[Clamav-users] Find bagle in Zip files.

2004-03-25 Thread Simon Gate 
Hello.

Im running a smtp server with f-secure and clamav. I have a problem with
the f-secure server because it cant find the bagle virus in password
protected zip files but clamav does. I e-mailed f-secure support about
and they said to me it isnt any virus scanner today that can find virus
in password protected zip files. And this answer confuses me because
clamav does find the virus in the password protected zip file. And now
my question, how is it possible for clamav to find a virus in a password
protected file when f-secure support claims it isnt possible?


Best regards Simon.


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] conbination with spamassasin

2004-03-25 Thread Fajar A. Nugraha 
Joe's Web Hosting $B!!(B-- $B;3EDHello.
(B>
(B>I installed amavis under exim.
(B>They communicate themselves each other.
(B>I found spamassasin in exim does not work
(B>  if the router and transport are ON.
(B>The problem occurs because 
(B>exim is regarded as a outer command and 
(B>exim is executed infinitely many times.
(B>
(B>Anybody knows how to fix this?
(B>
(B>  
(B>
(BWrong list, Joe :)
(BAs an exim user, however, I suggest you discard amavis completely
(Band go for exim+eximscan (http://duncanthrax.net/exiscan-acl/)
(BIt can use clamav and SpamAssassin natively.
(B
(BRegards,
(B
(BFajar
(B
(B
(B---
(BThis SF.Net email is sponsored by: IBM Linux Tutorials
(BFree Linux tutorial presented by Daniel Robbins, President and CEO of
(BGenToo technologies. Learn everything from fundamentals to system
(Badministration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
(B___
(BClamav-users mailing list
(B[EMAIL PROTECTED]
(Bhttps://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Brian W. Antoine 
At 07:09 PM 3/25/04, you wrote:
>On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote:
>> At 05:24 PM 3/25/04, Tomasz Papszun wrote:
>> >On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
>> >> 
>> >>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
>> >> now wants
>> >> to update viruses.db, but the checksum fails after the download.  The 
>> >> mirror at ozforces
>> >> does the same thing.
>> >> 
>> >>   This isn't the issue that started this thread, but it appears to be a 
>> >> good place
>> >> to mention that something else is going wrong with the downloads also.
>> >
>> >You use old version of ClamAV. Please upgrade.
>> 
>>   So what versions are no longer supported?
>> 
>
>We still support old-format databases (you can check the list archives
>for Tomasz Kojm's message about for how long in the future - I don't
>remember this) but old versions (using old-format database) are, as a
>whole, significantly worse than current versions.

  Having finally gotten a version with patches that only goes to sleep
about once a week and locks up my production mail servers, I'm going to
be real careful about upgrading to newer versions when the mailing list
has one message after another about problems with them.

>So unless you have some really, really important reasons to use old
>version, you should upgrade.
>If you can't and you still have some problems with updating database,
>please write again with details.

  I just ran freshclam again and instead of downloading viruses.db and
then giving me a checksum error it now claims:

Connected to clamav.elektrapro.com.
Reading md5 sum (viruses.md5): ERROR: md5 sum not found on remote server
ERROR: Can't get viruses.md5 sum from clamav.elektrapro.com

  Obviously somebodies figured out that the checksums were broken and
is playing with the files.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] conbination with spamassasin

2004-03-25 Thread Joe's Web Hosting $B!!(B-- $B;3ED 
Hello.
(B
(BI installed amavis under exim.
(BThey communicate themselves each other.
(BI found spamassasin in exim does not work
(B  if the router and transport are ON.
(BThe problem occurs because 
(Bexim is regarded as a outer command and 
(Bexim is executed infinitely many times.
(B
(BAnybody knows how to fix this?
(B
(BThanks. Joe.
(B
(B
(B
(B
(B---
(BThis SF.Net email is sponsored by: IBM Linux Tutorials
(BFree Linux tutorial presented by Daniel Robbins, President and CEO of
(BGenToo technologies. Learn everything from fundamentals to system
(Badministration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
(B___
(BClamav-users mailing list
(B[EMAIL PROTECTED]
(Bhttps://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] reject=451 4.7.1 Please try again later

2004-03-25 Thread Joe Maimon 
I have been having the same as well.

I added some more verbosity into the syslog statement and got this logged

write failure to clamd, nbytes: -1, quarantine_dir: (null), error: Bad 
file descriptor

Any ideas?





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun 
On Thu, 25 Mar 2004 at 18:39:29 -0800, Brian W. Antoine wrote:
> At 05:24 PM 3/25/04, Tomasz Papszun wrote:
> >On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
> >> 
> >>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
> >> now wants
> >> to update viruses.db, but the checksum fails after the download.  The 
> >> mirror at ozforces
> >> does the same thing.
> >> 
> >>   This isn't the issue that started this thread, but it appears to be a 
> >> good place
> >> to mention that something else is going wrong with the downloads also.
> >
> >You use old version of ClamAV. Please upgrade.
> 
>   So what versions are no longer supported?
> 

We still support old-format databases (you can check the list archives
for Tomasz Kojm's message about for how long in the future - I don't
remember this) but old versions (using old-format database) are, as a
whole, significantly worse than current versions.

So unless you have some really, really important reasons to use old
version, you should upgrade.
If you can't and you still have some problems with updating database,
please write again with details.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread Fajar A. Nugraha 
[EMAIL PROTECTED] wrote:

This site hosting the file seems be be over the limit. Anyone else have
some extra space to host the file. Thanks.
 

It's also available on http://clamav.or.id/contrib/emailavlog/
It would be great if you could also put some installation instruction there.
Regards,

Fajar

Original Message:
-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 02:50:50 -0500
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] Application to generate CLAMAV report
Hi there,
You have to configure the CLAMAV milter for it to be able to send
the report. See "man clamav-milter". Configure it so that it sends the
email report to an email address and use that email address for the
emailavlog configuration. Sorry, I am not of much help as I did not install
CLAMAV myself. I just go the installer to configure CLAMAV to sent the
email report to me. Hope this helps.
Syed Nasir

Original Message:
-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 01:35:45 -0500
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Application to generate CLAMAV report
Dear all,
   	 I have created a small application that allows the creation of a
report based on the email virus report that Clamav sends out. 



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE

2004-03-25 Thread Tomasz Kojm 
On Thu, 25 Mar 2004 14:26:05 -0500
Jesse Guardiani <[EMAIL PROTECTED]> wrote:

> Tomasz Kojm wrote:
> 
> > On Mon, 22 Mar 2004 15:54:18 -0500
> > Jesse Guardiani <[EMAIL PROTECTED]> wrote:
> > 
> >> Any ideas on how to avoid this in the future? I'm running with
> >> ScanArchive and ScanMail (because I want the binhex feature on).
> > 
> > The problem may be connected with already discussed and fixed
> > /dev/urandom issue. Please update to the latest CVS version.
> 
> OK. After hashing through a couple of different tests with Nigel
> Horne on my FreeBSD 5.2.1-RELEASE laptop, my FreeBSD 4.8-RELEASE
> test and production servers, one of Nigel's FreeBSD 5.2 machines,
> and one of Nigel's linux machines of unknown type I finally gave
> the CVS version a try.
> 
> I found that the CVS version works quite well and alleviates the
> problem of new clamdscan connections being rejected under high
> load.
> 
> The only thing I still don't understand is why clamscan is so
> much faster than clamdscan, and why clamscan only uses 25M
> of process memory while clamdscan uses over 298M of process
> memory during the scan:

clamdscan by default (see clamav.conf !) scans all directories
recursively.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Mar 26 03:48:58 CET 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Re: Clamav error

2004-03-25 Thread Jesse Guardiani 
Thiago Taranto wrote:

> Does any body kows why is this happening?
> 
> 
> 17178 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007258045617052
> 17201 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007260645617194
> 17216 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007261145617212
> 17251 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007262745617247
> 17258 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007262545617245
> 17264 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007260645617196
> 17271 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007253145616904
> 17284 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007263745617277
> 17308 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
> --max-recursion=20 --max-space=9
> /var/spool/qmailscan/korn108007264145617300

I see similar symptoms when my clamd (0.70-rc) process chokes on a
message it doesn't like. The clamd process starts eating between 50%
and 100% CPU and gobbling up RAM. A ps will show similar output to
what you see above.

Is your clamd process even running? Or did it die? I don't see it
listed above.

Also, what's your `uname -a`?

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread Odhiambo Washington 
* Ralph Angenendt <[EMAIL PROTECTED]> [20040325 14:04]: wrote:
> Dilip M wrote:
> > I have
> > # rpm -qa|grep clam
> > clamav-0.67-1
> > clamav-devel-0.67-1
> > 
> > 
> > # exim -bV
> > How can i get this work my side ?
> 
> On a machine with amavisd-new clamav *and* kaspersky, I just grep
> through the mail.log for infected files. If you only have clamav, you
> might just grep through /var/log/messages (this is a linux box here).
> clamd outputs this into /var/log/messages:
> 
> Mar 25 10:45:22 mail-gw-1 clamd[11873]: 
> /var/amavis/amavis-20040325T104422-11686/parts/part-2: Yaha.P FOUND
> 
> For this you need "LogSyslog" enabled in /etc/clamav/clamav.conf, though
> I don't know if clamscan also writes to syslog if you're using this,
> clamd does.
> 
> As we now know, what the string we're searching looks like, it's just a
> little sed, grep, sort:
> 
> grep FOUND /var/log/messages \
> | cut -d ":" -f 5 \
> | sed -e "s/\ FOUND//" \
> | sort \
> | uniq -c \
> | sort -r
> 
> This gives us the following output (yes, no percentages, one might hack
> that into it):
> 
>9353  Worm.SomeFool.Gen-1
>3647  Worm.SomeFool.P
>2312  Worm.SomeFool.Gen-2
> 912  Worm.Sober.D
> 521  Worm.Dumaru.A
> 174  Worm.SomeFool.I
>  55  Worm.Mydoom.F
>  53  Worm.Dumaru.K
>  39  Worm.Dumaru.Y
>  35  Worm.Bagle.Gen-zippwd
>  23  Worm.Bagle.Gen-1
>  [...]


If you use clamd and it logs to clamd.log, the following line can also
give you the stats:

grep FOUND /var/log/clamav/clamd.log  | awk '{print $8}' | \
sed -e "s/\ FOUND//"  | sort | uniq -c



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] SurgeMail and Clamav

2004-03-25 Thread Robert Blayzor 
Yes we have it working flawlessly here on FreeBSD_4 with the latest
clamv devel releases and the latest version of Surgemail.  We've been
running it for a while with a lot of success as of late.  The stability
has greatly improved.

We're using a custom PERL handler which marshals the virus scans (vpipe
handler) and hands them off to clamdscan, then echos back the
appropriate responses to Surgemail including inserting nice
"X-Virus-Scanner:" headers, etc.

--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]

Exclusive: We're the only ones who have the documentation.
  
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Duane
Morris
Sent: Thursday, March 25, 2004 8:31 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] SurgeMail and Clamav


Has anyone tried to run clamav with SurgeMail?

Thanks



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Brian W. Antoine 
At 05:24 PM 3/25/04, Tomasz Papszun wrote:
>On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
>> 
>>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
>> now wants
>> to update viruses.db, but the checksum fails after the download.  The 
>> mirror at ozforces
>> does the same thing.
>> 
>>   This isn't the issue that started this thread, but it appears to be a 
>> good place
>> to mention that something else is going wrong with the downloads also.
>
>You use old version of ClamAV. Please upgrade.

  So what versions are no longer supported?



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Help with clamav-milter.sh

2004-03-25 Thread Bryce 








The startup script “clamav-milter.sh”
Makes a few calls to init.d. I am on a Virtual
Private Server so I do not have init.d available to
me. All I have is rc.d. How can I then get clamav-milter to start when I reboot my server?

Thanks

Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1

2004-03-25 Thread Todd Lyons 
On Thu, 2004-03-25 at 08:36, Claudio Alonso wrote:
> Hi,
> Yesterday I installed clamav-0.70rc-1 from rpm on my RedHat 9.0 (kernel 2.4.20-30.9) 
> and started
> clamd just to test it's current stability
> The computer was on all night and today I found the following in the rotated logs:
> Thu Mar 25 04:02:33 2004 -> No stats for Database check - forcing reload
> Thu Mar 25 04:02:35 2004 -> Reading databases from /var/lib/clamav
> Thu Mar 25 04:02:36 2004 -> Segmentation fault :-( Bye..
> I've been looking in the archives and found some segmentation problems with this 
> version but I'm
> not using milter and my logs don't refer to any "accept() failed" nor 
> "pthread_create failed" (nor
> in this log nor in the previous before rotate, which only shows "SIGHUP caught: 
> re-opening log
> file." before rotate.

You probably saw some of my issues.  I'm using RH 9.0 as well and have
problems with spamd SegFaulting.  I personally think it's pthread
related, but have zero data to back it up.  On my system, clamd handles
20K or 30K messages in about 12 hours and then dies.  I upgraded to 0.70
cvs on Tuesday.  clamd stopped segfaulting, but would lock up and
clamav-milter would then die.  I've had to disable it until I figure out
what to do to make it stable.

I'd love to figure out what's causing this.

Blue skies...   Todd



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] SurgeMail and Clamav

2004-03-25 Thread Duane Morris 



Has anyone tried to run clamav with 
SurgeMail?
 
Thanks

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun 
On Thu, 25 Mar 2004 at 16:18:38 -0800, Brian W. Antoine wrote:
> 
>   I'm updating from clamav.elektrapro.com and starting a short time ago it 
> now wants
> to update viruses.db, but the checksum fails after the download.  The 
> mirror at ozforces
> does the same thing.
> 
>   This isn't the issue that started this thread, but it appears to be a 
> good place
> to mention that something else is going wrong with the downloads also.

You use old version of ClamAV. Please upgrade.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Brian W. Antoine 
At 02:56 PM 3/25/2004, you wrote:
On Thursday 25 March 2004 10:36 pm, Mark Novak wrote:

> > If running the same command on your server does not show the
> > SomeFool.P then
> > your definitions are NOT up to date.  If freshclam insists on saying
> > they
> > are up to date, i would try deleting them totally and running freshclam
> > again.  Maybe that will clear up the problem.
>
> I did exactly that, deleted the cvd files and re-ran freshclam.  I am
> only showing through SomeFool.M, no O, P or P-dll.
>
> Any ideas or tips appreciated.
Where are you collecting the signature updates from?

1. What is in your /usr/local/share/clamav/mirrors.txt file?
2. When you run freshclam, where does it say it's connecting to when it
downloads the database files?
  I'm updating from clamav.elektrapro.com and starting a short time ago it 
now wants
to update viruses.db, but the checksum fails after the download.  The 
mirror at ozforces
does the same thing.

  This isn't the issue that started this thread, but it appears to be a 
good place
to mention that something else is going wrong with the downloads also.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun 
On Thu, 25 Mar 2004 at 18:19:02 -0500, Colin A. Bartlett wrote:
> 
> Per Tomasz, I first checked the number of signatures reported by freshclam
> and it was reporting the correct number. So Per Jim, I deleted both main.cvd
> and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded
> them again as expected. But grepping for SomeFool in the sig list still
> didn't give me SomeFool.P. So I searched my system for the CVD files and
> found a SECOND COPY of them in /usr/local/share/clamav. I checked my

Oh, second copy. Problems due to this occur again and again on the list
:-) .

> /etc/clamav.conf file and it says, as I think it should:
> 
> DatabaseDirectory /var/lib/clamav
> 
> So for kicks, I copied the CVD files from /var/lib/clamav over top of the
> ones in /usr/local/share/clamav. That worked! And now when I grep the sig
> list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf
> says to use /var/lib/clamav, and freshclam is downloading the files to
> there, then why does clamscan use the files in /usr/local/share/clamav?

Maybe you compiled ClamAV with this path?

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Adam Webb - Network Manager 
Colin A. Bartlett [EMAIL PROTECTED] wrote:
> Jim Maul Sent: Thursday, March 25, 2004 4:28 PM
> 
> > If freshclam insists on saying they
> > are up to date, i would try deleting them totally and running freshclam
> > again.  Maybe that will clear up the problem.
> 
> Per Tomasz, I first checked the number of signatures reported by freshclam
> and it was reporting the correct number. So Per Jim, I deleted both main.cvd
> and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded
> them again as expected. But grepping for SomeFool in the sig list still
> didn't give me SomeFool.P. So I searched my system for the CVD files and
> found a SECOND COPY of them in /usr/local/share/clamav. I checked my
> /etc/clamav.conf file and it says, as I think it should:
> 
> DatabaseDirectory /var/lib/clamav
> 
> So for kicks, I copied the CVD files from /var/lib/clamav over top of the
> ones in /usr/local/share/clamav. That worked! And now when I grep the sig
> list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf
> says to use /var/lib/clamav, and freshclam is downloading the files to
> there, then why does clamscan use the files in /usr/local/share/clamav?
> 
> Thanks for your help and patience thus far!
> 
> cheers,
> Colin
> 
> Colin A. Bartlett
> Kinetic Web Solutions
> www.kineticweb.biz
> 
> 
> 
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

Because you're not telling clamscan where to look for the CVD and it
wants to look elsewhere by default?
-- 
Adam Webb - Network Manager


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] clam not fresh

2004-03-25 Thread Colin A. Bartlett 
Jim Maul Sent: Thursday, March 25, 2004 4:28 PM

> If freshclam insists on saying they
> are up to date, i would try deleting them totally and running freshclam
> again.  Maybe that will clear up the problem.

Per Tomasz, I first checked the number of signatures reported by freshclam
and it was reporting the correct number. So Per Jim, I deleted both main.cvd
and daily.cvd from /var/lib/clamav and ran freshclam again. It downloaded
them again as expected. But grepping for SomeFool in the sig list still
didn't give me SomeFool.P. So I searched my system for the CVD files and
found a SECOND COPY of them in /usr/local/share/clamav. I checked my
/etc/clamav.conf file and it says, as I think it should:

DatabaseDirectory /var/lib/clamav

So for kicks, I copied the CVD files from /var/lib/clamav over top of the
ones in /usr/local/share/clamav. That worked! And now when I grep the sig
list for SomeFool I _DO_ get .P. So the question is this: if my clamav.conf
says to use /var/lib/clamav, and freshclam is downloading the files to
there, then why does clamscan use the files in /usr/local/share/clamav?

Thanks for your help and patience thus far!

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Antony Stone 
On Thursday 25 March 2004 10:36 pm, Mark Novak wrote:

> > If running the same command on your server does not show the
> > SomeFool.P then
> > your definitions are NOT up to date.  If freshclam insists on saying
> > they
> > are up to date, i would try deleting them totally and running freshclam
> > again.  Maybe that will clear up the problem.
>
> I did exactly that, deleted the cvd files and re-ran freshclam.  I am
> only showing through SomeFool.M, no O, P or P-dll.
>
> Any ideas or tips appreciated.

Where are you collecting the signature updates from?

1. What is in your /usr/local/share/clamav/mirrors.txt file?
2. When you run freshclam, where does it say it's connecting to when it 
downloads the database files?

Antony.

-- 
Wanted: telepath.   You know where to apply.

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Mark Novak 
See below -
On Mar 25, 2004, at 3:28 PM, Jim Maul wrote:


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Colin A.
Bartlett
Sent: Thursday, March 25, 2004 2:47 PM
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] clam not fresh

Another poster pointed to testvirus.org for testing.  I think you'll
find some methods of delivery more effective than others and that
clamav will miss some of these.
They're not being detected by clam even when running them right 
through
clamscan on the command prompt. I think it's because SomeFool.P
isn't in my
sig list even though freshclam says I'm up to date.

My server shows the following:

[EMAIL PROTECTED] bin]# sigtool -l |grep -i somefool
Worm.SomeFool
Worm.SomeFool.B
Worm.SomeFool.B.2
Worm.SomeFool.D
Worm.SomeFool.E
Worm.SomeFool.F
Worm.SomeFool.Gen-1
Worm.SomeFool.Gen-2
Worm.SomeFool.Gen-unp
Worm.SomeFool.I
Worm.SomeFool.K
Worm.SomeFool.L
Worm.SomeFool.M
Worm.SomeFool.O
Worm.SomeFool.P
Worm.SomeFool.P-dll
If running the same command on your server does not show the 
SomeFool.P then
your definitions are NOT up to date.  If freshclam insists on saying 
they
are up to date, i would try deleting them totally and running freshclam
again.  Maybe that will clear up the problem.

And don't eat bad clams.
I had a bad oyster the other day but never a bad clam.
I stay away from seafood altogether...

Jim

I did exactly that, deleted the cvd files and re-ran freshclam.  I am 
only showing through SomeFool.M, no O, P or P-dll.

Any ideas or tips appreciated.

Thanks,

Mark

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] email structure logging

2004-03-25 Thread Jesse Guardiani 
Howdy list,

Is there any way to make clamd log the structure of
a message and it's attachments? BinHex, MIME, plain-text,
ZIP, RAR, BZIP, GZIP, OLE2, etc...?

This information would be great for statistics, but I
could imagine it being useful during troubleshooting
or tech support also.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE

2004-03-25 Thread Jesse Guardiani 
Tomasz Papszun wrote:

[...]

> 2) clamdscan can be configured (in clamav.conf) to use more features
> than you requested for clamscan in command line (e.g. ScanMail). If so,
> scanning with clamdscan can require more resources than simple
> 'clamscan'.

I think that is exactly what is happening. If I use clamscan --mbox it
takes almost as long as clamdscan to process a large file. The interesting
thing is that clamscan --mbox will usually complain about running out of
memory a long time before clamdscan complains about memory. That may have
something to do with FreeBSD's process vs. threading memory limits though.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE

2004-03-25 Thread Jesse Guardiani 
Robert Blayzor wrote:

[...]

> I still think there is a bug out there somewhere when scanning mail files.
> Rarely we'll see clamd+clamdscan take quite a long time to process a mail
> message.  It happens rarely, but sometimes a 4K message file can take a
> minute to scan.

What is your MaxThreads value set to in clamav.conf?

How about MaxConnectionQueueLength?

It's possible that ClamAV already has MaxThreads number of threads running
and your 4k message is sitting in the connection queue waiting for a thread
to become available so it can run.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] clam not fresh

2004-03-25 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Colin A.
> Bartlett
> Sent: Thursday, March 25, 2004 2:47 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] clam not fresh
>
>
> > Another poster pointed to testvirus.org for testing.  I think you'll
> > find some methods of delivery more effective than others and that
> > clamav will miss some of these.
>
> They're not being detected by clam even when running them right through
> clamscan on the command prompt. I think it's because SomeFool.P
> isn't in my
> sig list even though freshclam says I'm up to date.
>

My server shows the following:

[EMAIL PROTECTED] bin]# sigtool -l |grep -i somefool
Worm.SomeFool
Worm.SomeFool.B
Worm.SomeFool.B.2
Worm.SomeFool.D
Worm.SomeFool.E
Worm.SomeFool.F
Worm.SomeFool.Gen-1
Worm.SomeFool.Gen-2
Worm.SomeFool.Gen-unp
Worm.SomeFool.I
Worm.SomeFool.K
Worm.SomeFool.L
Worm.SomeFool.M
Worm.SomeFool.O
Worm.SomeFool.P
Worm.SomeFool.P-dll

If running the same command on your server does not show the SomeFool.P then
your definitions are NOT up to date.  If freshclam insists on saying they
are up to date, i would try deleting them totally and running freshclam
again.  Maybe that will clear up the problem.

> > And don't eat bad clams.
>
> I had a bad oyster the other day but never a bad clam.

I stay away from seafood altogether...

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE

2004-03-25 Thread Tomasz Papszun 
On Thu, 25 Mar 2004 at 14:26:05 -0500, Jesse Guardiani wrote:
[...]
> The only thing I still don't understand is why clamscan is so
> much faster than clamdscan, and why clamscan only uses 25M
> of process memory while clamdscan uses over 298M of process
> memory during the scan:
> 
> --- SCAN SUMMARY ---
> Scanned files: 1
> Infected files: 0
> Data scanned: 57.21 MB
> I/O buffer size: 131072 bytes
> Time: 11.989 sec (0 m 11 s)
> [13:[EMAIL PROTECTED]:[~]% clamdscan test-message.txt
> /usr/home/jesse/test-message.txt: OK
> 
> --- SCAN SUMMARY ---
> Infected files: 0
> Time: 89.334 sec (1 m 29 s)
> [13:[EMAIL PROTECTED]:[~]%
> 

1) When scanning a big file with clamdscan, a time savings thanks to
_not_ loading the database at startup is little as compared with
scanning time of the data itself.

2) clamdscan can be configured (in clamav.conf) to use more features
than you requested for clamscan in command line (e.g. ScanMail). If so,
scanning with clamdscan can require more resources than simple
'clamscan'. 

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] clam not fresh

2004-03-25 Thread [EMAIL PROTECTED] 
Colin A. Bartlett said:
>> Another poster pointed to testvirus.org for testing.  I think
>> you'll
>> find some methods of delivery more effective than others and that
>> clamav will miss some of these.
>
> They're not being detected by clam even when running them right
> through
> clamscan on the command prompt. I think it's because SomeFool.P
> isn't in my
> sig list even though freshclam says I'm up to date.
>

Well, it works for me.

sigtool -i main.cvd reports:

Build time: 29 Feb 2004 18-19 +0100
Version: 21
# of signatures: 20094
Functionality level: 1
Builder: tkojm
MD5: a20b254aa5f6b97dcafc115a63c8af4e
Digital signature:
rpzUhP4jcYOSj/tMnkU5zPs3GbJWsdmj2+7Z4BkUGOfN8pS0XnQ2qJY1TF/1P4jeadvBVNoCwJiIwamnGtBO8fTnLiMgMXSiy/L1odsalY0iCyRmxzYNqWUoG6Q3CMhEJ8M9c8idT7LBGYHwtKCBv0hHhIIrkqS2jh5V0XAxIwh
Digital signature support not compiled in.
Verification OK.

sigtool -i daily.cvd reports:

Build time: 25 Mar 2004 15-10 +0100
Version: 215
# of signatures: 608
Functionality level: 1
Builder: diego
MD5: ea131331b9006fe9139c0527b8a3ace2
Digital signature:
jL35pyOXWpm+SrPz1SBpDgVHT72RCDcteU8JqM5C6wIcGR9dOXYBwcacE5ARzEKwtw4ElwCoSwFLVF8mfw8wVVtuN1Ll+EmAJXWf8nDPu69mv4xKE5Y1DNMAQYgZlvuXwQMEzNRjuyvAIyc5aR9d0aD0v8UrpYzNiHj49vDbOne
Digital signature support not compiled in.
Verification OK.

And the log says:

/var/spool/qmailscan/tmp/dinky.tclme.org10802154054707319/readme.pif:
Worm.SomeFool.P FOUND

-- 

Bob Greene


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] OLE2 archives

2004-03-25 Thread Jesse Guardiani 
Howdy list,

Is there a utility I can download to generate OLE2 archives,
or does anyone have an OLE2 archive with an EICAR virus
inside that I can use for testing?

I'm putting my ClamAV installations through various stress
tests, and the only archive format I can't generate from
FreeBSD seems to be OLE2.

Thanks.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE

2004-03-25 Thread Robert Blayzor 
On 3/25/04 2:26 PM, "Jesse Guardiani" <[EMAIL PROTECTED]> wrote:

> --- SCAN SUMMARY ---
> Known viruses: 20702
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 57.21 MB
> I/O buffer size: 131072 bytes
> Time: 11.989 sec (0 m 11 s)
> [13:[EMAIL PROTECTED]:[~]% clamdscan test-message.txt
> /usr/home/jesse/test-message.txt: OK
> 
> --- SCAN SUMMARY ---
> Infected files: 0
> Time: 89.334 sec (1 m 29 s)
> [13:[EMAIL PROTECTED]:[~]%

I still think there is a bug out there somewhere when scanning mail files.
Rarely we'll see clamd+clamdscan take quite a long time to process a mail
message.  It happens rarely, but sometimes a 4K message file can take a
minute to scan.

I can capture the message in question, but when I scan it again, it only
takes a second.  In our case it is VERY rare, on four servers running clamd
it only happened once in about 250,000 scans, but still it happens from time
to time.  The one server that it happened on the resident size of the
program was considerably larger than the others..

root3944  0.0  4.2 22460 21652  ??  Ss   18Mar04  53:03.64
>root   98782  0.0  5.9 31240 30480  ??  Ss   18Mar04  21:17.28
root  51317  0.0  4.1 22104 21340  ??  Ss   18Mar04  21:31.03
root  20182  0.0  4.7 25032 24268  ??  Ss   18Mar04  20:48.46

I have not seen clamd go into a memory eating frenzy yet, and since the
urandom workaround/fix I have not seen any hung threads where clamd chews up
100% of the CPU.  Right now I'm just seeing some random mail files hang
clamdscan at times for ~1 minute before it lets go..

--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
PGP: http://www.inoc.net/~dev/
Key fingerprint = 1E02 DABE F989 BC03 3DF5  0E93 8D02 9D0B CB1A A7B0

NOTICE: alloc: /dev/null: filesystem full




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] clam not fresh

2004-03-25 Thread Colin A. Bartlett 
> Another poster pointed to testvirus.org for testing.  I think you'll
> find some methods of delivery more effective than others and that
> clamav will miss some of these.

They're not being detected by clam even when running them right through
clamscan on the command prompt. I think it's because SomeFool.P isn't in my
sig list even though freshclam says I'm up to date.

> And don't eat bad clams.

I had a bad oyster the other day but never a bad clam.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

2004-03-25 Thread Tomasz Kojm 
On 25 Mar 2004 16:41:21 +0100
Tarjei Knapstad <[EMAIL PROTECTED]> wrote:

> On Tue, 2004-03-16 at 21:03, Tomasz Kojm wrote:
> > On Tue, 16 Mar 2004 11:28:53 -0500
> > "Jim Maul" <[EMAIL PROTECTED]> wrote:
> > 
> 
> > > --
> > > ClamAV update process started at Sun Mar  7 17:31:59 2004
> > > ERROR: Maximal time (1200 seconds) reached.
> 
> > 
> > We are aware of it and that should be fixed in the final 0.70
> > version.
> > 
> 
> 
> I can confirm that I haven't experienced these anymore since upgrading
> to 0.70

Heh, lucky you. The problem is still open.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Mar 25 20:30:08 CET 2004



pgp0.pgp
Description: PGP signature

[Clamav-users] Re: clamav 0.70-rc on FreeBSD 4.8-RELEASE

2004-03-25 Thread Jesse Guardiani 
Tomasz Kojm wrote:

> On Mon, 22 Mar 2004 15:54:18 -0500
> Jesse Guardiani <[EMAIL PROTECTED]> wrote:
> 
>> Any ideas on how to avoid this in the future? I'm running with
>> ScanArchive and ScanMail (because I want the binhex feature on).
> 
> The problem may be connected with already discussed and fixed
> /dev/urandom issue. Please update to the latest CVS version.

OK. After hashing through a couple of different tests with Nigel
Horne on my FreeBSD 5.2.1-RELEASE laptop, my FreeBSD 4.8-RELEASE
test and production servers, one of Nigel's FreeBSD 5.2 machines,
and one of Nigel's linux machines of unknown type I finally gave
the CVS version a try.

I found that the CVS version works quite well and alleviates the
problem of new clamdscan connections being rejected under high
load.

The only thing I still don't understand is why clamscan is so
much faster than clamdscan, and why clamscan only uses 25M
of process memory while clamdscan uses over 298M of process
memory during the scan:

--- SCAN SUMMARY ---
Known viruses: 20702
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 57.21 MB
I/O buffer size: 131072 bytes
Time: 11.989 sec (0 m 11 s)
[13:[EMAIL PROTECTED]:[~]% clamdscan test-message.txt
/usr/home/jesse/test-message.txt: OK

--- SCAN SUMMARY ---
Infected files: 0
Time: 89.334 sec (1 m 29 s)
[13:[EMAIL PROTECTED]:[~]%

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] new clamav user - comparison to amavisd with uvscan

2004-03-25 Thread Joe Maimon 
Never-Mind.

Standard database path screwup.

Joe Maimon wrote:

Hello All,

I am new here, I hope this hasnt been hashed to death already.

I recently installed clamav into a production email system, using 
clamav-milter.

This system had been operating with amavisd and uvscan (nai's command 
line scanner) for years.
Now email is scanned twice, first by clamav-milter and then by 
amavis-milter.

After I noticed in my maillog that some viruses were still being 
caught by amavis, I turned on quarantining. I have collected a number 
of these email's already.

I have figured out how to manually extract the mime attachment and 
scan it manually with uvscan. The one I worked on scanned positive as 
netsky. clamscan did not catch it. (clamscan --mbox presumably does 
not need any extracting)

I do not know that this isnot some damaged virus.(not about to test it 
on my windows machines)

Is there any value in automating the mime extracting of the 
quarantined email to find out why clam misses those?
Does anyone want these email messages for dissection?

Any recommendations on my next step? I would prefer to not have to pay 
the performance penalty of a scanner twice.

Joe



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] outlook problem

2004-03-25 Thread Vito Pascali 
Hi ppl,
I have a problem (my english first!).
I have a lan where for citrix problem the gw is a soho watchgard firewall
and where a machine from the lan works for proxi with squid.
Now i tried to put on the same proxi machine clamav and p3scan to work
togheter.
Everithing seems works fine in the log and even if i try to login to the pop
by telnet I see the warning coming from p3scan.
But with Outlook no way at all to see anything.
My logs show me that:

p3scan[28862]: '/var/spool/p3scan/children/28862/p3scan.zbpSIS' contains a
virus (Eicar-Test-Signature)!
p3scan[28862]: Moving the infected file /bin/mv
/var/spool/p3scan/children/28862/p3scan.zbpSIS /var/spool/p3scan
p3scan[28862]: mail=/var/spool/p3scannotify/28862.mailout
p3scan[28862]: sending new mail
p3scan[28862]: Mail action complete
1

The route to the clamav/p3scan server where made by a static route.
Anyone can help me pls?
Im coming mad about this...
Vito

The trouble with being punctual is that people think you have nothing
more important to do.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1" (clamav-users: addressed to exclusive sender for this address)

2004-03-25 Thread OpenMacNews 
no, i've turned of bounce notification ages ago for the very same reason.  the notices i'm getting are simply reports 
to 'postmaster' ...

since, i've REBOOTED, i'm now seeing ClamAV via CGPAV "find" *and* discard the "Fool" viruses ... i.e., working again.

i have no clue as to what was going on, after Thomasz comment that the 'name' i was seeing is the ClamAV name ... but 
the reboot seems to have done the trick.

strange that behavior just changed in mid-stream like that ...

richard

-- On Thursday, March 25, 2004 8:35 AM +  Stuart Mycock <[EMAIL PROTECTED]> wrote:



waited a bit, and another "Worm.SomeFool.Gen-1" snuck thru ...
Are these messages that get through bounced delivery reports by any chance?

I think there is an issue with defanging on the current cgpav that means it doesn't 
treat certain types of bounce
messages properly before passing them to clamd.
Stuart.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] new clamav user - comparison to amavisd with uvscan

2004-03-25 Thread Joe Maimon 
Hello All,

I am new here, I hope this hasnt been hashed to death already.

I recently installed clamav into a production email system, using 
clamav-milter.

This system had been operating with amavisd and uvscan (nai's command 
line scanner) for years.
Now email is scanned twice, first by clamav-milter and then by 
amavis-milter.

After I noticed in my maillog that some viruses were still being caught 
by amavis, I turned on quarantining. I have collected a number of these 
email's already.

I have figured out how to manually extract the mime attachment and scan 
it manually with uvscan. The one I worked on scanned positive as netsky. 
clamscan did not catch it. (clamscan --mbox presumably does not need any 
extracting)

I do not know that this isnot some damaged virus.(not about to test it 
on my windows machines)

Is there any value in automating the mime extracting of the quarantined 
email to find out why clam misses those?
Does anyone want these email messages for dissection?

Any recommendations on my next step? I would prefer to not have to pay 
the performance penalty of a scanner twice.

Joe



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread Tomasz Papszun 
On Thu, 25 Mar 2004 at  9:52:26 -0500, Colin A. Bartlett wrote:
> 
> I've upgraded my ClamAV and I'm no longer getting errors on freshclam.
> However it doesn't seem to be updated. I noticed some viruses slipping
> through and ran them through the online scanner. Some were identified as
> SomeFool.P. I grepped my sigtool -l  list for SomeFool and .P isn't listed.
> But freshclam says main.cvd and daily.cvd are up to date.
> 

What is the end of your freshclam log? Should be similar to this (I mean
numbers of sigs):

ClamAV update process started at Thu Mar 25 18:52:31 2004
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: tkojm)
daily.cvd updated (version: 215, sigs: 608, f-level: 1, builder: diego)
Database updated (20702 signatures) from database.clamav.net (209.94.36.5).

If not, we'll try to search for the reason.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE:[Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1"

2004-03-25 Thread Jackson, Jeff 
> I have the same issue on Linux when checking email in KMail. If I save the attachment
> to my desktop and check it there, then the virus is detected. My definitions are
> bang up to date; the virus has been getting missed for the past couple of days at
> least; the string I use for checking my email has in the past worked fine for
> other viruses (but MyFool.Gen1 is the only one I have received of late); the
> virus is being missed in 0.70 and in 20040323.

> Steve

I have the same problem. I run a linux front end to an Exchange server. ClamAV misses 
them, then NAV on the Exchange server catches them. I've captured several of the 
messages on the mail relay, and ClamAV detects it just fine once's it's saved to an 
mbox. My config is RH9 and Postfix with Anomy calling ClamAV (20040323) and then 
pumping it through Spamassassin.

Jeff


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clam not fresh

2004-03-25 Thread [EMAIL PROTECTED] 
Colin A. Bartlett said:
> Hello All
>
> I've upgraded my ClamAV and I'm no longer getting errors on
> freshclam.
> However it doesn't seem to be updated. I noticed some viruses
> slipping
> through and ran them through the online scanner. Some were
> identified as
> SomeFool.P. I grepped my sigtool -l  list for SomeFool and .P isn't
> listed.
> But freshclam says main.cvd and daily.cvd are up to date.
>
> Any ideas? Thanks as always.
>

Another poster pointed to testvirus.org for testing.  I think you'll
find some methods of delivery more effective than others and that
clamav will miss some of these.

And don't eat bad clams.

-- 

Bob Greene


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Segmentation fault in clamav-0.70rc-1

2004-03-25 Thread Claudio Alonso 
Hi,
Yesterday I installed clamav-0.70rc-1 from rpm on my RedHat 9.0 (kernel 2.4.20-30.9) 
and started
clamd just to test it's current stability
The computer was on all night and today I found the following in the rotated logs:
Thu Mar 25 04:02:33 2004 -> No stats for Database check - forcing reload
Thu Mar 25 04:02:35 2004 -> Reading databases from /var/lib/clamav
Thu Mar 25 04:02:36 2004 -> Segmentation fault :-( Bye..

I've been looking in the archives and found some segmentation problems with this 
version but I'm
not using milter and my logs don't refer to any "accept() failed" nor "pthread_create 
failed" (nor
in this log nor in the previous before rotate, which only shows "SIGHUP caught: 
re-opening log
file." before rotate.

I'm using Clamuko with Dazuko 2.0. only on /home and /tmp
I know Clamuko support isn't very tested, but is it possible for Clamuko to generate a 
clamd segm.
fault? Or may it be a different problem?

Thanks for the n-th time :)

--cfalonso



Los mejores usados y las más tentadoras 
ofertas de 0km están en Yahoo! Autos.
Comprá o vendé tu auto en
http://autos.yahoo.com.ar


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

2004-03-25 Thread Tarjei Knapstad 
On Tue, 2004-03-16 at 21:03, Tomasz Kojm wrote:
> On Tue, 16 Mar 2004 11:28:53 -0500
> "Jim Maul" <[EMAIL PROTECTED]> wrote:
> 

> > --
> > ClamAV update process started at Sun Mar  7 17:31:59 2004
> > ERROR: Maximal time (1200 seconds) reached.

> 
> We are aware of it and that should be fixed in the final 0.70 version.
> 


I can confirm that I haven't experienced these anymore since upgrading
to 0.70

Cheers,
--
Tarjei



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam died

2004-03-25 Thread Tarjei Knapstad 
On Wed, 2004-03-17 at 16:20, Bart Silverstrim wrote:
> 
> On Mar 16, 2004, at 10:13 PM, Steven P. Donegan wrote:
> 


> 
> This is assuming everyone's clocks are set in sync? :-)
> 

You don't use ntpd? :)

--
Tarjei



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1" on OSX

2004-03-25 Thread Shayne Lebrun 
Hrm.  My 0.65 install is picking up Worm.SomeFool.Gen-1, Worm.SomeFool.P,
Worm.SomeFool, and Worm.SomeFool.Gen-2 (7%, 2%, 2% and 2% of viruses going
through that server, respectively) with qmail-scanner.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tomasz Kojm
Sent: Thursday, March 25, 2004 8:02 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1" on
OSX


On Wed, 24 Mar 2004 21:31:02 +
Steve King <[EMAIL PROTECTED]> wrote:

> > all three of (1) latest head build, (2) 0.70rc and  (3) 0.67 of
> > clamav on OSX 10.3.3 are missing 100% of the "Worm.SomeFool.Gen-1"
> > virus.  clamav is being called via the CGPAV script from
> > CommuniGatePro ...
> >
> > its doing a fine job on almost all others ...
> >
> > my second stage virus checker, McAfee, *is* currently catching every
> > Worm.SomeFool.Gen-1 that makes it past ClamAV.
> >
> > is this a known issue, and, is there a fix/workaround available?
>
> I have the same issue on Linux when checking email in KMail. If I save
> the attachment to my desktop and check it there, then the virus is
> detected. My definitions are bang up to date; the virus has been
> getting missed for the past couple of days at least; the string I use
> for checking my email has in the past worked fine for other viruses
> (but MyFool.Gen1 is the only one I have received of late); the virus
> is being missed in 0.70 and in 20040323.

Probably our file recognizer doesn't recognize it as a mail file. Please
submit the original message (in an encrypted zip archive) to
[EMAIL PROTECTED]

--
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Mar 25 14:00:08 CET 2004



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] RE: memory leak?

2004-03-25 Thread Chris Meadors 
On Thu, 2004-03-25 at 08:56 +, Trog wrote:

> Well, you appear to be the only one seeing a leak. We (the devs) do
> check for memory leaks quite frequently, and so are pretty sure there
> are no big leaks.

Does that include the RAR scanner?  I have yet to enable it because of
the comments in the .conf file.

-- 
Chris



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clam not fresh

2004-03-25 Thread Colin A. Bartlett 
Hello All

I've upgraded my ClamAV and I'm no longer getting errors on freshclam.
However it doesn't seem to be updated. I noticed some viruses slipping
through and ran them through the online scanner. Some were identified as
SomeFool.P. I grepped my sigtool -l  list for SomeFool and .P isn't listed.
But freshclam says main.cvd and daily.cvd are up to date.

Any ideas? Thanks as always.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav-milter sendmail

2004-03-25 Thread Mark Lowe 
Hello

ClamAV version 0.68-1
clamav-milter version 0.67a
I've successfully installed clam with clam milter and anything getting 
send via sendmail is being scanned. Now what I want is to scan mail 
users directories, as we don't run an externally accessible smtp 
service.

Am I tree-barking or is this a perfectly acceptable thing to be trying 
to do? Or  have I missed a step out to get clam checking mail boxes, 
say on login for example?

Thanks

Mark



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamav error

2004-03-25 Thread Thiago Taranto 
Does any body kows why is this happening?


17178 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007258045617052
17201 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007260645617194
17216 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007261145617212
17251 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007262745617247
17258 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007262545617245
17264 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007260645617196
17271 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007253145616904
17284 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007263745617277
17308 ?S  0:00 /usr/bin/clamdscan -r --disable-summary
--max-recursion=20 --max-space=9
/var/spool/qmailscan/korn108007264145617300



Thiago Taranto




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Milter reject something with no reason (new)

2004-03-25 Thread Nigel Horne 
> I have now an email with attachment which is rejected with this error
> (Milter: data, reject=451 4.7.1 Please try again later) - reproducable.
> Are the developers interested? Where to send it?

Are you using any other milters? When ever I see that message it is always
an indication that the other milter has failed. For example:

Mar 25 13:19:41 bandsman spamass-milter[27184]: Could not extract score from <>
Mar 25 13:19:41 bandsman clamav-milter[27185]: write failure (44 bytes) to clamd
Mar 25 13:19:41 bandsman sendmail[27177]: i2PDExGw027177: Milter: data, reject=451 
4.7.1 Please try again later

> Wolfgang

 -Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1" on OSX

2004-03-25 Thread Tomasz Kojm 
On Wed, 24 Mar 2004 21:31:02 +
Steve King <[EMAIL PROTECTED]> wrote:

> > all three of (1) latest head build, (2) 0.70rc and  (3) 0.67 of
> > clamav on OSX 10.3.3 are missing 100% of the "Worm.SomeFool.Gen-1"
> > virus.  clamav is being called via the CGPAV script from
> > CommuniGatePro ...
> >
> > its doing a fine job on almost all others ...
> >
> > my second stage virus checker, McAfee, *is* currently catching every
> > Worm.SomeFool.Gen-1 that makes it past ClamAV.
> >
> > is this a known issue, and, is there a fix/workaround available?
> 
> I have the same issue on Linux when checking email in KMail. If I save
> the attachment to my desktop and check it there, then the virus is
> detected. My definitions are bang up to date; the virus has been
> getting missed for the past couple of days at least; the string I use
> for checking my email has in the past worked fine for other viruses
> (but MyFool.Gen1 is the only one I have received of late); the virus
> is being missed in 0.70 and in 20040323.

Probably our file recognizer doesn't recognize it as a mail file. Please
submit the original message (in an encrypted zip archive) to
[EMAIL PROTECTED]

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Mar 25 14:00:08 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Milter reject something with no reason (new)

2004-03-25 Thread Tomasz Kojm 
On Thu, 25 Mar 2004 11:10:21 +0100
"Clamav" <[EMAIL PROTECTED]> wrote:

> I have now an email with attachment which is rejected with this error
> (Milter: data, reject=451 4.7.1 Please try again later) -
> reproducable. Are the developers interested? Where to send it? 

Please send it to [EMAIL PROTECTED]

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Mar 25 13:39:41 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1" on OSX

2004-03-25 Thread Steve King 
> all three of (1) latest head build, (2) 0.70rc and  (3) 0.67 of clamav on
> OSX 10.3.3 are missing 100% of the "Worm.SomeFool.Gen-1" virus.  clamav is
> being called via the CGPAV script from CommuniGatePro ...
>
> its doing a fine job on almost all others ...
>
> my second stage virus checker, McAfee, *is* currently catching every
> Worm.SomeFool.Gen-1 that makes it past ClamAV.
>
> is this a known issue, and, is there a fix/workaround available?

I have the same issue on Linux when checking email in KMail. If I save the 
attachment to my desktop and check it there, then the virus is detected. My 
definitions are bang up to date; the virus has been getting missed for the 
past couple of days at least; the string I use for checking my email has in 
the past worked fine for other viruses (but MyFool.Gen1 is the only one I 
have received of late); the virus is being missed in 0.70 and in 20040323.

Steve



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Time of signature in Virus DB Search

2004-03-25 Thread Tomasz Kojm 
On Tue, 23 Mar 2004 14:08:32 -0500
Jesse Guardiani <[EMAIL PROTECTED]> wrote:

> Peter Bonivart wrote:
> 
> > I just noticed the new Virus DB Search function on the web site.
> > That's great, I will use that often but could you add the date and
> > time (GMT) the signature was added. I often get asked by managers
> > when Clam added a signature for comparison with other scanners and
> > it would make it real easy to find.
> 
> I'd like to add a quick: Me too

Currently it isn't possible but we're going to put your idea into
practice in the near future.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu Mar 25 11:33:35 CET 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Milter reject something with no reason (new)

2004-03-25 Thread Nigel Horne 
On Thursday 25 Mar 2004 10:10 am, Clamav wrote:
> I have now an email with attachment which is rejected with this error
> (Milter: data, reject=451 4.7.1 Please try again later) - reproducable.
> Are the developers interested? Where to send it?

Please send me a copy of the email.

> Best regards
> Wolfgang

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Milter reject something with no reason (new)

2004-03-25 Thread Andrei Bucur 
i had the same problem. Now i start the milter like this
/usr/sbin/clamav-milter --dont-scan-on-error
local:/var/run/clamav/clamd-milter.sock

BR
Adi. B
- Original Message - 
From: "Clamav" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 25, 2004 12:10 PM
Subject: [Clamav-users] Milter reject something with no reason (new)


> I have now an email with attachment which is rejected with this error
> (Milter: data, reject=451 4.7.1 Please try again later) - reproducable.
> Are the developers interested? Where to send it?
>
> Best regards
> Wolfgang
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id70&alloc_id638&opÌk
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread Bo-Lina teknisk support 
How do I get ClamAV do send out this report?

//Regards Jonas

- Original Message - 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 25, 2004 7:35 AM
Subject: [Clamav-users] Application to generate CLAMAV report


Dear all,
I have created a small application that allows the creation of a
report based on the email virus report that Clamav sends out. It can
generate report based on the virus name, virus sender and virus recipient.
It also has a user interface that allows for a user to manipulate the data.
A sample screen is at

http://www.geocities.com/synasir/emailavlog.jpg

A sample report is below.

--- VIRUS NAME--- 
Worm.SomeFool.Gen-1 ,1084,47.17%  Worm.SomeFool.P ,771,33.55%
Worm.SomeFool.Gen-2 ,121,5.27%  Worm.Bagle.Gen-zippwd ,103,4.48%
Worm.SCO.A ,67,2.92%  JS.Spam.Scramble.A-mail ,48,2.09%  Worm.Mydoom.F
,32,1.39%  Worm.SomeFool.I ,18,.78%  Trojan.Dropper.C ,16,.7%
Worm.Bagle.Gen-1 ,15,.65%  Worm.Bagle.P ,6,.26%  Worm.Klez.H ,5,.22%
Worm.Bagle.Gen-zippwd-2 ,3,.13%  JS.Spam.Scramble.A ,2,.09%  Worm.Nyxem
,2,.09%  Exploit.HTML.Bagle.Gen-3-eml ,1,.04%  Exploit.HTML.Bagle.Gen-4-eml
,1,.04%  JS.FortNight.M ,1,.04%
 Worm.Mydoom.G ,1,.04%

If you are interested, please get it at
http://www.geocities.com/synasir/emailavlog.zip (about 2 MB)

This is emailware. If you are using it, please send me an email at
[EMAIL PROTECTED]

Don't forget to send me an email if you are using it.


Thanks.



mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Milter reject something with no reason (new)

2004-03-25 Thread Trog 
On Thu, 2004-03-25 at 10:10, Clamav wrote:
> I have now an email with attachment which is rejected with this error
> (Milter: data, reject=451 4.7.1 Please try again later) - reproducable.
> Are the developers interested? Where to send it? 
> 

Please send to [EMAIL PROTECTED], in an encrypted zip with password
'virus' if it is a virus.

-trog



signature.asc
Description: This is a digitally signed message part

[Clamav-users] Milter reject something with no reason (new)

2004-03-25 Thread Clamav 
I have now an email with attachment which is rejected with this error
(Milter: data, reject=451 4.7.1 Please try again later) - reproducable.
Are the developers interested? Where to send it? 

Best regards
Wolfgang


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamav-milter does not send failure message

2004-03-25 Thread Elv 
Hi!

I start clamav-milter with options:

clamav-milter --force-scan --noxheader 
--quarantine-dir=/usr/local/share/clamav/infected --postmaster=virus 
--postmaster-only --noreject --headers --max-children=20 
local:/var/run/clamav/clmilter.sock

After starting it send failure message to user virus some time, but then 
unexpectedly ceases to send. Log file records show that viruses are found:

Thu Mar 25 11:10:13 2004 -> /usr/local/share/clamav/infected/msg.xpk210: 
Worm.SomeFool.Gen-1 FOUND
Thu Mar 25 11:11:01 2004 -> /usr/local/share/clamav/infected/msg.Lpz7Ea: 
Worm.SomeFool.Gen-1 FOUND
Thu Mar 25 11:11:02 2004 -> /usr/local/share/clamav/infected/msg.bomlJR: 
Worm.SomeFool.Gen-1 FOUND
Thu Mar 25 11:12:22 2004 -> SelfCheck: Database status OK.
Thu Mar 25 11:12:23 2004 -> /usr/local/share/clamav/infected/msg.rX1Zbt: 
Worm.SomeFool.Gen-1 FOUND
Thu Mar 25 11:14:43 2004 -> /usr/local/share/clamav/infected/msg.731DXL: 
Worm.SomeFool.P FOUND
Thu Mar 25 11:16:14 2004 -> /usr/local/share/clamav/infected/msg.zixBKg: 
Worm.SomeFool.Gen-1 FOUND
Thu Mar 25 11:16:24 2004 -> /usr/local/share/clamav/infected/msg.c6f9ki: 
Worm.SomeFool.Gen-1 FOUND

ClamAV version devel-20040324, clamav-milter version 0.70a
clamd / ClamAV version devel-20040324


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread Ralph Angenendt 
Dilip M wrote:
> I have
> # rpm -qa|grep clam
> clamav-0.67-1
> clamav-devel-0.67-1
> 
> 
> # exim -bV
> How can i get this work my side ?

On a machine with amavisd-new clamav *and* kaspersky, I just grep
through the mail.log for infected files. If you only have clamav, you
might just grep through /var/log/messages (this is a linux box here).
clamd outputs this into /var/log/messages:

Mar 25 10:45:22 mail-gw-1 clamd[11873]: 
/var/amavis/amavis-20040325T104422-11686/parts/part-2: Yaha.P FOUND

For this you need "LogSyslog" enabled in /etc/clamav/clamav.conf, though
I don't know if clamscan also writes to syslog if you're using this,
clamd does.

As we now know, what the string we're searching looks like, it's just a
little sed, grep, sort:

grep FOUND /var/log/messages \
| cut -d ":" -f 5 \
| sed -e "s/\ FOUND//" \
| sort \
| uniq -c \
| sort -r

This gives us the following output (yes, no percentages, one might hack
that into it):

   9353  Worm.SomeFool.Gen-1
   3647  Worm.SomeFool.P
   2312  Worm.SomeFool.Gen-2
912  Worm.Sober.D
521  Worm.Dumaru.A
174  Worm.SomeFool.I
 55  Worm.Mydoom.F
 53  Worm.Dumaru.K
 39  Worm.Dumaru.Y
 35  Worm.Bagle.Gen-zippwd
 23  Worm.Bagle.Gen-1
 [...]

HTH,

Ralph
-- 
Ralph [EMAIL PROTECTED] | .."Text processing has made it possible
Bayerischer Rundfunk...HA-Multimedia | to right-justify any idea, even one
Rundfunkplatz 180300 MÃnchen | .which cannot be justified on any other
089 5900 16023.. | .grounds." -- J. Finnegan, USC.


pgp0.pgp
Description: PGP signature

[Clamav-users] Clamav-milter does not send failure message

2004-03-25 Thread Elv 
Hi! 

I start clamav-milter with options: 

clamav-milter --force-scan --noxheader
--quarantine-dir=/usr/local/share/clamav/infected --postmaster=virus
--postmaster-only --noreject --headers --max-children=20
local:/var/run/clamav/clmilter.sock 

After starting it send failure message to user virus some time, but then
unexpectedly ceases to send. Log file records show that viruses are
found: 

Thu Mar 25 11:10:13 2004 -> /usr/local/share/clamav/infected/msg.xpk210:
Worm.SomeFool.Gen-1 FOUND 
Thu Mar 25 11:11:01 2004 -> /usr/local/share/clamav/infected/msg.Lpz7Ea:
Worm.SomeFool.Gen-1 FOUND 
Thu Mar 25 11:11:02 2004 -> /usr/local/share/clamav/infected/msg.bomlJR:
Worm.SomeFool.Gen-1 FOUND 
Thu Mar 25 11:12:22 2004 -> SelfCheck: Database status OK. 
Thu Mar 25 11:12:23 2004 -> /usr/local/share/clamav/infected/msg.rX1Zbt:
Worm.SomeFool.Gen-1 FOUND 
Thu Mar 25 11:14:43 2004 -> /usr/local/share/clamav/infected/msg.731DXL:
Worm.SomeFool.P FOUND 
Thu Mar 25 11:16:14 2004 -> /usr/local/share/clamav/infected/msg.zixBKg:
Worm.SomeFool.Gen-1 FOUND 
Thu Mar 25 11:16:24 2004 -> /usr/local/share/clamav/infected/msg.c6f9ki:
Worm.SomeFool.Gen-1 FOUND 


ClamAV version devel-20040324, clamav-milter version 0.70a 
clamd / ClamAV version devel-20040324 



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] RE: memory leak?

2004-03-25 Thread Trog 
On Thu, 2004-03-25 at 02:52, Kelsey Cummings wrote:
> On Tue, Mar 23, 2004 at 03:17:11PM -0500, Jesse Guardiani wrote:
> > Lucas Albers wrote:
> > 
> > > I'm a bit hesitant of upgrading to .68 or .70-rc if it appears to have a
> > > memory leak. At what point can the developers say:
> > > "this x release does not have a memory leak."
> > 
> > :) Never, or about 2 years after the software is released and has run on
> > virtually every machine known to man. That's my experience with C anyway.
> 
> Well, there are little leaks and BIG leaks.  This is a severe leak
> resulting in over 1GB used in 10 hours or so.
> 
> Any comments from our truly wonderful devs?

Well, you appear to be the only one seeing a leak. We (the devs) do
check for memory leaks quite frequently, and so are pretty sure there
are no big leaks.

It could be a leak in your libc, or some other library.

I would suggest you use valgrind to check for were the leak is.

-trog



signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread Dilip M 
On Thu, 25 Mar 2004 15:33:39 +0700, Fajar A. Nugraha <[EMAIL PROTECTED]> 
wrote:

Bo-Lina teknisk support wrote:

Neither of these link's work.


I downloaded the programs. It worked, but then I got these :

The web site you are trying to access has exceeded its allocated data 
transfer.
Visit our help area  for more 
information.Access to this site will be restored within an hour. Please 
try again later.

I have
# rpm -qa|grep clam
clamav-0.67-1
clamav-devel-0.67-1

# exim -bV
Exim version 4.30 #1 built 10-Mar-2004 12:35:24
Copyright (c) University of Cambridge 2003
Berkeley DB: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001)
Support for: iconv() OpenSSL
Lookups: lsearch wildlsearch nwildlsearch dbm dmbnz mysql
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Contains exiscan-acl patch revision 14 (c) Tom Kistner 
[http://duncanthrax.net/exiscan/]
Configuration file is /etc/exim/exim.conf
---
How can i get this work my side ?

-Dilip

--
I was born intelligent  education ruined me.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ClamAV missing 100% of "Worm.SomeFool.Gen-1"

2004-03-25 Thread Stuart Mycock 

waited a bit, and another "Worm.SomeFool.Gen-1" snuck thru ...
Are these messages that get through bounced delivery reports by any chance?

I think there is an issue with defanging on the current cgpav that means 
it doesn't treat certain types of bounce messages properly before 
passing them to clamd.

Stuart.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread Fajar A. Nugraha 
Bo-Lina teknisk support wrote:

Neither of these link's work.

 

I downloaded the programs. It worked, but then I got these :

The web site you are trying to access has exceeded its allocated data 
transfer.
Visit our help area  for more 
information.Access to this site will be restored within an hour. Please 
try again later.

Yahoo/geocities is really NOT the place to put public files :)



Dear all,
   I have created a small application that allows the creation of a
report based on the email virus report that Clamav sends out. 

Just a suggestion, try putting a little more documentation on how this 
program works.
It asks for pop3 username and password (whose?).
Shouldn't it be asking for log file locations?
As I can't access your site anymore, I can't get any information about it.

It can
generate report based on the virus name, virus sender and virus recipient.
It also has a user interface that allows for a user to manipulate the data.
A sample screen is at
http://www.geocities.com/synasir/emailavlog.jpg

 

Great screenshot. Unfortunately I can't get it to work like that.

This is emailware. 

You're entitled to use whatever licensing you like.
But since clamav itself is OpenSource (GPL), you should really
consider using GPL.
If you're interested, I could provide a space on clamav.or.id for
*open-source* clamav-related tools. Unlimited bandwitdh.
Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread [EMAIL PROTECTED] 
This site hosting the file seems be be over the limit. Anyone else have
some extra space to host the file. Thanks.

Original Message:
-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 02:50:50 -0500
To: [EMAIL PROTECTED]
Subject: RE: [Clamav-users] Application to generate CLAMAV report


Hi there,
 You have to configure the CLAMAV milter for it to be able to send
the report. See "man clamav-milter". Configure it so that it sends the
email report to an email address and use that email address for the
emailavlog configuration. Sorry, I am not of much help as I did not install
CLAMAV myself. I just go the installer to configure CLAMAV to sent the
email report to me. Hope this helps.

Syed Nasir


Original Message:
-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 01:35:45 -0500
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Application to generate CLAMAV report


Dear all,
 I have created a small application that allows the creation of a
report based on the email virus report that Clamav sends out. It can
generate report based on the virus name, virus sender and virus recipient.
It also has a user interface that allows for a user to manipulate the data.
A sample screen is at 

http://www.geocities.com/synasir/emailavlog.jpg

A sample report is below.

--- VIRUS NAME---  
Worm.SomeFool.Gen-1 ,1084,47.17%  Worm.SomeFool.P ,771,33.55% 
Worm.SomeFool.Gen-2 ,121,5.27%  Worm.Bagle.Gen-zippwd ,103,4.48% 
Worm.SCO.A ,67,2.92%  JS.Spam.Scramble.A-mail ,48,2.09%  Worm.Mydoom.F
,32,1.39%  Worm.SomeFool.I ,18,.78%  Trojan.Dropper.C ,16,.7% 
Worm.Bagle.Gen-1 ,15,.65%  Worm.Bagle.P ,6,.26%  Worm.Klez.H ,5,.22% 
Worm.Bagle.Gen-zippwd-2 ,3,.13%  JS.Spam.Scramble.A ,2,.09%  Worm.Nyxem
,2,.09%  Exploit.HTML.Bagle.Gen-3-eml ,1,.04%  Exploit.HTML.Bagle.Gen-4-eml
,1,.04%  JS.FortNight.M ,1,.04%
 Worm.Mydoom.G ,1,.04% 

If you are interested, please get it at
http://www.geocities.com/synasir/emailavlog.zip (about 2 MB)

This is emailware. If you are using it, please send me an email at
[EMAIL PROTECTED]

Don’t forget to send me an email if you are using it.


Thanks.



mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&opªick
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&opªick
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread [EMAIL PROTECTED] 
Please try again. Maybe the site is busy.

Original Message:
-
From: Bo-Lina teknisk support [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 08:34:25 +0100
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Application to generate CLAMAV report


Neither of these link's work.


- Original Message - 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 25, 2004 7:35 AM
Subject: [Clamav-users] Application to generate CLAMAV report


Dear all,
I have created a small application that allows the creation of a
report based on the email virus report that Clamav sends out. It can
generate report based on the virus name, virus sender and virus recipient.
It also has a user interface that allows for a user to manipulate the data.
A sample screen is at

http://www.geocities.com/synasir/emailavlog.jpg

A sample report is below.

--- VIRUS NAME--- 
Worm.SomeFool.Gen-1 ,1084,47.17%  Worm.SomeFool.P ,771,33.55%
Worm.SomeFool.Gen-2 ,121,5.27%  Worm.Bagle.Gen-zippwd ,103,4.48%
Worm.SCO.A ,67,2.92%  JS.Spam.Scramble.A-mail ,48,2.09%  Worm.Mydoom.F
,32,1.39%  Worm.SomeFool.I ,18,.78%  Trojan.Dropper.C ,16,.7%
Worm.Bagle.Gen-1 ,15,.65%  Worm.Bagle.P ,6,.26%  Worm.Klez.H ,5,.22%
Worm.Bagle.Gen-zippwd-2 ,3,.13%  JS.Spam.Scramble.A ,2,.09%  Worm.Nyxem
,2,.09%  Exploit.HTML.Bagle.Gen-3-eml ,1,.04%  Exploit.HTML.Bagle.Gen-4-eml
,1,.04%  JS.FortNight.M ,1,.04%
 Worm.Mydoom.G ,1,.04%

If you are interested, please get it at
http://www.geocities.com/synasir/emailavlog.zip (about 2 MB)

This is emailware. If you are using it, please send me an email at
[EMAIL PROTECTED]

Don't forget to send me an email if you are using it.


Thanks.



mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Application to generate CLAMAV report

2004-03-25 Thread [EMAIL PROTECTED] 
Hi there,
 You have to configure the CLAMAV milter for it to be able to send
the report. See "man clamav-milter". Configure it so that it sends the
email report to an email address and use that email address for the
emailavlog configuration. Sorry, I am not of much help as I did not install
CLAMAV myself. I just go the installer to configure CLAMAV to sent the
email report to me. Hope this helps.

Syed Nasir


Original Message:
-
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Thu, 25 Mar 2004 01:35:45 -0500
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Application to generate CLAMAV report


Dear all,
 I have created a small application that allows the creation of a
report based on the email virus report that Clamav sends out. It can
generate report based on the virus name, virus sender and virus recipient.
It also has a user interface that allows for a user to manipulate the data.
A sample screen is at 

http://www.geocities.com/synasir/emailavlog.jpg

A sample report is below.

--- VIRUS NAME---  
Worm.SomeFool.Gen-1 ,1084,47.17%  Worm.SomeFool.P ,771,33.55% 
Worm.SomeFool.Gen-2 ,121,5.27%  Worm.Bagle.Gen-zippwd ,103,4.48% 
Worm.SCO.A ,67,2.92%  JS.Spam.Scramble.A-mail ,48,2.09%  Worm.Mydoom.F
,32,1.39%  Worm.SomeFool.I ,18,.78%  Trojan.Dropper.C ,16,.7% 
Worm.Bagle.Gen-1 ,15,.65%  Worm.Bagle.P ,6,.26%  Worm.Klez.H ,5,.22% 
Worm.Bagle.Gen-zippwd-2 ,3,.13%  JS.Spam.Scramble.A ,2,.09%  Worm.Nyxem
,2,.09%  Exploit.HTML.Bagle.Gen-3-eml ,1,.04%  Exploit.HTML.Bagle.Gen-4-eml
,1,.04%  JS.FortNight.M ,1,.04%
 Worm.Mydoom.G ,1,.04% 

If you are interested, please get it at
http://www.geocities.com/synasir/emailavlog.zip (about 2 MB)

This is emailware. If you are using it, please send me an email at
[EMAIL PROTECTED]

Don’t forget to send me an email if you are using it.


Thanks.



mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&opªick
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users