[Clamav-users] milter and clamscan

[Korchmenuk Nickolay]

Hi

I,ve install clamav 0.70rc vs milter support.
Clamav-milter detect viruses well, but I check all incoming mail via 
procmail(clamscan) additionaly. And clamscan detect some viruses sometime 
(SomeFool-Gen and others).
Why milter doesn't detect that viruses???

I've FreeBSD 5.2.1p1, Sendmail 8.12.11 installed on server. Freshclam update viruses 
db via cron every hour. 

-- 
 Korchmenuk Nickolay
18 Mar 2004 09:23:28


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] why don't detect

[Korchmenuk Nickolay]

Hi

On Wed, 17 Mar 2004 17:29:27 +0100
"Diego d'Ambra" <[EMAIL PROTECTED]> wrote:
> > Submission: 2021
> > Sender: Korchmenuk Nickolay
> > Submitted virus name: Win32.HLLM.MyDoom.32768
> > Notes: Triple bounced e-mail with Worm.SCO.A. If
> > Notes: attachment is extracted virus is detected.
> > Added: No
> > 
> > Could you say why clamscan and clamdscan didn't detect virus in this
> > e- mail?
> 
> I'm unable to tell why the --mbox option didn't detect the virus. Your
> sample has been forwarded to Nigel, so I expect he will have more
> details.
I've 11 e-mails like that with SCO.A, Netsky, I-Frame.exploit etc.

-- 
 Korchmenuk Nickolay
18 Mar 2004 09:20:57


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Glibc and different versions of clam

[Scott Harris]

 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Fajar A. Nugraha
> Sent: Tuesday, March 16, 2004 6:53 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Glibc and different versions of clam
> 

> >
> The temporary solution is to make sure that both freshclam 
> and clamd (any version) use the same database diretory.
> If you do that, worst thing that can happen is freshclam 
> downloads old viruses.db* files instead of *.cvd, but clamd 
> and clamscan should be able to use it anyway.
> 
> Anyway, what could be so hard about deleting old clamav files?
> The important ones are just
> -libclamav.* (on /usr/lib/ or /usr/local/lib/)
> -clamscan, clamdscan, sigtool, freshclam (on /usr/bin/ or 
> /usr/local/bin/)
> -clamd (on /usr/sbin/ or /usr/local/sbin/)
> -clamav.conf (on /etc or /usr/local/etc)
> 
> Regards,
> 
> Fajar
> 

It isn't about the clamav libs, it is about various libs on 
the systems (mainly pthreads).  For instance, below is a straight
 .configure and then a test run of freshclam:

./freshclam/.libs/freshclam: relocation error:
/usr/local/lib/libpthread.so.0: undefined symbol: _dl_cpuclock_offset

No big deal you say, just disable pthreads support and don't 
worry about it.


./configure --disable-pthreads
Make
gcc -g -O2 -o .libs/freshclam freshclam.o options.o manager.o notify.o
../clamscan/getopt.o ../clamscan/others.o  -L/tmp/clamav-0.70-rc/libclamav
/tmp/clamav-0.70-rc/libclamav/.libs/libclamav.so -lz -lbz2
/usr/local/lib/libgmp.so -Wl,--rpath -Wl,/usr/local/lib
freshclam.o: In function `freshclam':
/tmp/clamav-0.70-rc/freshclam/freshclam.c:120: undefined reference to
`parsecfg'
/tmp/clamav-0.70-rc/freshclam/freshclam.c:123: undefined reference to
`parsecfg'
/tmp/clamav-0.70-rc/freshclam/freshclam.c:139: undefined reference to
`cfgopt'
/tmp/clamav-0.70-rc/freshclam/freshclam.c:157: undefined reference to
`cfgopt'
/tmp/clamav-0.70-rc/freshclam/freshclam.c:178: undefined reference to
`cfgopt'
/tmp/clamav-0.70-rc/freshclam/freshclam.c:189: undefined reference to
`cfgopt'
/tmp/clamav-0.70-rc/freshclam/freshclam.c:199: undefined reference to
`cfgopt'
freshclam.o:/tmp/clamav-0.70-rc/freshclam/freshclam.c:213: more undefined
references to `cfgopt' follow
collect2: ld returned 1 exit status
make[2]: *** [freshclam] Error 1
make[2]: Leaving directory `/tmp/clamav-0.70-rc/freshclam'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/clamav-0.70-rc'
make: *** [all] Error 2


The problem, I believe, is from a long time ago when I 
half upgrade the pthreads library.  That needed the new 
glibc, and then the mess just began.  Some of the programs 
are compiled with the old stuff, some with the new, so until 
I can wipe the system and start fresh, I'm stuck in this limbo.

Thanks.

 



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamassassin and procmail config

[Nigel Horne]

On Wednesday 17 Mar 2004 10:47 pm, pi wrote:

> I want each mail detected as 'with a virus' to be forwarded in a special
> mailbox ([EMAIL PROTECTED])

Use the --quarantine=EMAILADDRESS option of clamav-milter.
For more information see 'man 8 clamav-milter'.

> Phil

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamd randomly hanging then eventually continuing

[Robert Blayzor]

I am running devel snapshot 20040415 on FreeBSD 4.9.

I'm having a problem with clamd, the process randomly hanging on either
reloading the database and sometimes scanning mbox files.  It's very
strange.  When the processes hangs clamd is using 99.9% of the CPU (so says
top) until it eventually releases and continues several minutes later.

I've been going crazy trying to figure out what this is, if it's either a
compile option or a bug in clamd.

This does not happen all the time... Sometimes the database loads just fine.
Mar 17 08:29:58 mx1-b clamd[90358]: SelfCheck: Database status OK.
Mar 17 09:30:19 mx1-b clamd[90358]: SelfCheck: Database modification
detected. Forcing reload.
Mar 17 09:30:19 mx1-b clamd[90358]: Reading databases from
/usr/local/share/clamav
Mar 17 09:38:22 mx1-b clamd[90358]: Database correctly reloaded (20488
viruses) 
Mar 17 10:30:23 mx1-b clamd[90358]: SelfCheck: Database status OK.
Mar 17 11:30:29 mx1-b clamd[90358]: SelfCheck: Database modification
detected. Forcing reload.
Mar 17 11:30:29 mx1-b clamd[90358]: Reading databases from
/usr/local/share/clamav
Mar 17 11:30:30 mx1-b clamd[90358]: Database correctly reloaded (20493
viruses) 
Mar 17 12:30:48 mx1-b clamd[90358]: SelfCheck: Database status OK.



Here are the compile time options I'm using:

--disable-clamav --disable-clamuko --disable-cr \
--enable-id-check


Anyone have any ideas?

--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = 1E02 DABE F989 BC03 3DF5  0E93 8D02 9D0B CB1A A7B0

The computer is mightier than the pen, the sword, and usually, the
programmer.




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Updating ClamAv

[Tabaré Salvagno]

Normal if you didn't configure any scheduled job, try to exec "freshclam"
(bin) and see what happen. For other options look into "freshclam.conf".


-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] nombre de Bit Fuzzy
Enviado el: miércoles, 17 de marzo de 2004 14:46
Para: [EMAIL PROTECTED]
Asunto: [Clamav-users] Updating ClamAv


First I'd like so say "GREAT PROGRAM!!!"

I notice in my logs that main.cvd isn't (or hasn't) been updating is this
normal?

Also, I'm currently using ClamAV 0.67 should I upgrade to 0.70 etc as they
become available?
or will the updated functionality be included in my update process?

Thanks in advance

KenC



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.622 / Virus Database: 400 - Release Date: 13/03/2004



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Installed latest rpms of clamAV; "LibClamAV Error: !Can't open /dev/urandom" errors persist

[Fajar A. Nugraha]

Edward W. Ray wrote:

Nope.  /dev/urandom errors persist.
 

Did you use --disable-urandom during ./configure ? It should not read 
/dev/urandom anymore with that option.
What linux version (or to be more specific : glibc version) are you using?
I might be able to provide a tested binary (which worked fine on my 
server) for you.

is their a
place I can make a donation for supporting this software?
 

Try http://www.clamav.net/donate.php#pagestart
Putting clamav logo on your web page is a start :)
Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Updating ClamAv

[Fajar A. Nugraha]

Bit Fuzzy wrote:

First I'd like so say "GREAT PROGRAM!!!"

I notice in my logs that main.cvd isn't (or hasn't) been updating is this
 

Yes, it is. New viruses are added in daily.cvd. Once in a while those 
signatures
are merged in daily.cvd.

normal?

Also, I'm currently using ClamAV 0.67 should I upgrade to 0.70 etc as they
become available?
 

Oh yes. You might find some of the new features very tempting :)
See ChangeLog for details.
or will the updated functionality be included in my update process?

 

No. update with freshclam only update virus signature, not the engine.

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[Jonathan Trott]

"Jim Maul" <[EMAIL PROTECTED]> wrote on 18/03/2004 08:55:05:

> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Thomas
> > Lamy
> > Sent: Wednesday, March 17, 2004 3:43 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Clamav-users] testvirus.org eicar tests failing w/ 
ClamAV
> > version devel-20040316 on OSX+CGPro
> >
> >
> > Sorry, but IMHO a virus scanner on a Mac that doesn't handle BinHex is 
a
> > piece of scrap.
> > Clamav has a BinHex decoder, and it works.
> >
> 
> Is this enabled by default?  I have been unable to find any way to 
enable
> clamav to decode binhex attachments.  Both binhex attachments from
> testvirus.org get through my system so i made the assumption that binhex
> support was lacking.
I have clamav 0.67 called by amavisd-new called by postfix on my Fedora 
gateway, and it detected everything except Fragment and CLSID from 
www.testvirus.org.
So that setup at least will decode BinHex attachments.
However, when I tested devel-20040317 built on my 10.3.3 client machine, 
it failed to detect any .hqx encoded files. It detected AppleSingle and 
MacBinary encoded viruses, but not UUEncoded or BinHexed. I also tested on 
clamav 0.67 on the Fedora gateway, and it failed to detect binhex or 
uuencoded viruses either. I assume that is because amavisd-new is taking 
care of the decoding and only passing the decoded files onto clamav. There 
does seem to be some internal code to decode uu and hqx, but I can't get 
it to work.
Here is the output of my scan testing on MacOS X 10.3.3.
All files are the same, just encoded. .as is AppleSingle, .bin is 
MacBinary, .hqx is BinHex, .uu is UUEncoded.

[white-dwarf:~/Incoming] jtrott% clamscan --detect-encrypted --recursive 
-v --debug doc
LibClamAV debug: Loading databases from /sw/share/clamav
LibClamAV debug: Loading /sw/share/clamav/daily.cvd
LibClamAV debug: /sw/share/clamav/daily.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 849c211f23b8e3d9a5cbdf48dc9b2bc8
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /var/tmp//1bbd438c777f4a9c/COPYING
LibClamAV debug: Unpacking /var/tmp//1bbd438c777f4a9c/viruses.db2
LibClamAV debug: Loading databases from /var/tmp//1bbd438c777f4a9c
LibClamAV debug: Loading /var/tmp//1bbd438c777f4a9c/viruses.db2
LibClamAV debug: Initializing trie.
LibClamAV debug: Loading /sw/share/clamav/main.cvd
LibClamAV debug: /sw/share/clamav/main.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = a20b254aa5f6b97dcafc115a63c8af4e
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /var/tmp//947c0ebe75b407b5/COPYING
LibClamAV debug: Unpacking /var/tmp//947c0ebe75b407b5/viruses.db
LibClamAV debug: Loading databases from /var/tmp//947c0ebe75b407b5
LibClamAV debug: Loading /var/tmp//947c0ebe75b407b5/viruses.db
LibClamAV debug: Worm.Mydoom.F virus found in descriptor 5.
doc/doc.scr: Worm.Mydoom.F FOUND
LibClamAV debug: Worm.Mydoom.F virus found in descriptor 5.
doc/doc.scr.as: Worm.Mydoom.F FOUND
LibClamAV debug: Worm.Mydoom.F virus found in descriptor 5.
doc/doc.scr.bin: Worm.Mydoom.F FOUND
doc/doc.scr.hqx: OK
doc/doc.scr.uu: OK

--- SCAN SUMMARY ---
Known viruses: 20486
Scanned directories: 1
Scanned files: 5
Infected files: 3
Data scanned: 0.18 MB
I/O buffer size: 131072 bytes
Time: 2.410 sec (0 m 2 s)

> Jim
Jim, probably your best bet at this stage is to install amavisd-new and 
get CG to use that instead of calling clamav directly. Email me if you 
need more info on how to do that.
Thanks,
JT


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Updating ClamAv

[Bit Fuzzy]

First I'd like so say "GREAT PROGRAM!!!"

I notice in my logs that main.cvd isn't (or hasn't) been updating is this
normal?

Also, I'm currently using ClamAV 0.67 should I upgrade to 0.70 etc as they
become available?
or will the updated functionality be included in my update process?

Thanks in advance

KenC



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[Nigel Horne]

On Wednesday 17 Mar 2004 9:54 pm, Jim Maul wrote:

> Is this enabled by default?

It is enabled when you enable 'ScanMail' in clamav.conf, or use the --mbox option to 
clamscan.

> Jim

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamassassin and procmail config

[pi]

Hello everybody,

I'm not sure it's the right place to post, but I don't know where to post.
So, please, be patient.
I downloaded, installed and configured clamav (everything works great)
I also installed clamassassin to filter mails (just like spamassassin 
for the spam).

Here's my problem:

I want each mail detected as 'with a virus' to be forwarded in a special 
mailbox ([EMAIL PROTECTED])

I tried something in procmailrc file but the mail loops.

Can anybody help. Please

Phil


[EMAIL PROTECTED] root]# cat /etc/procmailrc
:0fw
| /usr/local/bin/clamassassin
:0:
* ^X-Virus-Status: Yes
! [EMAIL PROTECTED]








---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[Jim Maul]

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Thomas
> Lamy
> Sent: Wednesday, March 17, 2004 3:43 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV
> version devel-20040316 on OSX+CGPro
>
>
> Sorry, but IMHO a virus scanner on a Mac that doesn't handle BinHex is a
> piece of scrap.
> Clamav has a BinHex decoder, and it works.
>

Is this enabled by default?  I have been unable to find any way to enable
clamav to decode binhex attachments.  Both binhex attachments from
testvirus.org get through my system so i made the assumption that binhex
support was lacking.

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[OpenMacNews]

-- On Wednesday, March 17, 2004 9:42 PM +0100  Thomas Lamy <[EMAIL PROTECTED]> wrote:



I agree here. It just comes down to:
- Have you enabled the ScanMail and ScanArchive options in your clamav.conf, or are 
you using clamscan --mbox? If
not, this is the culprit.
just re-checked,

ScanMail & ScanArchive are *both* enabled in clamav.conf

and, ClamAV *is* regularly scanning/catching OTHER email viruses ...


- What is CGpro sending to clamav? Does it decompose mails? CG _may_ fulfill this 
task, erm, incompletely. Or does it
send the whole raw message to clamav? Then you definitely need to enable ScanMail (see 
above)
i'm not sure i understand enuf to answer your question adequately, however you should know that ...

CGPro is doing NONE of the av processing, nor is it, itself, speaking 'directly' to ClamAV

rather, ClamAV is being invoked by a CGPro script, "cgpav-1.3a", found at: , built & compiled 
in the presence of a successful clamav build/install.

with a little guidance, i might be able to provide you a better answer ...

Thomas
richard

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro (clamav-users: addressed to exclusive sender for this address)

[OpenMacNews]

-- On Wednesday, March 17, 2004 8:28 PM +  Nigel Horne <[EMAIL PROTECTED]> wrote:

Have you enabled 'ScanMail' in clamav.conf?
yes I have 

fyi, ClamAV *is* regularly & successfully scanning/catching most of the viral traffic I see

every once in awhile one still sneaks by, altho i couldn't swear that it falls into the categories i listed here

these, however, fail consistently.

richard

-Nigel

On Wednesday 17 Mar 2004 4:26 pm, OpenMacNews wrote:
hi,

ClamAV version devel-20040316, built on OSX 10.3.3, and integrated into
CommunigatePro 4.1.8, is consistently failing to detect the following Eicar
tests from www.testvirus.org:


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] dag clamav rpm .68

[Lucas Albers]

On redhat 7.3 to continue my earlier statement I am using .68 (dag rpm)
but it has a problem with the daemon, so I am currently just running
clamscan, not clamdscan while I troubleshoot.

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] success with clamav versions

[Lucas Albers]

I have had no problems running the following clamav versions.
clamav-0.67-6 on debian testing
clamav-0.68 from dag on redhat 7.3
These are both production mail servers.


-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[Thomas Lamy]

Jim Maul schrieb:

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
OpenMacNews
Sent: Wednesday, March 17, 2004 11:27 AM
To: ClamAV Users List
Subject: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV
version devel-20040316 on OSX+CGPro
hi,

ClamAV version devel-20040316, built on OSX 10.3.3, and
integrated into CommunigatePro 4.1.8, is consistently failing
to detect the following Eicar tests from www.testvirus.org:
I would just like to point out that MOST of these are not problems with
clamav at all.  I can not say how to get clamav to detect these because that
is dependant on how clamav is called and how it integrates with your mta.
Uhm, yes and no. It depends what your MTA sends to clamav, and how you 
set it up.

   Test #5: Eicar virus sent using BinHex encoding

   Test #8: Eicar virus sent using BinHex encoding within a
MIME segment

Clamav is catching those just fine since Feb 4.
Your system must be able to decode binhex attachments before they are passed
to clamav.  I dont believe clamav has an internal binhex decoder.  Being
that most people dont have a decoder themselves, i dont see how this is
really an issue.  symantec on my workstation doesnt even pick these up.
Sorry, but IMHO a virus scanner on a Mac that doesn't handle BinHex is a 
piece of scrap.
Clamav has a BinHex decoder, and it works.

   Test #10: Eicar virus embedded within an RFC822 message

   Test #15: Eicar string in HTML, to ensure that your mail
server scans HTML segments
This is definitely a fault with whatever program is calling clamav on your
system.  These are both blocked on my system (using qmail and
qmail-scanner).
I agree here. It just comes down to:
- Have you enabled the ScanMail and ScanArchive options in your 
clamav.conf, or are you using clamscan --mbox? If not, this is the culprit.
- What is CGpro sending to clamav? Does it decompose mails? CG _may_ 
fulfill this task, erm, incompletely. Or does it send the whole raw 
message to clamav? Then you definitely need to enable ScanMail (see above)


   Test #22: Eicar virus within zip file hidden using the
"Empty MIME Boundary Vulnerability"
I dont really know what this means but it is let through on my system as
well.  However i am not too worried about it as it was not picked up
symantec on my desktop and someone would need a base64 decoder and some
computer knowledge to be able to extract this attachment.
This is an issue I will have a look at, though I'm unsure on how to 
handle such stuff that doesn't show as attachment in client programs.

There is at least one M$ Outlook bug that makes attachments with 
specially crafted headers viewable, which are unseen by other client 
programs. But how should one handle that? ClamAV is a virus scanner. 
It's not a vulnerability scanner. I consider catching such messages a 
"nice to have", but if correctly implented it bloats clamav's config 
file (or clamscan's --help output) endless, given the number of bugs 
some mail clients have.

(Having a hard time to not flame about Symantec again)

   Test #23: Test for the "Partial (Fragmented)
Vulnerability". This does not include Eicar virus, but your mail
   server still must block this since it can break a virus
into multiple emails and reassemble it in your inbox.
See above. The test is there, but currently issues a libclamav warning IIRC.
   Test #24: Attachment with a CLSID extension which may
hide the real file extension. This does not include Eicar
   virus, but your mail server still must block this since
it can hide the true extension of a file.
See above. Thanks MS.

Thomas



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[Nigel Horne]

Have you enabled 'ScanMail' in clamav.conf?

-Nigel

On Wednesday 17 Mar 2004 4:26 pm, OpenMacNews wrote:
> hi,
>
> ClamAV version devel-20040316, built on OSX 10.3.3, and integrated into
> CommunigatePro 4.1.8, is consistently failing to detect the following Eicar
> tests from www.testvirus.org:
>
> Test #5: Eicar virus sent using BinHex encoding
>
> Test #8: Eicar virus sent using BinHex encoding within a MIME
> segment
>
> Test #10: Eicar virus embedded within an RFC822 message
>
> Test #15: Eicar string in HTML, to ensure that your mail server
> scans HTML segments
>
> Test #22: Eicar virus within zip file hidden using the "Empty MIME
> Boundary Vulnerability"
>
> Test #23: Test for the "Partial (Fragmented) Vulnerability". This
> does not include Eicar virus, but your mail server still must block this
> since it can break a virus into multiple emails and reassemble it in your
> inbox.
>
> Test #24: Attachment with a CLSID extension which may hide the real
> file extension. This does not include Eicar virus, but your mail server
> still must block this since it can hide the true extension of a file.
>
> if there's anything further i can provide/check, pls let me know.
>
> richard
>
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] MIME problem?

[Nigel Horne]

On Monday 15 Mar 2004 5:43 pm, Stuart Mycock wrote:

> When I rip out the attachment manually it detects the virus fine.
>
> Shall I submit the sample anyway? I don't want to waste anyone's time if
> this is something that's already being dealt with?

Send me the e-mail and I'll look into it.

-Nigel


-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

[Lynn Duerksen]

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf 
> Of Helmut Schneider
> Sent: Wednesday, March 17, 2004 2:40 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files
> INFECTED (Worm.Bagle.Gen-rarpwd)
> 
> Lynn Duerksen wrote:
> 
> >> Thats the point, if clamav would have detected the virus in the 
> >> original mail I wouldn't have posted here... :)
> > 
> > I am experiencing similar problems on my OpenBSD 3.4 box and was 
> > wondering if there has been any resolution on this issue.
> 
> I'm using 3.4, too.
> 
> 
I installed the latest csv and everything seems to work ok.  I feed a
saved-infected message and amavisd-new reported in the log:

Mar 17 13:38:17 TECHGATE1 amavis[8104]: (08104-04) INFECTED
(Worm.Bagle.Gen-rarpwd),
<[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]>, quarantine virus-20040317-133817-08104-04,
Message-ID: <[EMAIL PROTECTED]>, Hits: -

So it looks like were good to go!

Thanks to the Clamav team for the hardwork.

L A Duerksen



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[Jim Maul]

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> OpenMacNews
> Sent: Wednesday, March 17, 2004 11:27 AM
> To: ClamAV Users List
> Subject: [Clamav-users] testvirus.org eicar tests failing w/ ClamAV
> version devel-20040316 on OSX+CGPro
>
>
> hi,
>
> ClamAV version devel-20040316, built on OSX 10.3.3, and
> integrated into CommunigatePro 4.1.8, is consistently failing
> to detect the following Eicar tests from www.testvirus.org:
>

I would just like to point out that MOST of these are not problems with
clamav at all.  I can not say how to get clamav to detect these because that
is dependant on how clamav is called and how it integrates with your mta.


> Test #5: Eicar virus sent using BinHex encoding
>
> Test #8: Eicar virus sent using BinHex encoding within a
> MIME segment

Your system must be able to decode binhex attachments before they are passed
to clamav.  I dont believe clamav has an internal binhex decoder.  Being
that most people dont have a decoder themselves, i dont see how this is
really an issue.  symantec on my workstation doesnt even pick these up.

>
> Test #10: Eicar virus embedded within an RFC822 message
>
> Test #15: Eicar string in HTML, to ensure that your mail
> server scans HTML segments
>

This is definitely a fault with whatever program is calling clamav on your
system.  These are both blocked on my system (using qmail and
qmail-scanner).


> Test #22: Eicar virus within zip file hidden using the
> "Empty MIME Boundary Vulnerability"
>

I dont really know what this means but it is let through on my system as
well.  However i am not too worried about it as it was not picked up
symantec on my desktop and someone would need a base64 decoder and some
computer knowledge to be able to extract this attachment.

> Test #23: Test for the "Partial (Fragmented)
> Vulnerability". This does not include Eicar virus, but your mail
> server still must block this since it can break a virus
> into multiple emails and reassemble it in your inbox.
>
> Test #24: Attachment with a CLSID extension which may
> hide the real file extension. This does not include Eicar
> virus, but your mail server still must block this since
> it can hide the true extension of a file.
>

These 2 are not a virus and as such should not be detected by clamav.  They
are both blocked by qmail-scanner however.


> if there's anything further i can provide/check, pls let me know.
>
> richard
>
>

You may have more luck posting this message on a list decicated to whatever
program integrates clamav to your mta.  These are not faults of clamav.

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems with clamd 0.70-rc: Hangs on Solaris 9

[Igor Brezac]

It seems that ScanMail is broken since 0.68 (it appears broken in 0.70-rc
as well).  eicar standard test virus is no longer recognized when attached
in an email messages.  The same setup works fine with clamav-0.67.

-Igor

On Wed, 17 Mar 2004, trustem dotcom wrote:

> Upgraded to clamd 0.70-rc on Solaris 9 sparc.
>
> A few minor issues we have observed:
>   1) When trying to stop clamd (SIGTERM), clamd claims
> to exit successfully (see log, below) but hangs
> forever. Have to give it a SIGKILL to actually
> terminate the process.
>   2) Have not had enough time to adequate investigate
> why, but clamd now always seems to be in the top 20
> processes, whereas with 0.65 and 0.68, it almost never
> was. No noticable difference in the number of
> processes using clamd either.
>   3) Two really near-trivial freshclam issues:
>  a) The freshclam man page does not make any
> mention of the (apparently) new freshclam.conf file.
>  b) There is no man page for freshclam.conf.
>
> Keep up the great work y'all!
>
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
>
> P.S. Have to use Yahoo to post to this group because
> for some reason sourceforge's MTA says that it 'cannot
> verify sender' whenever we try to post to mail list.
>
>
> LOG FILE FOR clamd SHOWING IT THINKS IT STOPPED:
> 
> > Tue Mar 16 16:01:53 2004 -> +++ Started at Tue Mar
> 16 16:01:53 2004
> > Tue Mar 16 16:01:53 2004 -> Log file size limited to
> 8388608 bytes.
> > Tue Mar 16 16:01:53 2004 -> Verbose logging
> activated.
> > Tue Mar 16 16:01:53 2004 -> Running as user defang
> (UID 104, GID 25)
> > Tue Mar 16 16:01:53 2004 -> Reading databases from
> /var/clamav/databases
> > Tue Mar 16 16:01:55 2004 -> Protecting against 20486
> viruses.
> > Tue Mar 16 16:01:56 2004 -> Unix socket file
> /var/clamav/clamd.sock
> > Tue Mar 16 16:01:56 2004 -> Setting connection queue
> length to 60
> > Tue Mar 16 16:01:56 2004 -> Listening daemon: PID:
> 332
> > Tue Mar 16 16:01:56 2004 -> Archive: Archived file
> size limit set to 10485760 bytes.
> > Tue Mar 16 16:01:56 2004 -> Archive: Recursion level
> limit set to 9.
> > Tue Mar 16 16:01:56 2004 -> Archive: Files limit set
> to 1000.
> > Tue Mar 16 16:01:56 2004 -> Archive: Compression
> ratio limit set to 200.
> > Tue Mar 16 16:01:56 2004 -> Archive support enabled.
> > Tue Mar 16 16:01:56 2004 -> RAR support disabled.
> > Tue Mar 16 16:01:56 2004 -> Blocking encrypted
> archives.
> > Tue Mar 16 16:01:56 2004 -> Mail files support
> enabled.
> > Tue Mar 16 16:01:56 2004 -> OLE2 support enabled.
> > Tue Mar 16 16:01:56 2004 -> Self checking every 3600
> seconds.
> > Tue Mar 16 17:02:26 2004 -> No stats for Database
> check - forcing reload
> > Tue Mar 16 17:02:26 2004 -> Reading databases from
> /var/clamav/databases
> > Tue Mar 16 17:02:30 2004 -> Database correctly
> reloaded (20486 viruses)
> > Tue Mar 16 18:05:51 2004 -> SelfCheck: Database
> status OK.
> > 
> > Wed Mar 17 09:31:04 2004 -> SelfCheck: Database
> status OK.
> > Wed Mar 17 10:12:53 2004 -> Shutting down the main
> socket.
> > Wed Mar 17 10:12:53 2004 -> Closing the main socket.
> > Wed Mar 17 10:12:53 2004 -> Socket file removed.
> > Wed Mar 17 10:12:53 2004 -> Pid file removed.
> > Wed Mar 17 10:12:53 2004 -> Exiting (clean)
> > Wed Mar 17 10:12:53 2004 -> --- Stopped at Wed Mar
> 17 10:12:53 2004
>
>
>
>
>
> __
> Do you Yahoo!?
> Yahoo! Mail - More reliable, more storage, less spam
> http://mail.yahoo.com
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>

-- 
Igor


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Installed latest rpms of clamAV; "LibClamAV Error: !Can't open /dev/urandom" errors persist

[Edward W. Ray]

Nope.  /dev/urandom errors persist.

At this point I have multiple copies of different versions of ClamAV
scattered all over my mail server.  I am running out of room for my mail
server to do its primary job, which is as a mail server.  I think I will
take a step back, clean out my hard drive of all useless crap, uninstall all
versions of clamAV, and try again. 

[EMAIL PROTECTED] bin]# df -l
Filesystem   1K-blocks  Used Available Use% Mounted on
/dev/sda2  746   5729000   1347824  81% /
(*Main hard drive)
/dev/sda1   256667 54105189310  23% /boot
none515444 0515444   0% /dev/shm
/dev/sdb1 17307036 72416  16355468   1% /scsi2
/dev/sdb2 17971020   2953052  14105076  18% /home


Thanks again for all of your help.  Once I get this installed, is their a
place I can make a donation for supporting this software?

Edward W. Ray
MMICMAN, LLC
826 N. Red Robin Street
Orange, CA 92869-1907
714-997-9226 (w)
714-997-3289 (f)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Fajar A.
Nugraha
Sent: Tuesday, March 16, 2004 9:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Installed latest rpms of clamAV; "LibClamAV
Error: !Can't open /dev/urandom" errors persist

Edward W. Ray wrote:

>Just not my day I guess.  On "make" in devel build:
>
>cd .. && \
>  /bin/sh /scsi2/tmp/clamav-devel-20040316/missing --run automake-1.6 
>--gnu clamd/Makefile
>aclocal.m4:4200: version mismatch.  This is Automake 1.6.3, but 
>aclocal.m4
>aclocal.m4:4200: was generated for Automake 1.6.1.  You should recreate
>aclocal.m4:4200: aclocal.m4 with aclocal and run automake again.
>make[1]: *** [Makefile.in] Error 1
>make[1]: Leaving directory `/scsi2/tmp/clamav-devel-20040316/clamd'
>make: *** [install-recursive] Error 1
>
>  
>
:)

This is a known "resident" problem on devel build. Sometimes it's there,
sometimes it's not.
The easiest work-around is to rename or remove (temporarily)
/usr/bin/automake-1.6
to something else (e.g. /usr/bin/automake-1.6-old).
Then remove your build dir completely, untar from fresh source, and re-run
./configure

With that trick, today's snapshot builds fine on Fedora Core 1
(http://clamav.or.id/snapshot/clamav-devel-latest.linux.tar.gz).

Some people said simply running aclocal, autoconf, and automake on your
build dir works. I haven't tried that though.

Regards,

Fajar


---
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial
presented by Daniel Robbins, President and CEO of GenToo technologies. Learn
everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Alive check for clamd ?

[Mike Cathey]

Stephan,

On Wed, 2004-03-17 at 11:11, Stephan von Krawczynski wrote:
> is there a simple way to check if running clamd is still alive?

http://mikecathey.com/code/clamdwatch/

I believe it's in the $src/contrib directory as well.

Cheers,

Mike



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Config change

[Dennis Skinner]

I noticed that the DataDirectory directive in the clamav.conf has
changed in recent versions to DatabaseDirectory.  Are both valid and
will they remain so?  I don't see any notes in the docs or ChangeLog or
the list archives regarding this change.

Thanks.

-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Alive check for clamd ?

[Ryan Moore]

Stephan von Krawczynski wrote:
Hello all,

is there a simple way to check if running clamd is still alive? I lately
experienced hanging and therefore would like to check via cron...
I read something about a PING clamd command in the docs, but couldn't really
find out how that works.
Regards,
Stephan

http://mikecathey.com/code/clamdwatch/

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] cannot update

[Krištof Petr]

david wrote:

I installed version clamav-0.67-1 as an rpm.

However upon trying to update I get this...

ClamAV update process started at Tue Mar 16 18:42:49 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./e456f6640da6112f to write
open: Permission denied 

Update to version 0.70rc, please.

Than edit /etc/freshclam.conf, especialy line
DatabaseOwner user_what_running_freshclam
and do 'chown -R user_what_running_freshclam /var/lib/clamav/'

Petr



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] why don't detect

[Diego d'Ambra]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Korchmenuk Nickolay
> Sent: 17. marts 2004 15:53
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] why don't detect
> 
> Submission: 2021
> Sender: Korchmenuk Nickolay
> Submitted virus name: Win32.HLLM.MyDoom.32768
> Notes: Triple bounced e-mail with Worm.SCO.A. If
> Notes: attachment is extracted virus is detected.
> Added: No
> 
> Could you say why clamscan and clamdscan didn't detect virus in this
e-
> mail?

I'm unable to tell why the --mbox option didn't detect the virus. Your
sample has been forwarded to Nigel, so I expect he will have more
details.

Best regards,
Diego d'Ambra


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] cannot update

[Mark Novak]

David,

See below.
On Mar 17, 2004, at 8:00 AM, david wrote:
Hi

I am a new user of clam.

I installed version clamav-0.67-1 as an rpm.

However upon trying to update I get this...

ClamAV update process started at Tue Mar 16 18:42:49 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./e456f6640da6112f to write
open: Permission denied
ERROR: Can't download main.cvd from 62.210.153.201
Trying again...
ClamAV update process started at Tue Mar 16 18:42:58 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./cddc7ebb2493bb97 to write
open: Permission denied
ERROR: Can't download main.cvd from 24.73.112.74
Trying again...
ClamAV update process started at Tue Mar 16 18:43:13 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./80dd74849915a32e to write
open: Permission denied
ERROR: Can't download main.cvd from 62.210.153.202
Giving up...
I read the instructions and what I thought were relavent parts of the
manual.  I gathered that the main.cvd file needed to have the
permissions changed.  So I did this.  But now I get -
ERROR: Can't open new file ./80dd74849915a32e to write
Where is it trying to write this file to so that I can change the
permissions for this directory.
Any help will be much appreciated.

dave

I ran into the exact same problem.  In the /etc/freshclam.conf, 
uncomment the following line:

# You can change the default database directory here.
DatabaseDirectory /var/lib/clamav
The DatabaseDirectory line was commented out by default and caused me 
these same problems.

HTH,

Mark Novak

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Ladmar virus?

[Keith Murphy]

Tomasz Kojm wrote:

On Mon, 15 Mar 2004 10:01:00 -0600
Keith Murphy <[EMAIL PROTECTED]> wrote:

I'm suddenly seeing this:

clamscan Notepad.exe
Notepad.exe: W32.Ladmar.A FOUND


Fixed - please run freshclam.

That fixed it - thanks a heap.

(Due to a quirk in my mailreader, I was not seeing the update that 
caused this originally in the virusdb list, but now I've found it).



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] call for MacOffice sample documents

[Trog]

On Wed, 2004-03-17 at 15:05, Mark Novak wrote:
> Trog,
> 
> Where do you want them posted?  I have Mac Office on OSX Panther.
> 

Email will be fine. Or any web/ftp server if email is a problem.

Thanks
-trog



signature.asc
Description: This is a digitally signed message part

[Clamav-users] testvirus.org eicar tests failing w/ ClamAV version devel-20040316 on OSX+CGPro

[OpenMacNews]

hi,

ClamAV version devel-20040316, built on OSX 10.3.3, and integrated into CommunigatePro 4.1.8, is consistently failing 
to detect the following Eicar tests from www.testvirus.org:

   Test #5: Eicar virus sent using BinHex encoding

   Test #8: Eicar virus sent using BinHex encoding within a MIME segment

   Test #10: Eicar virus embedded within an RFC822 message

   Test #15: Eicar string in HTML, to ensure that your mail server scans HTML segments

   Test #22: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability"

   Test #23: Test for the "Partial (Fragmented) Vulnerability". This does not 
include Eicar virus, but your mail
   server still must block this since it can break a virus into multiple emails 
and reassemble it in your inbox.
   Test #24: Attachment with a CLSID extension which may hide the real file 
extension. This does not include Eicar
   virus, but your mail server still must block this since it can hide the true 
extension of a file.
if there's anything further i can provide/check, pls let me know.

richard



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Alive check for clamd ?

[Stephan von Krawczynski]

Hello all,

is there a simple way to check if running clamd is still alive? I lately
experienced hanging and therefore would like to check via cron...
I read something about a PING clamd command in the docs, but couldn't really
find out how that works.

Regards,
Stephan


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] SFX-RAR files

[Michael L Torrie]

On Wed, 2004-03-17 at 06:51, Tomasz Kojm wrote:
> On Wed, 17 Mar 2004 12:53:43 +0100
> "daniele" <[EMAIL PROTECTED]> wrote:
> 
> > I've installed clamav-0.60 and also 0.65 , but when sendmail must send
> > a message with file .exe creates with winrar 3.x, it doesen't permite
> > the operation because founds a trojan.orcamento virus in in the
> > archive (not if created with winrar 2.x)
> 
> Update your database !

I find it strange so many people aren't doing this.  In my opinion,
freshclam should alreays be runnin either in daemon mode or via a cron
job.  Is this not so?

Michael

-- 
Michael L Torrie <[EMAIL PROTECTED]>



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Suggestion for minor logging change

[trustem dotcom]

I have a couple 'it would be nice if...' requests
regarding clamd's logging.
  1) Log the version of clamd when it starts.
  2) Log the version of databases when they are loaded
or reloaded.

THANKS!

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA



__
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems with clamd 0.70-rc: Hangs on Solaris 9

[trustem dotcom]

Upgraded to clamd 0.70-rc on Solaris 9 sparc.

A few minor issues we have observed:
  1) When trying to stop clamd (SIGTERM), clamd claims
to exit successfully (see log, below) but hangs
forever. Have to give it a SIGKILL to actually
terminate the process.
  2) Have not had enough time to adequate investigate
why, but clamd now always seems to be in the top 20
processes, whereas with 0.65 and 0.68, it almost never
was. No noticable difference in the number of
processes using clamd either.
  3) Two really near-trivial freshclam issues:
 a) The freshclam man page does not make any
mention of the (apparently) new freshclam.conf file.
 b) There is no man page for freshclam.conf.

Keep up the great work y'all!

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

P.S. Have to use Yahoo to post to this group because
for some reason sourceforge's MTA says that it 'cannot
verify sender' whenever we try to post to mail list.


LOG FILE FOR clamd SHOWING IT THINKS IT STOPPED:

> Tue Mar 16 16:01:53 2004 -> +++ Started at Tue Mar
16 16:01:53 2004
> Tue Mar 16 16:01:53 2004 -> Log file size limited to
8388608 bytes.
> Tue Mar 16 16:01:53 2004 -> Verbose logging
activated.
> Tue Mar 16 16:01:53 2004 -> Running as user defang
(UID 104, GID 25)
> Tue Mar 16 16:01:53 2004 -> Reading databases from
/var/clamav/databases
> Tue Mar 16 16:01:55 2004 -> Protecting against 20486
viruses.
> Tue Mar 16 16:01:56 2004 -> Unix socket file
/var/clamav/clamd.sock
> Tue Mar 16 16:01:56 2004 -> Setting connection queue
length to 60
> Tue Mar 16 16:01:56 2004 -> Listening daemon: PID:
332
> Tue Mar 16 16:01:56 2004 -> Archive: Archived file
size limit set to 10485760 bytes.
> Tue Mar 16 16:01:56 2004 -> Archive: Recursion level
limit set to 9.
> Tue Mar 16 16:01:56 2004 -> Archive: Files limit set
to 1000.
> Tue Mar 16 16:01:56 2004 -> Archive: Compression
ratio limit set to 200.
> Tue Mar 16 16:01:56 2004 -> Archive support enabled.
> Tue Mar 16 16:01:56 2004 -> RAR support disabled.
> Tue Mar 16 16:01:56 2004 -> Blocking encrypted
archives.
> Tue Mar 16 16:01:56 2004 -> Mail files support
enabled.
> Tue Mar 16 16:01:56 2004 -> OLE2 support enabled.
> Tue Mar 16 16:01:56 2004 -> Self checking every 3600
seconds.
> Tue Mar 16 17:02:26 2004 -> No stats for Database
check - forcing reload
> Tue Mar 16 17:02:26 2004 -> Reading databases from
/var/clamav/databases
> Tue Mar 16 17:02:30 2004 -> Database correctly
reloaded (20486 viruses)
> Tue Mar 16 18:05:51 2004 -> SelfCheck: Database
status OK.
> 
> Wed Mar 17 09:31:04 2004 -> SelfCheck: Database
status OK.
> Wed Mar 17 10:12:53 2004 -> Shutting down the main
socket.
> Wed Mar 17 10:12:53 2004 -> Closing the main socket.
> Wed Mar 17 10:12:53 2004 -> Socket file removed.
> Wed Mar 17 10:12:53 2004 -> Pid file removed.
> Wed Mar 17 10:12:53 2004 -> Exiting (clean)
> Wed Mar 17 10:12:53 2004 -> --- Stopped at Wed Mar
17 10:12:53 2004





__
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

[Bart Silverstrim]

On Mar 16, 2004, at 10:13 PM, Steven P. Donegan wrote:

Fajar A. Nugraha wrote:

Steven P. Donegan wrote:

Hmmm, I just do a freshclam from chron rather than let it run as a 
daemon - as a new user (I just downloaded, installed, integrated 
with my anti-spam/anti-virus proxy - home built, today). Is doing 
this in any way a negative thing?

Not if you set it to run on random minute (e.g. not 0). If you set it 
up as

0 * * * * /usr/local/bin/freshclam

then you might be among those people who floods database mirrors 
during update checks :)

Better change the 0 to something random (e.g. 19, 34, etc).

Regards,

Fajar
Well, on general principles I do that anyway :-) But thanks for the 
response.

This is assuming everyone's clocks are set in sync? :-)



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Owner gets overwritten during installation

[Wolfgang Cernohorsky]

After updating to v0.70-rc I've noticed, that the owner of the
database directories (/usr/local/share/clamav on my linux box) changes
to clamav but clamav runs on my box under user amavisd, so do
freshclam - this cause permission problems when a new database update
comes in.
Maybe you could change the install part for the database directory,
e.g. when this directory allready exists, don't change the owner of
the directory.

Wolfgang





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Verification of signature on ClamAV software

[Johnny Johansen]

On Wednesday 17 March 2004 13:21, you wrote:

> The file is signed by Tomasz Kojm. His PGP key is available at
> http://www.clamav.net/gpg/tkojm.gpg , among others.

Directions greatly appreciated. I fetched Kojm's key-file and verified the 
signature on the downloaded software without problems. I'm now looking 
forward to testing it   :-)))

Happy virus hunting
/johnny



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] call for MacOffice sample documents

[Mark Novak]

Trog,

Where do you want them posted?  I have Mac Office on OSX Panther.

Thanks,

Mark

On Mar 17, 2004, at 5:51 AM, Trog wrote:

I order to test the clam VBA decoder, I need some samples of MacOffice
documents.
** They MUST have VBA in them in order to be of any use. **

I don't care if they contain viruses or just other VBA code (but if 
they
contain viruses, please zip with the password of 'virus').

If you have privacy concerns, please go ahead and delete all the 
content
of the document (except the VBA, obviously), as that is of no interest.

Thanks
-trog
---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] why don't detect

[Korchmenuk Nickolay]

Hi 

I've question about my mbox-submission:

Submission: 2021
Sender: Korchmenuk Nickolay
Submitted virus name: Win32.HLLM.MyDoom.32768
Notes: Triple bounced e-mail with Worm.SCO.A. If 
Notes: attachment is extracted virus is detected. 
Added: No 

Could you say why clamscan and clamdscan didn't detect virus in this e-mail?
I've clamav 0.70rc, databases updated every hour.

-- 
 Korchmenuk Nickolay
17 Mar 2004 16:50:31


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] cannot update

[david]

Hi

I am a new user of clam.

I installed version clamav-0.67-1 as an rpm.

However upon trying to update I get this...

ClamAV update process started at Tue Mar 16 18:42:49 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./e456f6640da6112f to write
open: Permission denied
ERROR: Can't download main.cvd from 62.210.153.201
Trying again...
ClamAV update process started at Tue Mar 16 18:42:58 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./cddc7ebb2493bb97 to write
open: Permission denied
ERROR: Can't download main.cvd from 24.73.112.74
Trying again...
ClamAV update process started at Tue Mar 16 18:43:13 2004
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Reading CVD header (main.cvd): OK
ERROR: Can't open new file ./80dd74849915a32e to write
open: Permission denied
ERROR: Can't download main.cvd from 62.210.153.202
Giving up...
I read the instructions and what I thought were relavent parts of the
manual.  I gathered that the main.cvd file needed to have the
permissions changed.  So I did this.  But now I get -
ERROR: Can't open new file ./80dd74849915a32e to write
Where is it trying to write this file to so that I can change the
permissions for this directory.
Any help will be much appreciated.

dave





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] SFX-RAR files

[Tomasz Kojm]

On Wed, 17 Mar 2004 12:53:43 +0100
"daniele" <[EMAIL PROTECTED]> wrote:

> I've installed clamav-0.60 and also 0.65 , but when sendmail must send
> a message with file .exe creates with winrar 3.x, it doesen't permite
> the operation because founds a trojan.orcamento virus in in the
> archive (not if created with winrar 2.x)

Update your database !

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Mar 17 14:51:10 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Verification of signature on ClamAV software

[Tomasz Kojm]

On Wed, 17 Mar 2004 10:57:14 +0100
"Johnny Johansen" <[EMAIL PROTECTED]> wrote:

> Hi ,
> 
> I'm considering using ClamAV, and I have downloaded the latest 
> softwareversion including the digital signature file. I want to verify
> 
> (GPG) the signature before trying to use the software, but I can't
> find the public key matching the secret key used for signing. I tried
> to search the mail-archive, I browsed/searched through the FAQ, and I
> checked the homepage http://www.clamav.net
> 
> Could someone please direct me ?

The package is signed with my key, you can find it on pgp.mit.edu or
http://www.clamav.net/gpg/tkojm.gpg

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Mar 17 14:26:00 CET 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Freshclam Problem in 0.70

[Paul Crisp]

I have been running Clam since v0.65 and have found the product to be
excellent in our enviroment. 

I recently upgraded to development version because of the dreaded Bagle
virus and adjusted my freshclam settings within clamav.conf to allow for
proxy and authentication. Everything has been working fine and then
segmentation faults started to appear so I have decided to move to 0.70 RC.

Now freshclam will not work, below is what I get. I have checked internet
access from the machine and pinged database.clamav.net and I am getting
responses, any clues to how I can sort this problem

ClamAV update process started at Wed Mar 17 12:31:34 2004
Reading CVD header (main.cvd): ERROR: Malformed CVD header
detected.
ERROR: Can't read main.cvd header from database.clamav.net
(80.69.67.3)
Trying again...
ClamAV update process started at Wed Mar 17 12:31:35 2004
Reading CVD header (main.cvd): ERROR: Error while reading
CVD header of database from database.clamav.net
ERROR: Can't read main.cvd header from database.clamav.net
(80.69.67.3)
Trying again...
ClamAV update process started at Wed Mar 17 12:31:36 2004
Reading CVD header (main.cvd): ERROR: Error while reading
CVD header of database from database.clamav.net
ERROR: Can't read main.cvd header from database.clamav.net
(24.73.112.74)
Giving up...


Paul Crisp
Snr Network Support Analyst
t: 020 7 827 5201
f: 020 7 827 5266




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Verification of signature on ClamAV software

[Odhiambo Washington]

* Johnny Johansen <[EMAIL PROTECTED]> [20040317 13:33]: wrote:
> Hi ,
> 
> I'm considering using ClamAV, and I have downloaded the latest 
> softwareversion including the digital signature file. I want to verify 
> (GPG) the signature before trying to use the software, but I can't find 
> the public key matching the secret key used for signing. I tried to search 
> the mail-archive, I browsed/searched through the FAQ, and I checked the 
> homepage http://www.clamav.net
> 
> Could someone please direct me ?


The file is signed by Tomasz Kojm. His PGP key is available at
http://www.clamav.net/gpg/tkojm.gpg , among others.


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] call for MacOffice sample documents

[Trog]

I order to test the clam VBA decoder, I need some samples of MacOffice
documents.

** They MUST have VBA in them in order to be of any use. **

I don't care if they contain viruses or just other VBA code (but if they
contain viruses, please zip with the password of 'virus').

If you have privacy concerns, please go ahead and delete all the content
of the document (except the VBA, obviously), as that is of no interest.

Thanks
-trog


signature.asc
Description: This is a digitally signed message part

[Clamav-users] SFX-RAR files

[daniele]

I've installed clamav-0.60 and also 0.65 , but when sendmail must send a
message with file .exe creates with winrar 3.x, it doesen't permite the
operation because founds a trojan.orcamento virus in in the archive (not if
created with winrar 2.x)

why?

thanks



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Troubles with recent clamav's

[Randal, Phil]

Doug Hardie erote:
> The problem I encountered has now been identified and I have 
> a working  
> clamd that does not hang.  I compiled it two different ways and both  
> worked.  The problem was /dev/urandom returning either a -1 or a 0.   
> Either of those will cause others.c to hang as it does not test for  
> that condition.  One approach was to put in a trivial test 
> for it and  
> exit from the loop.  The other was to remove the define for 
> C_URANDOM  
> in the .h file.  Both of those approaches worked in my 
> testing.  Since  
> I couldn't easily determine if the first would have some side 
> effects  
> if it didn't return enough random bits, I have gone with the second  
> approach.  My production server has been running for slightly over 6  
> hours now and no problems have been seen.

0 is a valid return value from either /dev/urandom or rand().

And if urandom returns -1, shouldn't we just fallback to using rand()?

Cheers,

Phil
-
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] RE: msg-Private data not null

[Mike Brodbelt]

Alex S Moore wrote:
> On Mon, 15 Mar 2004 14:45:27 -0600
> Alex S Moore <[EMAIL PROTECTED]> wrote:
> 
> 
>>Been having problems lately.  Using clamav-milter on Solaris 9 with
>>version 0.67-1 (whatever the latest release is).  It has been working
>>brilliantly for months.  Recently, I started getting a mail.warning
>>message: ClamAv: Private data not NULL.  After this starts, the thread
>>count continues to grow and I start getting timeouts.
> 
> 
> I have not seen anything like this.  Now I am getting messages like:
> Mar 15 17:13:57 mcsun1 clamav-milter[22196]: [ID 801443 mail.notice] hit
> max-children limit (118 >= 2): waiting for some to exit
> 
> The only times that I have had this message, it was legit and the numbers
> were like (4 >= 2), not (118 >= 2) and it straightened out when the load
> decreased.  My mail arrives from POP3 accounts using fetchmail every 10
> minutes or so.  The volume is only 450 - 500 messages a day.

This bug has been present for months. Certainly I had it back in
September last year, when I first installed ClamAV. I've since found
that increasing MaxThreads in clamav.conf, and max-children for
clamav-milter, while it doesn't fix the problem, at least makes it less
of an issue. I'm now running with 25 threads and 20 clamav-milter
children, and, while individual milter children still appear to crash, I
no longer have to restart the milter service every hour or two.

You can also work rounf it by using something like mailscanner of
MIMEDefang, though if you're running sendmail, milter is a clearly
superior whay to do it, IMHO.

Mike.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] disabling a signature in the virus db file

[Sylvain Trias]

Hi, I had to disable a signature in the db file because we were having a
lot of false positives (or at least too many alerts).

I simply deleted the line in the db file, now I wonder whether the
signature will be put back in the db when running freshclam.


PS:
The signature was Trojan.URLspoof.gen, any mail sent from outlook with
html attachement was seen as a virus


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Encrypted RAR Signature

[Cedric Foll]

Le mar 16/03/2004 à 17:31, Chris Meadors a écrit :
> > Submission: 2005
> > Sender: Fisher
> > Submitted virus nam"ArchiveDetectEncrypted"e: Unknown Virus
> > Virus name: Worm.Bagle.Gen-rarpwd
> > Notes: Signature added through daily.cvd version 187 to 
> > Notes: detect password protected RAR files.
> > Added: No 
> 
> Is this signature in effect for all scans, or only those with the
> "ArchiveDetectEncrypted" option set?

It's effect all scans.
The option "ArchiveDetectEncrypted" reject (ie detect as "virus") all
encrypted archives.

Regards

-- 
==
Cedric Foll
Ingénieur sécurité & réseaux, Rectorat de Rouen
mèl: [EMAIL PROTECTED]
tèl: 02 35 14 77 51

"L'orgueil a plus de part que la bonté 
aux remontrances que nous faisons à 
ceux qui commettent des fautes; et nous 
ne les reprenons pas tant pour les en 
corriger que pour leur persuader que 
nous en sommes exempts."
La rochefoucauld
===


signature.asc
Description: Ceci est une partie de message	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=

[Clamav-users] Verification of signature on ClamAV software

[Johnny Johansen]

Hi ,

I'm considering using ClamAV, and I have downloaded the latest 
softwareversion including the digital signature file. I want to verify 
(GPG) the signature before trying to use the software, but I can't find 
the public key matching the secret key used for signing. I tried to search 
the mail-archive, I browsed/searched through the FAQ, and I checked the 
homepage http://www.clamav.net

Could someone please direct me ?

Venlig hilsen / Best regards

Johnny Johansen



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanStream errors

[Krzysztof Snopek]

On Tue, 16 Mar 2004, Alex S Moore wrote:

> Are you using GNU compiler and make?  I found that my problems started with
> clamav code changes somewhere this month.  I have been using Sun's compiler

I'm using Gnu compiler but Solaris make
I've installed version 0.70 rc . No problems up to now

Krzysztof Snopek


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanStream errors

[Krzysztof Snopek]

On Tue, 16 Mar 2004, Bugs wrote:

>
> I saw the same thing after I downloaded the new binaries for
> our Tru64 server.
>
> I did some testing and found that when I used the previous
> clamdscan binary, everything worked again. It even picks up
> viruses that were missed before, and caught by our "banned
> extensions" recipe.
> So I am using all the new binaries and libraries except for
> clamdscan.

But I'm not using clamdscan at all. It was with clamav-milter
and clamd only.

Krzysztof Snopek


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ScanStream errors

[Krzysztof Snopek]

On Tue, 16 Mar 2004, Fajar A. Nugraha wrote:
> was your /tmp full ?

Sorry, my fault -but I've rebooted first, and
started thinking next :-) But no messages
about /tmp full in syslogs.

Krzysztof Snopek


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OpenBSD clamav Port (0.67-1) RAR Files

[Helmut Schneider]

Lynn Duerksen wrote:

>> Thats the point, if clamav would have detected the virus in
>> the original mail I wouldn't have posted here... :)
> 
> I am experiencing similar problems on my OpenBSD 3.4 box and was
> wondering if there has been any resolution on this issue.

I'm using 3.4, too.


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users