[Clamav-users] Japanese Documentation

2004-04-16 Thread proc 
Hi,

I've updated my Japanese documentation for adjusting current clamav 
version.
Old one (also I wrote on Aug 2002) on www.clamav.net and
clamav-xx/docs/Japanese/* is too old and useless.
please replace it.

current japanese doc is here.
http://homepage.mac.com/proc/clamav.html
--
Masaki Ogawa
[EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] x86_64 install

2004-04-16 Thread NateDog 
Hello,
  Has anyone successfully compiled (version 70 - stable) on a SuSE 9 x86_64
architecture or any x86_64 distrobution architecture for that matter?
Quoted from the ClamAV site:

"Clam AntiVirus is prepared for the installation on the following operating
systems / architectures (tested platforms in brackets):
GNU/Linux - all versions and platforms"

I'm trying to compile after running the config script (with no errors that I
could see) and I get this at the end after running make:

*** Warning: linker path does not have real file for library -lgmp.
*** I have the capability to make that library automatically link in when
*** you link to this library.  But I can only do this if you have a
*** shared version of the library, which you do not appear to have
*** because I did check the linker path looking for a file starting
*** with libgmp and none of the candidates passed a file format test
*** using a file magic. Last file checked: /lib/libz.so.1.1.4
*** The inter-library dependencies that have been dropped here will be
*** automatically added whenever a program is linked with this library
*** or is declared to -dlopen it.
gcc -shared  matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo
scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo
zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo
strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo  -lz
/usr/lib/libbz2.so -lpthread  -Wl,-soname -Wl,libclamav.so.1 -o
libs/libclamav.so.1.0.3
/usr/lib/libbz2.so: could not read symbols: Invalid operation
collect2: ld returned 1 exit status
make[2]: *** [libclamav.la] Error 1
make[2]: Leaving directory
`/home/natedog/Downloads/ClamAV/clamav-0.70-rc/libclamav'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/natedog/Downloads/ClamAV/clamav-0.70-rc'
make: *** [all] Error 2


SoI know that most of the libraries are in directories specific to
the 64 bit platform like /usr/lib64 etc etc.  So neways...my question
isis there a way to work around thismaybe a soft link or
something?  Or am I just missing a normal library that should be there and
has nothing to do with the 64 bit architecture?

P.S.  This is the second time I've sent this because come to find out my
first one was sent as HTML - sorry.

--
Nathan Peters


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] freshclam PID file .... no where to be found

2004-04-16 Thread Jim Maul 



 

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of 
  [EMAIL PROTECTED]Sent: Friday, April 16, 2004 4:45 
  PMTo: [EMAIL PROTECTED]Subject: 
  [Clamav-users] freshclam PID file  no where to be 
  found
  I have tried: /etc/freshclam.conf PidFile /var/run/pid.file and freshclam -d --config-file=/etc/freshclam.conf 
  --pid=/var/run/pid.file --- But I can't get 
  a freshclam to create a PID file.  Anyone else 
  seen this? 
   
   
   
Does freshclam have permissions to write to 
/var/run?
 
Jim 

[Clamav-users] freshclam PID file .... no where to be found

2004-04-16 Thread BTrout 

I have tried:


/etc/freshclam.conf

PidFile /var/run/pid.file


and 


freshclam -d --config-file=/etc/freshclam.conf
--pid=/var/run/pid.file

---

But I can't get a freshclam to create
a PID file.




Anyone else seen this?

RE: [Clamav-users] Problems with clamav and qmailscanner

2004-04-16 Thread Jim Maul 



 

  -Original 
  Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of 
  Administrador da RedeSent: Friday, April 16, 2004 3:19 
  PMTo: >Subject: [Clamav-users] Problems with clamav 
  and qmailscanner
  I have a qmail system with clamav e qmailscanner. it seems 
  functioning normaly, but I'm having trouble because netsky virus is comin from 
  messages.
   
   
  Some on can help -me? 
   
try 
 
[EMAIL PROTECTED] bin]# sigtool -l|grep 
SomeFool
 
 
if you do 
not get the same output as below:
Worm.SomeFool.Gen-unpWorm.SomeFool.OWorm.SomeFool.PWorm.SomeFool.P-dllWorm.SomeFool.QWorm.SomeFool.NWorm.SomeFool.RWorm.SomeFool.Q.2Exploit.HTML.SomeFool.VWorm.SomeFoolWorm.SomeFool.BWorm.SomeFool.B.2Worm.SomeFool.DWorm.SomeFool.EWorm.SomeFool.FWorm.SomeFool.Gen-1Worm.SomeFool.Gen-2Worm.SomeFool.IWorm.SomeFool.KWorm.SomeFool.LWorm.SomeFool.M  
 
Then you have outdated virus definitions.  Make 
sure freshclam is running and that it is saving the database definitions in the 
same place that clamav is looking for them.
 
If 
your output is the same as above then there most likely is a configuration 
problem.  In this case we would need to know more information about your 
setup.
 
Jim 

[Clamav-users] FreshClam and Proxy Settings...

2004-04-16 Thread Anthony Presley 
Hi all --

I've downloaded and installed ClamAV .7 on my server, and it works
really well.  All except freshclam, that is.

I've created /etc/freshclam.conf (after copying from the distributed
file and editing), and changed the server and port settings to read:

HTTPProxyServer 192.168.2.4
HTTPProxyPort 3128

Which doesn't appear to work.  However, these ARE the settings that the
rest of the network uses, as does the server for reading mail and doing
ftp and http transfers (lynx or links).

I can do an nslookup from the box for the database.clamav.net.  However,
when I run freshclam from the command line, all I get is:

ClamAV update process started at Fri Apr 16 16:10:47 2004
ERROR: Can't connect to port 80 of host database.clamav.net
(65.75.154.69)
ERROR: Connection with database.clamav.net (IP: 65.75.154.69) failed.
Trying again...
ClamAV update process started at Fri Apr 16 16:13:57 2004

This proceeds onward for some time.  However, if I power up links on the
same box, I CAN get to those IP's using those same ports (80?).

I'm not using user based authentication on the proxy, just by IP, which
works well.  Lastly  neither freshclam nor clamscan seem to use the
log files, which are:

-rw---1 clamav   root0 Apr 14 15:24 clamd.log
-rw---1 clamav   root0 Apr 14 15:23 freshclam.log

Following is my /etc/freshclam.conf file (comments removed):

UpdateLogFile /var/log/freshclam.log
LogVerbose
DatabaseMirror database.clamav.net
MaxAttempts 3
Checks 12
HTTPProxyServer 192.168.2.4
HTTPProxyPort 3128

What do I need to do to get this to work?

Thanks.

--Anthony


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems with clamav and qmailscanner

2004-04-16 Thread Administrador da Rede 



I have a qmail system with clamav e qmailscanner. it seems 
functioning normaly, but I'm having trouble because netsky virus is comin from 
messages.
 
 
Some on can help 
-me?

RE: [Clamav-users] clamd segfault

2004-04-16 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Bill Pitz
> Sent: Friday, April 16, 2004 12:10 PM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] clamd segfault
>
>
> I've had an occasional problem with clamd segfaulting.  The basics of my
> system are as follows:
>
> Red Hat Linux 9 / 2.4.25 kernel
> Sendmail 8.12.11
> clamav-0.68 + clamav-milter
>

If not already stated already, i'll be the first and suggest an upgrade to
the latest cvs.  There have been significant bugfixes since 0.68.

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Update: clamav-milter child process issues

2004-04-16 Thread Mike Lambert 
On Wed, 14 Apr 2004, I wrote:

> On Fri, 9 Apr 2004, I wrote:
>
> > I have been running ClamAV version devel-20040405 for three days without
> > issue, until this morning.
>
> Actually, clamav-milter had been running for about 28 hours before the
> start of the errors.
>
> > Now, for each virus rejected, the following
> > entry appears in the syslog:
> >
> > /kernel: pid 72343 (clamav-milter), uid 3001: exited on signal 11
> >
> > These appear to be from children as the parent proccess continues to
> > run. All else appears normal.
> >
> > System info:
> > FreeBSD 4.9-RELEASE-p2
> > clamd / ClamAV version devel-20040405
> > ClamAV version devel-20040405, clamav-milter version 0.70g
> >
> > # ps ax | grep clam
> > 17139  ??  Is 0:00.07 /usr/local/bin/freshclam -d -c 13
> > 40560  ??  Ss 2:41.65 /usr/local/sbin/clamd
> > 40568  ??  Ss 0:13.25 /usr/local/sbin/clamav-milter -lonHP -m50
>
> This has happened again. After nearly four days of error free operation,
> clamav-milter children that find a virus exit sig 11. Also, I found one
> clamav-milter child stuck consuming 100% CPU.
>
> Please note:
> - Some amount of time passes from the start of the clamav-milter
>   parent process before problems with child processes begin.
> - ONLY clamav-milter children that report a virus exit sig 11
> (or consume 100% cpu).
> - clamav-milter children that DO NOT report a virus exit cleanly.
> - Both clamd.log and maillog look normal. Only syslog has errors.
>   These are milters reporting a virus...
>
> Apr 13 10:03:12 copland /kernel: pid 33341 (clamav-milter), uid 3001:
> exited on signal 11

Shortly after sending the above I realized that in my environment the
only functional difference between a milter that reports a virus and one
that does not is the email notification. I looked through my logs and
found that when a clamav-milter process had reported a virus and exited
cleanly, the event was correctly logged in the syslog and the email
notification was sent, but when the clamav-milter processes began to sig
11, correct logging to the syslog continued, but email notifications
stopped.

I have since restarted clamav-milter with the "--quiet" option. Time
will tell if this is effective.

-- 
Michael Lambert
Systems Admin, IT Dept
JEOL USA Inc
http://www.jeol.com


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] SuSE 9 x86_64 installation

2004-04-16 Thread NateDog 
Tomasz did you reply or did it delete your reply because you replied in
html?  Or was mine in HTML?  Neways..if anyone else has any suggestions
read below for my original email.  Thanks.

P.S.  Not trying to be annoying but I don't want this topic to go away
because an email was replied to in HTML.

--
Nathan Peters


- Original Message - 
From: NateDog
To: [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 10:29 AM
Subject: [Clamav-users] SuSE 9 x86_64 installation


Hello,
  Has anyone successfully compiled (version 70 - stable) on a SuSE 9 x86_64
architecture or any x86_64 distrobution architecture for that matter?
Quoted from the ClamAV site:

"Clam AntiVirus is prepared for the installation on the following operating
systems / architectures (tested platforms in brackets):
GNU/Linux - all versions and platforms"

I'm trying to compile after running the config script (with no errors that I
could see) and I get this at the end after running make:

*** Warning: linker path does not have real file for library -lgmp.
*** I have the capability to make that library automatically link in when
*** you link to this library.  But I can only do this if you have a
*** shared version of the library, which you do not appear to have
*** because I did check the linker path looking for a file starting
*** with libgmp and none of the candidates passed a file format test
*** using a file magic. Last file checked: /lib/libz.so.1.1.4
*** The inter-library dependencies that have been dropped here will be
*** automatically added whenever a program is linked with this library
*** or is declared to -dlopen it.
gcc -shared  matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo
scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo
zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo
strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo  -lz
/usr/lib/libbz2.so -lpthread  -Wl,-soname -Wl,libclamav.so.1 -o
libs/libclamav.so.1.0.3
/usr/lib/libbz2.so: could not read symbols: Invalid operation
collect2: ld returned 1 exit status
make[2]: *** [libclamav.la] Error 1
make[2]: Leaving directory
`/home/natedog/Downloads/ClamAV/clamav-0.70-rc/libclamav'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/natedog/Downloads/ClamAV/clamav-0.70-rc'
make: *** [all] Error 2

SoI know that most of the libraries are in directories specific to
the 64 bit platform like /usr/lib64 etc etc.  So neways...my question
isis there a way to work around thismaybe a soft link or
something?  Or am I just missing a normal library that should be there and
has nothing to do with the 64 bit architecture?

--
Nathan Peters


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd segfault

2004-04-16 Thread Bill Pitz 
I've had an occasional problem with clamd segfaulting.  The basics of my 
system are as follows:

Red Hat Linux 9 / 2.4.25 kernel
Sendmail 8.12.11
clamav-0.68 + clamav-milter
Here are a few lines from my clamd logfile, leading up to the point of the 
segfault:
Thu Apr 15 13:16:09 2004 -> /var/spool/quarantine/msg.RUn5yx: Worm.Bagle.N 
FOUND
Thu Apr 15 13:16:10 2004 -> /var/spool/quarantine/msg.cCKcwi: Worm.Bagle.N 
FOUND
Thu Apr 15 13:16:17 2004 -> /var/spool/quarantine/msg.4wGSbv: 
Worm.SomeFool.Gen-1 FOUND
Thu Apr 15 13:16:28 2004 -> /var/spool/quarantine/msg.65IM3b: 
Worm.SomeFool.Gen-1 FOUND
Thu Apr 15 13:16:36 2004 -> /var/spool/quarantine/msg.XtmPzP: 
Worm.SomeFool.Gen-1 FOUND
Thu Apr 15 13:21:48 2004 -> /var/spool/quarantine/msg.OMoBrW: 
Worm.SomeFool.Gen-2 FOUND
Thu Apr 15 13:22:20 2004 -> /var/spool/quarantine/msg.KJ6QsC: 
Worm.SomeFool.P FOUND
Thu Apr 15 13:22:22 2004 -> /var/spool/quarantine/msg.pdBMFc: 
Worm.SomeFool.P FOUND
Thu Apr 15 13:22:58 2004 -> Segmentation fault :-( Bye..

At the same time, the following appears in /var/log/messages:
Apr 15 13:22:58 svn clamav-milter: clamfi_eom: read nothing from clamd


My /etc/clamav.conf:
--snip--
LogFile /var/log/clamd.log
LogFileMaxSize 20M
LogTime
PidFile /var/run/clamav/clamd.pid
DataDirectory /usr/share/clamav
LocalSocket /var/run/clamav/clamd.sock
StreamSaveToDisk
StreamMaxLength 2M
MaxThreads 20
ThreadTimeout 300
MaxDirectoryRecursion 15
User clamav
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
#ClamukoScanOnLine
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
#ClamukoIncludePath /students
#ClamukoExcludePath /home/guru
ClamukoMaxFileSize 1M
ClamukoScanArchive
--snip--
clamav-mitler is being started with the following arguments:

--max-children=15 local:/var/run/clamav/clamav.sock -q -U 
/var/spool/quarantine -d



Any ideas as to what could be causing this or what I can do to prevent 
it?  Unfortunately, this is all of the information I have been able to 
get.  It's happened twice now.. the first time was a couple of months ago, 
with clamav-0.67.

Thanks,

-Bill



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] OpenBSD 3.4

2004-04-16 Thread Wiltshire, Michael 
Title: RE: [Clamav-users] OpenBSD 3.4





>>> OpenBSD 3.4>Is there a version of CLAMAV that runs on OpenBSD 3.4 ?  I
get 
>>> the following message when trying to >install Clamav-0.6.8 on OpenBSD
3.4. 
>>>
>>> 
>>>   http://www.fatbsd.com/ 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>   I went there, and downloaded both Clamav-0.68-1_3.4.tar.gz and 
>>Clamav-0.67-1_3.4.tar.gz.  When I tried to install them on OPENBSD 6.4 I
got 
>>this  message. 
>>> 
>>>   $ zcat clamav-0.68-1_3.4.tar.gz | tar xvf - 
>>>   zcat: clamav-0.68-1_3.4.tar.gz: No such file or directory 
>>>   tar: End of archive volume 1 reached 
>>>   tar: Sorry, unable to determine archive format. 


>>Hello, 
>>Try to download the archive again. "$ zcat clamav-0.68-1_3.4.tar.gz | tar 
>>xvf -" is working fine for me on 3.4 
>>Try this: 
>>
>># wget http://www.fatbsd.com/openbsd/clamav-0.68-1_3.4.tar.gz 
>># tar -xzvf clamav-0.68-1_3.4.tar.gz 
>># cd clamav-0.68-1 
>># make uninstall 
>># make 
>># su 
>># make install 
>>
>>:-p 
>>It must work fine. 
>>
>>++ Jerome 
>>
>>
>I tried that, and now I get the message 
># cd clamav-0.68-1 
># make uninstall 
>"/usr/share/mk/bsd.port.mk", line 3: Could not find
/usr/ports/infrastructure/mk/bsd.port.mk 
>Fatal errors encountered -- cannot continue 


Do you have the ports.tar.gz for 3.4 up to date? You must have the 3.4
version.
You have to get ftp://ftp.openbsd.org/pub/OpenBSD/3.4/ports.tar.gz and
decompress it (# tar -xzvf /where/you/downloaded/the/archive/ports.tar.gz -C
/usr)


++ Jerome


It installed with no problems now, thanks.

[Clamav-users] SuSE 9 x86_64 installation

2004-04-16 Thread NateDog 



Hello,
  Has anyone successfully compiled (version 
70 - stable) on a SuSE 9 x86_64 architecture or any x86_64 distrobution 
architecture for that matter?  Quoted from the ClamAV site:
 
"Clam AntiVirus 
is prepared for the installation on the following operating systems / 
architectures (tested platforms in brackets): 
GNU/Linux - all 
versions and platforms"
 
I'm trying to compile after running the config 
script (with no errors that I could see) and I get this at the end after running 
make:
 
*** Warning: linker path does not have real file 
for library -lgmp.*** I have the capability to make that library 
automatically link in when*** you link to this library.  But I can only 
do this if you have a*** shared version of the library, which you do not 
appear to have*** because I did check the linker path looking for a file 
starting*** with libgmp and none of the candidates passed a file format 
test*** using a file magic. Last file checked: /lib/libz.so.1.1.4*** The 
inter-library dependencies that have been dropped here will be*** 
automatically added whenever a program is linked with this library*** or is 
declared to -dlopen it.gcc -shared  matcher.lo md5.lo others.lo 
readdb.lo cvd.lo dsig.lo str.lo scanners.lo unrarlib.lo zzip-dir.lo zzip-err.lo 
zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo 
mbox.lo message.lo strrcpy.lo table.lo text.lo ole2_extract.lo 
vba_extract.lo  -lz /usr/lib/libbz2.so -lpthread  -Wl,-soname 
-Wl,libclamav.so.1 -o .libs/libclamav.so.1.0.3/usr/lib/libbz2.so: could not 
read symbols: Invalid operationcollect2: ld returned 1 exit 
statusmake[2]: *** [libclamav.la] Error 1make[2]: Leaving directory 
`/home/natedog/Downloads/ClamAV/clamav-0.70-rc/libclamav'make[1]: *** 
[all-recursive] Error 1make[1]: Leaving directory 
`/home/natedog/Downloads/ClamAV/clamav-0.70-rc'make: *** [all] Error 
2
SoI know that most of the libraries are in 
directories specific to the 64 bit platform like /usr/lib64 etc etc.  So 
neways...my question isis there a way to work around thismaybe a 
soft link or something?  Or am I just missing a normal library that should 
be there and has nothing to do with the 64 bit architecture?
 
--
Nathan Peters

Re: [Clamav-users] System scan...

2004-04-16 Thread B. van Ouwerkerk 

Now how to find the infected ones ??? I have Bin looking for logfiles
but canot find it
Why do you assume you should be spoonfed here?

Type

man clamscan

in your shell and it will give you all information you need.



B.

Slackware rocks. 



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Delete infected email

2004-04-16 Thread Richard Bates 
I use clamassassin and procmail to filter the virus mail
clamassassin is a script that runs clamscan and puts headers inthe email
much like spamassassin.
you can then use procmail to send it any where you want
a specific holding folder, or straight to /dev/null
see http://drivel.com/clamassassin/



Marco Draghi wrote:

Hi, I've been using Clamav on Cyrus imap mail server.
Clamscan works great on mbox, but I'd like to delete automatically 
infected mail after clamscan. How can I set it?
Thanks, Marco.




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] System scan...

2004-04-16 Thread Dilip M 
On Fri, 16 Apr 2004 18:36:57 +0530, Dilip M <[EMAIL PROTECTED]> wrote:

On Fri, 16 Apr 2004 14:20:39 +0200, Mike van Vugt <[EMAIL PROTECTED]> 
wrote:

Scaned a lot of files:

--- SCAN SUMMARY ---
Known viruses: 21074
Scanned directories: 9239
Scanned files: 97704
Infected files: 8
Data scanned: 13575.66 MB
I/O buffer size: 131072 bytes
Time: 6137.270 sec (102 m 17 s)
[EMAIL PROTECTED] root]#
Now how to find the infected ones ??? I have Bin looking for logfiles
but canot find it

EX:grep 'FOUND' 

$grep 'FOUND' /var/log/clamav/clamd.log
:)
-Dilip



--
Sorry for my engalishit  not my mother tongue ;)
---
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] System scan...

2004-04-16 Thread Antony Stone 
On Friday 16 April 2004 1:20 pm, Mike van Vugt wrote:

> Scaned a lot of files:
>
> --- SCAN SUMMARY ---
> Known viruses: 21074
> Scanned directories: 9239
> Scanned files: 97704
> Infected files: 8
> Data scanned: 13575.66 MB
> I/O buffer size: 131072 bytes
> Time: 6137.270 sec (102 m 17 s)
> [EMAIL PROTECTED] root]#
>
> Now how to find the infected ones ??? I have Bin looking for logfiles
> but canot find it

Maybe you should have used the "-i" option to clamscan in order to get it to 
print the names of the infected files?

Please try "clamscan --help" on your machine and see if it is useful.

Regards,

Antony.

-- 
Most people are aware that the Universe is big.

 - Paul Davies, Professor of Theoretical Physics

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] System scan...

2004-04-16 Thread Mike van Vugt 
Scaned a lot of files:

--- SCAN SUMMARY ---
Known viruses: 21074
Scanned directories: 9239
Scanned files: 97704
Infected files: 8
Data scanned: 13575.66 MB
I/O buffer size: 131072 bytes
Time: 6137.270 sec (102 m 17 s)
[EMAIL PROTECTED] root]#

Now how to find the infected ones ??? I have Bin looking for logfiles
but canot find it

Regards,

-- 
   - Mike van Vugt - ICQ: 291077353 -
   - Mail: [EMAIL PROTECTED] -



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Delete infected email

2004-04-16 Thread Joe Maimon 


Marco Draghi wrote:

Hi, I've been using Clamav on Cyrus imap mail server.
Clamscan works great on mbox, but I'd like to delete automatically 
infected mail after clamscan. How can I set it?
Thanks, Marco.
As answered previously on this list

Make sure you only scan one peice of email each time you call clamscan, 
then by using the return code delete it/quarantine it/flag it/whatever

If their are in a mbox spool file, tools such as formail can help you 
with that.

You will probaly see a large performance improvement in the above by 
using clamd with the ScanMail directive uncommented in /etc/clamav.conf 
or wherever your is.

I have found that you can usualy do something like this

cat $email_msg | clamdscan -

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Delete infected email

2004-04-16 Thread Marco Draghi 



Hi, I've been using Clamav on Cyrus imap mail 
server.
Clamscan works great on mbox, but I'd like 
to delete automatically infected mail after 
clamscan. How can I set it?
Thanks, Marco.

RE: [Clamav-users] Complete system scan...

2004-04-16 Thread Mike van Vugt 
> [   ]
> >
> > On Thu, 2004-04-15 at 19:35, Brad Morgan wrote:
> > > >
> > > > What command can I use to scan my compleet system ???
> > > >
> > > If its a *nix system, "find / -name daily.cvd" should work.
> > >
> > > If its a Windows system, Start, Search, For files & folders...,
> > and enter
> > > daily.cvd in the appropriate place.  The exact wording and
> > location of the
> > > search tool depends on which flavor of Windows you are running.
> > >
> > > If its some other operating system, tell us and hopefully,
> > someone on this
> > > list can give you directions.
> >
> > $ more /etc/mandrake-release ; rpm -qa|grep -i kernel
> > Mandrake Linux release 10.0 (RC1) for i586
> > kernel-2.6.2.3mdk-1-1mdk
> >
> > Trying both options... could take a while I think...  Nothing happends,
> > the only thing I see is a blinking cursor ;-))
> >
> 
> 
> This will in no way scan your system.  It will however locate where your
> virus database definitions are.  There have been many other replies to this
> question with the correct answer.  As i stated before "clamscan -r /" will
> do it.
> 
> Jim

This works ;-))

Regards,

-- 
   - Mike van Vugt - ICQ: 291077353 -
   - Mail: [EMAIL PROTECTED] -



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] know virus not detected

2004-04-16 Thread Andrea Trasatti 


On 15 Apr 2004 at 10:15, Steven Stern wrote:

> On Thu, 15 Apr 2004 13:09:29 +0200, "Andrea Trasatti" <[EMAIL PROTECTED]>
> wrote:
> 
> >
> >I update my virii DB once everyday this is my latest update status:
> >ClamAV update process started at Thu Apr 15 02:00:00 2004
> >SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
> >main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
> >daily.cvd updated (version: 263, sigs: 844, f-level: 1, builder: ccordes)
> >Database updated (21073 signatures) from database.clamav.net (212.31.160.239).
> >
> >
> We've seen this many times on the list.  Search your entire file system for
> main.cvd and daily.cvd. Do you find more than one copy? If so, the updates are
> going one place and the scanner is using another set. You'll need to check all
> your command lines and .conf files to find the disparity.

First of all sorry for a repeated question I am not really comfortable with SF's 
mailinglist 
archives interface.

I checked my system:
server log # find / -name main.cvd
/var/lib/clamav/main.cvd
server log # find / -name daily.cvd
/var/lib/clamav/daily.cvd


As you can see I have a single main.cvd and daily.cvd.

Any other idea?

- Andrea


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems with Clamav and freshclam

2004-04-16 Thread Tomasz Papszun 
On Fri, 16 Apr 2004 at  9:40:26 +0200, Jorge Rodríguez wrote:
> 
> I have installed on my email server qmail, spamassassin, clamav-freshclam,
> qmail-scanner and vpopmail, all, except vpopmail, through apt-get in debian.

You missed a few needed packages! Like clamav, clamav-base,
clamav-daemon, clamav-testfiles, libclamav1.

> It seems all is ok, but I have no clamav.conf, it supposed to be in
> /etc/clamav. Instead of this file I have freshclam.conf but into this file
> there's none of the options it has to be into clamav.conf. 
> 
> Daemon fresh-clam works fine, it starts correctly but I don't see clamd
> running. Is it should be running?
[...]

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]  | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems with Clamav and freshclam

2004-04-16 Thread Jorge Rodríguez 
Hi people,

I have installed on my email server qmail, spamassassin, clamav-freshclam,
qmail-scanner and vpopmail, all, except vpopmail, through apt-get in debian.
It seems all is ok, but I have no clamav.conf, it supposed to be in
/etc/clamav. Instead of this file I have freshclam.conf but into this file
there's none of the options it has to be into clamav.conf. 

Daemon fresh-clam works fine, it starts correctly but I don't see clamd
running. Is it should be running?

/usr/bin/freshclam --daemon --quiet --pid /var/run/clamav/freshclam.pid

In addition, when freshclam updates the antivirus database I receive this
message in freshclam.log:

ClamAV update process started at Thu Apr 15 14:22:21 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder:
tkojm)
daily.cvd updated (version: 264, sigs: 845, f-level: 1, builder: diego)
Database updated (21074 signatures) from database.clamav.net
(213.203.254.4).
ERROR: Clamd was NOT notified: Can't find or parse configuration file
/etc/clamav/clamav.conf

And qmail-scanner doesn't work anymore. Then I downloaded an example for
clamav.conf file, with defaults options most of them, and make freshclam to
update manually, this is the result:

ClamAV update process started at Fri Apr 16 09:21:56 2004
main.cvd updated (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
daily.cvd updated (version: 264, sigs: 845, f-level: 1, builder: diego)
Database updated (21074 signatures) from database.clamav.net
(152.66.249.132).
ERROR: Clamd was NOT notified: Can't connect to clamd on 127.0.0.1:3310

It seems socket on port 3310 doesn't start. Can anyone help me?? I'm driving
crazy with this...

Thanks a lot,

Jorge Rodríguez 
[EMAIL PROTECTED] 
Clave PGP Pública: http://www.imaggina.es/pgp/JorgeRodriguez.asc






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Netsky -V

2004-04-16 Thread Niek 
Andrew Mouawad wrote:
Hi,

Just heard a report of a new virus called netsky -v that is doing the 
rounds. Apparently works only on an up-patched OE, but does not need an 
attachment to be opened, just for the user to click on the subject line. 
Haven't heard of this one, or find anything on the net yet. Any one else 
seen or heard of this one?
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] OpenBSD 3.4

2004-04-16 Thread LOYET Jerome 
>>> OpenBSD 3.4>Is there a version of CLAMAV that runs on OpenBSD 3.4 ?  I
get 
>>> the following message when trying to >install Clamav-0.6.8 on OpenBSD
3.4. 
>>>
>>> 
>>>   http://www.fatbsd.com/ 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>   I went there, and downloaded both Clamav-0.68-1_3.4.tar.gz and 
>>Clamav-0.67-1_3.4.tar.gz.  When I tried to install them on OPENBSD 6.4 I
got 
>>this  message. 
>>> 
>>>   $ zcat clamav-0.68-1_3.4.tar.gz | tar xvf - 
>>>   zcat: clamav-0.68-1_3.4.tar.gz: No such file or directory 
>>>   tar: End of archive volume 1 reached 
>>>   tar: Sorry, unable to determine archive format. 

>>Hello, 
>>Try to download the archive again. "$ zcat clamav-0.68-1_3.4.tar.gz | tar 
>>xvf -" is working fine for me on 3.4 
>>Try this: 
>>
>># wget http://www.fatbsd.com/openbsd/clamav-0.68-1_3.4.tar.gz 
>># tar -xzvf clamav-0.68-1_3.4.tar.gz 
>># cd clamav-0.68-1 
>># make uninstall 
>># make 
>># su 
>># make install 
>>
>>:-p 
>>It must work fine. 
>>
>>++ Jerome 
>>
>>
>I tried that, and now I get the message 
># cd clamav-0.68-1 
># make uninstall 
>"/usr/share/mk/bsd.port.mk", line 3: Could not find
/usr/ports/infrastructure/mk/bsd.port.mk 
>Fatal errors encountered -- cannot continue 

Do you have the ports.tar.gz for 3.4 up to date? You must have the 3.4
version.
You have to get ftp://ftp.openbsd.org/pub/OpenBSD/3.4/ports.tar.gz and
decompress it (# tar -xzvf /where/you/downloaded/the/archive/ports.tar.gz -C
/usr)

++ Jerome



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Netsky -V

2004-04-16 Thread Andrew Mouawad 
Hi,

Just heard a report of a new virus called netsky -v that is doing the 
rounds. Apparently works only on an up-patched OE, but does not need an 
attachment to be opened, just for the user to click on the subject line. 
Haven't heard of this one, or find anything on the net yet. Any one else 
seen or heard of this one?

Kind Regards,
Andrew Mouawad
http://www.earthlink.com.au
*
Unlimited ADSL from $69.95 p/m 256/64K Speed
http://adsl.earthlink.com.au
Unlimited Dialup Internet $18.95 p/m including Free Virus & Spam Filter
*
Tel: 03 9735 2069
Fax: 03 9735 2082
Mobile: 0400 735 350  



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users