs as has. For example number of open files (-n) on a Fedora box defaults to 1024, which may not be enough. You may want to also probe clamd when it is running to see how many/why it needs so many files open (command-line examples below). We have started restarting clamd every 3 hours. This is with 0.67, we find that to be a reasonable solution. [EMAIL PROTECTED] etc]# su - clamav -s /bin/bash -c "ulimit -a" core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files(-n) 1024 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes(-u) 7168 virtual memory(kbytes, -v) unlimited [EMAIL PROTECTED] bin]# lsof -p `ps --no-headers -C clamd -o pid` -- Robert Schmidt -- UNIX Tech Support [EMAIL PROTECTED] MC1021 519-888-4567 x6453 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] sendmail devel?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Hanford, > Seth > Sent: Friday, March 05, 2004 3:57 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] sendmail devel? > > > > Why does multiple or single domains matter to the POP3 server? > > The only thing I can imagine off the top of my head is user accounts -- if > you have [EMAIL PROTECTED] and [EMAIL PROTECTED], you need to make sure that > your POP3 server doesn't think they both necessarily use the same mailbox > b/c they are both named Joe. Granted, a lot of other pieces (MTA, MDA, > etc.) also need to have the exact same idea of who is who. > > Seth > > Exactly, usually to solve this problem, the username is [EMAIL PROTECTED] instead of just user. There are other variations on this too (user%domain.com ive seen before as well) Jim --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clam and pop3 scanner
So I got the pop3 scanner installed. redhat 9, clarkconnect firewall. I did a cp p3scan.conf.sample to p3scan.conf and uncommented lines and did light configuration. But I get this error in "tail /var/log/messages" Mar 5 13:33:25 compaq p3scan: p3scan[7004]: P3Scan Version 1.0 Mar 5 13:33:25 compaq p3scan: p3scan[7004]: Selected scannertype: basic ( file invocation scanner) Mar 5 13:33:25 compaq p3scan: p3scan[7004]: Listen now on 192.168.1.1:811 Mar 5 13:33:25 compaq p3scan: p3scan[7004]: Changing uid (we are root) Mar 5 13:33:25 compaq p3scan: p3scan[7004]: Changed UID.GID to 8.12 Mar 5 13:33:25 compaq p3scan: p3scan[7004]: No Regular Expression given! ames can't be extracted Mar 5 13:33:25 compaq p3scan: p3scan[7004]: Waiting for connections. Can anyone tell me what "No Regular Expression" is ? is it important? bueller, Bueller ? Also my p3scan.conf file is set at scanner=/var/lib/clamav default=basic. I can run freshclam /home/user no problems and even found a virus last week (mp3 file none the less) Also when I do a rpm -q libpcre it shows nothing, but I have a rpm -q pcre it shows rpm pcre-3.9-10 installed. Is it compatible ?? :-)> kevin --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Milter's problem ?
Hello. I need to correct reply form clamav-milter. I make some overpatching and... And I get inoperative programm. I add some debug messages to different functions and I see what clamfi_envfrom called in unexpected time: Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: centurion Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: --1-- (null) Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: --2-- (null) Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: --3-- ╗>, Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: --4-- centurion Mar 6 00:39:12 clamav-milter[31322]: clamfi_helo: smfi_setpriv ok, privdata = 0x805c638 Mar 6 00:39:13 clamav-milter[31322]: clamfi_envfrom: privdata = 0x805c638 Mar 6 00:39:13 clamav-milter[31322]: clamfi_envfrom: <[EMAIL PROTECTED]> Mar 6 00:39:13 clamav-milter[31322]: clamfi_envfrom: n_children = 2 Mar 6 00:39:13 clamav-milter[31322]: clamfi_envfrom: continue Mar 6 00:39:15 clamav-milter[31322]: clamfi_envrcpt: <[EMAIL PROTECTED]> Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: From: "" <[EMAIL PROTECTED]> Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: To: Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: Subject: xx Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: Date: Sat, 6 Mar 2004 00:39:28 +0400 Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: MIME-Version: 1.0 Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: Content-Type: text/plain; Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Mar 6 00:39:16 clamav-milter[31322]: clamfi_header: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123 Mar 6 00:39:16 clamav-milter[31322]: clamfi_eoh Mar 6 00:39:16 clamav-milter[31322]: clamfi_envbody: 332 bytes Mar 6 00:39:16 clamav-milter[31322]: clamfi_eom Mar 6 00:39:16 clamav-milter[31322]: clamfi_eom: read stream: OK Mar 6 00:39:16 clamav-milter[31322]: i25KdBI3031318: clean message from <[EMAIL PROTECTED]> Mar 6 00:39:16 clamav-milter[31322]: clamfi_free called Mar 6 00:39:16 clamav-milter[31322]: clamfi_free: privdata = 0x805c638 Mar 6 00:39:16 clamav-milter[31322]: clamfi_free: privdata = 0x805c638 Mar 6 00:39:17 clamav-milter[31322]: clamfi_envfrom: privdata = (nil) Mar 6 00:39:17 clamav-milter[31322]: clamfi_envfrom: <[EMAIL PROTECTED]> Mar 6 00:39:17 clamav-milter[31322]: clamfi_envfrom: n_children = 2 Why ?... (clamfi_envfrom: privdata = (nil) because private context initialization moved from clamfi_envfrom to clamfi_helo). I make verification in begin on clamfi_envfrom if(!privdata) { syslog(LOG_DEBUG, "clamfi_envfrom: privdata is NULL, breake"); return cl_error; } but i don't understand... -- Regards, Sergey --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Password-protected .zip file viruses
uvscan is detecting zipped/passworded bagle zip's as Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this? -Eric On Wed, 3 Mar 2004, Lucas Albers wrote: > Tomasz Papszun said: > >WE ASK USERS TO NOT SUBMIT naked zip files IF their contents is DETECTED > >as infected by ClamAV AFTER UNZIPPING. It's a utter waste of our time, > >which results in delays in processing really significant samples! > > Why not add this on the web submittal nag screen? > > > Luke Computer Science System Administrator > Security Administrator,College of Engineering > Montana State University-Bozeman,Montana > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] sendmail devel?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jeff > Ramsey > Sent: Friday, March 05, 2004 3:47 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] sendmail devel? > > And while we're digging up old hatchets that have been buried long ago, > I use vi over emacs. > My workstation has an amd processor instead of intel and i have an nvidia vid card not ati. With that said, we should all probably stop this before someone gets hurt. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] sendmail devel?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Antony > Stone > Sent: Friday, March 05, 2004 3:32 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] sendmail devel? > > > On Friday 05 March 2004 8:22 pm, redragon wrote: > > > This could end up being a long drawn out battle. > > That is not what I intended to start when I posted my question, > and I hope it > doesn't happen. > > > I personally prefer > > sendmail to any other MTA and have no security issues with it. Like any > > other piece of software you install it must be maintained. > > Agreed. I personally like sendmail, but that's partly simply > because I know > it better than other MTAs. > > I simply wanted to know if people were aware of any recent assessments > comparing the security of sendmail vs. other MTAs, showing that sendmail > still has problems. The opinion expressed by Jim, that sendmail is less > secure than postfix or qmail, suggested to me that he might have > something to > support it, and I would be very interested to see that. > Well sorry to disappoint, but there is no recent support to my claims. Indeed i do not wish to start any quarrels with anyone so i hope that does not happen here. I was simply basing my claims on the history of the software. I do not run sendmail so i can not vouch for its current security. Simply put, i do not need all the fancy stuff that sendmail supports. Ease of installation/use is the main reason i use qmail. It all comes down to what YOU need your mta to do. Neither is better/worse than any other. IMHO the problem with sendmail is that when it was designed, the author had NO idea just how popular it was going to be. Had he known, im sure it would have been designed differently. On a (not so) side not, does sendmail support maildirs? I tried finding the answer to this on the website, but no luck. Jim --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Occasionally missing viruses
On Fri, 05 Mar 2004 at 12:49:45 -0800, Dominic Mazzoni wrote: > Ryan Moore wrote: > > > >Try running 'clamscan --mbox email' > > Oops, I didn't realize that. > > Same problem: > > >clamscan --mbox email > email: OK If it's with the current CVS version, you can submit a sample via our submission WWW interface, describing the problem of course. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ScanMail destabilizing clamd?
On Fri, 5 Mar 2004 16:54:12 -0300 Everton da Silva Marques <[EMAIL PROTECTED]> wrote: > Is ScanMail known to be unstable? Yes, it is. It's very hard to parse all that broken messages. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 5 22:04:00 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] sendmail devel?
Agreed, about 99% of it is preference and knowledge of what you use. Postfix, exim (3 and 4), and sendmail all natively provide auth smtp and tls as well as most any other feature the average admin uses. Carl - Original Message - From: "John Jolet" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 05, 2004 2:42 PM Subject: Re: [Clamav-users] sendmail devel? > Antony Stone wrote: > > >On Friday 05 March 2004 7:54 pm, Jim Maul wrote: > > > > > > > >>> On the other hand, remove sendmail and install Postfix instead. > >>> > >>> > >>Or qmail. Both are more secure than sendmail. > >> > >> > > > >Is this still true? I know sendmail had a bad history of security problems > >in its early days (but then again it has been around for a very long time). > > > >What has sendmail's *recent* history of security problems been like? Where > >can I see some tests showing postfix or qmail are better? > > > >Regards, > > > >Antony, > > > > > > > this is ot, however, we just moved our gateway mail servers from > sendmail to postfix and saw a tremendous cpu-utilization drop. Security > concerns aside, postfix is (in my opinion) a heck of a lot easier to > manage and configure. > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Occasionally missing viruses
I was missing some virus's until I upgraded from .65 to .67. Bounce back zipped virus's were slipping by. Dominic Mazzoni said: > Ryan Moore wrote: >> Dominic Mazzoni wrote: >> >>> I'm also having the problem that Ron Snyder reported yesterday, >>> where clamscan will mark a file as OK, but if I extract the >>> attachment (just by base64-decoding it, NOT by unzipping it too), >>> then clamscan properly recognizes the virus (in this case, SCO.A). >>> >> >> Try running 'clamscan --mbox email' > > Oops, I didn't realize that. > > Same problem: > >> clamscan --mbox email > email: OK > > --- SCAN SUMMARY --- > Known viruses: 20383 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.03 MB > I/O buffer size: 131072 bytes > Time: 0.626 sec (0 m s) > > Thanks for responding. > > - Dominic > > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
> Why does multiple or single domains matter to the POP3 server? The only thing I can imagine off the top of my head is user accounts -- if you have [EMAIL PROTECTED] and [EMAIL PROTECTED], you need to make sure that your POP3 server doesn't think they both necessarily use the same mailbox b/c they are both named Joe. Granted, a lot of other pieces (MTA, MDA, etc.) also need to have the exact same idea of who is who. Seth --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
> what pop3 is good for multiple domains? instead of qpopper CourierPop3d and CourierImap are both good for multiple domains. (of course, CourierIMAP is not Pop3, but they are often packaged together, and do not require the Courier MTA). --Seth --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Occasionally missing viruses
Ryan Moore wrote: Dominic Mazzoni wrote: I'm also having the problem that Ron Snyder reported yesterday, where clamscan will mark a file as OK, but if I extract the attachment (just by base64-decoding it, NOT by unzipping it too), then clamscan properly recognizes the virus (in this case, SCO.A). Try running 'clamscan --mbox email' Oops, I didn't realize that. Same problem: clamscan --mbox email email: OK --- SCAN SUMMARY --- Known viruses: 20383 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.03 MB I/O buffer size: 131072 bytes Time: 0.626 sec (0 m 0 s) Thanks for responding. - Dominic --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
If you already have sendmail configured and working, why switch? I agree that sendmail has had it's share of security holes, but in that respect, it's like the Windows of MTAs: It was so widely used, it was picked apart. I believe this made it stronger. I don't believe there is any more security in another MTA, and if you take the time to learn it, you'll enjoy it's flexibility. And while we're digging up old hatchets that have been buried long ago, I use vi over emacs. Jeff On Mar 5, 2004, at 12:32 PM, Antony Stone wrote: On Friday 05 March 2004 8:22 pm, redragon wrote: This could end up being a long drawn out battle. That is not what I intended to start when I posted my question, and I hope it doesn't happen. I personally prefer sendmail to any other MTA and have no security issues with it. Like any other piece of software you install it must be maintained. Agreed. I personally like sendmail, but that's partly simply because I know it better than other MTAs. I simply wanted to know if people were aware of any recent assessments comparing the security of sendmail vs. other MTAs, showing that sendmail still has problems. The opinion expressed by Jim, that sendmail is less secure than postfix or qmail, suggested to me that he might have something to support it, and I would be very interested to see that. Regards, Antony. -- In science, one tries to tell people in such a way as to be understood by everyone something that no-one ever knew before. In poetry, it is the exact opposite. - Paul Dirac Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Jeff Ramsey MIS Administrator Tubafor Mill, Inc. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
On Friday 05 March 2004 8:42 pm, Eric wrote: > what pop3 is good for multiple domains? instead of qpopper Why does multiple or single domains matter to the POP3 server? Handling domains is up to the receiving MTA - POP3 just deals with local mailboxes. (Or am I missing something about how other people use POP3?) Antony. -- Having been asked for a reference for this man, I can confirm that you will be very lucky indeed if you can get him to work for you. Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
Antony Stone wrote: On Friday 05 March 2004 7:54 pm, Jim Maul wrote: On the other hand, remove sendmail and install Postfix instead. Or qmail. Both are more secure than sendmail. Is this still true? I know sendmail had a bad history of security problems in its early days (but then again it has been around for a very long time). What has sendmail's *recent* history of security problems been like? Where can I see some tests showing postfix or qmail are better? Regards, Antony, this is ot, however, we just moved our gateway mail servers from sendmail to postfix and saw a tremendous cpu-utilization drop. Security concerns aside, postfix is (in my opinion) a heck of a lot easier to manage and configure. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
what pop3 is good for multiple domains? instead of qpopper > > > > > > On the other hand, remove sendmail and install Postfix instead. > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
On Fri, 5 Mar 2004, Antony Stone wrote: > On Friday 05 March 2004 7:54 pm, Jim Maul wrote: > > > > On the other hand, remove sendmail and install Postfix instead. > > > > Or qmail. Both are more secure than sendmail. > > Is this still true? I know sendmail had a bad history of security problems > in its early days (but then again it has been around for a very long time). > > What has sendmail's *recent* history of security problems been like? Where > can I see some tests showing postfix or qmail are better? > Security issues aside, postfix is significantly simpler to setup and maintain than sendmail and deals just fine with heavy loads. It might be slightly less flexible, but for 99% of all users I'd say it's more than flexible enough. -- Jesper Juhl <[EMAIL PROTECTED]> Systems Administrator, Danmarks Idræts-Forbund / The Danish Sports Federation Please don't top-posthttp://www.catb.org/~esr/jargon/html/T/top-post.html Please send plain text emails only http://www.expita.com/nomime.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
On Friday 05 March 2004 8:22 pm, redragon wrote: > This could end up being a long drawn out battle. That is not what I intended to start when I posted my question, and I hope it doesn't happen. > I personally prefer > sendmail to any other MTA and have no security issues with it. Like any > other piece of software you install it must be maintained. Agreed. I personally like sendmail, but that's partly simply because I know it better than other MTAs. I simply wanted to know if people were aware of any recent assessments comparing the security of sendmail vs. other MTAs, showing that sendmail still has problems. The opinion expressed by Jim, that sendmail is less secure than postfix or qmail, suggested to me that he might have something to support it, and I would be very interested to see that. Regards, Antony. -- In science, one tries to tell people in such a way as to be understood by everyone something that no-one ever knew before. In poetry, it is the exact opposite. - Paul Dirac Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
It really depends on your distro. I'm going to presume you have Redhat or similar flavor installed. If so you can do rpm -qa|grep sendmail and see if sendmail dev is installed. Carl - Original Message - From: "Eric" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 05, 2004 12:20 PM Subject: [Clamav-users] sendmail devel? > How do I tell if I have sendmail-devel installed. the clamav milter tells > me to ensure that it is there. I know I am using sendmail 8.12.5 but how do > I know if its devel? which sendmail and which sendmail-devel show nothing. > > > Eric > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamd crashing on some emails
Hi, I run clamav on some higher-volume mail servers (scanning a couple hundred thousand emails a day.) Let me begin by saying that I've been very impressed at the quality of clamav; it's fast and integrates well with amavisd-new. Updates seem to be done well, and it compares favorably with the other scanners that I evaluated, F-Prot and Grisoft AVG. clamav is more configurable and flexible. I initially had trouble with clamd crashing occasionally, which has been less of a problem since a recent upgrade to the current version in CVS. It still happens once in a while though, and the last couple of instances seem to be related to an encrypted zipfile attachment (not a worm email.) Is anybody else seeing this? Sincerely, Marcus --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Occasionally missing viruses
> On Fri, 05 Mar 2004 at 10:57:12 -0800, Dominic Mazzoni wrote: > > I'm also having the problem that Ron Snyder reported yesterday, > > Ron's problem regarded milter if I saw correctly, so it may > be something > diferent. Anyway... I thought it was milter related, but now I'm not sure. It may just be the way that the milter is designed. They way I captured the samples that got through was to modify an extension munging script that we have on our MX gateway, so that any message that had the base64 signature of a zip file got copied to a special directory. I've then been checking that directory every so often for zip files that look suspicious. The three zipped files that got through all came as bounced messages, but because the bounce message headers don't have proper mime headers, the base64 encoded virus doesn't properly show up as an attachment. I am presuming that this is why clamav-milter isn't finding it, as well as the reason why clamscan --mbox doesn't find it either. (I know it is actually Sco.A because if I go through the steps to actually decode it, clamscan does recognize it.) So I guess my concerns are resolved, as long as clamav-milter and clamscan are actually supposed to be ignoring encoded files that don't have proper mime parts. -ron > > > where clamscan will mark a file as OK, but if I extract the > > attachment (just by base64-decoding it, NOT by unzipping it too), > > then clamscan properly recognizes the virus (in this case, SCO.A). > > > > Actually clamscan seems to be having this problem with every > > single SCO.A virus I get, though I'm not sure it's limited to > > just this one. > > > > I saved the email (directly out of my Imap Maildir) as "email", > > and the zip attachment (containing SCO.A) as "document.zip". > > Here's what I get with clamscan (version 0.67, after running > > freshclam): > > > > > clamscan email > > email: OK > > One _must_ use option --mbox (-m) with clamscan to scan mail files! > > > Any suggestions? Note that clamscan is successfully finding other > > viruses in my inbox, but it's missing all of the SCO ones, as > > This is a little strange (I mean: that it finds other viruses without > --mbox) but some viruses are detectable even without enabling > --mbox, so > it's possible. > > > far as I can tell. I have over 200 of them saved in a separate > > directory and clamscan misses all of those. > > Just use --mbox and tell us what happens. > > -- > Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only > [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. > [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
This could end up being a long drawn out battle. I personally prefer sendmail to any other MTA and have no security issues with it. Like any other piece of software you install it must be maintained. Sendmail offers everything I need in the virtual hosting environment that I offer customers. Its strong, reliable, easy to maintain, and requires little of my system resources. Even on the larger machines with over 500 domains and 1500 email accounts. Postfix and exim are also excellent MTA. I can't however recommend qmail for its lack of support for later technologies. If you want TLS or Auth SMTP i believe qmail requires you to rely on 3rd party software to integrate that support. Carl - Original Message - From: "Antony Stone" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 05, 2004 2:02 PM Subject: Re: [Clamav-users] sendmail devel? > On Friday 05 March 2004 7:54 pm, Jim Maul wrote: > > > > On the other hand, remove sendmail and install Postfix instead. > > > > Or qmail. Both are more secure than sendmail. > > Is this still true? I know sendmail had a bad history of security problems > in its early days (but then again it has been around for a very long time). > > What has sendmail's *recent* history of security problems been like? Where > can I see some tests showing postfix or qmail are better? > > Regards, > > Antony, > > -- > These clients are often infected by viruses or other malware and need to be > fixed. If not, the user at that client needs to be fixed... > > - Henrik Nordstrom, on Squid users' mailing list > > Please reply to the list; >please don't CC me. > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
On Friday 05 March 2004 7:54 pm, Jim Maul wrote: > > On the other hand, remove sendmail and install Postfix instead. > > Or qmail. Both are more secure than sendmail. Is this still true? I know sendmail had a bad history of security problems in its early days (but then again it has been around for a very long time). What has sendmail's *recent* history of security problems been like? Where can I see some tests showing postfix or qmail are better? Regards, Antony, -- These clients are often infected by viruses or other malware and need to be fixed. If not, the user at that client needs to be fixed... - Henrik Nordstrom, on Squid users' mailing list Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ScanMail destabilizing clamd?
Hi, I'm testing clamd from CVS as of 2004-03-04 under Solaris 7 on Sparc with the following basic config: # clamav.conf LogFile /var/adm/clamav/clamd.log LogFileMaxSize 10M LogTime PidFile /var/adm/clamav/clamd.pid TCPSocket 3310 TCPAddr 127.0.0.1 StreamSaveToDisk StreamMaxLength 30M MaxThreads 10 MaxDirectoryRecursion 15 User clamav AllowSupplementaryGroups ScanOLE2 #ScanMail ScanArchive ArchiveMaxFileSize 30M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxCompressionRatio 200 ArchiveDetectEncrypted clamd seems pretty stable, unless the ScanMail option is enabled. If I turn ScanMail on, clamd eventually goes wild and consumes huge amounts of CPU cycles indefinitely. My current fix is to restart clamd. Is ScanMail known to be unstable? I'm searching for similar experiences. Please share your thoughts. Thanks, Everton --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] sendmail devel?
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of John > Vestrum > Sent: Friday, March 05, 2004 2:05 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] sendmail devel? > > On the other hand, remove sendmail and install Postfix instead. > Forget rpm, compile from source. Amavisd-new is a nice package to > tie Postfix > to ClamAV. > > John Or qmail. Both are more secure than sendmail. just my 0.218698 pesos Jim --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Inline scanning on firewall ?
Tomasz Papszun wrote: On Fri, 05 Mar 2004 at 9:26:31 -0800, Kevin BRown wrote: jsut want to set clam to scan for clients who use the gateway to access mail servers on pop or smtop kevin If by "gateway" you mean clients setting their gateway IP address to your server/firewall, then the answer is no. There is no module that integrates clamav transparently with any type of firewall yet. at http://www.clamav.net/3rdparty.html there are mentioned some "proxy" pieces of software for SMTP and POP. One of them is amavisd-new. But that would require users setting their SMTP address to your server instead of the real SMTP server, and changing DNS MX records for your domain. None of them will work transparently with firewall. Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Occasionally missing viruses
On Fri, 05 Mar 2004 at 10:57:12 -0800, Dominic Mazzoni wrote: > I'm also having the problem that Ron Snyder reported yesterday, Ron's problem regarded milter if I saw correctly, so it may be something diferent. Anyway... > where clamscan will mark a file as OK, but if I extract the > attachment (just by base64-decoding it, NOT by unzipping it too), > then clamscan properly recognizes the virus (in this case, SCO.A). > > Actually clamscan seems to be having this problem with every > single SCO.A virus I get, though I'm not sure it's limited to > just this one. > > I saved the email (directly out of my Imap Maildir) as "email", > and the zip attachment (containing SCO.A) as "document.zip". > Here's what I get with clamscan (version 0.67, after running > freshclam): > > > clamscan email > email: OK One _must_ use option --mbox (-m) with clamscan to scan mail files! > Any suggestions? Note that clamscan is successfully finding other > viruses in my inbox, but it's missing all of the SCO ones, as This is a little strange (I mean: that it finds other viruses without --mbox) but some viruses are detectable even without enabling --mbox, so it's possible. > far as I can tell. I have over 200 of them saved in a separate > directory and clamscan misses all of those. Just use --mbox and tell us what happens. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Occasionally missing viruses
Dominic Mazzoni wrote: I'm also having the problem that Ron Snyder reported yesterday, where clamscan will mark a file as OK, but if I extract the attachment (just by base64-decoding it, NOT by unzipping it too), then clamscan properly recognizes the virus (in this case, SCO.A). Actually clamscan seems to be having this problem with every single SCO.A virus I get, though I'm not sure it's limited to just this one. I saved the email (directly out of my Imap Maildir) as "email", and the zip attachment (containing SCO.A) as "document.zip". Here's what I get with clamscan (version 0.67, after running freshclam): > clamscan email email: OK --- SCAN SUMMARY --- Known viruses: 20381 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.03 MB I/O buffer size: 131072 bytes Time: 0.833 sec (0 m 0 s) > clamscan document.zip document.zip: Worm.SCO.A FOUND --- SCAN SUMMARY --- Known viruses: 20381 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB I/O buffer size: 131072 bytes Time: 0.787 sec (0 m 0 s) Any suggestions? Note that clamscan is successfully finding other viruses in my inbox, but it's missing all of the SCO ones, as far as I can tell. I have over 200 of them saved in a separate directory and clamscan misses all of those. Thanks, Dominic Try running 'clamscan --mbox email' Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail devel?
If you are on an rpm based system (Mandrake, Fedora, etc), use: # rpm -qa | grep -i sendmail and look for a sendmail-devel package. If it's not there, you need to find one that matches your version of sendmail. If sendmail came with your linux distribution (assuming you are using linux) then look for the sendmail-devel rpm in the same place you got the distro from (your install CDs, ftp server, etc). BTW, *-devel rpms only contain the "extra stuff" you need for compiling, so don't remove sendmail when you install sendmail-devel. On the other hand, remove sendmail and install Postfix instead. Forget rpm, compile from source. Amavisd-new is a nice package to tie Postfix to ClamAV. John On Friday 05 March 2004 12:20 pm, you wrote: > How do I tell if I have sendmail-devel installed. the clamav milter tells > me to ensure that it is there. I know I am using sendmail 8.12.5 but how do > I know if its devel? which sendmail and which sendmail-devel show nothing. > > > Eric > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Occasionally missing viruses
I'm also having the problem that Ron Snyder reported yesterday, where clamscan will mark a file as OK, but if I extract the attachment (just by base64-decoding it, NOT by unzipping it too), then clamscan properly recognizes the virus (in this case, SCO.A). Actually clamscan seems to be having this problem with every single SCO.A virus I get, though I'm not sure it's limited to just this one. I saved the email (directly out of my Imap Maildir) as "email", and the zip attachment (containing SCO.A) as "document.zip". Here's what I get with clamscan (version 0.67, after running freshclam): > clamscan email email: OK --- SCAN SUMMARY --- Known viruses: 20381 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.03 MB I/O buffer size: 131072 bytes Time: 0.833 sec (0 m 0 s) > clamscan document.zip document.zip: Worm.SCO.A FOUND --- SCAN SUMMARY --- Known viruses: 20381 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB I/O buffer size: 131072 bytes Time: 0.787 sec (0 m 0 s) Any suggestions? Note that clamscan is successfully finding other viruses in my inbox, but it's missing all of the SCO ones, as far as I can tell. I have over 200 of them saved in a separate directory and clamscan misses all of those. Thanks, Dominic --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Inline scanning on firewall ?
On Fri, 05 Mar 2004 at 9:26:31 -0800, Kevin BRown wrote: > Can I set clam to scan incoming mail messages? > I use a clarkconnect 2.1 (redhat9) based firewall /gateway for a dsl modem. > It is not a mail server, jsut want to set clam to scan for > clients who use the gateway to access mail servers on pop or smtop > kevin I haven't checked exactly but at http://www.clamav.net/3rdparty.html there are mentioned some "proxy" pieces of software for SMTP and POP. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] sendmail devel?
How do I tell if I have sendmail-devel installed. the clamav milter tells me to ensure that it is there. I know I am using sendmail 8.12.5 but how do I know if its devel? which sendmail and which sendmail-devel show nothing. Eric --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] "Too many open files" Error :-(
Hello. I run Clam AV on RedHat 6.2. Some time after (about one hour) running clamav-milter is stop scanning with error: 2004-03-05 17:50:51 clamav-milter[24815]: clamfi_envfrom: 2004-03-05 17:50:51 clamav-milter[24812]: clamfi_envfrom: 2004-03-05 17:50:52 clamav-milter[24825]: clamfi_envfrom: 2004-03-05 17:50:53 clamav-milter[24808]: clamfi_envfrom: 2004-03-05 17:50:54 clamav-milter[24845]: clamfi_envfrom: 2004-03-05 17:50:54 clamav-milter[24832]: clamfi_envfrom: 2004-03-05 17:50:54 clamav-milter[24822]: clamfi_envfrom: 2004-03-05 17:50:54 clamav-milter[24851]: clamfi_envfrom: 2004-03-05 17:50:55 clamav-milter[24856]: clamfi_envfrom: 2004-03-05 17:50:55 clamav-milter[23628]: ClamAv: accept() returned invalid socket (Too many open files), try again 2004-03-05 17:50:55 clamav-milter[24854]: clamfi_envfrom: 2004-03-05 17:50:56 clamav-milter[23628]: ClamAv: accept() returned invalid socket (Too many open files), try again 2004-03-05 17:50:57 clamav-milter[24856]: clamfi_close 2004-03-05 17:50:58 clamav-milter[23628]: ClamAv: accept() returned invalid socket (Too many open files), try again 2004-03-05 17:50:58 clamav-milter[24883]: clamfi_envfrom: 2004-03-05 17:50:58 clamav-milter[24854]: clamfi_close 2004-03-05 17:50:58 clamav-milter[24883]: clamfi_close 2004-03-05 17:50:59 clamav-milter[23628]: ClamAv: accept() returned invalid socket (Too many open files), try again 2004-03-05 17:50:59 clamav-milter[6728]: clamfi_close 2004-03-05 17:50:59 clamav-milter[24908]: clamfi_envfrom: 2004-03-05 17:50:59 clamav-milter[24906]: clamfi_envfrom: 2004-03-05 17:50:59 clamav-milter[24903]: clamfi_envfrom: 2004-03-05 17:50:59 clamav-milter[24903]: clamfi_close 2004-03-05 17:51:00 clamav-milter[23628]: ClamAv: accept() returned invalid socket (Too many open files), try again 2004-03-05 17:51:00 clamav-milter[24934]: clamfi_envfrom: 2004-03-05 17:51:00 clamav-milter[24906]: clamfi_close 2004-03-05 17:51:01 clamav-milter[24904]: clamfi_envfrom: 2004-03-05 17:51:01 clamav-milter[23628]: ClamAv: accept() returned invalid socket (Too many open files), try again The linux kernel (2.2.26) is manualy configured: --limits.h-- #ifndef _LINUX_LIMITS_H #define _LINUX_LIMITS_H #define NR_OPEN 4096 #define NGROUPS_MAX 32/* supplemental group IDs are available */ #define ARG_MAX 131072/* # bytes of args + environ for exec() */ #define CHILD_MAX999/* no limit :-) */ #define OPEN_MAX2048/* # open files a process may have */ #define LINK_MAX 127/* # links a file may have */ #define MAX_CANON255/* size of the canonical input queue */ #define MAX_INPUT255/* size of the type-ahead buffer */ #define NAME_MAX 255/* # chars in a file name */ #define PATH_MAX4095/* # chars in a path name */ #define PIPE_BUF4096/* # bytes in atomic write to a pipe */ #define RTSIG_MAX 32 #endif - For restore work I need to restart clamd and clamav-milter... Have you any idea ? -- Regards, Sergey --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: [Clamav-virusdb] Update (daily: 165)
On Fri, Mar 05, 2004 at 08:38:48AM +, Trog wrote: | On Fri, 2004-03-05 at 08:15, Virgo PÃrna wrote: | > On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote: | > > On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote: | > >> | > >> Does this mean that 0.67 will now detect the the encrypted versions | > >> regardless of password? | > > | > > Yes. | > | > But it's still usable only with full message scan? | | No, it'll match with just the encrypted zip file. Nice. It actually works, too. (a coworker had a copy he received, so I tested it with that) -D -- "He is no fool who gives up what he cannot keep to gain what he cannot lose." --Jim Elliot www: http://dman13.dyndns.org/~dman/jabber: [EMAIL PROTECTED] signature.asc Description: Digital signature
[Clamav-users] Inline scanning on firewall ?
Can I set clam to scan incoming mail messages? I use a clarkconnect 2.1 (redhat9) based firewall /gateway for a dsl modem. It is not a mail server, jsut want to set clam to scan for clients who use the gateway to access mail servers on pop or smtop kevin --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Trouble Installing ClamAV
Henry Hartley wrote: I'm trying to install ClamAV on my Fedora Core 1 server. I used yum to install from the FC repository. It installed version 0.65. I noticed that on the clamav site that the current release is 0.67 and I found reference to Petr Kristof's repository (crash.fce.vutbr.cz) and I added that to my yum.conf. When I try to upgrade (yum upgrade clamav) I am get the following three errors: Errors reported doing trial run file /usr/lib/libclamav.so.1.0.3 from install of clamav-0.67-1 conflicts with file from package clamav-lib-0.65-0.fdr.5.1 file /var/lib/clamav/daily.cvd from install of clamav-0.67-1 conflicts with file from package clamav-data-0.65-0.fdr.5.1 file /var/lib/clamav/main.cvd from install of clamav-0.67-1 conflicts with file from package clamav-data-0.65-0.fdr.5.1 Hello Henry, it seems you have installed clamav made by different packager, who splited clamav to several subpackages. Run 'rpm -qa | grep clam" to see list of all clamav packages. Uninstall each of them manualy by 'rpm -e package_name' Now you can install it from scratch by 'yum update clamav' Hope it helps Petr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Core dump backtrace for crash
We've been having some trouble with 0.67 crashing. I believe it has to do with a mail loop created between hotmail and a forwarded local user account. Right before the crash all memory will be used. Before we started using ulimits we would get: Mar 4 14:34:33 minos kernel: Out of Memory: Killed process 21902 (clamd). We have 1Gb RAM and another Gb of swap so it is pretty hungry. Every file in the directory listed has the exact same message (there are 16 of them): Final-Recipient: rfc822;@hotmail.com Action: failed Status: 5.2.3 Diagnostic-Code: smtp;552 5.2.3 This message is larger than the current system limit or the recipient's mailbox is full. Create a shorter message body or remove attachments and try sending it again. I'm running the crashhat rpms (recompiled locally) with clamav-milter and ulimits on the clamav user to prevent it from eating all the RAM (this happens a lot, I believe related to this crash). clamav-milter --version: ClamAV version 0.67, clamav-milter version 0.66n [EMAIL PROTECTED] profile.d]# su - clamav -s /bin/bash -c "ulimit -a" core file size(blocks, -c) unlimited data seg size (kbytes, -d) 20 file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) 20 open files(-n) 5000 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes(-u) 7168 virtual memory(kbytes, -v) 20 For those interested in ulimits: We had to make a small modification to the init script to make it use ulimits. change: daemon /usr/sbin/clamd to: daemon --user clamav /usr/sbin/clamd -- Robert Schmidt -- UNIX Tech Support [EMAIL PROTECTED] MC1021 519-888-4567 x6453 (gdb) bt #0 0x008b8c32 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x008f7989 in raise () from /lib/tls/libc.so.6 #2 0x008f9342 in abort () from /lib/tls/libc.so.6 #3 0x008f1338 in __assert_fail () from /lib/tls/libc.so.6 #4 0x003bffc8 in messageToText (m=0xaee63b60) at message.c:1070 #5 0x003bc447 in parseEmailHeaders (m=0x6, rfc821Table=0x97538a8) at mbox.c:403 #6 0x003bd4e0 in parseEmailBody (messageIn=0xaea5a1b8, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:958 #7 0x003bd525 in parseEmailBody (messageIn=0xafcc6388, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #8 0x003bd525 in parseEmailBody (messageIn=0xb0c2d490, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #9 0x003bd525 in parseEmailBody (messageIn=0xb1e8f2d8, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #10 0x003bd525 in parseEmailBody (messageIn=0xb30ed508, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #11 0x003bd525 in parseEmailBody (messageIn=0xb4047d48, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #12 0x003bd525 in parseEmailBody (messageIn=0xb529dc78, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #13 0x003bd525 in parseEmailBody (messageIn=0xb64f0dd8, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #14 0x003bd525 in parseEmailBody (messageIn=0xb743f440, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #15 0x003bd525 in parseEmailBody (messageIn=0xb868cc60, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #16 0x003bd525 in parseEmailBody (messageIn=0xb98d5890, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #17 0x003bd525 in parseEmailBody (messageIn=0xba819538, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #18 0x003bd525 in parseEmailBody (messageIn=0xbdcaefa0, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #19 0x003bd525 in parseEmailBody (messageIn=0xa46ba28, blobsIn=0x0, nBlobs=0, textIn=0x0, dir=0x8d313d0 "/tmp/68c22c5cdec7b0e8", rfc821Table=0x97538a8, subtypeTable=0x9753928) at mbox.c:960 #20 0x003bd525 in parseEmailBody (messageIn=0xa019df8, bl
[Clamav-users] Trouble Installing ClamAV
I'm trying to install ClamAV on my Fedora Core 1 server. I used yum to install from the FC repository. It installed version 0.65. I noticed that on the clamav site that the current release is 0.67 and I found reference to Petr Kristof's repository (crash.fce.vutbr.cz) and I added that to my yum.conf. When I try to upgrade (yum upgrade clamav) I am get the following three errors: Errors reported doing trial run file /usr/lib/libclamav.so.1.0.3 from install of clamav-0.67-1 conflicts with file from package clamav-lib-0.65-0.fdr.5.1 file /var/lib/clamav/daily.cvd from install of clamav-0.67-1 conflicts with file from package clamav-data-0.65-0.fdr.5.1 file /var/lib/clamav/main.cvd from install of clamav-0.67-1 conflicts with file from package clamav-data-0.65-0.fdr.5.1 I uninstalled clamav (yum remove clamav) and made sure all these files were gone but still got the errors. I ran yum clean and deleted the clamav headers from the cache, I deleted and rebuilt my rpm database and I still these errors. Am I just being stupid or what? -- Henry --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam milter attachment scan problem
probably yes... but after restarting now it's working good waiting for new "trouble" Tomasz Kojm wrote: On Fri, 05 Mar 2004 13:14:12 +0200 Michael Eglit <[EMAIL PROTECTED]> wrote: There is problem with scanning attachment with milter all message with attachment for clam are infected: contained a virus and has not been delivered. stream: (null) FOUND mails without attachmets are ok ... :( There must be some problem with clamd. Is the problem reproducable ? -- Best regards, Michael Eglit C.T.Co, Riga, Latvia cell +371 9109400mailto:[EMAIL PROTECTED] work +371 7801942
[Clamav-users] Re: ArchiveDetectEncrypted and --detect-encrypted
Trog wrote: The message you just sent me got stopped: VIRUS ALERT: Worm.Bagle.Gen-zippwd Right. I'll be upgrading then :o) Thanks for your time. -- Regards /Franck --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd/freshclam logging
On Fri, 05 Mar 2004 09:34:55 +0100 Frank Elsner <[EMAIL PROTECTED]> wrote: > ACK. So I repeat my request for syslog logging support for freshclam. OK, request accepted :-) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 5 13:19:44 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Clam milter attachment scan problem
On Fri, 05 Mar 2004 13:14:12 +0200 Michael Eglit <[EMAIL PROTECTED]> wrote: > There is problem with scanning attachment with milter > > all message with attachment for clam are infected: > > contained a virus and has not been delivered. > stream: (null) FOUND > > mails without attachmets are ok ... :( There must be some problem with clamd. Is the problem reproducable ? -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 5 13:18:01 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Clam milter attachment scan problem
There was a problem with latest version - memory allocation problem ... and I install latest version from FreeBSD ports Nigel Horne wrote: On Friday 05 Mar 2004 11:14 am, Michael Eglit wrote: There is problem with scanning attachment with milter ClamAV version 0.65', clamav-milter version '0.60p under FreeBSD 4.9-STABLE 0.60p is old, what happens when you try an up to date version of the software? -Nigel -- Best regards, Michael Eglit C.T.Co, Riga, Latvia cell +371 9109400mailto:[EMAIL PROTECTED] work +371 7801942
Re: [Clamav-users] Clam milter attachment scan problem
On Friday 05 Mar 2004 11:14 am, Michael Eglit wrote: > There is problem with scanning attachment with milter > ClamAV version 0.65', clamav-milter version '0.60p under FreeBSD 4.9-STABLE 0.60p is old, what happens when you try an up to date version of the software? -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] GMP installation problem in OS X Server 10.2.8
I tried to follow the instructions at http://www.mail-archive.com/clamav-users%40lists.sourceforge.net/ msg04589.html to install ClamAV. When trying to 'make' GMP, I get the following error. libtool: unrecognized option `--tag=CC' and GMP fails to install. I have a feeling this problem is caused by an outdated version of glibtool (1.4.2) in OS X Server 10.2.8. If so, how do I get glibtool 1.5 to install properly under OS X Server 10.2.8? -- Hans Vallden Strategiasuunnittelija Suunnittelutoimisto Kirnauskis Oy http://www.kirnauskis.fi/ puh. +358 50 517 4318 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clam milter attachment scan problem
There is problem with scanning attachment with milter all message with attachment for clam are infected: contained a virus and has not been delivered. stream: (null) FOUND mails without attachmets are ok ... :( ClamAV version 0.65', clamav-milter version '0.60p under FreeBSD 4.9-STABLE -- Best regards, Michael Eglit C.T.Co, Riga, Latvia cell +371 9109400mailto:[EMAIL PROTECTED] work +371 7801942 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error with clamav-milter
> Hi there, > > I'm trying to get the clamav-milter to work with sendmail. I've made all > the required changes to the sendmail.cf file, but when I try to restart > sendmail, I get the error: > "sendmail: WARNING: Xclmilter'': local socket name > /var/clamav/clmilter.sock' missing". > > I've verified, and the clmilter.sock file is indeed in the > /var/clamav/clmilter.sock directory (srwxr-xr-x1 root root > 0 Mar 3 16:51 clmilter.sock). > > Here is some info about the system: > Redhat 8.0 > Kernel 2.4.18 > Sendmail 8.12.5-7 (though when connecting via telnet, the version is > 8.12.8/8.12.5) > ClamAV version 0.67-1 > > I've compiled ClamAV with the --enable-milter option, and it works fine. > clamd starts up fine as well, and all tests seem to go through. One thing I > noticed is that when I execute "/usr/sbin/clamav-milter -blo > /var/clamav/clmilter.sock", I get a warning: "/usr/sbin/clamav-milter: > running as root is not recommended". However, I can see via "ps" that it is > running. > > Is there something I missed? Any help is appreciated. > > Thanks, > > James Barber > [EMAIL PROTECTED] > give the clamav user the ownership; chown clamav:clamav /var/clamav/clmilter.sock --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with clamd
On Fri, 2004-03-05 at 01:15, Doug Hardie wrote: > > > > I just uncommented the thread timeout the last time I restarted clamd > > a couple minutes ago so I don't know what effect that will have. ThreadTimeout isn't used in the current CVS version. > Here is some more information: After running with the timeout set to > 500, clamd no longer dies. It chugs along for quite awhile (about 10 > minutes) at full cpu usage and then returns to normal use. I don't see > anything different in the load between the periods. However a ktrace > of clamd shows a significant difference. Normally clamd shows nothing > much when idle and it shows the messages being received (read) when > processing a message. However, when its running at full cpu > utilization, ktrace shows thousands of sequences like: > >8313 clamdPSIG SIGPROF caught handler=0x28116228 mask=0x0 > code=0x0 >8313 clamdCALL gettimeofday(0x2815fe4c,0) >8313 clamdRET gettimeofday 0 >8313 clamdCALL sigprocmask(0x3,0x2815fed8,0) >8313 clamdRET sigprocmask 0 >8313 clamdCALL sigaltstack(0x2817c000,0) >8313 clamdRET sigaltstack 0 >8313 clamdCALL poll(0x806f000,0x1,0) >8313 clamdRET poll 0 >8313 clamdCALL sigreturn(0x808ac64) >8313 clamdRET sigreturn JUSTRETURN > > and then there will be one message processed and then back to a few > more thousand of those sequences. This looks entirely broken. Your trace indicates that the last argument to poll (the timeout) is zero. The code looked like this count = poll(poll_data, 1, CL_DEFAULT_SCANTIMEOUT*1000); i.e. the timeout *can't* be zero unless you changed the value of CL_DEFAULT_SCANTIMEOUT or your system is fundamentally broken. unless your system is using poll to spin somewhere. -trog signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Re: ArchiveDetectEncrypted and --detect-encrypted
On Fri, 2004-03-05 at 09:34, Franck wrote: > Does this mean you want submissions of encrypted zip archives if they > aren't getting caught? > 'Cause I'm getting hit by what Symantec identifies as Bagle.J in > encrypted archives that have slipped by Clam even with the newest > updates. The message you just sent me got stopped: VIRUS ALERT: Worm.Bagle.Gen-zippwd -trog signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] Re: ArchiveDetectEncrypted and --detect-encrypted
On Fri, 2004-03-05 at 09:34, Franck wrote: > Tomasz Kojm wrote: > > > Submission: n/a > > Sender: Diego d'Ambra > > Virus name: Worm.Bagle.Gen-zippwd > > Notes: Generic signature to detect password-protected Bagle zip files > > The signature matches encrypted zip files. > > Does this mean you want submissions of encrypted zip archives if they > aren't getting caught? > 'Cause I'm getting hit by what Symantec identifies as Bagle.J in > encrypted archives that have slipped by Clam even with the newest > updates. > Yes, you can send those to me if you still have them. Preferably as complete email messages. Cheers, -trog signature.asc Description: This is a digitally signed message part
[Clamav-users] Re: ArchiveDetectEncrypted and --detect-encrypted
Tomasz Kojm wrote: Submission: n/a Sender: Diego d'Ambra Virus name: Worm.Bagle.Gen-zippwd Notes: Generic signature to detect password-protected Bagle zip files The signature matches encrypted zip files. Does this mean you want submissions of encrypted zip archives if they aren't getting caught? 'Cause I'm getting hit by what Symantec identifies as Bagle.J in encrypted archives that have slipped by Clam even with the newest updates. - Other than that: Just thanks for keeping our company mail server safe! :o) -- Regards /Franck --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: [Clamav-virusdb] Update (daily: 165)
On Fri, 05 Mar 2004 08:38:48 +, Trog <[EMAIL PROTECTED]> wrote: > > No, it'll match with just the encrypted zip file. > Right, disable-archive seems to do the magic...:) -- Virgo Pärna [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: [Clamav-virusdb] Update (daily: 165)
On Fri, 2004-03-05 at 08:15, Virgo Pärna wrote: > On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote: > > On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote: > >> > >> Does this mean that 0.67 will now detect the the encrypted versions > >> regardless of password? > > > > Yes. > > > > But it's still usable only with full message scan? No, it'll match with just the encrypted zip file. -trog signature.asc Description: This is a digitally signed message part
Re: [Clamav-users] clamd/freshclam logging
On Fri, 05 Mar 2004 08:40:25 +0100 Tomasz Kojm wrote: > On Thu, 04 Mar 2004 22:00:14 +0100 > Frank Elsner <[EMAIL PROTECTED]> wrote: > > > > > > Are you using the same log file for clamd and freshclam ?! > > > > > > > > Yes. > > > > > > That's a very bad idea. > > > > Tell me why. Clamd and freshclam belong together so the logging of > > both > > should go to one file. > > Two separate processes shouldn't write to the one file without > synchronization. ACK. So I repeat my request for syslog logging support for freshclam. --Frank Elsner --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: [Clamav-virusdb] Update (daily: 165)
On Fri, 5 Mar 2004 01:55:17 +0100, Tomasz Papszun wrote: > On Thu, 04 Mar 2004 at 19:14:32 -0500, Tim B wrote: >> >> Does this mean that 0.67 will now detect the the encrypted versions >> regardless of password? > > Yes. > But it's still usable only with full message scan? -- Virgo Pärna [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd/freshclam logging
On Thu, 04 Mar 2004 22:00:14 +0100 Frank Elsner <[EMAIL PROTECTED]> wrote: > > > > Are you using the same log file for clamd and freshclam ?! > > > > > > Yes. > > > > That's a very bad idea. > > Tell me why. Clamd and freshclam belong together so the logging of > both > should go to one file. Two separate processes shouldn't write to the one file without synchronization. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 5 08:39:13 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Question about digital signatures on the databases
On Thu, 04 Mar 2004 16:53:01 -0700 Shawn Michael <[EMAIL PROTECTED]> wrote: > I have looked far and wide for the answer to this (docs, comments in > source, and the list archives.) and so far I cannot find an answer. > The question is what kind of digital signature is used to verify the That's a 1024 bit RSA with MD5 as a hash. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 5 08:41:53 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] apologies to DBLIST
On Thu, 04 Mar 2004 19:42:36 -0500 Tim B <[EMAIL PROTECTED]> wrote: > My most humble apologies. I accidentally sent a post I meant for > clamav-users to clamav-virusdb. Don't worry - the virsdb@ list only accepts mails from the developers. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Mar 5 08:27:21 CET 2004 pgp0.pgp Description: PGP signature