Re: [Clamav-users] Dumb Q about clamd & freshclam
Odhiambo Washington wrote: Yes, but it will be slower. Depends on SelfCheck interval (at least this is true for older versions). Strangely enough, NotifyClamd is NOT on the default clamav.conf on latest CVS snapshot (not even "present but commented out" like LogTime). I guess it's on by default now. NotifyClamd is part of freshclam.conf Aaah , my bad :) Still, every SelfCheck seconds clamd checks the db files. If it has changed, clamd reloads it. Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] error building Mail::ClamAV perl module
Eperez wrote: here is the output of the compiling process ideas? [snip] Starting "perl Makefile.PL" Stage Note (probably harmless): No library found for -lclamav error #1 : you must have clamav installed first ClamAV.xs:11:20: clamav.h: No such file or directory make[1]: *** [ClamAV.o] Error 1 error #2 : don't know about this one. I install clamav from latest CVS source, then perl -MCPAN -e shell install Inline::MakeMaker install Mail::ClamAV Done. Using perl 5.8.3 on Fedora Core2 test2 Regards, Fajar -- Don't use GIF. Use PNG instead http://www.gnu.org/philosophy/gif.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Dumb Q about clamd & freshclam
* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040331 08:36]: wrote: > Odhiambo Washington wrote: > > >* russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote: > > > > > >>On Tue, 2004-03-30 at 20:28, Tim B wrote: > >> > >> > >> > >>>When using clamd, and freshclam, and new virus list comes out, do I have > >>>to restart or reload clamd to recognize the new definitions or does it > >>>do it automatically? > >>> > >>> > >>It does it automatically. > >> > >> > > > >Even when NotifyClamd is not enabled in freshclam.conf? > > > > > > > Yes, but it will be slower. Depends on SelfCheck interval (at least this > is true for older versions). > Strangely enough, NotifyClamd is NOT on the default clamav.conf on > latest CVS snapshot (not even "present but commented out" like LogTime). > I guess it's on by default now. NotifyClamd is part of freshclam.conf cheers - wash +--+-+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +-+--+ "Oh My God! They killed init! You Bastards!" --from a /. post --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] error building Mail::ClamAV perl module
here is the output of the compiling process ideas? **BEGIN COMPILATION [EMAIL PROTECTED] mailscanner]# perl -MCPAN -e shell cpan shell -- CPAN exploration and modules installation (v1.59_54) ReadLine support available (try 'install Bundle::CPAN') cpan> install Mail::ClamAV CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Database was generated on Tue, 30 Mar 2004 19:51:00 GMT Running install for module Mail::ClamAV Running make for S/SA/SABECK/Mail-ClamAV-0.06.tar.gz CPAN: MD5 security checks disabled because MD5 not installed. Please consider installing the MD5 module. Scanning cache /root/.cpan/build for sizes CPAN: Compress::Zlib loaded ok Mail-ClamAV-0.06/ Mail-ClamAV-0.06/t/ Mail-ClamAV-0.06/t/virus.eml Mail-ClamAV-0.06/t/Mail-ClamAV.t Mail-ClamAV-0.06/README Mail-ClamAV-0.06/ClamAV.pm Mail-ClamAV-0.06/config.pl Mail-ClamAV-0.06/Changes Mail-ClamAV-0.06/Makefile.PL Mail-ClamAV-0.06/ppport.h Mail-ClamAV-0.06/META.yml Mail-ClamAV-0.06/INSTALL Mail-ClamAV-0.06/MANIFEST Removing previously used /root/.cpan/build/Mail-ClamAV-0.06 CPAN.pm: Going to build S/SA/SABECK/Mail-ClamAV-0.06.tar.gz Checking if your kit is complete... Looks good Note (probably harmless): No library found for -lclamav Writing Makefile for Mail::ClamAV cp ClamAV.pm blib/lib/Mail/ClamAV.pm /usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.06 blib/arch Using /root/.cpan/build/Mail-ClamAV-0.06/blib Starting Build Prepocess Stage Finished Build Prepocess Stage Starting Build Parse Stage Finished Build Parse Stage Starting Build Glue 1 Stage Finished Build Glue 1 Stage Starting Build Glue 2 Stage Finished Build Glue 2 Stage Starting Build Glue 3 Stage Finished Build Glue 3 Stage Starting Build Compile Stage Starting "perl Makefile.PL" Stage Note (probably harmless): No library found for -lclamav Writing Makefile for Mail::ClamAV Finished "perl Makefile.PL" Stage Starting "make" Stage make[1]: Entering directory `/root/.cpan/build/Mail-ClamAV-0.06/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.6.1/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.6.1/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/root/.cpan/build/Mail-ClamAV-0.06 -I/usr/include -fno-strict-aliasing -I/usr/local/include -g -DVERSION=\"0.06\" -DXS_VERSION=\"0.06\" -fPIC "-I/usr/lib/perl5/5.6.1/i386-linux/CORE" ClamAV.c ClamAV.xs:11:20: clamav.h: No such file or directory make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.06/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /root/.cpan/build/Mail-ClamAV-0.06/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /root/.cpan/build/Mail-ClamAV-0.06/blib/lib/Mail/ClamAV.pm line 147 BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.06/blib/lib/Mail/ClamAV.pm line 420. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 /usr/bin/make -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible cpan> **END COMPILATION Mensaje Original De: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Asunto: Re: [Clamav-users] error building Mail::ClamAV perl module Fecha: 31/03/04 12:27 AM > > Eperez wrote: > > >whre can i find the libclam library > > > By installing clamav :) > I assume you meant libclamav ? > > Try rpm packages or http://www.clamav.or.id > > Regards, > > Fajar > -- > Please avoid sending me Microsoft Office attachments. > See http://www.newsforge.com/software/04/03/27/0134204.shtml > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > > > > > > > > > -- > Este mensaje ha sido analizado por MailScanner > en busca de virus y otros contenidos peligrosos, > y se considera que está limpio. > MailScanner provisto por http://www.bansoft.net > > > > ___ Enviado a traves de Vision Panama (www.visionpanama.com) -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. MailScanner provisto por http://www.bansoft.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel
Re: [Clamav-users] error building Mail::ClamAV perl module
Eperez wrote: whre can i find the libclam library By installing clamav :) I assume you meant libclamav ? Try rpm packages or http://www.clamav.or.id Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Dumb Q about clamd & freshclam
Odhiambo Washington wrote: * russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote: On Tue, 2004-03-30 at 20:28, Tim B wrote: When using clamd, and freshclam, and new virus list comes out, do I have to restart or reload clamd to recognize the new definitions or does it do it automatically? It does it automatically. Even when NotifyClamd is not enabled in freshclam.conf? Yes, but it will be slower. Depends on SelfCheck interval (at least this is true for older versions). Strangely enough, NotifyClamd is NOT on the default clamav.conf on latest CVS snapshot (not even "present but commented out" like LogTime). I guess it's on by default now. Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.fsf.org/philosophy/no-word-attachments.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Dumb Q about clamd & freshclam
* russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote: > On Tue, 2004-03-30 at 20:28, Tim B wrote: > > > When using clamd, and freshclam, and new virus list comes out, do I have > > to restart or reload clamd to recognize the new definitions or does it > > do it automatically? > > It does it automatically. Even when NotifyClamd is not enabled in freshclam.conf? cheers - wash +--+-+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +-+--+ "Oh My God! They killed init! You Bastards!" --from a /. post --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] error building Mail::ClamAV perl module
whre can i find the libclam library so i can succesfully biul mail::clamav thanks, erick. ___ Enviado a traves de Vision Panama (www.visionpanama.com) -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. MailScanner provisto por http://www.bansoft.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Dumb Q about clamd & freshclam
russ wrote: On Tue, 2004-03-30 at 20:28, Tim B wrote: When using clamd, and freshclam, and new virus list comes out, do I have to restart or reload clamd to recognize the new definitions or does it do it automatically? It does it automatically. Thanks! --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1
Miles Davis wrote: On Thu, Mar 25, 2004 at 06:11:05PM -0800, Todd Lyons wrote: On Thu, 2004-03-25 at 08:36, Claudio Alonso wrote: Hi, Yesterday I installed clamav-0.70rc-1 from rpm on my RedHat 9.0 (kernel 2.4.20-30.9) and started clamd just to test it's current stability The computer was on all night and today I found the following in the rotated logs: Thu Mar 25 04:02:33 2004 -> No stats for Database check - forcing reload Thu Mar 25 04:02:35 2004 -> Reading databases from /var/lib/clamav Thu Mar 25 04:02:36 2004 -> Segmentation fault :-( Bye.. I've been looking in the archives and found some segmentation problems with this version but I'm not using milter and my logs don't refer to any "accept() failed" nor "pthread_create failed" (nor in this log nor in the previous before rotate, which only shows "SIGHUP caught: re-opening log file." before rotate. You probably saw some of my issues. I'm using RH 9.0 as well and have problems with spamd SegFaulting. I personally think it's pthread related, but have zero data to back it up. On my system, clamd handles 20K or 30K messages in about 12 hours and then dies. I upgraded to 0.70 cvs on Tuesday. clamd stopped segfaulting, but would lock up and clamav-milter would then die. I've had to disable it until I figure out what to do to make it stable. I'd love to figure out what's causing this. Blue skies... Todd My case is perhaps unrelated, but I thought I share it anyway. I've been developing a virutual server system using UML. It wroked great with kernel 2.4, then I started experimenting kernel 2.6 for UML. First case : bind tools failed (host, named, nslookup, etc.) IT was apparently pthread problem. It works fine without --enable pthread. Next case, clamav. clamscan is OK, but clamd and clamav-milter keep segfault-ing. I didn't find any pthread-related error on the logs, but AFAIK those are the two clamav programs that uses pthread. This time, however, instead of using --disable-pthreads, I decided to use static linux builds from http://clamav.or.id. It works flawlessly. Bottom line, as a work-around try disabling pthreads or use static build. Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] tons of Worm.SomeFool
I have tons of email attachments being detected as Worm.Somefool. what is this? Thanks, erick. ___ Enviado a traves de Vision Panama (www.visionpanama.com) -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. MailScanner provisto por http://www.bansoft.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Dumb Q about clamd & freshclam
On Tue, 2004-03-30 at 20:28, Tim B wrote: > When using clamd, and freshclam, and new virus list comes out, do I have > to restart or reload clamd to recognize the new definitions or does it > do it automatically? It does it automatically. -- Russel Oliver [EMAIL PROTECTED] http://www.techsane.com --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ThreadTimeout option gone [2]?
Another update : - seems it only happens non-Linux (OSF, Solaris, AIX) build - Freshclam also behaves incorectly (See change from "signal 14, wake up" to "signal 14, terminating"). No change on freshclam.conf (Checks 12). All runing the latest snapshot for that day. -- Received signal 14, wake up ClamAV update process started at Mon Mar 29 03:15:13 2004 main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 219, sigs: 651, f-level: 1, builder: ccordes) -- -- ClamAV update process started at Mon Mar 29 05:15:04 2004 main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 219, sigs: 651, f-level: 1, builder: ccordes) -- freshclam daemon started (pid=10346) ClamAV update process started at Mon Mar 29 05:15:16 2004 main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 219, sigs: 651, f-level: 1, builder: ccordes) -- Received signal 14, terminating -- ClamAV update process started at Tue Mar 30 05:15:02 2004 main.cvd updated (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd updated (version: 224, sigs: 411, f-level: 1, builder: tkojm) Database updated (20640 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. -- freshclam daemon started (pid=11749) ClamAV update process started at Tue Mar 30 05:15:14 2004 main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 224, sigs: 411, f-level: 1, builder: tkojm) -- Received signal 14, terminating -- ClamAV update process started at Wed Mar 31 05:15:03 2004 main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 227, sigs: 428, f-level: 1, builder: diego) -- freshclam daemon started (pid=19654) ClamAV update process started at Wed Mar 31 05:15:18 2004 main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 227, sigs: 428, f-level: 1, builder: diego) -- Received signal 14, terminating -- freshclam daemon started (pid=12576) ClamAV update process started at Wed Mar 31 10:01:54 2004 main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd updated (version: 228, sigs: 441, f-level: 1, builder: ccordes) Database updated (20670 signatures) from clamav.antispam.or.id (202.134.0.71). Clamd successfully notified about the update. -- Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1
On Thu, Mar 25, 2004 at 06:11:05PM -0800, Todd Lyons wrote: > On Thu, 2004-03-25 at 08:36, Claudio Alonso wrote: > > Hi, > > Yesterday I installed clamav-0.70rc-1 from rpm on my RedHat 9.0 (kernel > > 2.4.20-30.9) and started > > clamd just to test it's current stability > > The computer was on all night and today I found the following in the rotated logs: > > Thu Mar 25 04:02:33 2004 -> No stats for Database check - forcing reload > > Thu Mar 25 04:02:35 2004 -> Reading databases from /var/lib/clamav > > Thu Mar 25 04:02:36 2004 -> Segmentation fault :-( Bye.. > > I've been looking in the archives and found some segmentation problems with this > > version but I'm > > not using milter and my logs don't refer to any "accept() failed" nor > > "pthread_create failed" (nor > > in this log nor in the previous before rotate, which only shows "SIGHUP caught: > > re-opening log > > file." before rotate. > > You probably saw some of my issues. I'm using RH 9.0 as well and have > problems with spamd SegFaulting. I personally think it's pthread > related, but have zero data to back it up. On my system, clamd handles > 20K or 30K messages in about 12 hours and then dies. I upgraded to 0.70 > cvs on Tuesday. clamd stopped segfaulting, but would lock up and > clamav-milter would then die. I've had to disable it until I figure out > what to do to make it stable. > > I'd love to figure out what's causing this. > > Blue skies... Todd > Hi Todd, Have you ever made any progress with your problem? I'm pretty sure I'm hitting the same thing; 0.70rc, RH 9, though I'm using exim with the exiscan patch instead of sendmail. Clamd will run for anywhere from 1 minute to an hour and segfault. I tried setting the LD_ASSUME_KERNEL env var as I saw in one of your previous posts, but now clamd seems to lock up after a while instead of segfaulting -- not sure if you were still using LD_ASSUME_KERNEL when you described the same thing above. Attached is debug output from two different runs when clamd segfaulted. -- // Miles Davis - [EMAIL PROTECTED] - http://www.cs.stanford.edu/~miles // Computer Science Department - Computer Facilities // Stanford University LibClamAV debug: Scanning /var/spool/exim/scan/1B8TC0-0004fo-DJ/1B8TC0-0004fo-DJ.eml LibClamAV debug: Recognized Raw mail file LibClamAV debug: Starting cli_scanmail() LibClamAV debug: in mbox() LibClamAV debug: Deal with header Received: from smtp2.stanford.edu ([171.67.16.116]) LibClamAV debug: parseEmailHeader 'Received: from smtp2.stanford.edu ([171.67.16.116])' LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from smtp2.stanford.edu ([171.67.16.116])' LibClamAV debug: Discarding unwanted argument 'by cs1.Stanford.EDU with esmtp (Exim 4.30)' LibClamAV debug: Discarding unwanted argument 'id 1B8TC0-0004fo-DJ' LibClamAV debug: Discarding unwanted argument 'Tue, 30 Mar 2004 16' LibClamAV debug: Discarding unwanted argument '02' LibClamAV debug: Discarding unwanted argument '52 -0800' LibClamAV debug: Deal with header Received: from bases.Stanford.EDU (bases.Stanford.EDU [171.64.94.131]) LibClamAV debug: parseEmailHeader 'Received: from bases.Stanford.EDU (bases.Stanford.EDU [171.64.94.131])' LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from bases.Stanford.EDU (bases.Stanford.EDU [171.64.94.131])' LibClamAV debug: Discarding unwanted argument 'by smtp2.Stanford.EDU (8.12.11/8.12.11) with ESMTP id i2U3mwEE002022' LibClamAV debug: Discarding unwanted argument 'Mon, 29 Mar 2004 19:48:58 -0800' LibClamAV debug: Deal with header Received: from smtp3.Stanford.EDU (smtp3.Stanford.EDU [171.67.16.117]) LibClamAV debug: parseEmailHeader 'Received: from smtp3.Stanford.EDU (smtp3.Stanford.EDU [171.67.16.117])' LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from smtp3.Stanford.EDU (smtp3.Stanford.EDU [171.67.16.117])' LibClamAV debug: Discarding unwanted argument 'by bases.Stanford.EDU (8.11.6/8.11.6) with ESMTP id i2U3mcD20284' LibClamAV debug: Discarding unwanted argument 'Mon, 29 Mar 2004 19:48:39 -0800' LibClamAV debug: Deal with header Received: from bases-lists.stanford.edu (bases-lists.Stanford.EDU [171.64.94.132]) LibClamAV debug: parseEmailHeader 'Received: from bases-lists.stanford.edu (bases-lists.Stanford.EDU [171.64.94.132])' LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from bases-lists.stanford.edu (bases-lists.Stanford.EDU [171.64.94.132])' LibClamAV debug: Discarding unwanted argument 'by smtp3.Stanford.EDU (8.12.11/8.12.11) with ESMTP id i2U3mkbm011979' LibClamAV debug: Discarding unwanted argument 'Mon, 29 Mar 2004 19:48:46 -0800' LibClamAV debug: Deal with header Received: from bases-lists.stanford.edu (localhost.localdomain [127.0.0.1]) LibClamAV debug: parseEmailHeader 'Received: from bases-lists.stanford.edu (localhost.localdomain [12
[Clamav-users] ThreadTimeout option gone?
bash-2.03# /usr/local/sbin/clamd ERROR: Parse error at line 71: Unknown option ThreadTimeout. ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf bash-2.03# clamd -V clamd / ClamAV version devel-20040331 Am I missing something? It works fine on previous builds. Looking at ChangeLog : Tue Mar 30 08:40:10 BST 2004 (trog) --- * clamav.conf, shared/cfgparser.c: recognise ReadTimeout option Perhaps the changes on ReadTimeout somehow disables ThreadTimeout? Regards, Fajar -- Don't use GIF. Use PNG instead http://www.gnu.org/philosophy/gif.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-devel -- clamav-milter -- build errors on Linux
Hi, FYI, in the past two days clamav-devel has failed to build on Fedora if you enable milter. gcc -DHAVE_CONFIG_H -DSENDMAIL_BIN=\"/usr/sbin/sendmail\" -I. -I. -I.. -I../clamd -I../libclamav -I../shared -I../clamscan-g -O2 -c `test -f 'clamav-milter.c' || echo './'`clamav-milter.c clamav-milter.c:496:21: cfgfile.h: No such file or directory clamav-milter.c: In function `main': clamav-milter.c:977: warning: assignment makes pointer from integer without a cast [EMAIL PROTECTED] clamav]# rpm -qa | grep -i sendmail sendmail-cf-8.12.11-4 sendmail-8.12.11-4 sendmail-devel-8.12.11-4 last succesful build with milter : clamd / ClamAV version devel-20040329 Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Dumb Q about clamd & freshclam
I can't seem to find a definate yes or no anywhere, so I figured I'd ask here. When using clamd, and freshclam, and new virus list comes out, do I have to restart or reload clamd to recognize the new definitions or does it do it automatically? --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: rarlib question
Tomasz Kojm wrote: > On Tue, 30 Mar 2004 15:00:50 +0300 > Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote: > >> On Tue, 30 Mar 2004 15:43:24 +0500 >> Sergey <[EMAIL PROTECTED]> wrote: >> >> > And more: >> > "Due to security reasons clamd only scans archives supported by >> > libclamav and can't use external programs" >> what about unrar from freebsd ports? could developers include some >> code from unrarsrc-3.x.xm for rar v3 support? > > Unfortunately the license of unrar-3 conflicts with the GPL. I still don't understand what the big deal is with calling external unpacking programs. Security risk? How? qmail-scanner does it. And you don't have to enable it by default. And all of these silly rar memory leak and licensing issues would evaporate. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Freshclam daemon dying
Hi, Bill Maidment wrote: I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get this response ClamAV update process started at Tue Mar 30 08:46:36 2004 SelfCheck: Database status OK. ERROR: Maximal time (1200 seconds) reached. Then the freshclam daemon died. Anyone else come acroos this sort of behaviour? Not that specific entry in the logs but freshclam does die on me about once every week or two. Happens on 5 or 6 different boxes too, some running Slackware 9.1, some running FreeBSD 4.8, some running older version of Slackware. I've gone to running freshclam from cron instead of a daemon myself now. Regards, Rick --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Deferred=451 4.7.1 Please try again later - HELP
Joe Maimon wrote: From the maillog: dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later Any ideas, anyone? (The latest tarball had issues during the make, so I could not get it installed) In my case this is directly due to large emails. Also that above message means that clamd is no longer listening to clamav-milter. Long answer, stuff that I found 1) clamav-milter does not respect the options in clamav.conf for StreamMaxLength. clamd is the program which does. It respects it by. 2) clamd does not scan anything if the stream is larger than StreamMaxLength - sizeof(buff). In my book thats a bug. It should read up to the max. It might be wiser to a) make clamav-milter respect MaxStreamLength and also make clamd actualy go up to StreamMaxLength b) scan whatever we got prior to exceeding StreamMaxLength, which is probaly easier to do once you do (a) than current behavior. I have been playing with making a patch to do this. Disclaimer: I am a clamav newbie, someone else probaly has a much better handle on this. Joe Anyone care to try these? fresh from the oven. barely tested. Joe --- clamav-0.70-rc/clamav-milter/clamav-milter.cMon Mar 15 15:03:13 2004 +++ clamav-0.70-rc-jm/clamav-milter/clamav-milter.c Tue Mar 30 18:29:39 2004 @@ -566,6 +566,7 @@ char*filename; /* Where to store the message in quarantine */ u_char *body; /* body of the message if Sflag is set */ size_t bodyLen;/* number of bytes in body */ + size_t nWritten; /* number of bytes we have written */ header_list_t headers; /* Message headers */ }; @@ -1914,17 +1915,14 @@ clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len) { struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx); + struct cfgstruct *cpt = NULL; + size_t sendlen = 0; if(logVerbose) syslog(LOG_DEBUG, "clamfi_envbody: %u bytes", len); #ifdef CL_DEBUG printf("clamfi_envbody: %u bytes\n", len); #endif - - if(clamfi_send(privdata, len, (char *)bodyp) < 0) { - clamfi_cleanup(ctx); - return cl_error; - } if(Sflag) { if(privdata->body) { assert(privdata->bodyLen > 0); @@ -1938,6 +1936,41 @@ privdata->bodyLen = len; } } + + if((!quarantine_dir) + && (cpt = cfgopt(copt, "StreamMaxLength")) + && cpt->numarg < (len + privdata->nWritten) + ){ + sendlen = (cpt->numarg - privdata->nWritten); + if(use_syslog && privdata->nWritten != cpt->numarg){ + char buf[1024]; + strncpy(buf,privdata->from,sizeof(buf)); + syslog(LOG_INFO,"Stream from %s size exceeded max of %u , already wrote %u, will write %u more instead of len %u", + buf, + cpt->numarg, + privdata->nWritten, + sendlen, + len); + } + } + else { + sendlen = len; + } + + if(!sendlen) + return SMFIS_CONTINUE; + + + if(sendlen && (clamfi_send(privdata, sendlen, (char *)bodyp) < 0)) { + clamfi_cleanup(ctx); + return cl_error; + }else + { + if(sendlen) + privdata->nWritten += sendlen; + } + + return SMFIS_CONTINUE; } @@ -2389,6 +2422,7 @@ printf("clamfi_send: len=%u bufsiz=%u\n", len, sizeof(output)); #endif + errno = 0; while(len > 0) { const int nbytes = (quarantine_dir) ? write(privdata->dataSocket, ptr, len) : @@ -2400,7 +2434,8 @@ perror("send"); checkClamd(); if(use_syslog) - syslog(LOG_ERR, "write failure to clamd"); + syslog(LOG_ERR, "write failure to clamd, nbytes: %d, quarantine_dir: %s, error: %s", + nbytes, quarantine_dir, strerror(errno) ); return -1; } --- clamav-0.70-rc/clamd/scanner.c Mon Mar 15 15:03:12 2004 +++ clamav-0.70-rc-jm/clamd/scanner.c Tue Mar 30 18:28:29 2004 @@ -186,7 +186,7 @@ int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, const struct cfgstruct *copt) { - int ret, portscan = CL_DEFAULT_MAXPORTSCAN, sockfd, port, acceptd, tmpd, bread, retval; + int ret, portscan = CL_DEFAULT_MAXPORTSCAN, sockfd, port, acceptd, tmpd, bread, btread, retval; long int size = 0, maxsize = 0; short bo
Re: [Clamav-users] Freshclam daemon dying
Bill Maidment wrote: Hi I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get this response ClamAV update process started at Tue Mar 30 08:46:36 2004 SelfCheck: Database status OK. ERROR: Maximal time (1200 seconds) reached. Then the freshclam daemon died. Anyone else come acroos this sort of behaviour? Cheers Bill I just noticed the same on one of my boxes running 0.70-rc: -- Received signal 14, wake up ClamAV update process started at Tue Mar 30 11:42:58 2004 main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) ERROR: Maximal time (1200 seconds) reached. -- freshclam daemon started (pid=2216) ClamAV update process started at Tue Mar 30 18:05:54 2004 main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd updated (version: 227, sigs: 428, f-level: 1, builder: diego) Database updated (20657 signatures) from database.clamav.net (152.66.249.132). Clamd successfully notified about the update. -- Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam daemon dying
Hi I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get this response ClamAV update process started at Tue Mar 30 08:46:36 2004 SelfCheck: Database status OK. ERROR: Maximal time (1200 seconds) reached. Then the freshclam daemon died. Anyone else come acroos this sort of behaviour? Cheers Bill
Re: [Clamav-users] Deferred=451 4.7.1 Please try again later - HELP
Jaap Scholten wrote: Joe Maimon wrote: Joe Maimon wrote: I have been having the same as well. I added some more verbosity into the syslog statement and got this logged write failure to clamd, nbytes: -1, quarantine_dir: (null), error: Bad file descriptor Any ideas? OK I think I know what the problem is. Large attachments. this got logged in my clamav syslog - I probaly turned on debugging or something ScanStream: Size exceeded (stopped at 10453272, max: 10485760 I also grabbed one of the continually tempfailed emails. 11M attachment. Just found StreamMaxLength 10M config option I have been getting this since upgrading to 0.70. It is driving me insane (and my clients too) I have checked streamlength, and all is as before (0.67). I get this only from some clients who smarthost off me. Using sendmail. From the maillog: dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later Any ideas, anyone? (The latest tarball had issues during the make, so I could not get it installed) In my case this is directly due to large emails. Also that above message means that clamd is no longer listening to clamav-milter. In your case it might be a thread timeout. Which is a macro defined in defaults.h Short answer run clamav-milter with -d option which will effectively not scan email larger than 10megabytes, instead accepting it. It will also not scan any email and just accept for many other error conditions which can include all cases listed by grep "cl_error" clamav-milter/* man clamav-milter If you have sendmail, you may find (as I did) the common denominator staring at you in the face in the maillog. Check the size= and delay= sendmail log equates. Or if you find it reproducible, setup the alias to distribute the incoming email for the recipient into a file and disable clamav-milter or use -d and then examine the message at your leisure. Or packet capture it. Long answer, stuff that I found 1) clamav-milter does not respect the options in clamav.conf for StreamMaxLength. clamd is the program which does. It respects it by. 2) clamd does not scan anything if the stream is larger than StreamMaxLength - sizeof(buff). In my book thats a bug. It should read up to the max. It might be wiser to a) make clamav-milter respect MaxStreamLength and also make clamd actualy go up to StreamMaxLength b) scan whatever we got prior to exceeding StreamMaxLength, which is probaly easier to do once you do (a) than current behavior. I have been playing with making a patch to do this. Disclaimer: I am a clamav newbie, someone else probaly has a much better handle on this. Joe --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus DB Update
Colin A. Bartlett wrote: Vernon A. Fort Sent: Tuesday, March 30, 2004 11:11 AM I noticed that virusdb was updated, according to the clamav-virusdb list, to daily version 226 but my freshclam is still reporting that 225 is the latest. Am I missing something? FYI, my freshclam returns version 227. cheers, Colin Colin A. Bartlett Kinetic Web Solutions www.kineticweb.biz --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users Your right - it's at 227 now. I just happen to see the 226 post but all my server still reported 225. Normally once you see the post on the virusdb list, it been updated for a while. I'll have to be more patient :) Vernon --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Deferred=451 4.7.1 Please try again later - HELP
> > > > Joe Maimon wrote: > > > > > > > Joe Maimon wrote: > > > >> I have been having the same as well. > >> > >> I added some more verbosity into the syslog statement and got this > >> logged > >> > >> write failure to clamd, nbytes: -1, quarantine_dir: (null), error: > >> Bad file descriptor > >> > >> Any ideas? > >> > >> > > OK I think I know what the problem is. Large attachments. > > this got logged in my clamav syslog - I probaly turned on debugging or > > something > > > > ScanStream: Size exceeded (stopped at 10453272, max: 10485760 > > > > I also grabbed one of the continually tempfailed emails. 11M attachment. > > > > > Just found > > StreamMaxLength 10M > > config option > I have been getting this since upgrading to 0.70. It is driving me insane (and my clients too) I have checked streamlength, and all is as before (0.67). I get this only from some clients who smarthost off me. Using sendmail. >From the maillog: dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later Any ideas, anyone? (The latest tarball had issues during the make, so I could not get it installed) Thanks in advance, Jaap --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.639 / Virus Database: 408 - Release Date: 2004/03/22 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Update (daily: 224)
On Tue, 30 Mar 2004 09:44:02 -0500 (EST) jef moskot <[EMAIL PROTECTED]> wrote: > The update says: > > Signatures older than two weeks have been moved into main.cvd. This > > update also removes signatures for spam encrypted with JavaScript - > > we decided to leave the spam detection to our professional > > colleagues from anti-spam projects. > > Just to be clear, the spam that's not being blocked isn't harmful in > any way, correct? Right. > Is there a link or something with more info about this type of spam? The spam is encoded into an ASCII array, something like: earthling = new Array(252, 177,106,210,160,139,71,177,228,121,83, 214,192,83,175,57,204,4,139,251,125, 5,146,223,124,209,235,226,197,168,59,... and there's a simple decoder. I'm not familiar with anti-spam software but I was told it should catch this type of spam. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 30 21:28:27 CEST 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] rarlib question
On Tue, 30 Mar 2004 15:00:50 +0300 Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote: > On Tue, 30 Mar 2004 15:43:24 +0500 > Sergey <[EMAIL PROTECTED]> wrote: > > > And more: > > "Due to security reasons clamd only scans archives supported by > > libclamav and can't use external programs" > what about unrar from freebsd ports? could developers include some > code from unrarsrc-3.x.xm for rar v3 support? Unfortunately the license of unrar-3 conflicts with the GPL. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 30 21:27:43 CEST 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] [ANNOUNCEMENT] Postfix-Cyrus-Web-cyradm-HOWTO Version 1.2.5 available
Krištof Petr wrote: Luc de Louw wrote: [..] If you are writing some documentation, you _should_ read the another before. Your document says: > I suggest to update the signatures with a hourly cronjob. To edit the crontab issue *crontab -e* and add the following line: > 0 * * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log But Clamav documentation says: > The other method is to use the cron daemon. You have to add the following line to the > crontab of the root or clamav users: > N * * * * /usr/local/bin/freshclam --quiet > to check for a new database every hour. N should be a number between 1 and 59 > of your choice. Please don't choose any multiple of 10, because there are already > too many servers using those time slots. I'm sorry for that. I have some own method to write documentations (Just do it, and write it down). Somethimes this is not the best method. Anyway, I updated the HOWTO and corrected the issue and wrote about the "time-based loadbalancing". Further I made some other minor corrections. The document is now known as release 1.2.6 and available here: http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html freshmeat.net announcement pending... rgds Luc --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Virus DB Update
Vernon A. Fort Sent: Tuesday, March 30, 2004 11:11 AM > I noticed that virusdb was updated, according to the clamav-virusdb > list, to daily version 226 but my freshclam is still reporting that 225 > is the latest. Am I missing something? FYI, my freshclam returns version 227. cheers, Colin Colin A. Bartlett Kinetic Web Solutions www.kineticweb.biz --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus DB Update
Vernon A. Fort wrote: I noticed that virusdb was updated, according to the clamav-virusdb list, to daily version 226 but my freshclam is still reporting that 225 is the latest. Am I missing something? I seem to be having 227 already. ClamAV is v0.70-rc here. You're not using a proxy or something alike? -- Best regards, Kristof --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] database update-less sigs?
On Mar 30, 2004, at 9:51 AM, Antony Stone wrote: On Tuesday 30 March 2004 3:34 pm, Bart Silverstrim wrote: Was there a drop in the number of signatures in the database recently? After what seemed like a slow update, the number of viruses appears to be only near 20,600...I thought it was at 20,800 range before that update, but my memory may be playing tricks on me. I updated from two different computers and the numbers matched in the 20,600 range. Can others verify that I'm just being overly paranoid? :-) -- Forwarded Message -- Subject: [Clamav-virusdb] Update (main: 22) Date: Mon, 29 Mar 2004 23:57:25 +0200 From: Tomasz Kojm <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] ClamAV database updated (2004.03.29 21:55 GMT): main.cvd, viruses.db Version: 22 All signatures for Office 97 files have been removed (proper signatures that use the VBA macro decoder must be created). Thanks! --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] error on make in OS X/Jaguar clamav-0.70-rc
you'll need to do exactly what the error suggests: % ranlib /usr/lib/libbz2.a richard -- On Tuesday, March 30, 2004 10:18 AM -0500 Robert Kudyba <[EMAIL PROTECTED]> wrote: Any idea how to fix this? Happens on a make... ld: table of contents for archive: /usr/lib/libbz2.a is out of date; rerun ranlib(1) (can't load from it) make[2]: *** [clamscan] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] database update-less sigs?
On Tuesday 30 March 2004 5:27 pm, P.V.Anthony wrote: > Hi, > > I have noticed it on my machine. But I have read somewhere that they clean > the database and remove the duplicates. > Maybe thats why it is smaller now. Removing duplicates was done some time ago - several weeks IIRC. And, once they've been removed, there shouldn't be a need to do it a second time :) This reduction in database size was due to: - removing signatures for things which weren't viruses (spam) - removing signatures for viruses which will be detected a different way (VBS scripts) Regards, Antony. -- Your work is both good and original. Unfortunately the parts that are good aren't original, and the parts that are original aren't good. - Samuel Johnson Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] database update-less sigs?
Hi, I have noticed it on my machine. But I have read somewhere that they clean the database and remove the duplicates. Maybe thats why it is smaller now. P.V.Anthony - Original Message - From: "Bart Silverstrim" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 30, 2004 10:34 PM Subject: [Clamav-users] database update-less sigs? > Was there a drop in the number of signatures in the database recently? > After what seemed like a slow update, the number of viruses appears to > be only near 20,600...I thought it was at 20,800 range before that > update, but my memory may be playing tricks on me. I updated from two > different computers and the numbers matched in the 20,600 range. Can > others verify that I'm just being overly paranoid? :-) > > Below is the output from my freshclam cron job. > > > ClamAV update process started at Tue Mar 30 08:12:00 2004 > Reading CVD header (main.cvd): OK > main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: > tkojm) > Reading CVD header (daily.cvd): OK > Downloading daily.cvd [|] > Downloading daily.cvd [/] > Downloading daily.cvd [-] > Downloading daily.cvd [\] > Downloading daily.cvd [|] > Downloading daily.cvd [/] > Downloading daily.cvd [-] > Downloading daily.cvd [\] > Downloading daily.cvd [|] > Downloading daily.cvd [/] > Downloading daily.cvd [-] > Downloading daily.cvd [\] > Downloading daily.cvd [|] > Downloading daily.cvd [/] > Downloading daily.cvd [-] > Downloading daily.cvd [\] > Downloading daily.cvd [|] > Downloading daily.cvd [/] > Downloading daily.cvd [-] > Downloading daily.cvd [\] > Downloading daily.cvd [|] > Downloading daily.cvd [/] > Downloading daily.cvd [-] > Downloading daily.cvd [\] > Downloading daily.cvd [|] > Downloading daily.cvd [/] > Downloading daily.cvd [-] > Downloading daily.cvd [\] > Downloading daily.cvd [*] > daily.cvd updated (version: 225, sigs: 414, f-level: 1, builder: acab) > Database updated (20643 signatures) from database.clamav.net > (24.73.112.74). > Clamd successfully notified about the update. > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Virus DB Update
I noticed that virusdb was updated, according to the clamav-virusdb list, to daily version 226 but my freshclam is still reporting that 225 is the latest. Am I missing something? Vernon --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] error on make in OS X/Jaguar clamav-0.70-rc
Any idea how to fix this? Happens on a make... ld: table of contents for archive: /usr/lib/libbz2.a is out of date; rerun ranlib(1) (can't load from it) make[2]: *** [clamscan] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] database update-less sigs?
On Tuesday 30 March 2004 3:34 pm, Bart Silverstrim wrote: > Was there a drop in the number of signatures in the database recently? > After what seemed like a slow update, the number of viruses appears to > be only near 20,600...I thought it was at 20,800 range before that > update, but my memory may be playing tricks on me. I updated from two > different computers and the numbers matched in the 20,600 range. Can > others verify that I'm just being overly paranoid? :-) -- Forwarded Message -- Subject: [Clamav-virusdb] Update (main: 22) Date: Mon, 29 Mar 2004 23:57:25 +0200 From: Tomasz Kojm <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] ClamAV database updated (2004.03.29 21:55 GMT): main.cvd, viruses.db Version: 22 All signatures for Office 97 files have been removed (proper signatures that use the VBA macro decoder must be created). -- Regards, Antony. -- In Heaven, the police are British, the chefs are Italian, the beer is Belgian, the mechanics are German, the lovers are French, the entertainment is American, and everything is organised by the Swiss. In Hell, the police are German, the chefs are British, the beer is American, the mechanics are French, the lovers are Swiss, the entertainment is Belgian, and everything is organised by the Italians. Please reply to the list; please don't CC me. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Update (daily: 224)
The update says: > Signatures older than two weeks have been moved into main.cvd. This > update also removes signatures for spam encrypted with JavaScript - we > decided to leave the spam detection to our professional colleagues from > anti-spam projects. Just to be clear, the spam that's not being blocked isn't harmful in any way, correct? Is there a link or something with more info about this type of spam? Jeffrey Moskot System Administrator [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] database update-less sigs?
Was there a drop in the number of signatures in the database recently? After what seemed like a slow update, the number of viruses appears to be only near 20,600...I thought it was at 20,800 range before that update, but my memory may be playing tricks on me. I updated from two different computers and the numbers matched in the 20,600 range. Can others verify that I'm just being overly paranoid? :-) Below is the output from my freshclam cron job. ClamAV update process started at Tue Mar 30 08:12:00 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [|] Downloading daily.cvd [/] Downloading daily.cvd [-] Downloading daily.cvd [\] Downloading daily.cvd [|] Downloading daily.cvd [/] Downloading daily.cvd [-] Downloading daily.cvd [\] Downloading daily.cvd [|] Downloading daily.cvd [/] Downloading daily.cvd [-] Downloading daily.cvd [\] Downloading daily.cvd [|] Downloading daily.cvd [/] Downloading daily.cvd [-] Downloading daily.cvd [\] Downloading daily.cvd [|] Downloading daily.cvd [/] Downloading daily.cvd [-] Downloading daily.cvd [\] Downloading daily.cvd [|] Downloading daily.cvd [/] Downloading daily.cvd [-] Downloading daily.cvd [\] Downloading daily.cvd [|] Downloading daily.cvd [/] Downloading daily.cvd [-] Downloading daily.cvd [\] Downloading daily.cvd [*] daily.cvd updated (version: 225, sigs: 414, f-level: 1, builder: acab) Database updated (20643 signatures) from database.clamav.net (24.73.112.74). Clamd successfully notified about the update. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] email structure logging
On Thu, Mar 25, 2004 at 05:05:42PM -0500, Jesse Guardiani wrote: > Howdy list, > > Is there any way to make clamd log the structure of > a message and it's attachments? BinHex, MIME, plain-text, > ZIP, RAR, BZIP, GZIP, OLE2, etc...? > > This information would be great for statistics, but I > could imagine it being useful during troubleshooting > or tech support also. If you want that kind of detail, have a look at Exim 4 with the latest version of the Exiscan patch. The latest Exiscan patch adds a MIME acl that is triggered once for each MIME component. Easy enough to log the information you want with that. -- Bruce --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] rarlib question
On Tue, 30 Mar 2004 15:43:24 +0500 Sergey <[EMAIL PROTECTED]> wrote: > And more: > "Due to security reasons clamd only scans archives supported by libclamav > and can't use external programs" what about unrar from freebsd ports? could developers include some code from unrarsrc-3.x.xm for rar v3 support? -- Korchmenuk Nickolay 30 Mar 2004 14:58:39 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] rarlib question
On Tuesday 30 March 2004 14:24, Fajar A. Nugraha wrote: > Because it's in WinRAR 3 format > Read the file README on your test directory (under clamav source dir) or > http://clamav.or.id/snapshot/docs/html/node21.html > > "Unrarlib supports RAR 2.0 archives only and according to Christian the > new format (introduced in WinRAR 3.0) will never be supported (however > clamscan can scan WinRAR 3.0 archives, see below)" And more: "Due to security reasons clamd only scans archives supported by libclamav and can't use external programs" Hm. I understand this security reasons, but ignoring of external programs absolutely is not good, I think. Some viruses may use unsupported compression type... Security may be increased by another paths, for examle running in chroot environment... -- Regards, Sergey --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] rarlib question
Korchmenuk Nickolay wrote: 2) clamscan with --unrar # clamscan --database=/var/clamav/db --unrar=/usr/local/bin/unrar rarf /usr/home/user/rarfail.rar: RAR module failure. UNRAR 3.30 freeware Copyright (c) 1993-2004 Eugene Roshal Extracting from /usr/home/user/rarfail.rar Extracting test1 OK All OK /var/tmp//717eeede073c5dba/test1: ClamAV-Test-Signature FOUND /usr/home/test/rarfail.rar: Infected Archive FOUND [snip] Why clamscad doesn't detect ClamAV-Test-Signature? Because it's in WinRAR 3 format Read the file README on your test directory (under clamav source dir) or http://clamav.or.id/snapshot/docs/html/node21.html "Unrarlib supports RAR 2.0 archives only and according to Christian the new format (introduced in WinRAR 3.0) will never be supported (however clamscan can scan WinRAR 3.0 archives, see below)" Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav & harddisk
Thanks for the helps I have received on this mailinglist. Dexter Ang wrote: On Tue, 2004-03-30 at 03:36, Antony Stone wrote: On Monday 29 March 2004 8:25 pm, Erik Jakobsen wrote: Hi. For my MailScanner I use Clamav, that works execellent. Is it also possible to have Clamav to scan one's harddisk for viruses ? Try (as root, so you have permission to read everything): clamscan -i / parent might want to add "-r" to recursively scan through all directories as well. Perhaps run from a cron job? possibly add the option "--quiet" and put all results in a log file "-l /var/log/clamscan.log", just to make it a little nicer. dex --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- / / _ ---/ / (_)__ __ __ Med venlig hilsen - Best regards --/ /__/ / _ \/ // /\ \/ / Erik Jakobsen - [EMAIL PROTECTED] -//_/_//_/\_,_/ /_/\_\ SuSE 9.0 - HAMCall OZ4KK --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] rarlib question
Hi Look at this: 1) clamscan without --unrar #clamscan --database=/var/clamav/db rarfail.rar rarfail.rar: RAR module failure. rarfail.rar: OK 2) clamscan with --unrar # clamscan --database=/var/clamav/db --unrar=/usr/local/bin/unrar rarf /usr/home/user/rarfail.rar: RAR module failure. UNRAR 3.30 freeware Copyright (c) 1993-2004 Eugene Roshal Extracting from /usr/home/user/rarfail.rar Extracting test1 OK All OK /var/tmp//717eeede073c5dba/test1: ClamAV-Test-Signature FOUND /usr/home/test/rarfail.rar: Infected Archive FOUND 3) clamdscan (ScanRAR option in clamav.conf is turned on) clamdscan rarfail.rar /usr/home/nyckadm/rarfail.rar: RAR module failure. ERROR Why clamscad doesn't detect ClamAV-Test-Signature? p.s.bash-2.05b# clamscan -V clamscan / ClamAV version devel-20040326 bash-2.05b# clamdscan -V clamdscan / ClamAV version devel-20040326 -- Korchmenuk Nickolay 30 Mar 2004 11:16:29 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users