date:20040330

Re: [Clamav-users] Dumb Q about clamd & freshclam

2004-03-30 Thread Fajar A. Nugraha

Odhiambo Washington wrote:

Yes, but it will be slower. Depends on SelfCheck interval (at least this 
is true for older versions).
Strangely enough, NotifyClamd is NOT on the default clamav.conf on 
latest CVS snapshot (not even "present but commented out" like LogTime).
I guess it's on by default now.
   



NotifyClamd is part of freshclam.conf

 

Aaah , my bad :)
Still, every  SelfCheck seconds clamd checks the db files.
If it has changed, clamd reloads it.
Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] error building Mail::ClamAV perl module

2004-03-30 Thread Fajar A. Nugraha

Eperez wrote:

here is the output of the compiling process
ideas?
 

[snip]

Starting "perl Makefile.PL" Stage
Note (probably harmless): No library found for -lclamav
 

error #1 : you must have clamav installed first

ClamAV.xs:11:20: clamav.h: No such file or directory
make[1]: *** [ClamAV.o] Error 1
 

error #2 : don't know about this one.

I install clamav from latest CVS source, then
perl -MCPAN -e shell
install Inline::MakeMaker
install Mail::ClamAV
Done.

Using perl 5.8.3 on Fedora Core2 test2

Regards,

Fajar
--
Don't use GIF. Use PNG instead
http://www.gnu.org/philosophy/gif.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Dumb Q about clamd & freshclam

2004-03-30 Thread Odhiambo Washington

* Fajar A. Nugraha <[EMAIL PROTECTED]> [20040331 08:36]: wrote:
> Odhiambo Washington wrote:
> 
> >* russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote:
> > 
> >
> >>On Tue, 2004-03-30 at 20:28, Tim B wrote:
> >>
> >>   
> >>
> >>>When using clamd, and freshclam, and new virus list comes out, do I have 
> >>>to restart or reload clamd to recognize the new definitions or does it 
> >>>do it automatically?
> >>> 
> >>>
> >>It does it automatically.
> >>   
> >>
> >
> >Even when NotifyClamd is not enabled in freshclam.conf?
> >
> > 
> >
> Yes, but it will be slower. Depends on SelfCheck interval (at least this 
> is true for older versions).
> Strangely enough, NotifyClamd is NOT on the default clamav.conf on 
> latest CVS snapshot (not even "present but commented out" like LogTime).
> I guess it's on by default now.


NotifyClamd is part of freshclam.conf


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] error building Mail::ClamAV perl module

2004-03-30 Thread Eperez

here is the output of the compiling process
ideas?

**BEGIN COMPILATION
[EMAIL PROTECTED] mailscanner]# perl -MCPAN -e shell

cpan shell -- CPAN exploration and modules installation (v1.59_54)
ReadLine support available (try 'install Bundle::CPAN')

cpan> install Mail::ClamAV
CPAN: Storable loaded ok
Going to read /root/.cpan/Metadata
Database was generated on Tue, 30 Mar 2004 19:51:00 GMT
Running install for module Mail::ClamAV
Running make for S/SA/SABECK/Mail-ClamAV-0.06.tar.gz

CPAN: MD5 security checks disabled because MD5 not installed.
Please consider installing the MD5 module.

Scanning cache /root/.cpan/build for sizes
CPAN: Compress::Zlib loaded ok
Mail-ClamAV-0.06/
Mail-ClamAV-0.06/t/
Mail-ClamAV-0.06/t/virus.eml
Mail-ClamAV-0.06/t/Mail-ClamAV.t
Mail-ClamAV-0.06/README
Mail-ClamAV-0.06/ClamAV.pm
Mail-ClamAV-0.06/config.pl
Mail-ClamAV-0.06/Changes
Mail-ClamAV-0.06/Makefile.PL
Mail-ClamAV-0.06/ppport.h
Mail-ClamAV-0.06/META.yml
Mail-ClamAV-0.06/INSTALL
Mail-ClamAV-0.06/MANIFEST
Removing previously used /root/.cpan/build/Mail-ClamAV-0.06

CPAN.pm: Going to build S/SA/SABECK/Mail-ClamAV-0.06.tar.gz

Checking if your kit is complete...
Looks good
Note (probably harmless): No library found for -lclamav
Writing Makefile for Mail::ClamAV
cp ClamAV.pm blib/lib/Mail/ClamAV.pm
/usr/bin/perl -Mblib -MInline=NOISY,_INSTALL_ -MMail::ClamAV -e1 0.06
blib/arch
Using /root/.cpan/build/Mail-ClamAV-0.06/blib
Starting Build Prepocess Stage
Finished Build Prepocess Stage

Starting Build Parse Stage
Finished Build Parse Stage

Starting Build Glue 1 Stage
Finished Build Glue 1 Stage

Starting Build Glue 2 Stage
Finished Build Glue 2 Stage

Starting Build Glue 3 Stage
Finished Build Glue 3 Stage

Starting Build Compile Stage
Starting "perl Makefile.PL" Stage
Note (probably harmless): No library found for -lclamav
Writing Makefile for Mail::ClamAV
Finished "perl Makefile.PL" Stage

Starting "make" Stage
make[1]: Entering directory
`/root/.cpan/build/Mail-ClamAV-0.06/_Inline/build/Mail/ClamAV'
/usr/bin/perl /usr/lib/perl5/5.6.1/ExtUtils/xsubpp  -typemap
/usr/lib/perl5/5.6.1/ExtUtils/typemap   ClamAV.xs > ClamAV.xsc && mv
ClamAV.xsc ClamAV.c
gcc -c  -I/root/.cpan/build/Mail-ClamAV-0.06 -I/usr/include
-fno-strict-aliasing -I/usr/local/include -g   -DVERSION=\"0.06\"
-DXS_VERSION=\"0.06\" -fPIC "-I/usr/lib/perl5/5.6.1/i386-linux/CORE"  
ClamAV.c
ClamAV.xs:11:20: clamav.h: No such file or directory
make[1]: *** [ClamAV.o] Error 1
make[1]: Leaving directory
`/root/.cpan/build/Mail-ClamAV-0.06/_Inline/build/Mail/ClamAV'

A problem was encountered while attempting to compile and install your
Inline
C code. The command that failed was:
make

The build directory was:
/root/.cpan/build/Mail-ClamAV-0.06/_Inline/build/Mail/ClamAV

To debug the problem, cd to the build directory, and inspect the output
files.

at /root/.cpan/build/Mail-ClamAV-0.06/blib/lib/Mail/ClamAV.pm line 147
BEGIN failed--compilation aborted at
/root/.cpan/build/Mail-ClamAV-0.06/blib/lib/Mail/ClamAV.pm line 420.
Compilation failed in require.
BEGIN failed--compilation aborted.
make: *** [ClamAV.inl] Error 2
/usr/bin/make  -- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible

cpan>
**END COMPILATION

 Mensaje Original 
De: [EMAIL PROTECTED]
Para: [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Asunto: Re: [Clamav-users] error building Mail::ClamAV perl module
Fecha: 31/03/04 12:27 AM

>
> Eperez wrote:
>
> >whre can i find the libclam library
> >
> By installing clamav :)
> I assume you meant libclamav ?
>
> Try rpm packages or http://www.clamav.or.id
>
> Regards,
>
> Fajar
> --
> Please avoid sending me Microsoft Office attachments.
> See http://www.newsforge.com/software/04/03/27/0134204.shtml
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
>
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>
>
>
>
>
>
>
> --
> Este mensaje ha sido analizado por MailScanner
> en busca de virus y otros contenidos peligrosos,
> y se considera que está limpio.
> MailScanner provisto por http://www.bansoft.net
>
>
>
> 

___
Enviado a traves
de Vision Panama (www.visionpanama.com)









-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
MailScanner provisto por http://www.bansoft.net



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel

Re: [Clamav-users] error building Mail::ClamAV perl module

2004-03-30 Thread Fajar A. Nugraha

Eperez wrote:

whre can i find the libclam library 

By installing clamav :)
I assume you meant libclamav ?
Try rpm packages or http://www.clamav.or.id

Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Dumb Q about clamd & freshclam

2004-03-30 Thread Fajar A. Nugraha

Odhiambo Washington wrote:

* russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote:
 

On Tue, 2004-03-30 at 20:28, Tim B wrote:

   

When using clamd, and freshclam, and new virus list comes out, do I have 
to restart or reload clamd to recognize the new definitions or does it 
do it automatically?
 

It does it automatically.
   

Even when NotifyClamd is not enabled in freshclam.conf?

 

Yes, but it will be slower. Depends on SelfCheck interval (at least this 
is true for older versions).
Strangely enough, NotifyClamd is NOT on the default clamav.conf on 
latest CVS snapshot
(not even "present but commented out" like LogTime). I guess it's on by 
default now.

Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Dumb Q about clamd & freshclam

2004-03-30 Thread Odhiambo Washington

* russ <[EMAIL PROTECTED]> [20040331 06:57]: wrote:
> On Tue, 2004-03-30 at 20:28, Tim B wrote:
> 
> > When using clamd, and freshclam, and new virus list comes out, do I have 
> > to restart or reload clamd to recognize the new definitions or does it 
> > do it automatically?
> 
> It does it automatically.

Even when NotifyClamd is not enabled in freshclam.conf?


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] error building Mail::ClamAV perl module

2004-03-30 Thread Eperez

whre can i find the libclam library so i can succesfully biul mail::clamav

thanks,
erick.

___
Enviado a
traves de Vision Panama (www.visionpanama.com)









-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
MailScanner provisto por http://www.bansoft.net



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Dumb Q about clamd & freshclam

2004-03-30 Thread Tim B

russ wrote:
On Tue, 2004-03-30 at 20:28, Tim B wrote:


When using clamd, and freshclam, and new virus list comes out, do I have 
to restart or reload clamd to recognize the new definitions or does it 
do it automatically?


It does it automatically.

Thanks!



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1

2004-03-30 Thread Fajar A. Nugraha

Miles Davis wrote:

On Thu, Mar 25, 2004 at 06:11:05PM -0800, Todd Lyons wrote:

On Thu, 2004-03-25 at 08:36, Claudio Alonso wrote:

Hi,
Yesterday I installed clamav-0.70rc-1 from rpm on my RedHat 9.0 (kernel 2.4.20-30.9) and started
clamd just to test it's current stability
The computer was on all night and today I found the following in the rotated logs:
Thu Mar 25 04:02:33 2004 -> No stats for Database check - forcing reload
Thu Mar 25 04:02:35 2004 -> Reading databases from /var/lib/clamav
Thu Mar 25 04:02:36 2004 -> Segmentation fault :-( Bye..
I've been looking in the archives and found some segmentation problems with this version but I'm
not using milter and my logs don't refer to any "accept() failed" nor "pthread_create failed" (nor
in this log nor in the previous before rotate, which only shows "SIGHUP caught: re-opening log
file." before rotate.

You probably saw some of my issues. I'm using RH 9.0 as well and have
problems with spamd SegFaulting. I personally think it's pthread
related, but have zero data to back it up. On my system, clamd handles
20K or 30K messages in about 12 hours and then dies. I upgraded to 0.70
cvs on Tuesday. clamd stopped segfaulting, but would lock up and
clamav-milter would then die. I've had to disable it until I figure out
what to do to make it stable.
I'd love to figure out what's causing this.

Blue skies... Todd

My case is perhaps unrelated, but I thought I share it anyway.
I've been developing a virutual server system using UML. It wroked great
with kernel 2.4, then I started
experimenting kernel 2.6 for UML.

First case : bind tools failed (host, named, nslookup, etc.)
IT was apparently pthread problem. It works fine without --enable pthread.
Next case, clamav. clamscan is OK, but clamd and clamav-milter keep
segfault-ing.
I didn't find any pthread-related error on the logs, but AFAIK those are
the two clamav programs that uses pthread.

This time, however, instead of using --disable-pthreads, I decided to
use static linux builds
from http://clamav.or.id. It works flawlessly.

Bottom line, as a work-around try disabling pthreads or use static build.

Regards,

Fajar

--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] tons of Worm.SomeFool

2004-03-30 Thread Eperez

I have tons of email attachments being detected as Worm.Somefool.
what is this?

Thanks,
erick.
___
Enviado a traves de
Vision Panama (www.visionpanama.com)









-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
MailScanner provisto por http://www.bansoft.net



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Dumb Q about clamd & freshclam

2004-03-30 Thread russ

On Tue, 2004-03-30 at 20:28, Tim B wrote:

> When using clamd, and freshclam, and new virus list comes out, do I have 
> to restart or reload clamd to recognize the new definitions or does it 
> do it automatically?

It does it automatically.

-- 
Russel Oliver
[EMAIL PROTECTED]
http://www.techsane.com



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ThreadTimeout option gone [2]?

2004-03-30 Thread Fajar A. Nugraha

Another update :
-   seems it only happens non-Linux (OSF, Solaris, AIX) build
-	Freshclam also behaves incorectly (See change from "signal 14, wake 
up" to "signal 14, terminating"). No change on freshclam.conf (Checks 12).
All runing the latest snapshot for that day.
--
Received signal 14, wake up
ClamAV update process started at Mon Mar 29 03:15:13 2004
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 219, sigs: 651, f-level: 1, builder: 
ccordes)

--
--
ClamAV update process started at Mon Mar 29 05:15:04 2004
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 219, sigs: 651, f-level: 1, builder: 
ccordes)
--
freshclam daemon started (pid=10346)
ClamAV update process started at Mon Mar 29 05:15:16 2004
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 219, sigs: 651, f-level: 1, builder: 
ccordes)

--
Received signal 14, terminating
--
ClamAV update process started at Tue Mar 30 05:15:02 2004
main.cvd updated (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
daily.cvd updated (version: 224, sigs: 411, f-level: 1, builder: tkojm)
Database updated (20640 signatures) from clamav.antispam.or.id 
(202.134.0.71).
Clamd successfully notified about the update.
--
freshclam daemon started (pid=11749)
ClamAV update process started at Tue Mar 30 05:15:14 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 224, sigs: 411, f-level: 1, builder: 
tkojm)

--
Received signal 14, terminating
--
ClamAV update process started at Wed Mar 31 05:15:03 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 227, sigs: 428, f-level: 1, builder: 
diego)
--
freshclam daemon started (pid=19654)
ClamAV update process started at Wed Mar 31 05:15:18 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 227, sigs: 428, f-level: 1, builder: 
diego)

--
Received signal 14, terminating
--
freshclam daemon started (pid=12576)
ClamAV update process started at Wed Mar 31 10:01:54 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
daily.cvd updated (version: 228, sigs: 441, f-level: 1, builder: ccordes)
Database updated (20670 signatures) from clamav.antispam.or.id 
(202.134.0.71).
Clamd successfully notified about the update.

--

Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segmentation fault in clamav-0.70rc-1

2004-03-30 Thread Miles Davis

On Thu, Mar 25, 2004 at 06:11:05PM -0800, Todd Lyons wrote:
> On Thu, 2004-03-25 at 08:36, Claudio Alonso wrote:
> > Hi,
> > Yesterday I installed clamav-0.70rc-1 from rpm on my RedHat 9.0 (kernel 
> > 2.4.20-30.9) and started
> > clamd just to test it's current stability
> > The computer was on all night and today I found the following in the rotated logs:
> > Thu Mar 25 04:02:33 2004 -> No stats for Database check - forcing reload
> > Thu Mar 25 04:02:35 2004 -> Reading databases from /var/lib/clamav
> > Thu Mar 25 04:02:36 2004 -> Segmentation fault :-( Bye..
> > I've been looking in the archives and found some segmentation problems with this 
> > version but I'm
> > not using milter and my logs don't refer to any "accept() failed" nor 
> > "pthread_create failed" (nor
> > in this log nor in the previous before rotate, which only shows "SIGHUP caught: 
> > re-opening log
> > file." before rotate.
> 
> You probably saw some of my issues.  I'm using RH 9.0 as well and have
> problems with spamd SegFaulting.  I personally think it's pthread
> related, but have zero data to back it up.  On my system, clamd handles
> 20K or 30K messages in about 12 hours and then dies.  I upgraded to 0.70
> cvs on Tuesday.  clamd stopped segfaulting, but would lock up and
> clamav-milter would then die.  I've had to disable it until I figure out
> what to do to make it stable.
> 
> I'd love to figure out what's causing this.
> 
> Blue skies... Todd
> 

Hi Todd,

Have you ever made any progress with your problem? I'm pretty sure I'm
hitting the same thing; 0.70rc, RH 9, though I'm using exim with the
exiscan patch instead of sendmail. Clamd will run for anywhere from 1
minute to an hour and segfault.

I tried setting the LD_ASSUME_KERNEL env var as I saw in one of your
previous posts, but now clamd seems to lock up after a while instead of
segfaulting -- not sure if you were still using LD_ASSUME_KERNEL when you
described the same thing above.

Attached is debug output from two different runs when clamd segfaulted.

-- 
// Miles Davis - [EMAIL PROTECTED] - http://www.cs.stanford.edu/~miles
// Computer Science Department - Computer Facilities
// Stanford University
LibClamAV debug: Scanning /var/spool/exim/scan/1B8TC0-0004fo-DJ/1B8TC0-0004fo-DJ.eml
LibClamAV debug: Recognized Raw mail file
LibClamAV debug: Starting cli_scanmail()
LibClamAV debug: in mbox()
LibClamAV debug: Deal with header Received: from smtp2.stanford.edu ([171.67.16.116])
LibClamAV debug: parseEmailHeader 'Received: from smtp2.stanford.edu ([171.67.16.116])'
LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from smtp2.stanford.edu
([171.67.16.116])'
LibClamAV debug: Discarding unwanted argument 'by cs1.Stanford.EDU with esmtp (Exim 
4.30)'
LibClamAV debug: Discarding unwanted argument 'id 1B8TC0-0004fo-DJ'
LibClamAV debug: Discarding unwanted argument 'Tue, 30 Mar 2004 16'
LibClamAV debug: Discarding unwanted argument '02'
LibClamAV debug: Discarding unwanted argument '52 -0800'
LibClamAV debug: Deal with header Received: from bases.Stanford.EDU 
(bases.Stanford.EDU [171.64.94.131])
LibClamAV debug: parseEmailHeader 'Received: from bases.Stanford.EDU 
(bases.Stanford.EDU [171.64.94.131])'
LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from bases.Stanford.EDU
(bases.Stanford.EDU [171.64.94.131])'
LibClamAV debug: Discarding unwanted argument 'by smtp2.Stanford.EDU (8.12.11/8.12.11) 
with ESMTP id i2U3mwEE002022'
LibClamAV debug: Discarding unwanted argument 'Mon, 29 Mar 2004 19:48:58 -0800'
LibClamAV debug: Deal with header Received: from smtp3.Stanford.EDU 
(smtp3.Stanford.EDU [171.67.16.117])
LibClamAV debug: parseEmailHeader 'Received: from smtp3.Stanford.EDU 
(smtp3.Stanford.EDU [171.67.16.117])'
LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from smtp3.Stanford.EDU
(smtp3.Stanford.EDU [171.67.16.117])'
LibClamAV debug: Discarding unwanted argument 'by bases.Stanford.EDU (8.11.6/8.11.6) 
with ESMTP id i2U3mcD20284'
LibClamAV debug: Discarding unwanted argument 'Mon, 29 Mar 2004 19:48:39 -0800'
LibClamAV debug: Deal with header Received: from bases-lists.stanford.edu 
(bases-lists.Stanford.EDU [171.64.94.132])
LibClamAV debug: parseEmailHeader 'Received: from bases-lists.stanford.edu 
(bases-lists.Stanford.EDU [171.64.94.132])'
LibClamAV debug: parseMimeHeader: cmd='Received', arg=' from bases-lists.stanford.edu 
(bases-lists.Stanford.EDU [171.64.94.132])'
LibClamAV debug: Discarding unwanted argument 'by smtp3.Stanford.EDU (8.12.11/8.12.11) 
with ESMTP id i2U3mkbm011979'
LibClamAV debug: Discarding unwanted argument 'Mon, 29 Mar 2004 19:48:46 -0800'
LibClamAV debug: Deal with header Received: from bases-lists.stanford.edu 
(localhost.localdomain [127.0.0.1])
LibClamAV debug: parseEmailHeader 'Received: from bases-lists.stanford.edu 
(localhost.localdomain [12

[Clamav-users] ThreadTimeout option gone?

2004-03-30 Thread Fajar A. Nugraha

bash-2.03# /usr/local/sbin/clamd
ERROR: Parse error at line 71: Unknown option ThreadTimeout.
ERROR: Can't open/parse the config file /usr/local/etc/clamav.conf
bash-2.03# clamd -V
clamd / ClamAV version devel-20040331
Am I missing something?
It works fine on previous builds.
Looking at ChangeLog :

Tue Mar 30 08:40:10 BST 2004 (trog)
---
 * clamav.conf, shared/cfgparser.c: recognise ReadTimeout option
Perhaps the changes on ReadTimeout somehow disables ThreadTimeout?

Regards,

Fajar
--
Don't use GIF. Use PNG instead
http://www.gnu.org/philosophy/gif.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav-devel -- clamav-milter -- build errors on Linux

2004-03-30 Thread Fajar A. Nugraha

Hi,

FYI, in the past two days clamav-devel has failed to build on Fedora if 
you enable milter.

gcc -DHAVE_CONFIG_H -DSENDMAIL_BIN=\"/usr/sbin/sendmail\" -I. -I. -I.. 
-I../clamd -I../libclamav -I../shared -I../clamscan-g -O2 -c `test 
-f 'clamav-milter.c' || echo './'`clamav-milter.c
clamav-milter.c:496:21: cfgfile.h: No such file or directory
clamav-milter.c: In function `main':
clamav-milter.c:977: warning: assignment makes pointer from integer 
without a cast

[EMAIL PROTECTED] clamav]# rpm -qa | grep -i sendmail
sendmail-cf-8.12.11-4
sendmail-8.12.11-4
sendmail-devel-8.12.11-4
last succesful build with milter :
clamd / ClamAV version devel-20040329
Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Dumb Q about clamd & freshclam

2004-03-30 Thread Tim B

I can't seem to find a definate yes or no anywhere, so I figured I'd ask 
here.

When using clamd, and freshclam, and new virus list comes out, do I have 
to restart or reload clamd to recognize the new definitions or does it 
do it automatically?



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: rarlib question

2004-03-30 Thread Jesse Guardiani

Tomasz Kojm wrote:

> On Tue, 30 Mar 2004 15:00:50 +0300
> Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote:
> 
>> On Tue, 30 Mar 2004 15:43:24 +0500
>> Sergey <[EMAIL PROTECTED]> wrote:
>> 
>> > And more:
>> > "Due to security reasons clamd only scans archives supported by
>> > libclamav and can't use external programs"
>> what about unrar from freebsd ports? could developers include some
>> code from unrarsrc-3.x.xm for rar v3 support?
> 
> Unfortunately the license of unrar-3 conflicts with the GPL.

I still don't understand what the big deal is with calling external
unpacking programs. Security risk? How? qmail-scanner does it. And
you don't have to enable it by default. And all of these silly rar
memory leak and licensing issues would evaporate.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Freshclam daemon dying

2004-03-30 Thread Rick Macdougall

Hi,

Bill Maidment wrote:

I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get 
this response

ClamAV update process started at Tue Mar 30 08:46:36 2004
SelfCheck: Database status OK.
ERROR: Maximal time (1200 seconds) reached.
Then the freshclam daemon died.

Anyone else come acroos this sort of behaviour?
Not that specific entry in the logs but freshclam does die on me about 
once every week or two.  Happens on 5 or 6 different boxes too, some 
running Slackware 9.1, some running FreeBSD 4.8, some running older 
version of Slackware.

I've gone to running freshclam from cron instead of a daemon myself now.

Regards,

Rick



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Deferred=451 4.7.1 Please try again later - HELP

2004-03-30 Thread Joe Maimon



Joe Maimon wrote:





From the maillog:
dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later

Any ideas, anyone?
(The latest tarball had issues during the make, so I could not get it
installed)
 

In my case this is directly due to large emails. Also that above 
message means that clamd is no longer listening to clamav-milter.



Long answer, stuff that I found

1) clamav-milter does not respect the options in clamav.conf for 
StreamMaxLength. clamd is the program which does. It respects it by.
2) clamd does not scan anything if the stream is larger than 
StreamMaxLength - sizeof(buff). In my book thats a bug. It should read 
up to the max.

It might be wiser to

a) make clamav-milter respect MaxStreamLength and also make clamd 
actualy go up to StreamMaxLength
b) scan whatever we got prior to exceeding StreamMaxLength, which is 
probaly easier to do once you do (a) than current behavior.

I have been playing with making a patch to do this.

Disclaimer: I am a clamav newbie, someone else probaly has a much 
better handle on this.

Joe


Anyone care to try these? fresh from the oven. barely tested.

Joe
--- clamav-0.70-rc/clamav-milter/clamav-milter.cMon Mar 15 15:03:13 2004
+++ clamav-0.70-rc-jm/clamav-milter/clamav-milter.c Tue Mar 30 18:29:39 2004
@@ -566,6 +566,7 @@
char*filename;  /* Where to store the message in quarantine */
u_char  *body;  /* body of the message if Sflag is set */
size_t  bodyLen;/* number of bytes in body */
+   size_t  nWritten;   /* number of bytes we have written */
header_list_t headers;  /* Message headers */
 };
 
@@ -1914,17 +1915,14 @@
 clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len)
 {
struct privdata *privdata = (struct privdata *)smfi_getpriv(ctx);
+   struct cfgstruct *cpt = NULL;   
+   size_t sendlen = 0;
 
if(logVerbose)
syslog(LOG_DEBUG, "clamfi_envbody: %u bytes", len);
 #ifdef CL_DEBUG
printf("clamfi_envbody: %u bytes\n", len);
 #endif
-
-   if(clamfi_send(privdata, len, (char *)bodyp) < 0) {
-   clamfi_cleanup(ctx);
-   return cl_error;
-   }
if(Sflag) {
if(privdata->body) {
assert(privdata->bodyLen > 0);
@@ -1938,6 +1936,41 @@
privdata->bodyLen = len;
}
}
+
+   if((!quarantine_dir) 
+   && (cpt = cfgopt(copt, "StreamMaxLength")) 
+   && cpt->numarg < (len + privdata->nWritten)
+  ){
+   sendlen = (cpt->numarg - privdata->nWritten);
+   if(use_syslog && privdata->nWritten != cpt->numarg){
+   char buf[1024]; 
+   strncpy(buf,privdata->from,sizeof(buf));
+   syslog(LOG_INFO,"Stream from %s size exceeded max of %u , 
already wrote %u, will write %u more instead of len %u",
+   buf,
+   cpt->numarg,
+   privdata->nWritten,
+   sendlen,
+   len); 
+   }
+   }
+   else {
+   sendlen = len;
+   }
+
+   if(!sendlen)
+   return SMFIS_CONTINUE;
+
+
+   if(sendlen && (clamfi_send(privdata, sendlen, (char *)bodyp) < 0)) {
+   clamfi_cleanup(ctx);
+   return cl_error;
+   }else
+   {
+   if(sendlen)
+   privdata->nWritten += sendlen;
+   }   
+
+
return SMFIS_CONTINUE;
 }
 
@@ -2389,6 +2422,7 @@
printf("clamfi_send: len=%u bufsiz=%u\n", len, sizeof(output));
 #endif
 
+   errno = 0;
while(len > 0) {
const int nbytes = (quarantine_dir) ?
write(privdata->dataSocket, ptr, len) :
@@ -2400,7 +2434,8 @@
perror("send");
checkClamd();
if(use_syslog)
-   syslog(LOG_ERR, "write failure to clamd");
+   syslog(LOG_ERR, "write failure to clamd, nbytes: %d, 
quarantine_dir: %s, error: %s", 
+   nbytes, quarantine_dir, 
strerror(errno) );
 
return -1;
}
--- clamav-0.70-rc/clamd/scanner.c  Mon Mar 15 15:03:12 2004
+++ clamav-0.70-rc-jm/clamd/scanner.c   Tue Mar 30 18:28:29 2004
@@ -186,7 +186,7 @@
 
 int scanstream(int odesc, unsigned long int *scanned, const struct cl_node *root, 
const struct cl_limits *limits, int options, const struct cfgstruct *copt)
 {
-   int ret, portscan = CL_DEFAULT_MAXPORTSCAN, sockfd, port, acceptd, tmpd, 
bread, retval;
+   int ret, portscan = CL_DEFAULT_MAXPORTSCAN, sockfd, port, acceptd, tmpd, 
bread, btread, retval;
long int size = 0, maxsize = 0;
short bo

Re: [Clamav-users] Freshclam daemon dying

2004-03-30 Thread Ryan Moore

Bill Maidment wrote:
Hi

I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get 
this response

ClamAV update process started at Tue Mar 30 08:46:36 2004
SelfCheck: Database status OK.
ERROR: Maximal time (1200 seconds) reached.
Then the freshclam daemon died.

Anyone else come acroos this sort of behaviour?

Cheers
Bill
I just noticed the same on one of my boxes running 0.70-rc:



--
Received signal 14, wake up
ClamAV update process started at Tue Mar 30 11:42:58 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
ERROR: Maximal time (1200 seconds) reached.
--
freshclam daemon started (pid=2216)
ClamAV update process started at Tue Mar 30 18:05:54 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
daily.cvd updated (version: 227, sigs: 428, f-level: 1, builder: diego)
Database updated (20657 signatures) from database.clamav.net 
(152.66.249.132).
Clamd successfully notified about the update.



--
Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Freshclam daemon dying

2004-03-30 Thread Bill Maidment

Hi

I'm usinf clamav-0.68-1 and occasionally (once every two weeks) I get 
this response

ClamAV update process started at Tue Mar 30 08:46:36 2004
SelfCheck: Database status OK.
ERROR: Maximal time (1200 seconds) reached.
Then the freshclam daemon died.

Anyone else come acroos this sort of behaviour?

Cheers
Bill

Re: [Clamav-users] Deferred=451 4.7.1 Please try again later - HELP

2004-03-30 Thread Joe Maimon



Jaap Scholten wrote:

Joe Maimon wrote:

   

Joe Maimon wrote:

 

I have been having the same as well.

I added some more verbosity into the syslog statement and got this
logged
write failure to clamd, nbytes: -1, quarantine_dir: (null), error:
Bad file descriptor
Any ideas?

   

OK I think I know what the problem is. Large attachments.
this got logged in my clamav syslog - I probaly turned on debugging or
something
ScanStream: Size exceeded (stopped at 10453272, max: 10485760

I also grabbed one of the continually tempfailed emails. 11M attachment.

 



Just found

StreamMaxLength 10M

config option

   

I have been getting this since upgrading to 0.70.  It is driving me insane
(and my clients too)
I have checked streamlength, and all is as before (0.67).  I get this only
from some clients who smarthost off me.
Using sendmail.
From the maillog:
dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later

Any ideas, anyone?
(The latest tarball had issues during the make, so I could not get it
installed)
 

In my case this is directly due to large emails. Also that above message 
means that clamd is no longer listening to clamav-milter.

In your case it might be a thread timeout. Which is a macro defined in 
defaults.h



Short answer run clamav-milter with -d option which will effectively not 
scan email larger than 10megabytes, instead accepting it. It will also 
not scan any email and just accept for many other error conditions which 
can include all cases listed by

grep "cl_error" clamav-milter/*

man clamav-milter

If you have sendmail, you may find (as I did) the common denominator 
staring at you in the face in the maillog. Check the size= and delay= 
sendmail log equates.
Or if you find it reproducible, setup the alias to distribute the 
incoming email for the recipient into a file and disable clamav-milter 
or use -d and then examine the message at your leisure. Or packet 
capture it.

Long answer, stuff that I found

1) clamav-milter does not respect the options in clamav.conf for 
StreamMaxLength. clamd is the program which does. It respects it by.
2) clamd does not scan anything if the stream is larger than 
StreamMaxLength - sizeof(buff). In my book thats a bug. It should read 
up to the max.

It might be wiser to

a) make clamav-milter respect MaxStreamLength and also make clamd 
actualy go up to StreamMaxLength
b) scan whatever we got prior to exceeding StreamMaxLength, which is 
probaly easier to do once you do (a) than current behavior.

I have been playing with making a patch to do this.

Disclaimer: I am a clamav newbie, someone else probaly has a much better 
handle on this.

Joe







---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Virus DB Update

2004-03-30 Thread Vernon A. Fort

Colin A. Bartlett wrote:

Vernon A. Fort Sent: Tuesday, March 30, 2004 11:11 AM

 

I noticed that virusdb was updated, according to the clamav-virusdb 
list, to daily version 226 but my freshclam is still reporting that 225 
is the latest.  Am I missing something?
   

FYI, my freshclam returns version 227.

cheers,
Colin
Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz 

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
 

Your right - it's at 227 now.  I just happen to see the 226 post but all 
my server still reported 225.  Normally once you see the post on the 
virusdb list,
it been updated for a while.  I'll have to be more patient :)

Vernon



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Deferred=451 4.7.1 Please try again later - HELP

2004-03-30 Thread Jaap Scholten

>
>
>
> Joe Maimon wrote:
>
> >
> >
> > Joe Maimon wrote:
> >
> >> I have been having the same as well.
> >>
> >> I added some more verbosity into the syslog statement and got this
> >> logged
> >>
> >> write failure to clamd, nbytes: -1, quarantine_dir: (null), error:
> >> Bad file descriptor
> >>
> >> Any ideas?
> >>
> >>
> > OK I think I know what the problem is. Large attachments.
> > this got logged in my clamav syslog - I probaly turned on debugging or
> > something
> >
> > ScanStream: Size exceeded (stopped at 10453272, max: 10485760
> >
> > I also grabbed one of the continually tempfailed emails. 11M attachment.
> >
> 
>
> Just found
>
> StreamMaxLength 10M
>
> config option
>
I have been getting this since upgrading to 0.70.  It is driving me insane
(and my clients too)
I have checked streamlength, and all is as before (0.67).  I get this only
from some clients who smarthost off me.
Using sendmail.

>From the maillog:
dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later

Any ideas, anyone?
(The latest tarball had issues during the make, so I could not get it
installed)

Thanks in advance,
Jaap
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.639 / Virus Database: 408 - Release Date: 2004/03/22




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Update (daily: 224)

2004-03-30 Thread Tomasz Kojm

On Tue, 30 Mar 2004 09:44:02 -0500 (EST)
jef moskot <[EMAIL PROTECTED]> wrote:

> The update says:
> > Signatures older than two weeks have been moved into main.cvd.  This
> > update also removes signatures for spam encrypted with JavaScript -
> > we decided to leave the spam detection to our professional
> > colleagues from anti-spam projects.
> 
> Just to be clear, the spam that's not being blocked isn't harmful in
> any way, correct?

Right.

> Is there a link or something with more info about this type of spam?

The spam is encoded into an ASCII array, something like:

earthling = new Array(252,
177,106,210,160,139,71,177,228,121,83,
214,192,83,175,57,204,4,139,251,125,
5,146,223,124,209,235,226,197,168,59,...

and there's a simple decoder. I'm not familiar with anti-spam software
but I was told it should catch this type of spam.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 30 21:28:27 CEST 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] rarlib question

2004-03-30 Thread Tomasz Kojm

On Tue, 30 Mar 2004 15:00:50 +0300
Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote:

> On Tue, 30 Mar 2004 15:43:24 +0500
> Sergey <[EMAIL PROTECTED]> wrote:
> 
> > And more:
> > "Due to security reasons clamd only scans archives supported by
> > libclamav and can't use external programs"
> what about unrar from freebsd ports? could developers include some
> code from unrarsrc-3.x.xm for rar v3 support?

Unfortunately the license of unrar-3 conflicts with the GPL.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Mar 30 21:27:43 CEST 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] [ANNOUNCEMENT] Postfix-Cyrus-Web-cyradm-HOWTO Version 1.2.5 available

2004-03-30 Thread Luc de Louw

Krištof Petr wrote:
Luc de Louw wrote:

[..]
If you are writing some documentation, you _should_ read the another 
before. 

Your document says:

 > I suggest to update the signatures with a hourly cronjob. To edit the 
crontab issue *crontab -e* and add the following line:
 > 0 * * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log

But Clamav documentation says:

 > The other method is to use the cron daemon. You have to add the 
following line to the
 > crontab of the root or clamav users:
 > N * * * * /usr/local/bin/freshclam --quiet
 > to check for a new database every hour. N should be a number between 
1 and 59
 > of your choice. Please don't choose any multiple of 10, because there 
are already
 > too many servers using those time slots.
I'm sorry for that. I have some own method to write documentations (Just 
do it, and write it down). Somethimes this is not the best method.

Anyway, I updated the HOWTO and corrected the issue and wrote about the 
"time-based loadbalancing".

Further I made some other minor corrections.

The document is now known as release 1.2.6 and available here:
http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html
freshmeat.net announcement pending...

rgds

Luc

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Virus DB Update

2004-03-30 Thread Colin A. Bartlett

Vernon A. Fort Sent: Tuesday, March 30, 2004 11:11 AM

> I noticed that virusdb was updated, according to the clamav-virusdb 
> list, to daily version 226 but my freshclam is still reporting that 225 
> is the latest.  Am I missing something?

FYI, my freshclam returns version 227.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz 


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Virus DB Update

2004-03-30 Thread Kristof Hardy

Vernon A. Fort wrote:
I noticed that virusdb was updated, according to the clamav-virusdb 
list, to daily version 226 but my freshclam is still reporting that 225 
is the latest.  Am I missing something?
I seem to be having 227 already. ClamAV is v0.70-rc here.
You're not using a proxy or something alike?
--

Best regards,
Kristof
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] database update-less sigs?

2004-03-30 Thread Bart Silverstrim

On Mar 30, 2004, at 9:51 AM, Antony Stone wrote:

On Tuesday 30 March 2004 3:34 pm, Bart Silverstrim wrote:

Was there a drop in the number of signatures in the database recently?
After what seemed like a slow update, the number of viruses appears to
be only near 20,600...I thought it was at 20,800 range before that
update, but my memory may be playing tricks on me.  I updated from two
different computers and the numbers matched in the 20,600 range.  Can
others verify that I'm just being overly paranoid? :-)
--  Forwarded Message  --

Subject: [Clamav-virusdb] Update (main: 22)
Date: Mon, 29 Mar 2004 23:57:25 +0200
From: Tomasz Kojm <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
ClamAV database updated (2004.03.29 21:55 GMT): main.cvd, viruses.db
Version: 22
All signatures for Office 97 files have been removed (proper signatures
that use the VBA macro decoder must be created).
Thanks!



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] error on make in OS X/Jaguar clamav-0.70-rc

2004-03-30 Thread OpenMacNews

you'll need to do exactly what the error suggests:

% ranlib /usr/lib/libbz2.a

richard

-- On Tuesday, March 30, 2004 10:18 AM -0500  Robert Kudyba <[EMAIL PROTECTED]> wrote:


Any idea how to fix this? Happens on a make...

ld: table of contents for archive: /usr/lib/libbz2.a is out of date; rerun ranlib(1) 
(can't load from it)
make[2]: *** [clamscan] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] database update-less sigs?

2004-03-30 Thread Antony Stone

On Tuesday 30 March 2004 5:27 pm, P.V.Anthony wrote:

> Hi,
>
> I have noticed it on my machine. But I have read somewhere that they clean
> the database and remove the duplicates.
> Maybe thats why it is smaller now.

Removing duplicates was done some time ago - several weeks IIRC.

And, once they've been removed, there shouldn't be a need to do it a second 
time :)

This reduction in database size was due to:
 - removing signatures for things which weren't viruses (spam)
 - removing signatures for viruses which will be detected a different way (VBS 
scripts)

Regards,

Antony.

-- 
Your work is both good and original.  Unfortunately the parts that are good 
aren't original, and the parts that are original aren't good.

 - Samuel Johnson

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] database update-less sigs?

2004-03-30 Thread P.V.Anthony

Hi,

I have noticed it on my machine. But I have read somewhere that they clean
the database and remove the duplicates.
Maybe thats why it is smaller now.

P.V.Anthony

- Original Message - 
From: "Bart Silverstrim" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 30, 2004 10:34 PM
Subject: [Clamav-users] database update-less sigs?


> Was there a drop in the number of signatures in the database recently?
> After what seemed like a slow update, the number of viruses appears to
> be only near 20,600...I thought it was at 20,800 range before that
> update, but my memory may be playing tricks on me.  I updated from two
> different computers and the numbers matched in the 20,600 range.  Can
> others verify that I'm just being overly paranoid? :-)
>
> Below is the output from my freshclam cron job.
> 
>
> ClamAV update process started at Tue Mar 30 08:12:00 2004
> Reading CVD header (main.cvd): OK
> main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
> tkojm)
> Reading CVD header (daily.cvd): OK
> Downloading daily.cvd [|]
> Downloading daily.cvd [/]
> Downloading daily.cvd [-]
> Downloading daily.cvd [\]
> Downloading daily.cvd [|]
> Downloading daily.cvd [/]
> Downloading daily.cvd [-]
> Downloading daily.cvd [\]
> Downloading daily.cvd [|]
> Downloading daily.cvd [/]
> Downloading daily.cvd [-]
> Downloading daily.cvd [\]
> Downloading daily.cvd [|]
> Downloading daily.cvd [/]
> Downloading daily.cvd [-]
> Downloading daily.cvd [\]
> Downloading daily.cvd [|]
> Downloading daily.cvd [/]
> Downloading daily.cvd [-]
> Downloading daily.cvd [\]
> Downloading daily.cvd [|]
> Downloading daily.cvd [/]
> Downloading daily.cvd [-]
> Downloading daily.cvd [\]
> Downloading daily.cvd [|]
> Downloading daily.cvd [/]
> Downloading daily.cvd [-]
> Downloading daily.cvd [\]
> Downloading daily.cvd [*]
> daily.cvd updated (version: 225, sigs: 414, f-level: 1, builder: acab)
> Database updated (20643 signatures) from database.clamav.net
> (24.73.112.74).
> Clamd successfully notified about the update.
>
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Virus DB Update

2004-03-30 Thread Vernon A. Fort

I noticed that virusdb was updated, according to the clamav-virusdb 
list, to daily version 226 but my freshclam is still reporting that 225 
is the latest.  Am I missing something?

Vernon



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] error on make in OS X/Jaguar clamav-0.70-rc

2004-03-30 Thread Robert Kudyba

Any idea how to fix this? Happens on a make...

ld: table of contents for archive: /usr/lib/libbz2.a is out of date; 
rerun ranlib(1) (can't load from it)
make[2]: *** [clamscan] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] database update-less sigs?

2004-03-30 Thread Antony Stone

On Tuesday 30 March 2004 3:34 pm, Bart Silverstrim wrote:

> Was there a drop in the number of signatures in the database recently?
> After what seemed like a slow update, the number of viruses appears to
> be only near 20,600...I thought it was at 20,800 range before that
> update, but my memory may be playing tricks on me.  I updated from two
> different computers and the numbers matched in the 20,600 range.  Can
> others verify that I'm just being overly paranoid? :-)

--  Forwarded Message  --

Subject: [Clamav-virusdb] Update (main: 22)
Date: Mon, 29 Mar 2004 23:57:25 +0200
From: Tomasz Kojm <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]

ClamAV database updated (2004.03.29 21:55 GMT): main.cvd, viruses.db
Version: 22

All signatures for Office 97 files have been removed (proper signatures
that use the VBA macro decoder must be created).

--

Regards,

Antony.

-- 
In Heaven, the police are British, the chefs are Italian, the beer is Belgian, 
the mechanics are German, the lovers are French, the entertainment is 
American, and everything is organised by the Swiss.

In Hell, the police are German, the chefs are British, the beer is American, 
the mechanics are French, the lovers are Swiss, the entertainment is Belgian, 
and everything is organised by the Italians.

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Update (daily: 224)

2004-03-30 Thread jef moskot

The update says:
> Signatures older than two weeks have been moved into main.cvd.  This
> update also removes signatures for spam encrypted with JavaScript - we
> decided to leave the spam detection to our professional colleagues from
> anti-spam projects.

Just to be clear, the spam that's not being blocked isn't harmful in any
way, correct?

Is there a link or something with more info about this type of spam?

Jeffrey Moskot
System Administrator
[EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] database update-less sigs?

2004-03-30 Thread Bart Silverstrim

Was there a drop in the number of signatures in the database recently? 
After what seemed like a slow update, the number of viruses appears to 
be only near 20,600...I thought it was at 20,800 range before that 
update, but my memory may be playing tricks on me.  I updated from two 
different computers and the numbers matched in the 20,600 range.  Can 
others verify that I'm just being overly paranoid? :-)

Below is the output from my freshclam cron job.

ClamAV update process started at Tue Mar 30 08:12:00 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [|]
Downloading daily.cvd [/]
Downloading daily.cvd [-]
Downloading daily.cvd [\]
Downloading daily.cvd [|]
Downloading daily.cvd [/]
Downloading daily.cvd [-]
Downloading daily.cvd [\]
Downloading daily.cvd [|]
Downloading daily.cvd [/]
Downloading daily.cvd [-]
Downloading daily.cvd [\]
Downloading daily.cvd [|]
Downloading daily.cvd [/]
Downloading daily.cvd [-]
Downloading daily.cvd [\]
Downloading daily.cvd [|]
Downloading daily.cvd [/]
Downloading daily.cvd [-]
Downloading daily.cvd [\]
Downloading daily.cvd [|]
Downloading daily.cvd [/]
Downloading daily.cvd [-]
Downloading daily.cvd [\]
Downloading daily.cvd [|]
Downloading daily.cvd [/]
Downloading daily.cvd [-]
Downloading daily.cvd [\]
Downloading daily.cvd [*]
daily.cvd updated (version: 225, sigs: 414, f-level: 1, builder: acab)
Database updated (20643 signatures) from database.clamav.net 
(24.73.112.74).
Clamd successfully notified about the update.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] email structure logging

2004-03-30 Thread Bruce Richardson

On Thu, Mar 25, 2004 at 05:05:42PM -0500, Jesse Guardiani wrote:
> Howdy list,
> 
> Is there any way to make clamd log the structure of
> a message and it's attachments? BinHex, MIME, plain-text,
> ZIP, RAR, BZIP, GZIP, OLE2, etc...?
> 
> This information would be great for statistics, but I
> could imagine it being useful during troubleshooting
> or tech support also.

If you want that kind of detail, have a look at Exim 4 with the latest
version of the Exiscan patch.  The latest Exiscan patch adds a MIME acl
that is triggered once for each MIME component.  Easy enough to log the
information you want with that.


-- 
Bruce


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] rarlib question

2004-03-30 Thread Korchmenuk Nickolay

On Tue, 30 Mar 2004 15:43:24 +0500
Sergey <[EMAIL PROTECTED]> wrote:

> And more:
> "Due to security reasons clamd only scans archives supported by libclamav 
> and can't use external programs"
what about unrar from freebsd ports? could developers include some code from 
unrarsrc-3.x.xm for rar v3 support?

-- 
 Korchmenuk Nickolay
30 Mar 2004 14:58:39


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] rarlib question

2004-03-30 Thread Sergey

On Tuesday 30 March 2004 14:24, Fajar A. Nugraha wrote:

> Because it's in WinRAR 3 format
> Read the file README on your test directory (under clamav source dir) or
> http://clamav.or.id/snapshot/docs/html/node21.html
> 
> "Unrarlib supports RAR 2.0 archives only and according to Christian the 
> new format (introduced in WinRAR 3.0) will never be supported (however 
> clamscan can scan WinRAR 3.0 archives, see below)"

And more:
"Due to security reasons clamd only scans archives supported by libclamav 
and can't use external programs"

Hm. I understand this security reasons, but ignoring of external 
programs absolutely is not good, I think. Some viruses may use 
unsupported compression type... Security may be increased by another 
paths, for examle running in chroot environment...

-- 
Regards,
Sergey


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] rarlib question

2004-03-30 Thread Fajar A. Nugraha

Korchmenuk Nickolay wrote:

2) clamscan with --unrar
# clamscan --database=/var/clamav/db --unrar=/usr/local/bin/unrar rarf
/usr/home/user/rarfail.rar: RAR module failure.
UNRAR 3.30 freeware  Copyright (c) 1993-2004 Eugene Roshal

Extracting from /usr/home/user/rarfail.rar

Extracting  test1 OK 
All OK
/var/tmp//717eeede073c5dba/test1: ClamAV-Test-Signature FOUND
/usr/home/test/rarfail.rar: Infected Archive FOUND

 

[snip]

Why clamscad doesn't detect ClamAV-Test-Signature?

 

Because it's in WinRAR 3 format
Read the file README on your test directory (under clamav source dir) or
http://clamav.or.id/snapshot/docs/html/node21.html
"Unrarlib supports RAR 2.0 archives only and according to Christian the 
new format (introduced in WinRAR 3.0) will never be supported (however 
clamscan can scan WinRAR 3.0 archives, see below)"

Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav & harddisk

2004-03-30 Thread Erik Jakobsen

Thanks for the helps I have received on this mailinglist.

Dexter Ang wrote:
On Tue, 2004-03-30 at 03:36, Antony Stone wrote:

On Monday 29 March 2004 8:25 pm, Erik Jakobsen wrote:


Hi.

For my MailScanner I use Clamav, that works execellent.

Is it also possible to have Clamav to scan one's harddisk for viruses ?
Try (as root, so you have permission to read everything):

clamscan -i /


parent might want to add "-r" to recursively scan through all
directories as well.

Perhaps run from a cron job?


possibly add the option "--quiet" and put all results in a log file "-l
/var/log/clamscan.log", just to make it a little nicer.
dex

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
--

/ /  _
---/ /  (_)__  __   __  Med venlig hilsen - Best regards
--/ /__/ / _ \/ // /\ \/ /  Erik Jakobsen - [EMAIL PROTECTED]
-//_/_//_/\_,_/ /_/\_\  SuSE 9.0 - HAMCall OZ4KK








---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] rarlib question

2004-03-30 Thread Korchmenuk Nickolay

Hi

Look at this:

1) clamscan without --unrar
#clamscan --database=/var/clamav/db rarfail.rar 
rarfail.rar: RAR module failure.
rarfail.rar: OK

2) clamscan with --unrar
# clamscan --database=/var/clamav/db --unrar=/usr/local/bin/unrar rarf
/usr/home/user/rarfail.rar: RAR module failure.

UNRAR 3.30 freeware  Copyright (c) 1993-2004 Eugene Roshal


Extracting from /usr/home/user/rarfail.rar

Extracting  test1 OK 
All OK
/var/tmp//717eeede073c5dba/test1: ClamAV-Test-Signature FOUND
/usr/home/test/rarfail.rar: Infected Archive FOUND

3) clamdscan (ScanRAR option in clamav.conf is turned on)
clamdscan rarfail.rar
/usr/home/nyckadm/rarfail.rar: RAR module failure. ERROR

Why clamscad doesn't detect ClamAV-Test-Signature?

p.s.bash-2.05b# clamscan -V
clamscan / ClamAV version devel-20040326
bash-2.05b# clamdscan -V
clamdscan / ClamAV version devel-20040326

-- 
 Korchmenuk Nickolay
30 Mar 2004 11:16:29


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

45 matches

Mail list logo