[Clamav-users] ScanStream errors
After weeks of running clamd+clamav-milter without any problems (Solaris9 sparc, sendmail 8.12.10), today morning something wrong happened. Below are some lines from clamd.log : Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:47 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:48 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:48 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:50 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:55 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:57 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:58 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:58 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:59 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 04:01:00 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 04:01:33 2004 - Session 0 stopped due to timeout. Tue Mar 16 04:01:53 2004 - SelfCheck: Database status OK. Tue Mar 16 04:02:27 2004 - ERROR: ScanStream: Can't create temporary file. Tue Mar 16 04:03:00 2004 - ERROR: ScanStream: Can't create temporary file. Tue Mar 16 04:03:21 2004 - ERROR: ScanStream: Can't create temporary file. ... lot of this 'can't create' lines until I've rebooted machine. After that, all is OK. As a result, sendmail was responding to all with reject=451 4.7.1 Try again later Could someone guess what happened? Krzysztof Snopek [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Where is the sock file
On Tue, 16 Mar 2004 10:13:48 +0300, Odhiambo Washington [EMAIL PROTECTED] wrote: [...] Do you have a file clamav.conf?? I'm talking about socket file ? Is there a way to coonect to CLAM using socket ?? Very much! Go slowly and read the installation docs. The answers are there. That is why I asked you if you even have a file called clamav.conf. The fact that you are asking this question shows that you obviously haven't read anything to do with install, or if you did, you were in a great hurry, which is not good for you in the long run. I know soon someone here is gonna tell you to RTM. Badly enough, I happen to have just done it;( Hi Washington, You are right!! Few months back when i started to use Clam_AV , i had little knowledge {(compared to today :) } on it So i re-read the doc and solved this !! Let me check how much better/poor performance does CLAM give using Socket :) Thanks -Dilip --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem in install ClamAV
I am suffering the same problem, I'm running SuSE 9 Pro. Typing 'clamd' gives no response whatsoever, clamscan has installed and is functional. My symptoms are the same. What do I need to do I have read as much info as I can get hold of. Would clamav-milter installation improve the situation. I'm using amavisd-new to tie everything together, spamassassin is working fine. What do I need to do ??? Paul On Tuesday 16 March 2004 07:17, Fajar A. Nugraha wrote: Muhammad Kashif Muneer wrote: Dear Sir, I have checked both points that u mentioned but did not find any of them. I have conf file in /usr/local/etc/clamav.conf In this file I have entry LocalSocket /tmp/clamd I also check the location of /var/run but did not find folder clamav. It means installation did not create clamav.sock file and did not creat folder in /var/run. It seems that you want to use clamav-milter, a program that glues clamav to sendmail. In that case try reading http://clamav.or.id/snapshot/docs/html/node28.html (the doc pages of www.clamav.net are a little outdated). You could also find recent documentation on docs folder on clamav source. also read INSTALL file on clamav-milter directory on source package. In short, running ./configure make make install is not enough Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
Fajar A. Nugraha wrote: Helmut Schneider wrote: seems that the clamav Port (0.67-1) has problems with RAR Files (e.g. Bagle.N): To avoid missunderstandings, I know the file is pwd, but clamav does not recognize the virus within the archive (maybe a DB problem)... Sometimes the signatures were created using the complete mail, so clamscan won't recognize the attachment alone but it will recognize the complete mail. If you use clamscan, you can work around RAR errors using --unrar[=FULLPATH] Enable support for .rar files But since the RARs are password-protected, it's useless. My suggestion is try feeding the complete virus mail to clamscan (instead of just the attachment), and see if it works. Thats the point, if clamav would have detected the virus in the original mail I wouldn't have posted here... :) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
Helmut Schneider wrote: Thats the point, if clamav would have detected the virus in the original mail I wouldn't have posted here... :) Aaah :) In that case, test the original mail (not just the attachments) on http://www.gietl.com/test-clamav/. If it's not detected, submit it to http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi Judging form the last updates clamav *might* detect it now. Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem in install ClamAV
Paul Constable wrote: I am suffering the same problem, I'm running SuSE 9 Pro. Typing 'clamd' gives no response whatsoever, Again, how do you get your package (rpm, source, binary .tar.gz, etc)? Next, find out where your clamav.conf is. There sould be a line similar to LocalSocket /tmp/clamd == The location of your socket LogFile /usr/local/share/clamav/clamd.log == clamd log file You might use syslog for clamd instead of LogFile. In that case, to help debugging, add LogFile line to clamav.conf. Make sure that file/directory is writable by clamav user. Then, start clamd and see what your clamd.log says. A successful start would have these entries : Tue Mar 16 16:12:15 2004 - +++ Started at Tue Mar 16 16:12:15 2004 Tue Mar 16 16:12:15 2004 - Log file size limit disabled. Tue Mar 16 16:12:15 2004 - Running as user root (UID 0, GID 0) Tue Mar 16 16:12:15 2004 - Reading databases from /usr/local/share/clamav Tue Mar 16 16:12:15 2004 - Protecting against 20350 viruses. Tue Mar 16 16:12:16 2004 - *Unix socket file /tmp/clamd* Tue Mar 16 16:12:16 2004 - Setting connection queue length to 30 Tue Mar 16 16:12:16 2004 - Archive: Archived file size limit set to 10485760 bytes. Tue Mar 16 16:12:16 2004 - Archive: Recursion level limit set to 5. Tue Mar 16 16:12:16 2004 - Archive: Files limit set to 1000. Tue Mar 16 16:12:16 2004 - WARNING: USING HARDCODED LIMIT: Archive: Compression ratio limit set to 200. Tue Mar 16 16:12:16 2004 - Archive support enabled. Tue Mar 16 16:12:16 2004 - RAR support disabled. Tue Mar 16 16:12:16 2004 - Mail files support disabled. Tue Mar 16 16:12:16 2004 - OLE2 support disabled. Tue Mar 16 16:12:16 2004 - Self checking every 3600 seconds. Tue Mar 16 16:12:16 2004 - ERROR: Clamuko is not available. clamscan has installed and is functional. My symptoms are the same. What do I need to do I have read as much info as I can get hold of. Would clamav-milter installation improve the situation. I'm using amavisd-new to tie everything together, spamassassin is working fine. You don't need clamav-milter for amavisd-new. Just read amavisd-new docs or config file, see where it expects clamd to be (path to local socket, or TCP port) then change your clamav.conf to match it. It might help if you run clamav as the same user as amavis (e.g change User line on clamav.conf). Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav very slow when scanning files with mostly 0xff
On Mon, 15 Mar 2004 22:41:39 -0500 James [EMAIL PROTECTED] wrote: I'm currently using clamav 0.67, and I'm seeing clamav taking a long time scanning files with mostly 0xFFs. Normally the time it takes to scan a file is not a problem but once a while we receive a large mostly white picture, and instead of the usual minute or so to scan a file, it takes 20+ mins to scan it. This is happening on both linux on intel and solaris on sparcs. Just as a data point, I used clamscan to scan a 1M data file with random data and it took 3.6 sec, but a 1M file of all 0xFF's took 21 sec. Has anyone else seen this problem? It seems there are (far) too many signatures that start with and the node [ff][ff] contains too many signatures in the linked list. I will fix that with the next main.cvd update. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 16 09:41:56 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] password protected zip file
On Tue, 16 Mar 2004 11:55:33 +1100 Jonathan Trott [EMAIL PROTECTED] wrote: Tomasz Kojm [EMAIL PROTECTED] wrote on 12/03/2004 00:07:01: On Thu, 11 Mar 2004 12:49:36 +1100 Jonathan Trott [EMAIL PROTECTED] wrote: At the moment, if you put any virus inside an encrypted zip file, clamav reports that there isn't a virus in there, which is a false negative. Better to report that it couldn't be scanned than there wasn't a virus in there. No, that's definitely not a false negative. Password protected viruses are not dangerous (and not interesting to us) as long as they don't distribute the password. But anyway you should check the --detect-encrypted option (CVS). How can you determine that the password is being distributed with the message? How about the situation where a malicious hacker is trying to We can't. We only detect encrypted archives. introduce a trojan into the network via email that contains a password protected zip file with the trojan inside? There wouldn't be a password in the email signature for that situation and clamav would have passed it as clean! Clamav should (as I assume the CVS option now does) report that the file could not be scanned, and let who/whatever has called clamav process the file as it sees fit. Do anything but Actually that's the way clamav works. Also it always scans a raw file (that's why our generic signature for Bagle zips work). -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 16 09:56:22 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] New varient of password compressed virus
On Mon, 15 Mar 2004 17:12:20 -0700 (MST) Lucas Albers [EMAIL PROTECTED] wrote: Fajar A. Nugraha said: An interesting fact on ChangeLog: Thu Mar 11 21:50:32 CET 2004 (tk) - * libclamav: rar: added support for encrypted archive (Encrypted.RAR) detection To make an obvious statement. Clamav should add encrypted compression detection support for all formats it supports. All encrypted archives supported by the built-in libraries (RAR, Zip) can be detected. Compressed files (bzip2, gzip, ...) don't support a direct encryption. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 16 09:52:41 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] New varient of password compressed virus
Lucas Albers schrieb: Fajar A. Nugraha said: An interesting fact on ChangeLog: Thu Mar 11 21:50:32 CET 2004 (tk) - * libclamav: rar: added support for encrypted archive (Encrypted.RAR) detection To make an obvious statement. Clamav should add encrypted compression detection support for all formats it supports. As we will see more variants... I just guess this is in the works. It was easy to add for ZIP (using a patch from a fellow user), but other archive types have been delayed for work on 0.70. Thomas --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
Fajar A. Nugraha wrote: Helmut Schneider wrote: Thats the point, if clamav would have detected the virus in the original mail I wouldn't have posted here... :) Aaah :) In that case, test the original mail (not just the attachments) on http://www.gietl.com/test-clamav/. If it's not detected, submit it to http://www.nervous.it/~nervous/cgi-bin/sendvirus.cgi done. Thanks, Helmut --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem in install ClamAV
My apologies, for not furnishing more detail. I obtained a tarball and built from source. I have all pieces in place that you mention, but when trying to stimulate the the daemon by a script i.e clamctl I get a compliant that it cannot parse the conf.file. When typing just 'clamd' on the commandline either as myself or as root, I get no response whatsoever. On Tuesday 16 Mar 2004 09:13, Fajar A. Nugraha wrote: Paul Constable wrote: I am suffering the same problem, I'm running SuSE 9 Pro. Typing 'clamd' gives no response whatsoever, Again, how do you get your package (rpm, source, binary .tar.gz, etc)? Next, find out where your clamav.conf is. There sould be a line similar to LocalSocket /tmp/clamd == The location of your socket LogFile /usr/local/share/clamav/clamd.log == clamd log file You might use syslog for clamd instead of LogFile. In that case, to help debugging, add LogFile line to clamav.conf. Make sure that file/directory is writable by clamav user. Then, start clamd and see what your clamd.log says. A successful start would have these entries : Tue Mar 16 16:12:15 2004 - +++ Started at Tue Mar 16 16:12:15 2004 Tue Mar 16 16:12:15 2004 - Log file size limit disabled. Tue Mar 16 16:12:15 2004 - Running as user root (UID 0, GID 0) Tue Mar 16 16:12:15 2004 - Reading databases from /usr/local/share/clamav Tue Mar 16 16:12:15 2004 - Protecting against 20350 viruses. Tue Mar 16 16:12:16 2004 - *Unix socket file /tmp/clamd* Tue Mar 16 16:12:16 2004 - Setting connection queue length to 30 Tue Mar 16 16:12:16 2004 - Archive: Archived file size limit set to 10485760 bytes. Tue Mar 16 16:12:16 2004 - Archive: Recursion level limit set to 5. Tue Mar 16 16:12:16 2004 - Archive: Files limit set to 1000. Tue Mar 16 16:12:16 2004 - WARNING: USING HARDCODED LIMIT: Archive: Compression ratio limit set to 200. Tue Mar 16 16:12:16 2004 - Archive support enabled. Tue Mar 16 16:12:16 2004 - RAR support disabled. Tue Mar 16 16:12:16 2004 - Mail files support disabled. Tue Mar 16 16:12:16 2004 - OLE2 support disabled. Tue Mar 16 16:12:16 2004 - Self checking every 3600 seconds. Tue Mar 16 16:12:16 2004 - ERROR: Clamuko is not available. clamscan has installed and is functional. My symptoms are the same. What do I need to do I have read as much info as I can get hold of. Would clamav-milter installation improve the situation. I'm using amavisd-new to tie everything together, spamassassin is working fine. You don't need clamav-milter for amavisd-new. Just read amavisd-new docs or config file, see where it expects clamd to be (path to local socket, or TCP port) then change your clamav.conf to match it. It might help if you run clamav as the same user as amavis (e.g change User line on clamav.conf). Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- ~~~ The box says: Win98, WinNT or BETTER. That's why I installed Linux. ~~~ --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam on update problem
When I enter freshclam --on-update-execute='echo DONE' the database updates but the command doesn't execute. I've tried lots of variations but no joy. I ultimately want freshclam to run from CRON and execute a script that emails me if the update fails. The script works fine, but freshclam doesn't execute it. No errors are returned. version 0.68 Please help
Re: [Clamav-users] ScanStream errors
Sorry, I forgot to add: clamav version 0.67-1 Krzysztof Snopek --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] sendmail does not use clamav ?!
On Tuesday 16 March 2004 11:07, Andrei Bucur wrote: i add next lines in sendmail.mc: INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamd/clamd-milter.sock,F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clmilter') Please see ps awwx|grep clam clamav-milter must be run with local:/var/clamd/clamd-milter.sock parameter. -- Regards, Sergey --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ScanStream errors
On Tue, 16 Mar 2004 09:29:57 +0100 (CET) Krzysztof Snopek [EMAIL PROTECTED] wrote: After weeks of running clamd+clamav-milter without any problems (Solaris9 sparc, sendmail 8.12.10), today morning something wrong happened. Below are some lines from clamd.log : Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed. After going back further in clamd.log, I am seeing exactly the same thing on Solaris 9 sparc, sendmail 8.12.11 + milter. It started yesterday morning and I had to shut down clamav. I ran a find for anything changed in the past 2 days, but found nothing of significance. Could a clam database change have caused this? The database was reloaded about 2 hours earlier. My message volume is fairly low and it could have taken 2 hours to start enough threads to reach the maximum. Once this problem starts, all sorts of bad things start occurring. Thanks, Alex --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem in install ClamAV
Paul Constable wrote: My apologies, for not furnishing more detail. I obtained a tarball and built from source. Good :) I have all pieces in place that you mention, but when trying to stimulate the the daemon by a script i.e clamctl I get a compliant that it cannot parse the conf.file. Where does clamctl comes from? That file doesn't exist in devel (CVS) version. You probably should edit that script to modify file locations. I recommend you look at init script called clamd on contrib/init/RedHat and contrib/init/SuSE directories of the source package. Use it. I tested the RedHat init and it works fine. When typing just 'clamd' on the commandline either as myself or as root, I get no response whatsoever. There shouldn't be any. You will get the response on syslog or on your clamd log file. As I said earlier, you should add a LogFile line on clamav.conf, start clamd, and look at the content of that file Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam on update problem
Mike Fish wrote: When I enter freshclam --on-update-execute='echo DONE' the database updates but the command doesn't execute. I've tried lots of variations but no joy. I think on update means if freshclam successfully downloads an update Which means it won't execute the command if your database is already up to date. [EMAIL PROTECTED] /]# freshclam --on-update-execute=echo DONE ClamAV update process started at Tue Mar 16 20:03:47 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: tkojm) Reading CVD header (daily.cvd): OK daily.cvd is up to date (version: 187, sigs: 389, f-level: 1, builder: diego) [EMAIL PROTECTED] /]# rm /usr/local/share/clamav/*.cvd [EMAIL PROTECTED] /]# freshclam --on-update-execute=echo DONE ClamAV update process started at Tue Mar 16 20:04:30 2004 Reading CVD header (main.cvd): OK Downloading main.cvd [*] main.cvd updated (version: 21, sigs: 20094, f-level: 1, builder: tkojm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] daily.cvd updated (version: 187, sigs: 389, f-level: 1, builder: diego) Database updated (20483 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. DONE [EMAIL PROTECTED] /]# freshclam -V freshclam / ClamAV version devel-20040316 = Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] FreeBSD and log rotation
On Mar 16, 2004, at 12:55 AM, Odhiambo Washington wrote: I have seen some people on the list say that clamd will stop working if the maximum logfile size is hit? Well, that was discussed, but they also gave solutions with the use of logrotate. I was hoping not to add another rotation system to FreeBSD unless it was really the only way to do it; my understanding was that FreeBSD prefers to have newsyslog handle the rotation of logs. Also it seemed as if some people had the problem of it stopping but others didn't; I didn't find a definitive if you run version X this happens, if you run version Y this happens instead... type of response and there were simply too many posts to sort through to get the summary extracted of the problem so I thought I'd just ask now that I hoped the dust had settled :-) Is there anyone using newsyslog to rotate the logs for clamd, and if so what is your conf file line to do it? BTW, there are new versions on the website, so go for them. There is an entry in the Changelog from the CVS checkout I just did a few minutes ago: snip And this is only set up on the CVS version, the sighup support, correct? I wonder when that will make it's way into the ports. I rely primarily on the portupgrades procedure to keep things in sync with updates; if we have too many things fragmented (whose network isn't if you have more than five users? :-) then updates get overlooked or fixing systems can get complicated. :-/ PS: I use daemontools to monitor clamd, and I use other methods to rotate my log file, so don't blame me if the above approach makes your box to go up in flames ;) Shoot, no fire suppression in the server room either...this sucks. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ScanStream errors
Krzysztof Snopek wrote: Tue Mar 16 04:01:00 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 04:02:27 2004 - ERROR: ScanStream: Can't create temporary file. [snip] Could someone guess what happened? was your /tmp full ? By default, Solaris stores /tmp on system memory (and swap) as tmpfs. It has size limit AND number of files limit. Even if 'df -k' shows that /tmp is still empty, sometimes you're unable to create any file on /tmp if there are too many files there (depends on amount of physical system memory). Rebooting will clean /tmp entirely. You could try moving /tmp elsewhere (e.g to a physical disk). Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam on update problem
Mike Fish wrote: When I enter freshclam --on-update-execute='echo DONE' the database updates but the command doesn't execute. I've tried lots of variations but no joy. I ultimately want freshclam to run from CRON and execute a script that emails me if the update fails. The script works fine, but freshclam doesn't execute it. What about to use absolute paths as /bin/echo ? Petr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] mbox archives vs. individual posts
[I've e-mailed this few days ago from a non-subscribed address and the only thing I've got was pending moderator approval. Sorry if you receive this in duplicate] Hello all, I remember seeing this problem before in a past thread (I cannot re-locate it atm) but there was no solution, so here it comes again: When using clamscan --mbox on a mail archive in mbox format, it does not detect the virus, in particular Worm.SomeFool.Gen-1 (aka Netsky.D). But if I save that particular mail in a file of its owm, clamscan correctly detects the virus. I am aware that clamscan should be pipe-ed from MTA or whatnot, but IMHO this should work properly on mbox _archives_ too... Any idea how to fix this ? Any workaraound (e.g. wrapping shell, de-MIME-fying tool/script)? I'm running ClamAV version 0.67+CVS20040305, as per Debian unstable 0.67-7 package version. TIA, Florian --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] A lot of open network connections
Hello, I'm using clamav version 0.67 and clamav-milter version 0.66n on FreeBSD 5.2.1. I have noticed a lot of open (and maybe unused) clamav's network connections. For example: clamav clamav-mil 47720 1 stream /var/run/clamav/milter.sock clamav clamav-mil 47720 2 stream (not connected) clamav clamav-mil 47720 5 stream /var/run/clamav/milter.sock clamav clamav-mil 47720 6 stream (not connected) clamav clamav-mil 47720 10 stream (not connected) clamav clamd 13262 4 stream /var/run/clamav/clamd.sock clamav clamd 13262 8 tcp4 *:56359 *:* clamav clamd 13262 11 tcp4 *:46278 *:* clamav clamd 13262 12 tcp4 127.0.0.1:46278 127.0.0.1:53379 clamav clamd 13262 14 tcp4 *:10717 *:* clamav clamd 13262 21 tcp4 *:8898*:* clamav clamd 13262 22 tcp4 127.0.0.1:8898 127.0.0.1:52912 clamav clamd 13262 24 tcp4 *:56565 *:* clamav clamd 13262 27 tcp4 *:3810*:* clamav clamd 13262 271tcp4 127.0.0.1:37125 127.0.0.1:56628 clamav clamd 13262 272tcp4 *:19916 *:* There are 366 connections of the form: clamav clamd 13262 272tcp4 *:19916 *:* These are open ports and scanning my machine with nmap shows them open! Is there any serious reason for clamav to open such ports and keep them open for such a long time? Regards -- Mikolaj Rydzewski --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ScanStream errors
On Tue, 16 Mar 2004, Alex S Moore wrote: After going back further in clamd.log, I am seeing exactly the same thing on Solaris 9 sparc, sendmail 8.12.11 + milter. It started yesterday morning and I had to shut down clamav. I ran a find for anything changed in the past 2 days, but found nothing of significance. Could a clam database change have caused this? The database was reloaded about 2 hours earlier. My message volume is fairly low and it Looks like possible cause... looking in my log: Tue Mar 16 01:00:28 2004 - Reading databases from /usr/local/share/clamav Tue Mar 16 01:00:30 2004 - Database correctly reloaded (20482 viruses) Tue Mar 16 01:18:38 2004 - Session 0 stopped due to timeout. Tue Mar 16 01:46:22 2004 - Session 1 stopped due to timeout. Tue Mar 16 02:00:57 2004 - SelfCheck: Database status OK. Tue Mar 16 02:13:24 2004 - Session 1 stopped due to timeout. Tue Mar 16 02:41:16 2004 - Session 0 stopped due to timeout. Tue Mar 16 03:01:25 2004 - SelfCheck: Database status OK. Tue Mar 16 03:08:18 2004 - Session 0 stopped due to timeout. Tue Mar 16 03:35:01 2004 - Session 0 stopped due to timeout. Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed. Tue Mar 16 03:57:47 2004 - ERROR: ScanStream: accept() failed. and then the whole troubles like in my previous letter. The log above is complete, nothing has been cut. There were no mail except for those timeouts, and when after 3 h from database reloading new mail arrived, it went wrong way. Krzysztof Snopek --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamd devel-20040316 - Hang on DB reload
Using clamd snapshot 20040316 on FreeBSD 4.9 Still having problems when clamd reloads the virus definitions. I've moved the DB to local disk from NFS, and still see the same problem. We have several servers that all randomly run into this problem. It seems to hold up all the threads and take a REALLY long time.. Mar 16 10:01:41 mx0-b clamd[83930]: No stats for Database check - forcing reload Mar 16 10:01:41 mx0-b clamd[83930]: Reading databases from /usr/local/share/clamav Mar 16 10:09:29 mx0-b clamd[83930]: Database correctly reloaded (20482 viruses) Almost eight minutes in some cases. It does not appear to be a server resource issue as when I checked the IO history, swap, CPU load, all were way below normal, ie: 5-10% utilization. Anyone else seeing this problem? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 Calculating in binary code is as easy as 01,10,11. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam died
I am running 0.67-1 from RPM on redhat 9. I used to run freshclam from cron but since the daemonized 0.67 freshclam was released i have been using it that way to reduce load on freshclam servers. Anyway, this morning i noticed that freshclam wasnt running. Checking my freshclam.log shows -- ClamAV update process started at Sun Mar 7 17:31:59 2004 ERROR: Maximal time (1200 seconds) reached. And that was it. There hasnt been another entry since and freshclam quit after it. I supposed it is acceptable that due to network issues, freshclam may be unable to update the database, but it definitely should not die because of it. Restarting freshclam (service freshclam start) works fine again but does anyone know why it died to begin with? I may just go back to the cron version to prevent this in the future. Thanks Jim Maul Eastern Long Island Hospital 631-477-5417 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Encrypted RAR Signature
Submission: 2005 Sender: Fisher Submitted virus name: Unknown Virus Virus name: Worm.Bagle.Gen-rarpwd Notes: Signature added through daily.cvd version 187 to Notes: detect password protected RAR files. Added: No Is this signature in effect for all scans, or only those with the ArchiveDetectEncrypted option set? -- Chris --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ScanStream errors
I saw the same thing after I downloaded the new binaries for our Tru64 server. I did some testing and found that when I used the previous clamdscan binary, everything worked again. It even picks up viruses that were missed before, and caught by our banned extensions recipe. So I am using all the new binaries and libraries except for clamdscan. Bugs On Tue, 16 Mar 2004, Alex S Moore wrote: -On Tue, 16 Mar 2004 09:29:57 +0100 (CET) -Krzysztof Snopek [EMAIL PROTECTED] wrote: - - After weeks of running clamd+clamav-milter without any problems - (Solaris9 sparc, sendmail 8.12.10), today morning something wrong - happened. Below are some lines from clamd.log : - - Tue Mar 16 03:57:46 2004 - ERROR: ScanStream: accept() failed. - -After going back further in clamd.log, I am seeing exactly the same thing -on Solaris 9 sparc, sendmail 8.12.11 + milter. It started yesterday -morning and I had to shut down clamav. - -I ran a find for anything changed in the past 2 days, but found nothing of -significance. Could a clam database change have caused this? The database -was reloaded about 2 hours earlier. My message volume is fairly low and it -could have taken 2 hours to start enough threads to reach the maximum. -Once this problem starts, all sorts of bad things start occurring. - -Thanks, Alex - - -This SF.Net email is sponsored by: IBM Linux Tutorials -Free Linux tutorial presented by Daniel Robbins, President and CEO of -GenToo technologies. Learn everything from fundamentals to system -administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click -___ -Clamav-users mailing list -[EMAIL PROTECTED] -https://lists.sourceforge.net/lists/listinfo/clamav-users - Bugs Brouillard Unix system administrator Humboldt State Univ.Information Technology Services Arcata, Calif. email [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Glibc and different versions of clam
Title: Glibc and different versions of clam A while back I was in the process of upgrading my system to the new glibc and had to revert back. This left some libraries etc around and the end result in I have trouble compiling clamav. I can compile clamscan (0.70 rc) just fine, but I'm stuck on old version of freshclam (0.65). Until I can fix all the libraries, it is ok to run an old version of freshclam? Thanks, Scott
Re: [Clamav-users] ScanStream errors
On Tue, 16 Mar 2004 16:51:44 +0100 (CET) Krzysztof Snopek [EMAIL PROTECTED] wrote: The log above is complete, nothing has been cut. There were no mail except for those timeouts, and when after 3 h from database reloading new mail arrived, it went wrong way. Are you using GNU compiler and make? I found that my problems started with clamav code changes somewhere this month. I have been using Sun's compiler and make tools for several months without a major problem. A code change this month appears to have stopped my ability to use Sun's devel tools. I think the problem is fixed for me, but time will tell. I switched to GNU compiler and make. Note that this still could be a problem with my server. Alex --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist
ClamAV will no longer start. The following is from my /var/log/messages: Mar 16 10:08:17 ns2 clamd: clamd shutdown failed Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom. Mar 16 10:08:17 ns2 last message repeated 189 times Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can' Mar 16 10:08:17 ns2 clamd: t open /dev/urandom. Mar 16 10:08:17 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom. Mar 16 10:08:18 ns2 last message repeated 286 times Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can' Mar 16 10:08:18 ns2 clamd: t open /dev/urandom. Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom. Mar 16 10:08:18 ns2 last message repeated 189 times Mar 16 10:08:18 ns2 clamd: L Mar 16 10:08:18 ns2 clamd: ibClamAV Error: !Can't open /dev/urandom. Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom. Mar 16 10:08:18 ns2 last message repeated 188 times Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't Mar 16 10:08:18 ns2 clamd: open /dev/urandom. Mar 16 10:08:18 ns2 clamd: LibClamAV Error: !Can't open /dev/urandom. Mar 16 10:08:18 ns2 last message repeated 3 times Mar 16 10:08:18 ns2 clamd: clamd startup failed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fajar A. Nugraha Sent: Monday, March 15, 2004 6:10 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] LibClamAV Error: !Can't open /dev/urandom. Edward W. Ray wrote: Sorry, though it was in the e-mail. RH 9 Linux system running clamv v0.67 [EMAIL PROTECTED] root]# ls -l /dev/urandom crwxr-xr-x1 root root 1, 9 Mar 9 17:22 /dev/urandom I can't say much about 0.67, but I know that I'm running the latest CVS snapshot version on Fedora Core 1 and it works great. Try RPM packages. If that doesn't work, try http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz. Many problems were fixed in CVS. Perhaps this is one of them. Incase it matters (which shouldn't), my /dev/urandom is crw-r--r--1 root root 1, 9 Mar 15 16:48 /dev/urandom Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RE: Nbr of signatures
On Tuesday 16 March 2004 5:53 pm, Alex S Moore wrote: Has the number of virus signatures increased significantly lately? I thought there were around 21,000 but now I have this msg in clamd.log. Tue Mar 16 11:45:22 2004 - Protecting against 40969 viruses. You have two copies of the database on your system - probably both old (*.db?) and new (*.cvd) files in the same directory. Regards, Antony. -- I don't know, maybe if we all waited then cosmic rays would write all our software for us. Of course it might take a while. - Ron Minnich, Los Alamos National Laboratory Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Troubles with recent clamav's
I am running clamav under SunOS 5.8. Ever since version 0.67 (or so, I am not checking them regularly) , I have been unable to leave ClamAV running. It does run, but after some minutes, it stops processing emails. It is still running, in fact, it uses up to 85% of the CPU(!), but no email goes thru. Did anyone else experience this problem? I am even trying the nightly snapshots, and the patches suggested on this list like the /dev/urandom patch, but no luck so far.. -turgut --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RE: Nbr of signatures
On Tue, 2004-03-16 at 12:53, Alex S Moore wrote: Tue Mar 16 11:45:22 2004 - Protecting against 40969 viruses. It sounds like you have viruses.db* in /var/lib/clamav (or wherever you have your db files) along with the CVDs. Try deleting the *db* files and see what that does. You should only have main.cvd and daily.cvd. Cheers, Mike --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] RE: Nbr of signatures
On Tue, 2004-03-16 at 17:53, Alex S Moore wrote: Has the number of virus signatures increased significantly lately? I thought there were around 21,000 but now I have this msg in clamd.log. Tue Mar 16 11:45:22 2004 - Protecting against 40969 viruses. Maybe you have both old and new style databases in place - suggest you delete the old ones. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Troubles with recent clamav's
On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote: I am running clamav under SunOS 5.8. Ever since version 0.67 (or so, I am not checking them regularly) , I have been unable to leave ClamAV running. It does run, but after some minutes, it stops processing emails. It is still running, in fact, it uses up to 85% of the CPU(!), but no email goes thru. Did anyone else experience this problem? Yes. I have posted a similiar issue here: http://www.mail-archive.com/[EMAIL PROTECTED]/msg06462.html Doug Hardie is tracking a similar issue: http://www.mail-archive.com/[EMAIL PROTECTED]/msg06907.html Do you have ScanMail enabled? It seems ScanMail renders clamd really unstable. I haven't found a final fix other than to watch clamd. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam died
On Tue, 16 Mar 2004 11:28:53 -0500 Jim Maul [EMAIL PROTECTED] wrote: I am running 0.67-1 from RPM on redhat 9. I used to run freshclam from cron but since the daemonized 0.67 freshclam was released i have been using it that way to reduce load on freshclam servers. Anyway, this morning i noticed that freshclam wasnt running. Checking my freshclam.log shows -- ClamAV update process started at Sun Mar 7 17:31:59 2004 ERROR: Maximal time (1200 seconds) reached. And that was it. There hasnt been another entry since and freshclam quit after it. I supposed it is acceptable that due to network issues, freshclam may be unable to update the database, but it definitely should not die because of it. We are aware of it and that should be fixed in the final 0.70 version. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 16 21:02:26 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] A lot of open network connections
On Tue, 16 Mar 2004 15:48:00 +0100 Mikolaj Rydzewski [EMAIL PROTECTED] wrote: Hello, I'm using clamav version 0.67 and clamav-milter version 0.66n on 0.67 is obsolete, better install 0.70-rc or 0.68-1 FreeBSD 5.2.1. I have noticed a lot of open (and maybe unused) clamav's network connections. For example: As a workaround you can switch clamav-milter to local mode (local sockets) with --quarantine-dir. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 16 21:06:52 CET 2004 pgp0.pgp Description: PGP signature
[Clamav-users] inverse of adding custom filters?
Not that I currently have a use for this, but the idea of false positives scares me. I know if I find a virus that's not included in the .cvd I can create my own .db with a signature. But what if I find a signature that blocks non-virus mail? Is there anything that can be done locally? About all I can think of would be to unpack the .cvd to a .db and then remove the offending lines. But I'm wondering if there's a method that would survive the freshclam updates. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
Fajar A. Nugraha wrote: Helmut Schneider wrote: seems that the clamav Port (0.67-1) has problems with RAR Files (e.g. Bagle.N): To avoid missunderstandings, I know the file is pwd, but clamav does not recognize the virus within the archive (maybe a DB problem)... Sometimes the signatures were created using the complete mail, so clamscan won't recognize the attachment alone but it will recognize the complete mail. If you use clamscan, you can work around RAR errors using --unrar[=FULLPATH] Enable support for .rar files But since the RARs are password-protected, it's useless. My suggestion is try feeding the complete virus mail to clamscan (instead of just the attachment), and see if it works. Thats the point, if clamav would have detected the virus in the original mail I wouldn't have posted here... :) I am experiencing similar problems on my OpenBSD 3.4 box and was wondering if there has been any resolution on this issue. I have an OpenBSD 3.3 stable box running in parallel with the OpenBSD 3.4 box that has caught the Worm.Bagle.Gen-rarpwd. 3.3 box running amavisd-new-20030616-p2 patched to allow scanning of full message clamav-0.67-1 unrar-2.50 3.4 box running amavisd-new-20030616-p8 /etc/amavisd.conf settings $keep_decoded_original_re = new_RE( qr'^MAIL$', # retain full original message for virus checking clamav-0.67-1 unrar-3.20beta3 Don't know if any of this information helps but only solution I have right now is to ban all .rar files on the 3.4 box. Thanks L. A. Duerksen --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem in install ClamAV
Cheers my man that is now working with some modifications. I at first got the following message:- 'which: no clamd in (/usr/local/bin:/bin://usr/bin:/usr/X11R6/bin) This I remedied by moving into the first location. My question is where does this path come from as it is not in any of the conf files, presumably PATH ? The script clamctl came from a Debian based document, the only information I could get that gave pointers for idiots like me.. If you could put me right on the last questions I will be eternally grateful. Once again thanks, and power to 'open source' it always delivers, including the community. Paul On Tuesday 16 March 2004 12:42, Fajar A. Nugraha wrote: Paul Constable wrote: My apologies, for not furnishing more detail. I obtained a tarball and built from source. Good :) I have all pieces in place that you mention, but when trying to stimulate the the daemon by a script i.e clamctl I get a compliant that it cannot parse the conf.file. Where does clamctl comes from? That file doesn't exist in devel (CVS) version. You probably should edit that script to modify file locations. I recommend you look at init script called clamd on contrib/init/RedHat and contrib/init/SuSE directories of the source package. Use it. I tested the RedHat init and it works fine. When typing just 'clamd' on the commandline either as myself or as root, I get no response whatsoever. There shouldn't be any. You will get the response on syslog or on your clamd log file. As I said earlier, you should add a LogFile line on clamav.conf, start clamd, and look at the content of that file Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] [OT] UDP to port 1828 like crazy
I'm seeing tons of network activity all UDP traffic to port 1828. Is this an indication of a virus? -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd devel-20040316 - Hang on DB reload
On 3/16/04 10:53 AM, Robert Blayzor [EMAIL PROTECTED] wrote: More on this... Using clamd snapshot 20040316 on FreeBSD 4.9 Still having problems when clamd reloads the virus definitions. I've moved the DB to local disk from NFS, and still see the same problem. We have several servers that all randomly run into this problem. It seems to hold up all the threads and take a REALLY long time.. Mar 16 10:01:41 mx0-b clamd[83930]: No stats for Database check - forcing reload Mar 16 10:01:41 mx0-b clamd[83930]: Reading databases from /usr/local/share/clamav Mar 16 10:09:29 mx0-b clamd[83930]: Database correctly reloaded (20482 viruses) I caught clamd reloading the database. When it does, clamd takes up a TON of resources while it reloads. PID USERNAME PRI NICE SIZERES STATE C TIME WCPUCPU COMMAND 28362 root 63 0 21840K 20548K CPU0 1 20:57 99.02% 99.02% clamd It eventually continues... Mar 16 16:46:34 mx0-a clamd[28362]: No stats for Database check - forcing reload Mar 16 16:50:44 mx0-a clamd[28362]: Reading databases from /usr/local/share/clamav Mar 16 16:50:45 mx0-a clamd[28362]: Database correctly reloaded (20486 viruses) I'm also having a problem with random clamdscan's hanging immediately when they connect to clamd. They just hang around until the mail server thinks they are dead and kills them. I was using a UNIX socket, then switched to a TCP socket, and still have the same problem. -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 Beware of programmers who carry screwdrivers. - Leonard Brandwein --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam died
This is a hack, but I run monit on my servers to restart failed services. Works well, it's a hack but it sure jacks my perceived uptime. Tomasz Kojm said: And that was it. There hasnt been another entry since and freshclam quit after it. I supposed it is acceptable that due to network issues, freshclam may be unable to update the database, but it definitely should not die because of it. -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam died
Lucas Albers wrote: This is a hack, but I run monit on my servers to restart failed services. Works well, it's a hack but it sure jacks my perceived uptime. Tomasz Kojm said: And that was it. There hasnt been another entry since and freshclam quit after it. I supposed it is acceptable that due to network issues, freshclam may be unable to update the database, but it definitely should not die because of it. Hmmm, I just do a freshclam from chron rather than let it run as a daemon - as a new user (I just downloaded, installed, integrated with my anti-spam/anti-virus proxy - home built, today). Is doing this in any way a negative thing? --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Troubles with recent clamav's
On Mar 16, 2004, at 11:48, Everton da Silva Marques wrote: On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote: I am running clamav under SunOS 5.8. Ever since version 0.67 (or so, I am not checking them regularly) , I have been unable to leave ClamAV running. It does run, but after some minutes, it stops processing emails. It is still running, in fact, it uses up to 85% of the CPU(!), but no email goes thru. Did anyone else experience this problem? Yes. I have posted a similiar issue here: http://www.mail-archive.com/[EMAIL PROTECTED]/ msg06462.html Doug Hardie is tracking a similar issue: http://www.mail-archive.com/[EMAIL PROTECTED]/ msg06907.html The problem I encountered has now been identified and I have a working clamd that does not hang. I compiled it two different ways and both worked. The problem was /dev/urandom returning either a -1 or a 0. Either of those will cause others.c to hang as it does not test for that condition. One approach was to put in a trivial test for it and exit from the loop. The other was to remove the define for C_URANDOM in the .h file. Both of those approaches worked in my testing. Since I couldn't easily determine if the first would have some side effects if it didn't return enough random bits, I have gone with the second approach. My production server has been running for slightly over 6 hours now and no problems have been seen. In case it might help someone else, the approach I used to find the problem was to use a test system and pass a large number of directories (The FreeBSD source code) to clamdscan and let it beat clamd up for about 5 minutes. Then I let it finish what it could and return to its idle state. At that point it was using all the available CPU time. I entered it via gdb and let it single step around awhile to find out where it really was and what was going on. Ktrace was not helpful as it kept showing a poll with a time period of 0. Apparently the poll is in the read code. A messy way to test, but it worked. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam died
Steven P. Donegan wrote: Hmmm, I just do a freshclam from chron rather than let it run as a daemon - as a new user (I just downloaded, installed, integrated with my anti-spam/anti-virus proxy - home built, today). Is doing this in any way a negative thing? I don't think it hurts, and from the reports of freshclam dying, it might be better for now. Just make sure you don't have your cron job running on the hour. Too many people do that, and it really loads up the servers. Pick a random number for the minutes after the hour. I do run my freshclam with --daemon, and have it set to do 13 checks a day. So it gets started at a random time when the server boots, and since 13 doesn't go into 24 evenly, it always checks on a different minute mark. I guess eventually I'll hit the hour and then it will take over 6000 more updates to hit on the hour again. :) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist
Edward W. Ray wrote: ClamAV will no longer start. The following is from my /var/log/messages: How about compiling yourself from latest CVS snapshot? http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam died
Steven P. Donegan wrote: Hmmm, I just do a freshclam from chron rather than let it run as a daemon - as a new user (I just downloaded, installed, integrated with my anti-spam/anti-virus proxy - home built, today). Is doing this in any way a negative thing? Not if you set it to run on random minute (e.g. not 0). If you set it up as 0 * * * * /usr/local/bin/freshclam then you might be among those people who floods database mirrors during update checks :) Better change the 0 to something random (e.g. 19, 34, etc). Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Troubles with recent clamav's
Doug Hardie wrote: The problem I encountered has now been identified and I have a working clamd that does not hang. I compiled it two different ways and both worked. The problem was /dev/urandom returning either a -1 or a 0. Either of those will cause others.c to hang as it does not test for that condition. Aaaah :) So that's my I never had those problem. My Solaris 8 simply don't have /dev/urandom, thus clamav was using software rand() instead :) A quick hack would be using` ./configure --disable-urandom`. Has this test been incorporated in recent CVS snapshot yet? Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Glibc and different versions of clam
Scott Harris wrote: A while back I was in the process of upgrading my system to the new glibc and had to revert back. This left some libraries etc around and the end result in I have trouble compiling clamav. I can compile clamscan (0.70 rc) just fine, but I'm stuck on old version of freshclam (0.65). Until I can fix all the libraries, it is ok to run an old version of freshclam? The temporary solution is to make sure that both freshclam and clamd (any version) use the same database diretory. If you do that, worst thing that can happen is freshclam downloads old viruses.db* files instead of *.cvd, but clamd and clamscan should be able to use it anyway. Anyway, what could be so hard about deleting old clamav files? The important ones are just -libclamav.* (on /usr/lib/ or /usr/local/lib/) -clamscan, clamdscan, sigtool, freshclam (on /usr/bin/ or /usr/local/bin/) -clamd (on /usr/sbin/ or /usr/local/sbin/) -clamav.conf (on /etc or /usr/local/etc) Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam died
Fajar A. Nugraha wrote: Steven P. Donegan wrote: Hmmm, I just do a freshclam from chron rather than let it run as a daemon - as a new user (I just downloaded, installed, integrated with my anti-spam/anti-virus proxy - home built, today). Is doing this in any way a negative thing? Not if you set it to run on random minute (e.g. not 0). If you set it up as 0 * * * * /usr/local/bin/freshclam then you might be among those people who floods database mirrors during update checks :) Better change the 0 to something random (e.g. 19, 34, etc). Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Well, on general principles I do that anyway :-) But thanks for the response. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam died
Chris Meadors wrote: Steven P. Donegan wrote: Hmmm, I just do a freshclam from chron rather than let it run as a daemon - as a new user (I just downloaded, installed, integrated with my anti-spam/anti-virus proxy - home built, today). Is doing this in any way a negative thing? I don't think it hurts, and from the reports of freshclam dying, it might be better for now. Just make sure you don't have your cron job running on the hour. Too many people do that, and it really loads up the servers. Pick a random number for the minutes after the hour. I do run my freshclam with --daemon, and have it set to do 13 checks a day. So it gets started at a random time when the server boots, and since 13 doesn't go into 24 evenly, it always checks on a different minute mark. I guess eventually I'll hit the hour and then it will take over 6000 more updates to hit on the hour again. :) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Well, being the geek from the 60's who counts CPU cycles and RAM usage I don't run any daemon I can avoid - silly of me in these days I guess - probably why I still code in C rather than C++/Java/Pick your way-too-much-inherited-stuff language :-) At some point I'll look into the clam code itself and see if I can contribute anything - but at present I'm working on my own SMTP proxy with anti-spam/anti-virus/SPF support (the only 'email caller id' thing with usable code out there so far) etc. Right now that toy is killing 90+ percent of the garbage email that comes in to the 20+ domains I host here. Small, but progress. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist
Fajar A. Nugraha wrote: ClamAV will no longer start. The following is from my /var/log/messages: How about compiling yourself from latest CVS snapshot? http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz You might also want to try ./configure --disable-urandom during compiling --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist
Just not my day I guess. On make in devel build: cd .. \ /bin/sh /scsi2/tmp/clamav-devel-20040316/missing --run automake-1.6 --gnu clamd/Makefile aclocal.m4:4200: version mismatch. This is Automake 1.6.3, but aclocal.m4 aclocal.m4:4200: was generated for Automake 1.6.1. You should recreate aclocal.m4:4200: aclocal.m4 with aclocal and run automake again. make[1]: *** [Makefile.in] Error 1 make[1]: Leaving directory `/scsi2/tmp/clamav-devel-20040316/clamd' make: *** [install-recursive] Error 1 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fajar A. Nugraha Sent: Tuesday, March 16, 2004 7:32 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist Fajar A. Nugraha wrote: ClamAV will no longer start. The following is from my /var/log/messages: How about compiling yourself from latest CVS snapshot? http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz You might also want to try ./configure --disable-urandom during compiling --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Installed latest rpms of clamAV; LibClamAV Error: !Can't open /dev/urandom errors persist
Edward W. Ray wrote: Just not my day I guess. On make in devel build: cd .. \ /bin/sh /scsi2/tmp/clamav-devel-20040316/missing --run automake-1.6 --gnu clamd/Makefile aclocal.m4:4200: version mismatch. This is Automake 1.6.3, but aclocal.m4 aclocal.m4:4200: was generated for Automake 1.6.1. You should recreate aclocal.m4:4200: aclocal.m4 with aclocal and run automake again. make[1]: *** [Makefile.in] Error 1 make[1]: Leaving directory `/scsi2/tmp/clamav-devel-20040316/clamd' make: *** [install-recursive] Error 1 :) This is a known resident problem on devel build. Sometimes it's there, sometimes it's not. The easiest work-around is to rename or remove (temporarily) /usr/bin/automake-1.6 to something else (e.g. /usr/bin/automake-1.6-old). Then remove your build dir completely, untar from fresh source, and re-run ./configure With that trick, today's snapshot builds fine on Fedora Core 1 (http://clamav.or.id/snapshot/clamav-devel-latest.linux.tar.gz). Some people said simply running aclocal, autoconf, and automake on your build dir works. I haven't tried that though. Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Troubles with recent clamav's
Thank you Everton! I have amavisd-new with spamassassin, and clamd is the only virus scanner I have on that system. Therefore, when amavisd starts, it automatically starts using clamd. However, with all the new versions, I noticed that clamd would start out fine, clean out some viruses for some 10-20 minutes, and then do nothing else. Nothing else visible in clamd.log, it just uses lots of CPU and does nothing, while amavisd keeps waiting forever. Yesterday, as a stopgap solution, I wrote a C program to monitor the last change time of clamd.log, and if it has not been changed in the last 3 minutes, I kick clamd and restart it. Ugly solution, and it will probably have problems with amavisd, so I await a proper fix. -turgut On Tue, 16 Mar 2004, Everton da Silva Marques wrote: On Tue, Mar 16, 2004 at 03:36:40PM +0200, turgut kalfaoglu wrote: I am running clamav under SunOS 5.8. Ever since version 0.67 (or so, I am not checking them regularly) , I have been unable to leave ClamAV running. It does run, but after some minutes, it stops processing emails. It is still running, in fact, it uses up to 85% of the CPU(!), but no email goes thru. Did anyone else experience this problem? Yes. I have posted a similiar issue here: http://www.mail-archive.com/[EMAIL PROTECTED]/msg06462.html Doug Hardie is tracking a similar issue: http://www.mail-archive.com/[EMAIL PROTECTED]/msg06907.html Do you have ScanMail enabled? It seems ScanMail renders clamd really unstable. I haven't found a final fix other than to watch clamd. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - Turgut Kalfaoglu: http://www.kalfaoglu.com EgeNet Internet Services: http://www.egenet.com.tr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Troubles with recent clamav's
I believe this is a different problem than mine - my SunOS does not have /dev/urandom either.. -turgut On Wed, 17 Mar 2004, Fajar A. Nugraha wrote: Doug Hardie wrote: The problem I encountered has now been identified and I have a working clamd that does not hang. I compiled it two different ways and both worked. The problem was /dev/urandom returning either a -1 or a 0. Either of those will cause others.c to hang as it does not test for that condition. Aaaah :) So that's my I never had those problem. My Solaris 8 simply don't have /dev/urandom, thus clamav was using software rand() instead :) A quick hack would be using` ./configure --disable-urandom`. Has this test been incorporated in recent CVS snapshot yet? Regards, Fajar --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - Turgut Kalfaoglu: http://www.kalfaoglu.com EgeNet Internet Services: http://www.egenet.com.tr --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users