Re: [Clamav-users] clamd.ctl not read at bootup

[Fajar A. Nugraha]

Karl Hakmiller wrote:

Just installed clamav (0.68) on FC1 system.  Freshclam works OK but system does not read clamd.ctl at bootup. 

It's not supposed to "read" it. Based on your config, clamd.ctl is a socket.

There is a file named clamd.ctl in /var/run/clamav (which is the dir specified for LocalSocket
in /etc/clamav.conf).  The bootlog reports that clamav-milter failed to
load.  My clamav.conf is as follows: 

 

You should check your clamav-milter's config and log. Your clamd seems 
to work fine.

#   Never delete/move files with this directive !
VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v"
 

Do you really want this? I hope you realise it means you'll be sending
possibly thousands of SMS daily.
I'd sure appreciate some clarification here.  Is the clamd.ctl file the
problem and, 

I think not.

if so, what should I do about it.

Again, examine your clamav-milter config and log. Clamd SEEMS to be OK.
Try feeding clamdscan with some test virus to be sure.
 And, what's in clamd.ctl
anyway (permission denied if I try to read it with cat or gedit)`?
 

It's a unix socket. You're not supposed to 'cat' or 'gedit' it.
Think of it as an open TCP port, but instead of IP and port number you 
access
it using a local file.

Regads,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] configuring clamav

[Fajar A. Nugraha]

Nishant Shah wrote:

Hi everyone,
I downloaded the clamav-0.70 tar file and I am trying to install it. 
After reading the documentation and following the steps I reached upto 
running ./configure --syconfigdir=/etc. After I do that I am having an 
error:
configure error: Need to know how to pack structures with this compiler.

I think the problem is because you're using AIX instead of Linux :)
What compiler are you using? I use gcc-2.9-aix51-020209
I didn't try 0.70 version, but I build binaries from daily CVS snapshot 
with gcc on AIX.
Latest snapshot builds OK on AIX 5.1. My binaries are available on 
http://clamav.or.id/snapshot/

Regards,

Fajar
--
Don't use GIF. Use PNG instead
http://www.gnu.org/philosophy/gif.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter exited on signal 11

[Mike Lambert]

On Fri, 9 Apr 2004, Antony Stone wrote:

> On Friday 09 April 2004 5:21 pm, Mike Lambert wrote:
>
> > I have been running ClamAV version devel-20040405 for three days without
> > issue, until this morning. Now, for each virus rejected, the following
> > entry appears in the syslog:
> >
> > /kernel: pid 72343 (clamav-milter), uid 3001: exited on signal 11
> >
> > Any ideas?
>
> You might want to check your hardware (especially the memory):
>
> http://www.bitwizard.nl/sig11

 "Signal 11 while compiling the kernel"

 "This FAQ describes what the possible causes are for an effect
  that bothers lots of people lately. Namely that a linux(*)-kernel
  (or any other large package for that matter) compile crashes with
  a "signal 11"."

While I appreciate your suggestion, I don't think it is relevant in this
case. This is happening on a machine (IBM x335) that has never crashed,
nor had any process exit under similar circumstance, in two years of
continuous operation (and I have complied the whole system, kernel
included, several times without error). I too have seen bad hardware do
some strange things, but I doubt that is the case here.

Follow-up:

I stopped and restarted the parent clamav-milter process. Virus laden
emails continue to be happily rejected, and with no more "clamav-milter
exited on signal 11" syslog errors (so far). I will monitor this
situation closely and report back as needed.

-- 
Michael Lambert
Systems Admin, IT Dept
JEOL USA Inc
http://www.jeol.com



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Trouble compiling clamav-latest..

[Todd Lyons]

On Wed, 2004-04-07 at 22:12, turgut kalfaoglu wrote:
> Hi there - I seem to have much trouble compiling last night's snapshot. 
> I checked, and I have automake 1.8 installed, and yet I get this 
> complaint during make :

> aclocal.m4:4200: version mismatch.  This is Automake 1.6, but aclocal.m4
> aclocal.m4:4200: was generated for Automake 1.6.1.  You should recreate
> aclocal.m4:4200: aclocal.m4 with aclocal and run automake again.

Well, run 'aclocal' before you do your ./configure and it should fix
everything.  I have to do the same when I'm building rpms of CVS
snapshots of ClamAV.

Blue skies...   Todd



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Install on Redhat 7.3

[Jean-Francois Guilmard]

Ok sorry for being noob, I used the tar.gz version and ./configure
./make ./make install  and it works perfectly


Jeff



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Install on Redhat 7.3

[Jason Balicki]

>It occurs after I installed tcp_wrappers as required (I just did an rpm
>-Uvh on tcp_wrappers)

You probably need tcp_wrappers-devel too.

--J(K)



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sendmail - viruses not cleaned

[Jeff Ramsey]

Google for sendmail with milter support. Recompile sendmail with the 
milter libraries enabled. And then read the docs included with clamav 
on using clam-milter. Or you can use an app called amavisd-new, 
compiled with milter support.

Jeff Ramsey
MIS Administrator
Tubafor Mill, Inc.
On Apr 9, 2004, at 1:34 PM, Spades wrote:

heya,

how do i link clamav with sendmail?

Just installed clamav-0.70-rc with ScanMail option enabled.
i'm running sendmail 8.12.11 on a FreeBSD 4.9stable and
all the user mailboxes are in /var/mail, not in their homedir.
The clamd and freshclam daemon is running by clamav.

How come the emails are still attached with viruses, not cleaned?

Please advise.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sendmail - viruses not cleaned

[Antony Stone]

On Friday 09 April 2004 9:34 pm, Spades wrote:

> heya,
>
> how do i link clamav with sendmail?

I use http://www.MailScanner.info - very configurable, supports other AV 
engines at the same time as ClamAV if you want, and integrates nicely with 
SpamAssassin too - also does some very useful tests of its own, such as bad 
attachment filenames, bad attachment filetypes, encrypted mails etc.

Regards,

Antony.

-- 
"Linux is going to be part of the future. It's going to be like Unix was."

 - Peter Moore, Asia-Pacific general manager, Microsoft

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] sendmail - viruses not cleaned

[Spades]

heya,

how do i link clamav with sendmail?

Just installed clamav-0.70-rc with ScanMail option enabled.
i'm running sendmail 8.12.11 on a FreeBSD 4.9stable and
all the user mailboxes are in /var/mail, not in their homedir.

The clamd and freshclam daemon is running by clamav.

How come the emails are still attached with viruses, not cleaned?

Please advise.


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Install on Redhat 7.3

[Jean-Francois Guilmard]

Hi I'm using ClamAv 0.65 on a redhat 7.3

I'd like to upgrade to ClamAv 7.0, but if I use the official rpm, it
stops saying it needs lib.so.6 and so on.. seems like it was built for
Redhat 8.0

So After searching in archives, I decided to build it by myself.

I do 
'rpm -I clamav-0.70rc-1.src.rpm'
'rpm -ba /tmp/cpqrpm/SPECS/clamav.spec'
and this last command stop with:

checking for syslog.h... yes
/dev/(u)random detected.
checking tcpd.h usability... yes
checking tcpd.h presence... yes
checking for tcpd.h... yes
checking for hosts_ctl in -lwrap... no
configure: error: tcpwrappers not available
error: Bad exit status from /var/tmp/rpm-tmp.17030 (%build)

It occurs after I installed tcp_wrappers as required (I just did an rpm
-Uvh on tcp_wrappers)

Any help would be greatly appreciated: every solution is good, from rpm
to src ...

Thx a lot 

Jeff

-Original Message-
From: Karl Hakmiller [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 09, 2004 1:00 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] clamd.ctl not read at bootup

Just installed clamav (0.68) on FC1 system.  Freshclam works OK but
system does not read clamd.ctl at bootup. There is a file named
clamd.ctl in /var/run/clamav (which is the dir specified for LocalSocket
in /etc/clamav.conf).  The bootlog reports that clamav-milter failed to
load.  My clamav.conf is as follows: 

.conf file starts===

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
LogFile /var/log/clamav/clamd.log

# By default the log file is locked for writing - the lock protects
against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't
uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the
size
# in bytes just don't use modifiers.
LogFileMaxSize 2M

# Log time with an each message.
LogTime

# Log also clean files. May be useful in debugging but will drastically
# increase the log size.
#LogClean

# Use system logger (can work together with LogFile).
LogSyslog

# Enable verbose logging.
LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default is system specific - usually /var/tmp or /tmp.
TemporaryDirectory /var/tmp

# Path to the database directory.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# but it depends on installation options).
DatabaseDirectory /var/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a
directory
# which is only accessible for a user running daemon.
LocalSocket /var/run/clamav/clamd.ctl

# Remove stale socket after unclean shutdown.
FixStaleSocket

# TCP port address.
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to
disk before
# scanning - this allows scanning within archives.
StreamSaveToDisk

# Close the connection if this limit is exceeded.
StreamMaxLength 10M

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10

# Thread (scanner - single task) will be stopped after this time
(seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT:
Increase the
# timeout instead of disabling it.
#ThreadTimeout 500

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
FollowDirectorySymlinks

# Follow regular file symlinks.
FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database
structures)
# By default clamd checks itself every 3600 seconds (1 hour).
SelfCheck 600

# Execute a command when virus is found. In the command string %v and %f
will
# be replaced by the virus name and the infected file name respectively.
#
# SECURITY WARNING: Make sure the virus event command cannot be
exploited,
#   eg. by using some special file name when %f is used.
#   Always use a full 

Re: [Clamav-users] Netsky P not being blocked, using 0.70-rc

[Jeff Ramsey]

I have done some further testing, and I am blocking Somefool and 
Somefool.B, but I am not blocking variant P. My Sophos is picking it up 
as Netsky P. Both Sophos and clamav are being called by Amavisd-new via 
sendmail milter. Is there some sort of binary on my box that I have 
forgotten to give the clamav user executable permissions to, like unzip 
or ?

I'd really like to drop Sophos altogether, but right now as it stands, 
I'd being cleaning Netsky.P all day long.

Thanks,
Jeff Ramsey
On Apr 8, 2004, at 8:41 AM, Amish Munshi wrote:

On Wed, 7 Apr 2004 20:22:07 +0100, "Antony Stone"
<[EMAIL PROTECTED]> said:
On Wednesday 07 April 2004 7:59 pm, Jeff Ramsey wrote:

I'm picking up Worm.SomeFool.P (aka Worm/NetSky.P according to 
Antivir,
W32/[EMAIL PROTECTED] according to F-Prot, W32/[EMAIL PROTECTED] according to
McAfee)
with a very old version of ClamAV (0.60 running under MailScanner)


  I am also facing the same problem, I have recently tested and 
installed
  Clamav, postfix combi. Tests with the sample test viruses given did
  succeed, so I assumed that the installation is successfull. But the
  mail containing a virus was delivered to OE and Norton AV detected 
it.
  Well, my client is not technical so I manged to convince him that it 
is
  not a problem and since it is a new virus it will be fixed
  automatically.
  I scanned the file which had that virus and clamav detected the 
virus.
  Any clues what is wrong here?

Regards,

Antony.

--
The lottery is a tax for people who can't do maths.
 Please reply to 
the
 list;
   please 
don't
   CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
--
http://www.fastmail.fm - Access your email from home and the web
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd.ctl not read at bootup

[Karl Hakmiller]

Just installed clamav (0.68) on FC1 system.  Freshclam works OK but system does not 
read clamd.ctl at bootup. There is a file named clamd.ctl in /var/run/clamav (which is 
the dir specified for LocalSocket
in /etc/clamav.conf).  The bootlog reports that clamav-milter failed to
load.  My clamav.conf is as follows: 

.conf file starts===

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
LogFile /var/log/clamav/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
LogFileMaxSize 2M

# Log time with an each message.
LogTime

# Log also clean files. May be useful in debugging but will drastically
# increase the log size.
#LogClean

# Use system logger (can work together with LogFile).
LogSyslog

# Enable verbose logging.
LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default is system specific - usually /var/tmp or /tmp.
TemporaryDirectory /var/tmp

# Path to the database directory.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# but it depends on installation options).
DatabaseDirectory /var/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /var/run/clamav/clamd.ctl

# Remove stale socket after unclean shutdown.
FixStaleSocket

# TCP port address.
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
StreamSaveToDisk

# Close the connection if this limit is exceeded.
StreamMaxLength 10M

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10

# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the
# timeout instead of disabling it.
#ThreadTimeout 500

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
FollowDirectorySymlinks

# Follow regular file symlinks.
FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
SelfCheck 600

# Execute a command when virus is found. In the command string %v and %f will
# be replaced by the virus name and the infected file name respectively.
#
# SECURITY WARNING: Make sure the virus event command cannot be exploited,
#   eg. by using some special file name when %f is used.
#   Always use a full path to the command.
#   Never delete/move files with this directive !
VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v"

# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
User clamav

# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups

# Don't fork into background. Useful in debugging.
#Foreground

# Enable debug messages in libclamav.
#Debug

##
## Mail support
##

# Uncomment this option if you are planning to scan mail files.
ScanMail

##
## Archive support
##


# Comment this line to disable scanning of the archives.
ScanArchive


# By default the built-in RAR unpacker is disabled by default because the code
# terribly leaks, however it's probably a good idea to enable it.
ScanRAR


# Options below protect your system against Denial of Service attacks
# with archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 d

[Clamav-users] configuring clamav

[Nishant Shah]

Hi everyone,
	I downloaded the clamav-0.70 tar file and I am trying to install it. After reading the documentation and following the steps I reached upto running ./configure --syconfigdir=/etc. After I do that I am having an error:
configure error: Need to know how to pack structures with this compiler.
anykind of help will be appreciated,
Thanks,

Nishant Shah
[EMAIL PROTECTED]
AIX Network Security Development
(512)838-0095 

" People seldom improve when they have no other model but themselves to copy after "

Re: [Clamav-users] Re: Use of CLAMAV as Corporate Antivirus

[Flinn Mueller]

On Apr 9, 2004, at 9:22 AM, Alex Cherney wrote:
Fajar, thanks for the suggestions and I agree with Tomasz. I need to 
think how to do that in the UI so that an ordinary user (as far I 
understand - the target audience) is not overwhelmed with number of 
options.
I think you should add the ability to set command line options.  This 
would allow the UI to stay clean, while letting power users/admins to 
control scanning a little better.  One of my issues is that I would 
really only like to see infected files.  I don't see a way of doing 
that in the current offering.  Great work so far, keep it up!

Regards,
Flinn Mueller
ActiveIntra.net, Inc.
[EMAIL PROTECTED]
Toll Free: 1-800-640-4876 ext. 251
GnuPG (ID 27AE2CA9)
506B 1794 E240 ECEB 0758 2F90 6943 17A1 27AE 2CA9
---
ActiveIntra.net - Web Design, Web Programming, Web Hosting

I have seen some software products perceived too complex by users just 
because they offer too much configuration. As well as I need to find 
time to do that :(.

Regards,
Alex


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] wbmclamav

[Lynn Duerksen]

> Henry Harvey
> I just found this utility
> wbmclamav
> http://wbmclamav.labs.libre-entreprise.org/
> A webmin utility for ClamAV
> to manage quaratined emails, etc.
> It's still in Alpha stage though according to Freshmeat.
> 
> Anyone tried this? The features are neat and just what I wanted.
> 

Thanks for sharing the info.  I downloaded and install.  Nice utility.
Quarantine management could be inproved.  Showing only two quarantined files
at a time isn't very useful.  But other than that, Nice!




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clmilter errors - i'm lost, help?

[Stephen Gran]

On Fri, Apr 09, 2004 at 11:17:01AM -0500, unruhtech said:
> i just got clamav 0.70-rc up and running on rh 7.3.
> 
> this is from my /var/log/maillog
> 
> Apr  9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter (clmilter): local 
> socket name /var/run/clmilter.sock unsafe
> Apr  9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter (clmilter): to error 
> state
> 
> what does it mean and how do i fix it?

The first line means that sendmail thinks the permissions on the socket
(/var/run/clmilter.sock) are too loose - world readable or writeable,
probably.  The second one indicates an error communicating with the
milter.  Fixing the permissions on the socket may fix the second error
as well.

-- 
 --
|  Stephen Gran  | Life is like bein' on a mule team.  |
|  [EMAIL PROTECTED] | Unless you're the lead mule, all the|
|  http://www.lobefin.net/~steve | scenery looks about the same.   |
 --


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] submitting samples (name instead?)

[Antony Stone]

On Friday 09 April 2004 5:52 pm, Brad Morgan wrote:

> > he said: those virusses are caught by norton on workstations,
> > clamav didn't catch them on the mailserver. Given that the workstations
> > received them by mail.
>
> I don't know how Norton is configured in this case, but in my case I have a
> quarantine area with the original virus intact.  Submit these quarantined
> files along with the Symantec name to ClamAV and the problem should be
> solved very quickly.

I shall be very surprised if the submission form doesn't immediately respond 
to all the samples with "this virus is already detected by ClamAV".

However, just in case he has found something new, I hope he follows your 
advice all the same.

Regards,

Antony.

-- 
Most people have more than the average number of legs.

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] submitting samples (name instead?)

[Brad Morgan]

>
> he said: those virusses are caught by norton on workstations,
> clamav didn't catch them on the mailserver. Given that the workstations
> received them by mail.
>

I don't know how Norton is configured in this case, but in my case I have a
quarantine area with the original virus intact.  Submit these quarantined
files along with the Symantec name to ClamAV and the problem should be
solved very quickly.

Brad




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clmilter errors - i'm lost, help?

[Joe Maimon]

unruhtech wrote:

i just got clamav 0.70-rc up and running on rh 7.3.

this is from my /var/log/maillog

Apr  9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter (clmilter): local 
socket name /var/run/clmilter.sock unsafe
Apr  9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter (clmilter): to error 
state
what does it mean and how do i fix it?

thanks much,
steve
 

Couple causes:

Sendmail cant find/use the socket you specified in your 
sendmail{cf.mc}either because
a) the socket isnt where its supposed to be
b) clamav-milter is actualy using a different socket (check its startup 
arguments)
c) the socket has the wrong uid/moide
d) clamav-milter is not running



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter exited on signal 11

[Antony Stone]

On Friday 09 April 2004 5:21 pm, Mike Lambert wrote:

> Greetings,
>
> I have been running ClamAV version devel-20040405 for three days without
> issue, until this morning. Now, for each virus rejected, the following
> entry appears in the syslog:
>
> /kernel: pid 72343 (clamav-milter), uid 3001: exited on signal 11
>
> Any ideas?

You might want to check your hardware (especially the memory):

http://www.bitwizard.nl/sig11

Regards,

Antony.

-- 
Your work is both good and original.  Unfortunately the parts that are good 
aren't original, and the parts that are original aren't good.

 - Samuel Johnson

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] submitting samples (name instead?)

[Antony Stone]

On Friday 09 April 2004 5:10 pm, Jim Maul wrote:

> > >>We have Symantec Corporate Ed AV running on
> > >>all workstations and it blocks those files
> > >>from even saving to any pc. I have the logs
> > >>which says that
> > >>
> > >>[EMAIL PROTECTED]
> > >>[EMAIL PROTECTED]
> > >>[EMAIL PROTECTED]
> > >>[EMAIL PROTECTED]
>
> 
>
> > >>ClamAV works perfectly fine with other
> > >>viruses though, like those "SomeFool" viruses.
>
> This is a direct contradiction.
>
> > he said: those virusses are caught by norton on workstations,
> > clamav didn't catch them on the mailserver. Given that the workstations
> > received them by mail.
>
> I understand that.  What i dont understand is that he basically said,
> "Somefool is not getting detected by clamav but clamav works fine with
> other viruses like somefool".

I think you'll find what he's saying is "ClamAV is detecting SomeFool, and I 
don't know that that's ClamAV's name for Netsky, so how come ClamAV isn't 
picking up Netsky?"

Regards,

Antony.

-- 
Abandon hope, all ye who enter here.
You'll feel much better about things once you do.

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav-milter exited on signal 11

[Mike Lambert]

Greetings,

I have been running ClamAV version devel-20040405 for three days without
issue, until this morning. Now, for each virus rejected, the following
entry appears in the syslog:

/kernel: pid 72343 (clamav-milter), uid 3001: exited on signal 11

These appear to be from children as the parent proccess continues to
run. All else appears normal.

System info:
FreeBSD 4.9-RELEASE-p2
clamd / ClamAV version devel-20040405
ClamAV version devel-20040405, clamav-milter version 0.70g

# ps ax | grep clam
17139  ??  Is 0:00.07 /usr/local/bin/freshclam -d -c 13
40560  ??  Ss 2:41.65 /usr/local/sbin/clamd
40568  ??  Ss 0:13.25 /usr/local/sbin/clamav-milter -lonHP -m50

Any ideas?

-- 
Michael Lambert
Systems Admin, IT Dept
JEOL USA Inc
http://www.jeol.com



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clmilter errors - i'm lost, help?

[unruhtech]

i just got clamav 0.70-rc up and running on rh 7.3.

this is from my /var/log/maillog

Apr  9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter (clmilter): local 
socket name /var/run/clmilter.sock unsafe
Apr  9 11:11:48 shell mta-daemon[5840]: i39GBmxu005840: Milter (clmilter): to error 
state

what does it mean and how do i fix it?

thanks much,
steve


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] submitting samples (name instead?)

[Jim Maul]

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Niek
> Sent: Friday, April 09, 2004 11:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] submitting samples (name instead?)
>
>
> Jim Maul wrote:
>
> >
> >>-Original Message-
> >>From: [EMAIL PROTECTED]
> >>[mailto:[EMAIL PROTECTED] Behalf Of Henry
> >>Harvey
> >>Sent: Friday, April 09, 2004 10:16 AM
> >>To: [EMAIL PROTECTED]
> >>Subject: [Clamav-users] submitting samples (name instead?)
> >>
> >>
> >>Would it be possible to report what
> >>viruses (names) are not being detected by ClamAV,
> >>instead of submitting a sample?
> >>
> >>We have Symantec Corporate Ed AV running on
> >>all workstations and it blocks those files
> >>from even saving to any pc. I have the logs
> >>which says that
> >>
> >>[EMAIL PROTECTED]
> >>[EMAIL PROTECTED]
> >>[EMAIL PROTECTED]
> >>[EMAIL PROTECTED]



> >>ClamAV works perfectly fine with other
> >>viruses though, like those "SomeFool" viruses.
> >>

This is a direct contradiction.

> he said: those virusses are caught by norton on workstations,
> clamav didn't catch them on the mailserver. Given that the workstations
> received them by mail.
>
> Niek Baakman

I understand that.  What i dont understand is that he basically said,
"Somefool is not getting detected by clamav but clamav works fine with other
viruses like somefool".

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Fajar A. Nugraha]

Mike van Vugt wrote:

Edit the file to make sure it's appropriately configured. Make sure you look
at the very top of the file.  There's a line that contains "Example" that must
be uncommented or you'll get the "Please edit..." message.
   

Hmmm, second time reading this email I noticed something wrong here.
It should be "commented" ( or removed ), instead of "uncommented".
Edited them both and stil get the same message. 

Again, for your setup it's /etc/clamav/clamav.conf

Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ClamAV and SYSERR?

[Steven Stern]

On Fri, 9 Apr 2004 17:16:59 +0200, Gert Doering <[EMAIL PROTECTED]> wrote:

>Hi,
>
>(I hope I got the e-mail right - the archives omit the e-mail addresses,
>so I had to do some googling and guessing)
>
>I googled your mail to the clamav users list a few weeks ago:
>
>- snip --
>I've installed clam 0.70RC and clam-mailter 0.70RC from the RPMs onto a system
>running Fedora Core 1 with sendmail 8.12.10.
>[..]
>At the same time in /var/log/maillog
>
>Mar 19 13:32:07 ciscy sm-msp-queue[17080]: starting daemon (8.12.10):
>[EMAIL PROTECTED]:00:00
>Mar 19 13:37:19 ciscy sendmail[17107]: i2JJbJF6017107: SYSERR(root): out of
>memory: Cannot allocate memory
>- snip --
>
>This is very similar to what I get on NetBSD 1.6.2 with sendmail 8.12.10 
>and clamav-0.66 - most of the time it works fine, but occasionally it 
>will produce these SYSERR's in response to virus e-mails (never in
>response to "clean" e-mails).
>
>Apr  9 16:44:54 kirk sendmail[12546]: i39Eirxe012546: SYSERR(root): out of memory: 
>Cannot allocate memory
>Apr  9 16:48:51 kirk sendmail[12611]: i39Emmxe012611: SYSERR(root): out of memory: 
>Cannot allocate memory
>
>so now I hope that you found a solution to this, and can share it with
>me... :-)
>
>kind regards,
>
>gert

I've copied your message to the list.  I've cc'd  your personal address, but
if you reply, reply to the list, not to me.  Let's keep the conversation
there.  Thanks.

Looking through my outbox it appears that I had mis-set the location of the
clamd.sock file.  I wrote "The sock file was defined with one name in
sendmail.mc and another in the configuration file for the milter itself. I
made them the same and sendmail is happy."
--
   Steve
   


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Fajar A. Nugraha]

Mike van Vugt wrote:

Keep getting the message below over and over again. 

[EMAIL PROTECTED] root]# /usr/local/sbin/clamd
ERROR: Please edit the example config file /etc/clamav//clamav.conf.
ERROR: Can't open/parse the config file /etc/clamav//clamav.conf
[EMAIL PROTECTED] root]#
 

Edit the file to make sure it's appropriately configured. Make sure you look
at the very top of the file.  There's a line that contains "Example" that must
be uncommented or you'll get the "Please edit..." message.
   

found two entrie of clamav.conf :

]# locate clamav.conf
/home/mike/clamav/clamav-0.68/etc/clamav.conf
/etc/clamav/clamav.conf
 


Edited them both and stil get the same message. 

since you do

 * ./configure --sysconfdir=/etc/clamav

then the one you should edit is /etc/clamav/clamav.conf
Examine that file again. Perhaps the Example line is still uncommented.
in my /etc/rc.d/init.d/
 

You won't have that if you compile from source.

there is no clamav Maby thats the problem ??? and if it is howto fix
that ???
 

If you still have problems, than for beginners, I would suggest either :
1.   install RPM or deb packages.
Usually they have latest STABLE versions. However, for clamav usually many
problems were solved in CVS snapshot versions.
OR,

2. use my prebuilt clamav linux static binary (built from CVS snapshot)
-   grab 
http://clamav.or.id/snapshot/clamav-devel-latest.linux-static.tar.gz
-   unpack it
   gunzip -c clamav-devel-latest.linux-static.tar.gz | ( cd / ; tar xvf - )
   this will put files in /usr/local/etc, /usr/local/bin, 
/usr/local/sbin, and /usr/local/share/clamav
-  create symlinks
   in /usr/local/bin, delete the files freshclam, sigtool, clamdscan, 
and clamscan if exists.
   create links :
   ln -s clamscan-static clamscan; ln -s clamdscan-static clamdscan;
   ln -s sigtool-static sigtool; ln -s freshclam-static freshclam;
   in /usr/local/sbin, delete the files clamd and clamav-milter if exists.
   create links :
  ln -s clamd-static clamd; ln -s clamav-milter-static clamav-milter;
   in /usr/local/etc, copy the file clamav.conf.milter.linux to clamav.conf
-   run freshclam
-   copy /usr/local/share/clamav/clamd.init to /etc/init.d/clamd
-   run /usr/local/sbin/clamd or execute `service clamd start`

You should now have a fully-functional clamav (and clamd), which runs as 
root.
If the above steps work, you can experiment whatever you want afterwards
(customize clamav.conf, runs clamd as different user, compile your own, 
etc.)

Regards,

Fajar

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] submitting samples (name instead?)

[Niek]

Jim Maul wrote:


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Henry
Harvey
Sent: Friday, April 09, 2004 10:16 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] submitting samples (name instead?)
Would it be possible to report what
viruses (names) are not being detected by ClamAV,
instead of submitting a sample?
We have Symantec Corporate Ed AV running on
all workstations and it blocks those files
from even saving to any pc. I have the logs
which says that
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
are still being delivered to workstations.
Meaning they were not stopped by ClamAV.
A search on the database of ClamAV results
with nothing with those same variants.
ClamAV works perfectly fine with other
viruses though, like those "SomeFool" viruses.


Being the NetSky _IS_ SomeFool, i wonder what your saying here.  If they are
being blocked, how are they being detected by symantec?
he said: those virusses are caught by norton on workstations,
clamav didn't catch them on the mailserver. Given that the workstations
received them by mail.
Niek Baakman

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Steven Stern]

On Fri, 09 Apr 2004 16:11:49 +0200, Mike van Vugt <[EMAIL PROTECTED]> wrote:

>Op vr 09-04-2004, om 15:44 schreef Steven Stern:
>> On Fri, 09 Apr 2004 13:28:29 +0200, Mike van Vugt <[EMAIL PROTECTED]> wrote:
>> 
>> >Hello,
>> >
>> >Keep getting the message below over and over again. I am new to Linux
>> >and having a hard time to get this working. I want to uninstall Clamav
>> >and start over again. Can anyone tell me how to uninstall???
>> >
>> >Regards,
>> >
>> >Mike
>> >
>> >[EMAIL PROTECTED] root]# /usr/local/sbin/clamd
>> >ERROR: Please edit the example config file /etc/clamav//clamav.conf.
>> >ERROR: Can't open/parse the config file /etc/clamav//clamav.conf
>> >[EMAIL PROTECTED] root]#
>> >
>> 
>> First, locate where clamav.conf really is.  Make a note of it. Then, edit
>> /etc/rc.d/init.d/clamav and make sure it's pointing to the real clamav.conf
>> file.  
>> 
>> Edit the file to make sure it's appropriately configured. Make sure you look
>> at the very top of the file.  There's a line that contains "Example" that must
>> be uncommented or you'll get the "Please edit..." message.
>> --
>>Steve
>
>found two entrie of clamav.conf :
>
>]# locate clamav.conf
>/home/mike/clamav/clamav-0.68/etc/clamav.conf
>/etc/clamav/clamav.conf
>[EMAIL PROTECTED] clamav-0.68]#
>
>Edited them both and stil get the same message. in my /etc/rc.d/init.d/
>there is no clamav Maby thats the problem ??? and if it is howto fix
>that ???
>
>Regards,
>
>Mike
>
How does clamd get started on your system?  Somewhere, there's a file that
controls its startup and that can override the compiled-in location for
clamav.conf.


--
   Steve
   


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] submitting samples (name instead?)

[Tomasz Papszun]

On Fri, 09 Apr 2004 at  7:15:54 -0700, Henry Harvey wrote:
> 
> [EMAIL PROTECTED]
[...]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> 
> A search on the database of ClamAV results
> with nothing with those same variants.

Tip:
search archives of clamav-virusdb mailing list.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]  | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] submitting samples (name instead?)

[Jim Maul]

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Henry
> Harvey
> Sent: Friday, April 09, 2004 10:16 AM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] submitting samples (name instead?)
>
>
> Would it be possible to report what
> viruses (names) are not being detected by ClamAV,
> instead of submitting a sample?
>
> We have Symantec Corporate Ed AV running on
> all workstations and it blocks those files
> from even saving to any pc. I have the logs
> which says that
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> are still being delivered to workstations.
> Meaning they were not stopped by ClamAV.
>
> A search on the database of ClamAV results
> with nothing with those same variants.
>
> ClamAV works perfectly fine with other
> viruses though, like those "SomeFool" viruses.
>


Being the NetSky _IS_ SomeFool, i wonder what your saying here.  If they are
being blocked, how are they being detected by symantec?

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] wbmclamav

[Henry Harvey]

I just found this utility
wbmclamav
http://wbmclamav.labs.libre-entreprise.org/
A webmin utility for ClamAV
to manage quaratined emails, etc.
It's still in Alpha stage though according
to Freshmeat.

Anyone tried this? The features are neat
and just what I wanted.

__
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Hanford, Seth]

> [EMAIL PROTECTED] root]# /usr/local/sbin/clamd
> ERROR: Please edit the example config file /etc/clamav//clamav.conf.
> ERROR: Can't open/parse the config file /etc/clamav//clamav.conf
 ^^
This should only be 1
slash, yes?

Perhaps there's a setting where you've specified 1 too many /'s.

*** Also, the line called Example must be commented out for the file to run.
It's in the first 5 or so lines of clamav.conf.

HTH,
Seth



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] submitting samples (name instead?)

[Antony Stone]

On Friday 09 April 2004 3:15 pm, Henry Harvey wrote:

> Would it be possible to report what
> viruses (names) are not being detected by ClamAV,
> instead of submitting a sample?

That isn't much use, since without a sample we can't generate a signature.

> We have Symantec Corporate Ed AV running on
> all workstations and it blocks those files
> from even saving to any pc. I have the logs
> which says that
>
> [EMAIL PROTECTED]
ClamAV calls that one Worm.SomeFool.P
> [EMAIL PROTECTED]
I've never seen that oen - don't know what ClamAV calls it
> [EMAIL PROTECTED]
ClamAV calls that one Worm.SomeFool.Gen-1
> [EMAIL PROTECTED]
I haven't seen that one here
> [EMAIL PROTECTED]
ClamAV calls that oen Worm.SCO.A
> [EMAIL PROTECTED]
ClamAV calls that one Trojan.Dropper.C

> are still being delivered to workstations.
> Meaning they were not stopped by ClamAV.

In that case there must be some problenm with your MTA/ClamAV setup, since 
mine is detecting them fine here (an old version of ClamAV running under an 
old version of MailScanner).

> A search on the database of ClamAV results
> with nothing with those same variants.

Have you *read* any of the postings recently about virus names and different 
A-V vendors' inconsistencies!?

> ClamAV works perfectly fine with other viruses though, like those "SomeFool"
> viruses.

Good.

> Can I just report those names with no samples?

(a) you already did

(b) without a sample we can't add anything to the signatures' list - it's not 
like you just have to know someone else's name for a virus and you can 
automagically detect it.

Regards,

Antony.

-- 
The idea that Bill Gates appeared like a knight in shining armour to lead all 
customers out of a mire of technological chaos neatly ignores the fact that 
it was he who, by peddling second-rate technology, led them into it in the 
first place.

 - Douglas Adams in The Guardian, 25th August 1995

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Tomasz Papszun]

On Fri, 09 Apr 2004 at 15:35:40 +0200, Mike van Vugt wrote:
[...]
> User clamav
> ScanMai
 ^ ?!
Is this the exact quote (ScanMai instead of ScanMail)? Or a typo only in
this message?

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]  | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] submitting samples (name instead?)

[Henry Harvey]

Would it be possible to report what
viruses (names) are not being detected by ClamAV,
instead of submitting a sample?

We have Symantec Corporate Ed AV running on
all workstations and it blocks those files 
from even saving to any pc. I have the logs
which says that

[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]

are still being delivered to workstations.
Meaning they were not stopped by ClamAV.

A search on the database of ClamAV results
with nothing with those same variants.

ClamAV works perfectly fine with other
viruses though, like those "SomeFool" viruses.

Can I just report those names with no samples?
Those names were from Symantec AV.

__
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Mike van Vugt]

Op vr 09-04-2004, om 15:44 schreef Steven Stern:
> On Fri, 09 Apr 2004 13:28:29 +0200, Mike van Vugt <[EMAIL PROTECTED]> wrote:
> 
> >Hello,
> >
> >Keep getting the message below over and over again. I am new to Linux
> >and having a hard time to get this working. I want to uninstall Clamav
> >and start over again. Can anyone tell me how to uninstall???
> >
> >Regards,
> >
> >Mike
> >
> >[EMAIL PROTECTED] root]# /usr/local/sbin/clamd
> >ERROR: Please edit the example config file /etc/clamav//clamav.conf.
> >ERROR: Can't open/parse the config file /etc/clamav//clamav.conf
> >[EMAIL PROTECTED] root]#
> >
> 
> First, locate where clamav.conf really is.  Make a note of it. Then, edit
> /etc/rc.d/init.d/clamav and make sure it's pointing to the real clamav.conf
> file.  
> 
> Edit the file to make sure it's appropriately configured. Make sure you look
> at the very top of the file.  There's a line that contains "Example" that must
> be uncommented or you'll get the "Please edit..." message.
> --
>Steve

found two entrie of clamav.conf :

]# locate clamav.conf
/home/mike/clamav/clamav-0.68/etc/clamav.conf
/etc/clamav/clamav.conf
[EMAIL PROTECTED] clamav-0.68]#

Edited them both and stil get the same message. in my /etc/rc.d/init.d/
there is no clamav Maby thats the problem ??? and if it is howto fix
that ???

Regards,

Mike



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Use of CLAMAV as Corporate Antivirus

[Antony Stone]

On Friday 09 April 2004 3:03 pm, Keith Patton wrote:

> Fajar A. Nugraha wrote:
> >
> > ClamWin seems like a good program, Alex. Can you modify it so that it
> > could connect to a remote clamd server?
> > Possibly as an option.
> > The distributed clamav.exe on clamav source's contrib directory does
> > that.
> > That would elliminate the need to setup update on every client.
> > This could increase local network traffic, but if it implemented as an
> > option than admins
> > can choose whether they want central or distributed scanning engine.
>
> I would like this option for clamav as well..  I have multiple mail
> gateways all over the world and  would like to update a internal master
> and the rest update from it.

Surely your mail gateway systems around the Internet can do this already?   
You can point them all to a central server you run, and have them update 
themselves from there.

The option being discussed above was for ClamWIN to do the same thing, on 
windows client machines.

Regards,

Antony.

-- 
"The future is already here.   It's just not evenly distributed yet."

 - William Gibson

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Use of CLAMAV as Corporate Antivirus

[Keith Patton]

Fajar A. Nugraha wrote:

Alex Cherney wrote:

Sergey wrote:

Yesterday I download ClamWin and install it on windows client
successfully. Now I would like to ask how I can use the virus database
of server machine on Windows Clients so that I have to download latest
virus definitions on server only.



Well, currently ClamWin uses database mirror "database.clamav.net" 
hardcoded. I will add it to the ClamWin.conf as a parameter so it is 
possible to repoint to a local server.
I don't think this needs to be configurable in the GUI, possibly 
having setup to use properties from ClamWin.conf (residing in the 
same folder where setup.exe is) at the time of installation would 
suffice.

ClamWin seems like a good program, Alex. Can you modify it so that it 
could connect to a remote clamd server?
Possibly as an option.
The distributed clamav.exe on clamav source's contrib directory does 
that.
That would elliminate the need to setup update on every client.
This could increase local network traffic, but if it implemented as an 
option than admins
can choose whether they want central or distributed scanning engine.

Regards,

Fajar
I would like this option for clamav as well..  I have multiple mail 
gateways all over the world and  would like to update a internal master 
and the rest update from it.

regards,
Keith


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Antony Stone]

On Friday 09 April 2004 2:35 pm, Mike van Vugt wrote:

> My Steps
>
> groupadd clamav
> useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
>
> tar xzvf clamav-versie.tar.gz
>   * cd clamav-versie
>   * ./configure --sysconfdir=/etc/clamav
>   * make
>   * als root: make install
>   * als root: touch /var/log/clamd.log
>   * als root: chown clamav:root /var/log/clamd.log
>   * als root: mkdir /var/run/clamd
>   * als root: chown clamav:root /var/run/clamd

That all seems perfectly sensible, and I don't see a need to uninstall.

Simply do what the error message tells you to, and you should get a working 
system.

ERROR: Please edit the example config file /etc/clamav/clamav.conf.

Regards,

Antony.

-- 
This email is intended for the use of the individual addressee(s) named above 
and may contain information that is confidential, privileged or unsuitable 
for overly sensitive persons with low self-esteem, no sense of humour, or 
irrational religious beliefs.

If you have received this email in error, you are required to shred it 
immediately, add some nutmeg, three egg whites and a dessertspoonful of 
caster sugar.   Whisk until soft peaks form, then place in a warm oven for 40 
minutes.   Remove promptly and let stand for 2 hours before adding some 
decorative kiwi fruit and cream.   Then notify me immediately by return email 
and eat the original message.

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Steven Stern]

On Fri, 09 Apr 2004 13:28:29 +0200, Mike van Vugt <[EMAIL PROTECTED]> wrote:

>Hello,
>
>Keep getting the message below over and over again. I am new to Linux
>and having a hard time to get this working. I want to uninstall Clamav
>and start over again. Can anyone tell me how to uninstall???
>
>Regards,
>
>Mike
>
>[EMAIL PROTECTED] root]# /usr/local/sbin/clamd
>ERROR: Please edit the example config file /etc/clamav//clamav.conf.
>ERROR: Can't open/parse the config file /etc/clamav//clamav.conf
>[EMAIL PROTECTED] root]#
>

First, locate where clamav.conf really is.  Make a note of it. Then, edit
/etc/rc.d/init.d/clamav and make sure it's pointing to the real clamav.conf
file.  

Edit the file to make sure it's appropriately configured. Make sure you look
at the very top of the file.  There's a line that contains "Example" that must
be uncommented or you'll get the "Please edit..." message.
--
   Steve
   


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Mike van Vugt]

Op vr 09-04-2004, om 14:49 schreef Daniel J McDonald:
> On Fri, 2004-04-09 at 06:28, Mike van Vugt wrote:
> > Hello,
> > 
> > Keep getting the message below over and over again. 
> 
> Have you edited /etc/clamav/clamav.conf?  Lots of important things there
> you need to set up.
> 
> > I am new to Linux
> > and having a hard time to get this working. I want to uninstall Clamav
> > and start over again. Can anyone tell me how to uninstall???
> 
> How did you install it the first time?  If you used an RPM - just 
> # rpm -e clamav
> If you installed from source, then you'll have to hunt down the pieces
> and pull them out.

My Steps

groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

tar xzvf clamav-versie.tar.gz
  * cd clamav-versie
  * ./configure --sysconfdir=/etc/clamav
  * make
  * als root: make install
  * als root: touch /var/log/clamd.log
  * als root: chown clamav:root /var/log/clamd.log
  * als root: mkdir /var/run/clamd
  * als root: chown clamav:root /var/run/clamd

LogFile /var/log/clamd.log
LogFileMaxSize 2M
LogSyslog
PidFile /var/run/clamd/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamd/clamd.socket
TCPAddr 127.0.0.1
StreamSaveToDisk
StreamMaxLenght 10M
User clamav
ScanMai

Regards,

Mike




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Nigel Horne]

On Friday 09 Apr 2004 12:28 pm, Mike van Vugt wrote:

> ERROR: Please edit the example config file /etc/clamav//clamav.conf.

Have you done what it tells you to do yet? Namely edit the file 
/etc/clamav/clamav.conf.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Use of CLAMAV as Corporate Antivirus

[Alex Cherney]

Fajar A. Nugraha wrote:

Alex Cherney wrote:


Well, currently ClamWin uses database mirror "database.clamav.net" 
hardcoded. I will add it to the ClamWin.conf as a parameter so it is 
possible to repoint to a local server.
I don't think this needs to be configurable in the GUI, possibly 
having setup to use properties from ClamWin.conf (residing in the same 
folder where setup.exe is) at the time of installation would suffice.

ClamWin seems like a good program, Alex. Can you modify it so that it 
could connect to a remote clamd server?
Possibly as an option.
The distributed clamav.exe on clamav source's contrib directory does that.
That would elliminate the need to setup update on every client.
This could increase local network traffic, but if it implemented as an 
option than admins
can choose whether they want central or distributed scanning engine.

Regards,

Fajar
Tomasz Kojm wrote:
>
> In windows all options should be configurable in the GUI, IMHO.
>
Fajar, thanks for the suggestions and I agree with Tomasz. I need to 
think how to do that in the UI so that an ordinary user (as far I 
understand - the target audience) is not overwhelmed with number of 
options.

I have seen some software products perceived too complex by users just 
because they offer too much configuration. As well as I need to find 
time to do that :(.

Regards,
Alex


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Cleaning MBOX files?

[Jim Maul]

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Jack
> London Networks
> Sent: Thursday, April 08, 2004 6:47 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Cleaning MBOX files?
>
>
> If I use the --remove flag, it removes the whole mailbox file, not just
> the infected message.  Glad I tested on a copy of an infected mailbox
> and not the real thing! :)
>
> I'm looking at the other solutions proposed, but they're going to take
> more work, obviously..and I don't think that it'll be something that
> I can run automatically every night on all the mail folders.
>
> *sigh*
>
> -bob


Thats because the example given (qmail) uses maildir, not mbox.  In the
qmail case it would only remove the infected message.  In the mbox
case...wellyou know what happens.

Jim



>
> Lloyd Albin wrote:
>
> >If you want to scan all mailboxes the following command is what I use to
> >do a manual scan. This example is for qmail with vpopmail.
> >
> >clamscan -r /home/vpopmail/domains --mbox -i --remove
> >
> >If you want to scan an individual domain use
> >
> >clamscan -r /home/vpopmail/domains/sampledomain.com --mbox -i --remove
> >
> >Or if you want to scan an individual account use
> >
> >clamscan -r /home/vpopmail/domains/sampledomain.com/username --mbox -i
> >--remove
> >
> >You must use clamscan because it will not timeout which the clamdscan
> >will.
> >
> >-Lloyd
> >
> >
> >
>
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Joe Maimon]

Daniel J McDonald wrote:

On Fri, 2004-04-09 at 06:28, Mike van Vugt wrote:
 

Hello,

Keep getting the message below over and over again. 
   

Have you edited /etc/clamav/clamav.conf?  Lots of important things there
you need to set up.
 

I am new to Linux
and having a hard time to get this working. I want to uninstall Clamav
and start over again. Can anyone tell me how to uninstall???
   

How did you install it the first time?  If you used an RPM - just 
# rpm -e clamav
If you installed from source, then you'll have to hunt down the pieces
and pull them out.

 

I would imagine, since this is an automake'd package, you could do make 
uninstall



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[ThistleAir Computing]

Mike van Vugt <[EMAIL PROTECTED]> wrote:Hello,

Keep getting the message below over and over again. I
am new to Linux
and having a hard time to get this working. I want to
uninstall Clamav
and start over again. Can anyone tell me how to
uninstall???

Regards,

Mike

[EMAIL PROTECTED] root]# /usr/local/sbin/clamd
ERROR: Please edit the example config file
/etc/clamav//clamav.conf.
ERROR: Can't open/parse the config file
/etc/clamav//clamav.conf
[EMAIL PROTECTED] root]#



Mike,

How did you install ClamAV - was it via a precompiled
package (.rpm / .deb) or compiled from source?

Rgds,

Andy


=
ICQ: 316406440
MSN: thistleaircomputing
AIM: thistlecomputing
Y!: thistleaircomputing






Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf

[Daniel J McDonald]

On Fri, 2004-04-09 at 06:28, Mike van Vugt wrote:
> Hello,
> 
> Keep getting the message below over and over again. 

Have you edited /etc/clamav/clamav.conf?  Lots of important things there
you need to set up.

> I am new to Linux
> and having a hard time to get this working. I want to uninstall Clamav
> and start over again. Can anyone tell me how to uninstall???

How did you install it the first time?  If you used an RPM - just 
# rpm -e clamav
If you installed from source, then you'll have to hunt down the pieces
and pull them out.

-- 
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Violation of the GPL ?

[Krištof Petr]

Tomasz Kojm wrote:

On Thu, 8 Apr 2004 01:06:27 -0400
"Brian Bruns" <[EMAIL PROTECTED]> wrote:
 

Regardless of what ClamAV is licensed as, is the database being
published under the GPL as well?  Is it public domain?
We've run into very similar type questions with the AHBL stuff - what
are we going to publish our database information as?  Our standard
license is either GPL or BSD.  Now, there is a difference between the
AHBL and the ClamAV database - the AHBL database was pretty much
completely constructed by me, and as I own the SOSDG/AHBL, I also own
the database, so I can decide alone, or delegate that decision to
someone else in my group, on what it will be released as.
However, there is alot more people working on ClamAV and its database
then just one group - so who technically owns the ClamAV virus
database?
   

The database is partially owned by the OpenAV team (in this case
represented by Kurt Huwig) because it includes about 4500 signatures
from then and by ClamAV (represented by me).
What about replacing Kurt's virus signatures by your own and release 
virus database under licence you like?
This will make situation clear.
Petr



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav.conf

[Mike van Vugt]

Hello,

Keep getting the message below over and over again. I am new to Linux
and having a hard time to get this working. I want to uninstall Clamav
and start over again. Can anyone tell me how to uninstall???

Regards,

Mike

[EMAIL PROTECTED] root]# /usr/local/sbin/clamd
ERROR: Please edit the example config file /etc/clamav//clamav.conf.
ERROR: Can't open/parse the config file /etc/clamav//clamav.conf
[EMAIL PROTECTED] root]#




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Trouble compiling clamav-latest..

[Fajar A. Nugraha]

turgut kalfaoglu wrote:

Hi there - I seem to have much trouble compiling last night's 
snapshot. I checked, and I have automake 1.8 installed, and yet I get 
this complaint during make :

(...)
creating sigtool
make[2]: Leaving directory 
`/export/home/turgut/sunos/clamav-devel-20040407/sigtool'
Making all in database
make[2]: Entering directory 
`/export/home/turgut/sunos/clamav-devel-20040407/database'
cd .. && \
 /bin/bash /usr/users/turgut/sunos/clamav-devel-20040407/missing --run 
automake-1.6 --gnu  database/Makefile
aclocal.m4:4200: version mismatch.  This is Automake 1.6, but aclocal.m4
aclocal.m4:4200: was generated for Automake 1.6.1.  You should recreate
aclocal.m4:4200: aclocal.m4 with aclocal and run automake again.
Try moving (or removing) the file /usr/bin/automake-1.6 on your system.
It will then issue a warning instead of error, but the build will work.
Latest snapshot builds OK on linux. See http://clamav.or.id/snapshot/.
Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] sendmail - viruses not cleaned

[Spades]

heya,

Just installed clamav-0.70-rc with ScanMail option enabled.
i'm running sendmail 8.12.11 on a FreeBSD 4.9stable and
all the user mailboxes are in /var/mail, not in their homedir.

The clamd and freshclam daemon is running by clamav.

How come the emails are still attached with viruses, not cleaned?

Please help,  tks.

--

# Uncomment this option if you are planning to scan mail files.
ScanMail

(process)
clamav80023  0.0  8.2 21532 20448  ??  Ss6:52PM   0:00.02 clamd
clamav80113  0.0  0.5  2208 1216  ??  Is6:59PM   0:00.16
freshclam -d



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Use of CLAMAV as Corporate Antivirus

[Fajar A. Nugraha]

Alex Cherney wrote:

Sergey wrote:

Yesterday I download ClamWin and install it on windows client
successfully. Now I would like to ask how I can use the virus database
of server machine on Windows Clients so that I have to download latest
virus definitions on server only.


Well, currently ClamWin uses database mirror "database.clamav.net" 
hardcoded. I will add it to the ClamWin.conf as a parameter so it is 
possible to repoint to a local server.
I don't think this needs to be configurable in the GUI, possibly 
having setup to use properties from ClamWin.conf (residing in the same 
folder where setup.exe is) at the time of installation would suffice.

ClamWin seems like a good program, Alex. Can you modify it so that it 
could connect to a remote clamd server?
Possibly as an option.
The distributed clamav.exe on clamav source's contrib directory does that.
That would elliminate the need to setup update on every client.
This could increase local network traffic, but if it implemented as an 
option than admins
can choose whether they want central or distributed scanning engine.

Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Use of CLAMAV as Corporate Antivirus

[Tomasz Kojm]

On Fri, 09 Apr 2004 14:30:24 +1000
Alex Cherney <[EMAIL PROTECTED]> wrote:

> > Can you use samba on server ? If yes, you can share /var/lib/clamav
> > in read-only, I think...
> > 
> Well, currently ClamWin uses database mirror "database.clamav.net" 
> hardcoded. I will add it to the ClamWin.conf as a parameter so it is 
> possible to repoint to a local server.
> I don't think this needs to be configurable in the GUI, possibly
> having setup to use properties from ClamWin.conf (residing in the same
> folder where setup.exe is) at the time of installation would suffice.

In windows all options should be configurable in the GUI, IMHO.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Apr  9 12:24:27 CEST 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Cleaning MBOX files?

[Tomasz Kojm]

On Fri, 9 Apr 2004 00:01:42 -0400 (EDT)
jef moskot <[EMAIL PROTECTED]> wrote:

> Is there no way to get Clam to report which message the infected file
> (or at least the FIRST infected file) is in?  Or does that add too
> much overhead?  Someone once suggested turning verbose mode on, but
> that still didn't help to pin down specific messages.

You may try with clamscan -m --debug

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Fri Apr  9 12:23:00 CEST 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Re: Clamav-0.70-rc missed email messages

[Mimmus]

I had same problem.
Read 'Some viruses go through' thread dated 5-apr.
Solved in CVS.

Mimmus





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd protocol

[Przemyslaw Wegrzyn]

On Thursday 08 of April 2004 02:11, Tomasz Kojm wrote:
> On Wed, 7 Apr 2004 01:57:23 +0200
>
> For a "very simple mail scanner" the (b) solution seems to be the best
> IMHO.

Well, anyway it would be great, if someday ClamAV distribution includes 
something like "libclamdclient". Looking at clamdscan sources, it's an easy 
task, IMHO.

Best Regards,
Przemyslaw


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users