[Clamav-users] clamd.sock

2004-04-21 Thread David B. Reyes 
Good day everyone.

Where does the clamd.sock reside? isn't it created automatically? Am 
using clamav-0.70

does anyone have a sample copy of filtered_domains file for postfix? 
Could I take a look at what it looks like?

Thanks

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] no logging or email notice of detected viruses (clamav-milter 0.70o)

2004-04-21 Thread bergman 

I'm using clamav 0.70, with clamav-milter 0.70o, under RH 9. It appears to drop
infected mail as it should, but I'm not getting a copy to postmaster or to the 
quarantine
address. Nothing is logged in /var/log/clamav/*, and there's no log entry in the
maillog showing that the message was infected. The sendmail log shows:


INFECTED MAIL
Apr 20 14:53:16 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:53:17 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: collect: premature EOM: 
unexpected close
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: collect: unexpected close on 
connection from localhost, sender=<[EMAIL PROTECTED]>
Apr 20 14:53:18 server1 sendmail[28948]: i3KJrFsG028948: from=<[EMAIL PROTECTED]>, 
size=203, class=0, nrcpts=1, proto=ESMTP, [EMAIL PROTECTED]
Apr 20 14:53:18 server1 clamav-milter[28718]: clamfi_close


Running clamd with debugging on shows:
LibClamAV debug: clamfi_envfrom: <[EMAIL PROTECTED]>
LibClamAV debug: >n_children = 1
LibClamAV debug: clamfi_envrcpt: <[EMAIL PROTECTED]>
for an infected message. Note that there's no "connect2clamd" statement.

---END OF INFECTED MAIL


Messages that do not have viruses are delivered correctly, and the sendmail
log shows:
---CLEAN MESSAGE---
Apr 20 14:59:29 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:59:30 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:59:29 server1 clamav-milter[28718]: clamfi_envfrom: <[EMAIL PROTECTED]>
Apr 20 14:59:30 server1 clamav-milter[28718]: clamfi_envrcpt: <[EMAIL PROTECTED]>
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: from=<[EMAIL PROTECTED]>, 
size=43, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, [EMAIL PROTECTED]
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eoh
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_envbody: 44 bytes
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eom
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_eom: read stream: OK
Apr 20 14:59:31 server1 clamav-milter[28718]: i3KJxSED029627: clean message from 
<[EMAIL PROTECTED]>
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: Milter add: header: 
X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70o
Apr 20 14:59:31 server1 sendmail[29627]: i3KJxSED029627: Milter add: header: 
X-Virus-Status: Clean
Apr 20 14:59:31 server1 sendmail[29638]: i3KJxSED029627: to=<[EMAIL PROTECTED]>, 
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30452, dsn=2.0.0, stat=Sent
Apr 20 14:59:31 server1 sendmail[29638]: i3KJxSED029627: done; delay=00:00:01, ntries=1
Apr 20 14:59:31 server1 clamav-milter[28718]: clamfi_close


Running clamd with debugging on shows:
LibClamAV debug: clamfi_envfrom: <[EMAIL PROTECTED]>
LibClamAV debug: >n_children = 1
LibClamAV debug: clamfi_envrcpt: <[EMAIL PROTECTED]>
LibClamAV debug: connect2clamd OK
LibClamAV debug: clamfi_eom: read stream: OK
for a clean message.
--END OF CLEAN MESSAGE---


I'm running clamav-milter with the options:

--debug
--headers
--local
--outgoing
--max-children=10
--force-scan
[EMAIL PROTECTED]
[EMAIL PROTECTED]
local:/var/run/clamav/clamav-milter.sock

The clamav.conf file has:
LogFile /var/log/clamav/clamd.log
LogClean
LogSyslog
LogVerbose
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.socket
StreamSaveToDisk
StreamMaxLength 10M
MaxDirectoryRecursion 15
User clamav
ScanOLE2
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxCompressionRatio 200
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
ClamukoMaxFileSize 1M
ClamukoScanArchive

As I understand it, I should be getting a notice that a virus was detected
sent to "[EMAIL PROTECTED]", with the actual infected message forwared to
"[EMAIL PROTECTED]", and I'd expect some logging to
/var/log/clamav/clamd.log or the syslog.

Any suggestions? Any ideas for getting more debugging detail?

Can anyone spot a configuration problem that I'm overlooking?

Thanks,

Mark



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
__

[Clamav-users] freshclam failed?

2004-04-21 Thread Matthew Daubenspeck 
I got this on two machines today during a manual freshclam:

# freshclam
ClamAV update process started at Wed Apr 21 21:40:47 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
daily.cvd updated (version: 277, sigs: 951, f-level: 1, builder: ccordes)
Database updated (21180 signatures) from database.clamav.net (212.113.16.74).
ERROR: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl
connect(): No such file or directory

I then had to manuall killall -9 clamd to get it to stop. Restarting
seemed to work, I just wondered if this was anything to be worried
about??

I am using the backports.org debian stable package, which results:

# freshclam --version
freshclam / ClamAV version devel-20040411

# clamd --version
clamd / ClamAV version devel-20040411
-- 
  Matthew Daubenspeck
  http://www.oddprocess.org

21:41:56 up 7 days, 2:35, 1 user, load average: 0.00, 0.01, 0.00


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Todd Lyons 
On Wed, 2004-04-21 at 03:25, Trog wrote:
> Is that file an email? If so, RTFM on clamscan.

Maybe a feature could be if the first 4 bytes match the regex /From/
then clamscan could assume --mbox.

Blue skies...   Todd



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter Segmentation fault

2004-04-21 Thread Tristan Griffiths 
Vincent Aniello wrote:

Quoting Nigel Horne <[EMAIL PROTECTED]>:
 

I can't reproduce your problem.
Did you do the following: "make distclean; configure ; make
install"?
   

I upgraded gcc from 2.96 to 3.3.3 and recompiled clamav 0.70.  The program 
clamav-milter works now.

Thanks.
 

Although severly off topic, you couldn't point me in the direction of 
some tips to upgrading the gcc version to 3+?

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav-milter Segmentation fault

2004-04-21 Thread Tristan Griffiths 
Nigel Horne wrote:

On Saturday 17 Apr 2004 5:16 pm, Vincent Aniello wrote:
 

When I try starting clamav-milter it immediately dies with the message
"Segmentation fault (core dumped)":
[EMAIL PROTECTED] init.d]# /usr/local/sbin/clamav-milter
Segmentation fault (core dumped)
[EMAIL PROTECTED] init.d]#
   

I can't reproduce your problem.

Did you do the following: "make distclean; configure ; make install"?
 

I've got the same issue. clamd, clamscan and clamdscan all run happily. 
But when you try to run clamav-milter, either by hand or the rc script, 
it fails with "Segmentation fault (core dumped)".

I've compiled with --disable-pthreads and the same occurs.

This is what I configure with:

./configure --prefix=/usr --sysconfdir=/etc/clamav --enable-milter

Tried 'stable' version clamav-0.70 and CVS version clamav-devel-20040420

RedHat 7.0.
gcc-2.96-85
glibc-2.2.4-18.7.0.9
kernel-2.2.24-7.0.3
Any thoughts?

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Bill Maidment 
Hi

When I uncomment the NotifyClamd option I get the following error.

freshclam daemon started (pid=23740)
ClamAV update process started at Thu Apr 22 09:04:05 2004
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
daily.cvd updated (version: 277, sigs: 951, f-level: 1, builder: ccordes)
Database updated (21180 signatures) from database.clamav.net.
ERROR: Clamd was NOT notified: Can't connect to clamd through 
/var/spool/MIMEDefang/clamd.sock

ls -la /var/spool/MIMEDefang/clamd.sock gives

srwxrwxrwx1 defang   defang  0 Apr 22 09:04 
/var/spool/MIMEDefang/clamd.sock

Any clues as to the problem?

Cheers
Bill
Trog wrote:

clamdscan sends the file to clamd to scan. You need to tell clamd to
reload the database when it is updated. See the NotifyClamd option in
the freshclam.conf and the SelfCheck option in clamav.conf
-trog

[Clamav-users] "Unable to open file or directory" in OLE2 docs

2004-04-21 Thread Scott Call 
With the upgrade to 0.70 release I tried re-enabling OLE2 scanning with my
clamd + exiscan setup, and I got these error again:
2004-04-21 15:00:25 1BGPlY-0004FD-5J malware acl condition: clamd: ClamAV
returned /var/spool/exim/scan/1BGPlY-0004FD-5J/1BGPlY-0004FD-5J-0.doc:
Unable to open file or directory. ERROR
2004-04-21 15:00:25 1BGPlY-0004FD-5J malware acl condition: clamd: ClamAV
returned /var/spool/exim/scan/1BGPlY-0004FD-5J/1BGPlY-0004FD-5J-0.doc:
Unable to open file or directory. ERROR

I can't provide the .doc files since exiscan clears the scanned files once
a decision has been made, but the error message seems to indicate either a
permissions error or something like that?  Is there a way to get a more
detail error?

Thanks
-S

-- 
Scott Call  Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] CVS

2004-04-21 Thread Matthew Trent 
mail1:/usr/src# cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/clamav 
co clamav-devel
cvs server: Updating clamav-devel
...
cvs server: Updating clamav-devel/docs/Polish
cvs server: [15:34:49] waiting for nigelhorne's lock 
in /cvsroot/clamav/clamav-devel/docs/Polish
cvs server: [15:35:19] waiting for nigelhorne's lock 
in /cvsroot/clamav/clamav-devel/docs/Polish

-- 
Matt
Systems Administrator
Local Access Communications
360.330.5535


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Remote clamav implementation

2004-04-21 Thread Nigel Horne 
On Wednesday 21 Apr 2004 10:04 pm, Tom Walsh wrote:
> I know that Tomasz had mentioned that the clamav developers were working
> on the ICAP (i-cap.org) implementation of clamd back in March. I have
> not heard anything about the status of this recently and was curious to
> see where this is at.
>
> I am really interested in offloading my clamd scanning to a dedicated
> box.

You can do that now, you don't need ICAP. I already do that here, just use INET
domain sockets.

> Tom Walsh

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sharing the virus database ?

2004-04-21 Thread Peter Bonivart 
Pat Masterson wrote:
 My internet system gets the realtime signature updates a few times a
day, but I need some internal systems to get the updates. Can I:
-use FTP to copy the database internally?
-make the internet system a database server somehow?
Run a web server on your internet connected system and point your 
internal systems there.

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.conf file

2004-04-21 Thread Jakub Jankowski 
On 2004-04-21, Wiltshire, Michael wrote:

># clamdscan -v
>ERROR: Clamd is not configured properly.
>
>This only happens when I uncomment the line below.
>
># TCP port address.
>TCPSocket 3310

Use either LocalSocket or TCPSocket, not both at the same time.

s.

-- 
(0>  Jakub Jankowski  [url]: s.atn.pl  "Nawet w Krainie Czarow
//\   [EMAIL PROTECTED]   [rlu]: 174516 latwiej jest spotkac
V_/_  [EMAIL PROTECTED]   [ekg]: 921514 Babe Jage niz Alicje"
Fingerprint: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav.conf file

2004-04-21 Thread Wiltshire, Michael 
Title: clamav.conf file






Hi all again,


When I run clamdscan, I get the following error:


# clamdscan -v
ERROR: Clamd is not configured properly.


This only happens when I uncomment the line below.  


# TCP port address.
TCPSocket 3310


If I leave it commented, I get this error:


# clamdscan -v
connect(): Socket operation on non-socket
ERROR: Can't connect to clamd.


Which I guess is to be expected.



Any help ?


Mike.

[Clamav-users] Remote clamav implementation

2004-04-21 Thread Tom Walsh 
I know that Tomasz had mentioned that the clamav developers were working
on the ICAP (i-cap.org) implementation of clamd back in March. I have
not heard anything about the status of this recently and was curious to
see where this is at.

I am really interested in offloading my clamd scanning to a dedicated
box.

Any information would be appreciated.

Tom Walsh
Network Administrator
http://www.ala.net/




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] 70rc1 problems

2004-04-21 Thread Scott Call 
On Wed, 21 Apr 2004, Marc Balmer wrote:

> Hi all
>
> I updated a few servers to ClamAV 70rc1.  We only use clamd.  OS is
> OpenBSD 3.5.
>
> The problem we have: clamd terminates.  Seems unstable like the 6x series.
>
> Did anyone succed to use this software in a production environment?

I've had good success with clamd 0.70rc1 and 0.70 release on Linux boxes
handling 5-20 virii/minute, I can't comment on obsd however.

-S

>
> - Marc Balmer
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>
>
> !DSPAM:4086d9af221811506488371!
>
>
>

-- 
Scott Call  Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] 70rc1 problems

2004-04-21 Thread Marc Balmer 
Hi all

I updated a few servers to ClamAV 70rc1.  We only use clamd.  OS is 
OpenBSD 3.5.

The problem we have: clamd terminates.  Seems unstable like the 6x series.

Did anyone succed to use this software in a production environment?

- Marc Balmer

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Fw: [Bug 105169] Filter for Attachments

2004-04-21 Thread Jon Roland 
FYI. This is my last submission to the Mozilla Bugzilla that partially 
addresses the needs of newbies who want a user-friendly gui or wizard to 
set up and configure everything, requiring the user only to make choices 
among easily-understood menu options.

Simply telling newbies to "learn Linux" doesn't suffice. We need to 
provide solutions for non-techies (which, though we might not admit it, 
are also likely to be useful to techies).

--Jon

 Original Message 
Subject: [Bug 105169] Filter for Attachments
Date: Wed, 21 Apr 2004 12:26:36 -0700
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
http://bugzilla.mozilla.org/show_bug.cgi?id=105169





--- Additional Comments From [EMAIL PROTECTED]  2004-04-21 
12:26 PDT ---
After further research I have found that what seems to be needed is a 
convenient
way to integrate Mozilla, at least on Linux/Unix machines, to tools like 
Clamav
(for virus filtering), spamassassin (for spam filtering), and milter, 
and for
those of us who run local client machines that access a remote ISP's mail
server,  a quick way to set up to locally use fetchmail, sendmail, 
procmail, and
anything else needed for a complete solution. See
http://www.constitution.org/comp/linux.htm for links to these and 
related tools.
At this point I haven't figured out how to connect Mozilla to fetchmail 
for the
first step, and I propose that Mozilla account setup at least offer that 
option
as part of a setup wizard or list of options, which should ultimately 
enable the
novice user to set up those tools with little more difficulty than now 
attends
setting up email retrieval directly from an ISP's POP server. The wizard 
should
download, install, and configure all the above utilities to receive 
updates of
the virus db, have spamassassin learn to recognize spam from clicking 
the junk
button, edit the conf files, and leave the overall operation of Mozilla mail
appearing to work the same way, except that the spam and viruses no longer
appear in the Inbox (and hopefully also no more of the warning messages that
"you sent a virus-infected message" when you did not -- standard prepended
strings like "[infected mail]" or "[returned mail]" that could be 
filter-moved
to the Junk or Bounce folder would help a lot for that).

--
Configure bugmail: http://bugzilla.mozilla.org/userprefs.cgi?tab=email
--


Starflight Corporation7793 Burnet Road #37, Austin, TX 78757
512/374-9585 www.the-spa.com/jon.roland/  [EMAIL PROTECTED]

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Problems detecting Worm.SomeFool.Y

2004-04-21 Thread Andreas Haase 
Hello,

> I must have missed where you stated this.  Sigtool uses a hardcoded database
> directory which is determined at compile time.

Thats what I meant being the "actual state". Why using hardcoded
directories if there is a possibility to change it in the config files?

> You may want to smylink the old database directory to the new one to
> attempt to get sigtool to use the newly freshclam'd virus files.  I dont
> know if this is the best solution, but it would probably work.

The best solution is something completely different ;-) ... but that is
what I did yesterday to get the clamscan running correctly.

> I guess the reason for this is that clamscan expects all arguments on the
> command line.

Then it would be a better way to use the directory from the config file
as default and if the user is giving a command line this renews the
setting for this one execution time. That would be much cleaner than the
way clamscan (and sigtool) is operating at the moment.

> I honestly dont know as i did not develop clamav.

But may be some developers are reading this now ;-) ... Let me say that I
think clamav is a real good project. My criticism only depends on that one
point where the design isn't logical.

> This is the exact reason why i suggested renaming clamav.conf to
> clamd.conf since clamd is the only program using it.

I agree if there is created a clamscan.conf at the same time. The better
way in my eyes would be to merge the files and make clamscan using the
needed settings from that one. It's just a point of not holding config
data redundant.

Regards,

Andreas Haase
Postmaster
EastLink GmbH
-- 
-- professional INTERNET services -

EastLink GmbH  -  Leipziger Strasse 46  -  D-09113 Chemnitz
voice: +49-180-5432060 fax: +49-371-4320626 www.eastlink.de


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Milter errors after upgrade of clamav from 0.68 to 0.70

2004-04-21 Thread Dan O'Brien 
I attempted to upgrade my ClamAV from 0.68 to 0.70 this morning.  0.68 has 
been running flawlessly on Fedora Core 1 patched to reasonably current (I 
haven't put the latest kernel on, I'm still at 2.4.22-2174nptl).

The error I get is

Apr 21 10:57:27 sweep sendmail[1539]: i3LEvR8Z001539: SYSERR(root): out of 
memory: Cannot allocate memory
Apr 21 10:57:27 sweep sendmail[1542]: i3LEvR8Z001542: SYSERR(root): out of 
memory: Cannot allocate memory

I've got my configuration settings saved in a shell script, so 0.70 was 
config'd and compiled with the same options as 0.68.  I didn't update my 
startup scripts or the files in /etc/sysconfig.  I checked the paths of my 
socket files; they're identical in sendmail.(mc|cf) and the config files. 
Clamdscan works fine.  I did have to change the ThreadTimeout parameter in 
clamav.conf to ReadTimeout when I updated the version.

I finally had to revert back to 0.68, which worked "as is" (after changing 
the parm back to "ThreadTimeout").

Thoughts, anyone?

Dan O'Brien


__

Axon Solutions, Inc.   Telephone: 703-845-8400
5827 Columbia Pike #502Facsimile: 703-845-5568
Falls Church, VA  22041  www.axonsolutions.com
__

>From the Technology You Have to the Solutions You Need



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] sharing the virus database ?

2004-04-21 Thread Pat Masterson 
 My internet system gets the realtime signature updates a few times a
day, but I need some internal systems to get the updates. Can I:
-use FTP to copy the database internally?
-make the internet system a database server somehow?

Any suggestions are welcome.  -pat

*-*
*  Pat Masterson  V01-01,  Northrop Grumman, *  Ham:KE2LJ
*  1 Grumman Road West   *  President Grumman Amateur
*  Bethpage, NY 11714*  Radio Club  WA2LQO
*  email: [EMAIL PROTECTED]   Fone: 516-346-7125   *  www.qsl.net/wa2lqo
*-*


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Newbie need help

2004-04-21 Thread Joacim Ekroth 
Chan Ho wrote:
thats the problem, i don't really know how should I edit this line.

Check the manpage for freshclam:

--daemon-notify=/path/to/clamav.conf
  Notify  the daemon about the new database. By default it reads a
  hardcoded config file but you can use an another one. Both local
  and TCP sockets are supported.
It's the same option as NotifyClamd.

So in your freschalm.conf, just enter
NotifyClamd /etc/clamav.conf
/Jocke



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Newbie need help

2004-04-21 Thread Steven Stern 
On Thu, 22 Apr 2004 02:24:57 +0800, "Chan Ho" <[EMAIL PROTECTED]> wrote:

>thats the problem, i don't really know how should I edit this line.
>
>- Original Message -
>From: "Steven Stern" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, April 22, 2004 12:55 AM
>Subject: Re: [Clamav-users] Newbie need help
>
>
>On Thu, 22 Apr 2004 00:20:03 +0800, "Chan Ho" <[EMAIL PROTECTED]> wrote:
>
>>I set my server to download virus db automatically. However, do I need to
>reload it as I see that clamd has the reload command. If so, how to do so?
>
>Look at freshclam.conf.  Edit the line 'NotifyUpdate'.

Here's mine:

# Send the RELOAD command to clamd.
NotifyClamd /etc/clamav.conf

If you have your clamav.conf file elsewhere, make the appropriate change.
--
   Steve
   


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Newbie need help

2004-04-21 Thread Werner Macho 
On Wed, 2004-04-21 at 20:24, Chan Ho wrote:
> thats the problem, i don't really know how should I edit this line.

well, to be honest .. then i'd suggest to read the "linux" handbook or
learn how to use the editor (whatever editor you choose.

i think you should start first at learning how to use lilnux befor
posting to a specific mailing list ..

just my 2c and not meant personally

good luck

Werner


signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] .ZIP file scanning

2004-04-21 Thread Tomasz Kojm 
On Wed, 21 Apr 2004 11:24:27 +0100
"Ricardo Bernardes" <[EMAIL PROTECTED]> wrote:

> hi
> 
> is it possible to stop ClamAV from scanning .zip files?

--disable-archive (clamscan) and comment out ScanArchive in clamav.conf
(disables support for all archive types)

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Apr 21 19:32:42 CEST 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] [OT] Watchdog for freshclam

2004-04-21 Thread Tomasz Kojm 
On Wed, 21 Apr 2004 10:48:10 -0600
Jorge Valdes <[EMAIL PROTECTED]> wrote:

> I had a problem with freshclam, I run it in daemon mode and for some
> reason it died. A couple of days passed before I realized this, and
> restarted it.  This by itself its not that bad, although my virus
> signatures were out of date. :(

I'm sure that has been fixed in 0.70.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Wed Apr 21 19:34:10 CEST 2004


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] Newbie need help

2004-04-21 Thread Chan Ho 
thats the problem, i don't really know how should I edit this line.

- Original Message -
From: "Steven Stern" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 22, 2004 12:55 AM
Subject: Re: [Clamav-users] Newbie need help


On Thu, 22 Apr 2004 00:20:03 +0800, "Chan Ho" <[EMAIL PROTECTED]> wrote:

>I set my server to download virus db automatically. However, do I need to
reload it as I see that clamd has the reload command. If so, how to do so?

Look at freshclam.conf.  Edit the line 'NotifyUpdate'.
--
   Steve



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav...

2004-04-21 Thread Peter Bonivart 
bruce wrote:
we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??
Clam's primary target is mail servers, yes.

we're looking for an "open source" app that can be used to do
virus/trojan/etc protection for the linux/windows desktop... kind of like
mcafee/symantec/norton/etc...
The only open source and up to date virus scanner is Clam. Several of 
the commercial alternatives have free versions for personal use but I 
guess that will not work for you.

Look here for work going on to broaden the reach of Clam:

http://www.clamav.net/3rdparty.html#pagestart

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav and microsoft exchange.

2004-04-21 Thread Peter Bonivart 
Bora wrote:
Peter, I know that mailscanner has documentation for everything except with
qmail, do know where I can find it?
I think these are the guys who added support for qmail to MailScanner, 
they package the whole thing also:

http://opencomputing.sourceforge.net/

--
/Peter Bonivart
--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Issuing clamd commands when using UNIX (local) socket

2004-04-21 Thread Michael Mangino 
When I run clamd using a TCP socket, I can telnet to clamd's port and =
issue commands (like "PING" and "SHUTDOWN").

But how do I issue commands when running clamd with a UNIX (local) =
socket?

--Mike


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] clamav...

2004-04-21 Thread Shannon Werb 
Take a look at clamwin, which uses clamav, and works with Windows.
http://clamwin.sourceforge.net/

Regards,
Shannon
http://www.battcave.com/

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of bruce
Sent: Wednesday, April 21, 2004 11:54 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] clamav...

hi...

we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??

we're looking for an "open source" app that can be used to do
virus/trojan/etc protection for the linux/windows desktop... kind of like
mcafee/symantec/norton/etc...

if clamav doesn't fit the bill, does anyone know of an app that might?

thanks

bruce
[EMAIL PROTECTED]



---
This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial
presented by Daniel Robbins, President and CEO of GenToo technologies. Learn
everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: WORM_SWEN.A undetected

2004-04-21 Thread Bit Fuzzy 

- Original Message -
From: "Virgo Pärna" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 11:00 AM
Subject: [Clamav-users] Re: WORM_SWEN.A undetected


> On Wed, 21 Apr 2004 09:54:35 -0400, Bit Fuzzy <[EMAIL PROTECTED]>
wrote:
> > Hmmm, I wonder why mine didn't
> >
>
>  I guess, it's up to standard questions - what version, what does
> the "sigtool --list-sigs | grep -i gibe" show, checking for incorrect
> database path and so on... Having file as example would help:)
>

> what version

clamav-0.67-1

> what does sigtool --list-sigs | grep -i gibe show
Worm.Gibe.1
Worm.Gibe.B
Worm.Gibe.F
Worm.Gibe.F.UPX.2
Worm.Gibe.F.UPX.3
Worm.Gibe.F.UPX
Worm.Gibe.F.dam
Worm.Gibe.F
Gibe.B-upx




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Newbie need help

2004-04-21 Thread [EMAIL PROTECTED] 

Chan Ho said:
> I set my server to download virus db automatically. However, do I
> need to reload it as I see that clamd has the reload command. If so,
> how to do so?
>
>

Chan:

clamd should be checking every hour by default.  Look at
/usr/local/etc/calmav.conf for the database integrity check.

-- 

Bob Greene


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Newbie need help

2004-04-21 Thread Steven Stern 
On Thu, 22 Apr 2004 00:20:03 +0800, "Chan Ho" <[EMAIL PROTECTED]> wrote:

>I set my server to download virus db automatically. However, do I need to reload it 
>as I see that clamd has the reload command. If so, how to do so?

Look at freshclam.conf.  Edit the line 'NotifyUpdate'.
--
   Steve
   


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav...

2004-04-21 Thread bruce 
hi...

we're new to clamav and trying to get a better understanding. we've looked
through the clamav docs and from our understanding, the app appears to be a
mail server oriented spam/virus app. is this pretty much the case..??

we're looking for an "open source" app that can be used to do
virus/trojan/etc protection for the linux/windows desktop... kind of like
mcafee/symantec/norton/etc...

if clamav doesn't fit the bill, does anyone know of an app that might?

thanks

bruce
[EMAIL PROTECTED]



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] [OT] Watchdog for freshclam

2004-04-21 Thread Jorge Valdes 
I had a problem with freshclam, I run it in daemon mode and for some reason 
it died. A couple of days passed before I realized this, and restarted 
it.  This by itself its not that bad, although my virus signatures were out 
of date. :(


I recently came across monit, a daemon that watches and optionally restarts 
user configured processes (http://www.tildeslash.com/monit/) which did the 
trick for me.


I have the following init script to start freshclam at boottime (please 
lookout for line-wrap):

--BEGIN--
#!/bin/sh
#
# freshclam This shell script takes care of starting and stopping
#   freshclam daemon
#
# chkconfig: 345 26 74
# description: freshclam updates ClamAV databases
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
RETVAL=0
OPTIONS="-d"
prog="freshclam"
pidfile="/var/run/freshclam.pid"
PATH=$PATH:/usr/local/bin
[ -x /usr/local/bin/freshclam ] || exit 0

start() {
# Start daemon.
echo -n $"Starting $prog: "
daemon $prog $OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
[ $RETVAL -eq 0 ] && ps -eo pid,args |grep "$prog $OPTIONS" |awk 
'{print $1}' > $pidfile
return $RETVAL
}

stop() {
# Stop daemons.
echo -n $"Shutting down $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
[ $RETVAL -eq 0 ] && rm -f $pidfile
return $RETVAL
}
# See how we were called.
case "$1" in
  start)
start
;;
  stop)
stop
;;
  status)
status $prog
RETVAL=$?
;;
  restart|reload)
stop
start
RETVAL=$?
;;
  condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
RETVAL=$?
fi
;;
  *)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $RETVAL
--END--
Using this, I add the following configuration to monit:

--BEGIN--
# MONIT
check process freshclam
   with pidfile /var/run/freshclam.pid
   start program "/etc/init.d/freshclam start"
   stop  program "/etc/init.d/freshclam stop"
--END--
With this program, if the daemon dies, it is restarted automatically by the 
system and I get a mail message notifying me that the daemon was restarted.

--
Jorge Valdes
Intercom El Salvador


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Newbie need help

2004-04-21 Thread Chan Ho 



I set my server to download virus db automatically. 
However, do I need to reload it as I see that clamd has the reload command. If 
so, how to do so?
 

RE: [Clamav-users] Problems detecting Worm.SomeFool.Y

2004-04-21 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Andreas
> Haase
> Sent: Tuesday, April 20, 2004 6:55 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] Problems detecting Worm.SomeFool.Y
>
>
> Hello,
>
> > Have you tried to locate or find *.cvd?  Are there other copies
> somewhere?
>
> yes, there are also files located in /usr/local/share/clamav/. These could
> be from a former installation. But the new directory is /var/lib/clamav/.
>

Having two copies of the database is just asking for trouble.  I would
remove the ones in /usr/local/share/clamav/ if you are not using them.  This
is almost definitely causing the problem

> > What about:
> >
> > sigtool -l|grep SomeFool
> >
> > [SomeFool list]
> >
> > Do you have SomeFool.Y listed?
>
> No, clamscan seems to use the wrong signature files as I state in an
> earlier mail.
>

I must have missed where you stated this.  Sigtool uses a hardcoded database
directory which is determined at compile time.  You may want to smylink the
old database directory to the new one to attempt to get sigtool to use the
newly freshclam'd virus files.  I dont know if this is the best solution,
but it would probably work.

> > have you tried clamscan -m ?
>
> That makes no sense and no difference ;-) ... The file is not in mbox
> format but the real *.pif containig the virus.
>

Indeed..i was not aware that it was just a pif.


> > Thats because clamscan doesnt use clamav.conf  only clamd/clamdscan
>
> Is there _any_ good reason for that? Why can I configure a alternative
> DatabaseDir for clamd and freshclam, if clamscan isn't using it? Sorry,
> but that seems to be a mistake in concept. Either there has to be a config
> file for clamscan as for the others, or clamscan has to use options out of
> clamav.conf to operate correctly.
>

I guess the reason for this is that clamscan expects all arguments on the
command line.  I honestly dont know as i did not develop clamav.  All i know
is that this is the case...why, im not sure.  This is the exact reason why i
suggested renaming clamav.conf to clamd.conf since clamd is the only program
using it.

> Please tell me if I'm completely wrong, but the actual state is
> unsatisfactory.

Im not sure what you mean by "the actual state"

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: WORM_SWEN.A undetected

2004-04-21 Thread Virgo Pärna 
On Wed, 21 Apr 2004 09:54:35 -0400, Bit Fuzzy <[EMAIL PROTECTED]> wrote:
> Hmmm, I wonder why mine didn't
> 

 I guess, it's up to standard questions - what version, what does
the "sigtool --list-sigs | grep -i gibe" show, checking for incorrect
database path and so on... Having file as example would help:)

-- 
Virgo Pärna 
[EMAIL PROTECTED]



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: [Clamav-devel] Patches For Your Amusement

2004-04-21 Thread Joe Maimon 
I have setup a small page for all my (updated) clamav patches for 
purposes of convenience.

http://www.jmaimon.com/clamav

(still running ok)

I will stop harassing you all now about this.

Joe Maimon wrote:
>These patches
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] upgrading clamav changes permissions on directories?

2004-04-21 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Kristof
> Petr
> Sent: Wednesday, April 21, 2004 5:02 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] upgrading clamav changes permissions on
> directories?
>
>
> Jim Maul wrote:
>
> >I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
> >http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
> >
> >Since i am running qmail with qmail-scanner, i run clamav as
> user qscand and
> >have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to be
> >owned by qscand.  While upgrading to 0.70 i noticed that all
> three of these
> >directories have changed back to clamav.clamav.   Would it be possible to
> >NOT change ownership back to clamav during an upgrade?
> >
> >Its not that big of a deal, just sorta annoying.
> >
> >
>
> Hello Jim,
>
> thanks for feedback.
>
> RPM has ability to enforce file/directory permissions and owners. This
> is usualy
> used for security reason on critical directories/files as a protection
> against
> inexperienced admins.
>
> But your request is valid.
>
> I will try to change package behaviour to
> - first instance of package on system will install these directories
> with clamav user
> - all next pieces will respect the actual setting, so if you changed
> owner, your
> setting will be untouched.
>
> Does it meet your needing?
>
> Petr
>

Sounds very good to me.  The only time i see this behavior being a problem
is if someone wants to reinstall the rpm to fix a permission problem.  In
that case i suppose they would have to delete the directories and then
reinstall so even that wouldnt be too bad.

Thanks for the help.

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] upgrading clamav changes permissions ondirectories?

2004-04-21 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Trog
> Sent: Wednesday, April 21, 2004 6:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] upgrading clamav changes permissions
> ondirectories?
>
>
> On Wed, 2004-04-21 at 10:58, Dilip M wrote:
> > On Wed, 21 Apr 2004 11:02:02 +0200, Krištof Petr
> <[EMAIL PROTECTED]>
> > wrote:
> >
> > > Jim Maul wrote:
> > >
> > >> I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
> > >> http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
> > >>
> > >> Since i am running qmail with qmail-scanner, i run clamav as user
> > >> qscand and
> > >> have to change /var/run/clamav, /var/log/clamav and
> /var/lib/clamav to
> > >> be
> > >> owned by qscand.  While upgrading to 0.70 i noticed that all
> three of
> > >> these
> > >> directories have changed back to clamav.clamav.   Would it
> be possible
> > >> to
> > >> NOT change ownership back to clamav during an upgrade?
> > >>
> > >> Its not that big of a deal, just sorta annoying.
> > >>
> >
> > Same things happened in my case..!! i'm running clamav as
> mailnull user !
> > So i need to change all clamav owned files to mailnull users :)
>
> then RTFM and tell configure which user you are running clamd as.
>
>

how about you RMFP (Read My F'in Post) and see that im using rpms and there
is no configure.  Thanks.

Jim



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: WORM_SWEN.A undetected

2004-04-21 Thread Bit Fuzzy 
Hmmm, I wonder why mine didn't

My server passed it (clamav) but PC running Pc-Cillin caught it

- Original Message -
From: "Virgo Pärna" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 3:41 AM
Subject: [Clamav-users] Re: WORM_SWEN.A undetected


> On Tue, 20 Apr 2004 12:00:54 -0400, Bit Fuzzy <[EMAIL PROTECTED]>
wrote:
> > It appears ClamAV doesn't detect WORM_SWEN.A
> >
>
>   Yes it does. ClamAV actually detects 9 variants of Gibe virus.
> And for me Soemfool is usually blocked by extention, so for my clamav
> Gibe is actually most popular virus.
>
> --
> Virgo Pärna
> [EMAIL PROTECTED]
>
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] New User

2004-04-21 Thread Steven Stern 
On Wed, 21 Apr 2004 07:45:53 -0400, "Chalonec Roger" <[EMAIL PROTECTED]>
wrote:

>I am new to Fedora and so new to clamav.  Can someone provide me with
>the easiest way to download, install, and run clamav?  I am interested
>in protecting inbound ftp file transfers and periodically scanning my
>fedora system.  I am not running samba nor NFS.  Is there a way to
>download and install via up2date?  How do I get new virus profiles and
>software updates?  I am running fedora 2.4.22-1.2174.nptl (i386) on a
>Pentium II 400Mhz.
>

Get the binaries at http://www.clamav.net/binary.html#pagestart. I used the
ones from crash-hat.  There are also instructions on how to add the crash-hat
repository to up2date.
--
   Steve
   


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav and microsoft exchange.

2004-04-21 Thread Niek 
Tomas Charvat wrote:

try google

qmail-scanner
That's qmail-scanner, a total different scanner.

Mailscanner (http://www.sng.ecs.soton.ac.uk/mailscanner)
supports qmail since Version 4.27.7 (1/3/2004).
So fairly new, and i only see a qmail-queue.zip and no documentation (yet).
Niek



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Worm.SomeFool.Q not recognized

2004-04-21 Thread Riccardo Ghiglianovich 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Il giorno 21/apr/04, alle 09:55, Trog ha scritto:

On Wed, 2004-04-21 at 08:39, Riccardo Ghiglianovich wrote:

#clamscan --version
clamscan / ClamAV version 0.70-rc
(upgrade to 0.70)

the same file I uploaded to test-clamav manually scanned:

Looks like you didn't specify --mbox

I am using Amavis + clamav; clamd is the main scanner; ;  clamscan as 
secondary (backup)  Antivirus scanner.
using the standard configuration,  clamd has MaxThreads=5;
If Amavis cant use clamd then calls clamscan, but in this case it lacks 
the --mbox.

I suspect then that  Amavis called clamscan because it reached 5 clamd 
threads, and the virus was not detected because of the lack of --mbox.

I had better to contact Amavis team ...

Regards,
RIc
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
iD4DBQFAhnJHmtKbrzf6uWURAlEPAJdtlGn0vl6PNhqFKzRhKMdLEbw8AJ9Ghb+i
5d03bSDAvPn+9rQ9NOlp5Q==
=EWe3
-END PGP SIGNATURE-


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav update to 0.70

2004-04-21 Thread Kristof Hardy 
Just to inform..

The update to 0.70 (from 0.70rc1) went perfect.
System used is Red Hat Linux 9 and CommuniGate Pro as mailserver. cgpav 
1.3 as interface between the 2..

Cheers..

Kristof

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] upgrading clamav changes permissions on directories?

2004-04-21 Thread Odhiambo Washington 
* Dilip M <[EMAIL PROTECTED]> [20040421 14:32]: wrote:
> On Wed, 21 Apr 2004 11:02:02 +0200, KriÅtof Petr <[EMAIL PROTECTED]> 
> wrote:
> 
> >Jim Maul wrote:
> >
> >>I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
> >>http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
> >>
> >>Since i am running qmail with qmail-scanner, i run clamav as user 
> >>qscand and
> >>have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to 
> >>be
> >>owned by qscand.  While upgrading to 0.70 i noticed that all three of 
> >>these
> >>directories have changed back to clamav.clamav.   Would it be possible 
> >>to
> >>NOT change ownership back to clamav during an upgrade?
> >>
> >>Its not that big of a deal, just sorta annoying.
> >>
> 
> Same things happened in my case..!! i'm running clamav as mailnull user !
> So i need to change all clamav owned files to mailnull users :)


There is a configure option --with-user=SOME_USER_TO_RUN_AS, I think.
./configure --help 



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] .ZIP file scanning

2004-04-21 Thread Odhiambo Washington 
* Ricardo Bernardes <[EMAIL PROTECTED]> [20040421 14:36]: wrote:
> hi
> 
> is it possible to stop ClamAV from scanning .zip files?
> 
> (RedHat 8; Sendmail; Mailscanner)

Tell whatever app that calls clamav to exempt .zip files. That's it.


cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] New User

2004-04-21 Thread Chalonec Roger 
I am new to Fedora and so new to clamav.  Can someone provide me with
the easiest way to download, install, and run clamav?  I am interested
in protecting inbound ftp file transfers and periodically scanning my
fedora system.  I am not running samba nor NFS.  Is there a way to
download and install via up2date?  How do I get new virus profiles and
software updates?  I am running fedora 2.4.22-1.2174.nptl (i386) on a
Pentium II 400Mhz.

Thanks in advance,

Roger






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] New user

2004-04-21 Thread Chalonec Roger 
I am new to Fedora and so new to clamav.  Can someone provide me with
the easiest way to download, install, and run clamav?  I am interested
in protecting inbound ftp file transfers and periodically scanning my
fedora system.  I am not running samba nor NFS.  Is there a way to
download and install via up2date?  How do I get new virus profiles and
software updates?  I am running fedora 2.4.22-1.2174.nptl (i386) on a
Pentium II 400Mhz.

Thanks in advance,

Roger






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems after upgraded to 0.70-1 (from 0.70-rc1)

2004-04-21 Thread Peter van der Does 
It seems like I had the same problem, some Sober.F messages weren't
caught. I submitted one as a new virus and one of the members of the
virus db team told me he caught the virus. He used .70-rc1 and I use
.70.

After some debuging, going through the sources and talking to one of
the developers it seems that the check to see if a text file is a
mailmessage wasn't detecting this textfile as a mailmessage. Some
changes have been made to this check which will appear in the upcoming
develop version, hopefully it will be solved by then.

Why the virrusses are caught with .70-rc1 and not with .70 I don't
know, I just hope the upcoming release will solve the problem.

Greets
Peter

>>> [EMAIL PROTECTED] 21-04-2004 11:28:27 >>>
Mimmus wrote:

>I currently use Sendmail+ClamAV+Sendmail Milter.
>I just upgraded to 0.70-1 from 0.70-rc1, using RPM packages, but many
>viruses are going through.
>

How did you know the viruses are going  through?
Do you have viruses in your INBOX?

If yes, look at mail headers for
X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version
0.70j

This means email pass chain sendmail->clamav-milter->clamd.

Check you virusdb with sigtool and clamav.conf and freshclam.conf.
Maybe you have doubled configs or virusdb on diffrerent locations.

Are you using some advanced configurations as mailertables, and so?

Petr




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED] 
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Problems after upgraded to 0.70-1 (from 0.70-rc1)

2004-04-21 Thread Mimmus 
> How did you know the viruses are going  through?
> Do you have viruses in your INBOX?
Next antivirus (Trend InterScan VirusWall) detects them.


> If yes, look at mail headers for
> X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70j
I was able to see this header. I saw also clamav-milter examining messages
in log files.

> This means email pass chain sendmail->clamav-milter->clamd.
I'm pretty sure because some viruses get caught (and some not).

> Check you virusdb with sigtool and clamav.conf and freshclam.conf.
> Maybe you have doubled configs or virusdb on diffrerent locations.
No, same locations, I double-checked this. I used RPMs from usual source and
they are consistent.
I tried also to recompile them from src package.

> Are you using some advanced configurations as mailertables, and so?
No.
I repeat: using 0.70-rc1 all is OK. In fact, I made rollback to this version
and I'm caughting all viruses.

Thanks
Mimmus





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Andrea Trasatti 


On 21 Apr 2004 at 9:49, Trog wrote:

> On Wed, 2004-04-21 at 09:37, Andrea Trasatti wrote:
> 
> > 
> > As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more 
> > than once and I only have one main.cvd and one daily.cvd. How do I get the 
> > database 
> > location of clamdscan? Where should I change it?
> 
> clamdscan sends the file to clamd to scan. You need to tell clamd to
> reload the database when it is updated. See the NotifyClamd option in
> the freshclam.conf and the SelfCheck option in clamav.conf

Thank you everyone for the support. I solved the problem. In my clamav.conf there 
wasn't the directive "DatabaseDirectory /var/lib/clamav" while it was present (and 
commented out) in freshclam.conf. I copied and uncommented into the clamav.conf, 
restarted and now clamd reads the database from the correct place.

I would like to remind that I installed everything with gentoo's portage system. Is 
this a 
failure of their scripts or is it clam's? Basically freshclam and clamscan were using 
the 
new database path (/var/lib/clamav) while clamd was using an old one 
(/usr/share/clamav). In the former are located the .cvd files, in the latter these 
three 
files that are not being updated anymore: ce0d05c72efc2275,  viruses.db,  viruses.db2


I read many posts of some users who might be encountering the same problems. As it 
was suggested by someone else, I don't see why the three softwares (clamscan, clamd 
and freshclam) should use different configuration files that might lead to these 
mistakes. Also I couldn't find anything about "DatabaseDirectory" in the docs (I 
downloaded the V0.68 PDF and also read the HTML version).

Thanks again for the support.

- Andrea


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Trog 
On Wed, 2004-04-21 at 10:51, Riccardo Ghiglianovich wrote:
> wow, I havw the exact opposite : clamscan does NOT detect, and 
> clamdscad does it
> 
> # clamscan 5279D9E6.39B
> 5279D9E6.39B: OK
> 
> - --- SCAN SUMMARY ---
> Known viruses: 21162
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.04 MB
> I/O buffer size: 131072 bytes
> Time: 0.438 sec (0 m 0 s)
> 
> # clamdscan 5279D9E6.39B
> /home/riccardo/5279D9E6.39B: Worm.SomeFool.Q FOUND
> 
> - --- SCAN SUMMARY ---
> Infected files: 1
> Time: 0.012 sec (0 m 0 s)
> [EMAIL PROTECTED]:/home/riccardo#

Is that file an email? If so, RTFM on clamscan.

-trog



signature.asc
Description: This is a digitally signed message part

[Clamav-users] .ZIP file scanning

2004-04-21 Thread Ricardo Bernardes 
hi

is it possible to stop ClamAV from scanning .zip files?

(RedHat 8; Sendmail; Mailscanner)
thank you



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] upgrading clamav changes permissions on directories?

2004-04-21 Thread Trog 
On Wed, 2004-04-21 at 10:58, Dilip M wrote:
> On Wed, 21 Apr 2004 11:02:02 +0200, Krištof Petr <[EMAIL PROTECTED]> 
> wrote:
> 
> > Jim Maul wrote:
> >
> >> I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
> >> http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
> >>
> >> Since i am running qmail with qmail-scanner, i run clamav as user 
> >> qscand and
> >> have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to 
> >> be
> >> owned by qscand.  While upgrading to 0.70 i noticed that all three of 
> >> these
> >> directories have changed back to clamav.clamav.   Would it be possible 
> >> to
> >> NOT change ownership back to clamav during an upgrade?
> >>
> >> Its not that big of a deal, just sorta annoying.
> >>
> 
> Same things happened in my case..!! i'm running clamav as mailnull user !
> So i need to change all clamav owned files to mailnull users :)

then RTFM and tell configure which user you are running clamd as.

-trog



signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] Syslog : write failure to clamd

2004-04-21 Thread Joe Maimon 


Vital wrote:

Clamd + clamav-milter work fine BUT:
in syslog sometime
 

clamav-milter[953]: write failure to clamd
sendmail[18248]: i2SEqA0C018248: Milter: data, reject=451 4.7.1 Please try again later
   

I have to run daemon with option -dont-scan-on-error. Is it normal?

P.S. To my supervision, it occurs only to letters with attachments.
(an attachments different, without viruses)
 

Make sure you are running latest version of clamav-milter and browse the
list archives for previous messages on this topic.
   



I use ClamAV version 0.70-rc, clamav-milter version 0.70 - Red Hat 9.0
I have seen all mailing-list, have found the description of this
mistake - but its decision is not present.


 

I would recommend you upgrade to 0.70 (not -rc) or the latest CVS snapshot.



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Syslog : write failure to clamd

2004-04-21 Thread Trog 
On Wed, 2004-04-21 at 10:25, Vital wrote:
> >> Clamd + clamav-milter work fine BUT:
> >>  in syslog sometime
> >> >clamav-milter[953]: write failure to clamd
> >> >sendmail[18248]: i2SEqA0C018248: Milter: data, reject=451 4.7.1 Please try again 
> >> >later
> >>  I have to run daemon with option -dont-scan-on-error. Is it normal?
> >>
> >>  P.S. To my supervision, it occurs only to letters with attachments.
> >>  (an attachments different, without viruses)
> >>
> >>
> >Make sure you are running latest version of clamav-milter and browse the
> >list archives for previous messages on this topic.
> 
> 
> I use ClamAV version 0.70-rc, clamav-milter version 0.70 - Red Hat 9.0
> I have seen all mailing-list, have found the description of this
> mistake - but its decision is not present.

Upgrade to 0.70

-trog



signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Trog 
On Wed, 2004-04-21 at 10:26, Andrea Trasatti wrote:
> Thanks, I added/uncommented the SelfCheck. How should I configure The 
> NotifyClam? This is what I have in my conf file:
> #NotifyClamd [/optional/config/file/path]
> 
> Should I specify the clamav.conf path?
> 

you shouldn't need to specify the path unless you have put it in a
non-default location.

-trog



signature.asc
Description: This is a digitally signed message part

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Riccardo Ghiglianovich 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Il giorno 21/apr/04, alle 10:37, Andrea Trasatti ha scritto:

Hello all,
I have posted a few messages about clamd not detecting some SomeFool
variants when scanning mail, but clamscan was detecting them.
wow, I havw the exact opposite : clamscan does NOT detect, and 
clamdscad does it

# clamscan 5279D9E6.39B
5279D9E6.39B: OK
- --- SCAN SUMMARY ---
Known viruses: 21162
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.04 MB
I/O buffer size: 131072 bytes
Time: 0.438 sec (0 m 0 s)
# clamdscan 5279D9E6.39B
/home/riccardo/5279D9E6.39B: Worm.SomeFool.Q FOUND
- --- SCAN SUMMARY ---
Infected files: 1
Time: 0.012 sec (0 m 0 s)
[EMAIL PROTECTED]:/home/riccardo#


RIc
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFAhkRAmtKbrzf6uWURAob+AJ0UqL3SwbFYvkVKkg1RDwJZaEaDuwCfZpVp
458VPSDnzvqm7WsZDrYzp9Y=
=2ve+
-END PGP SIGNATURE-


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] upgrading clamav changes permissions on directories?

2004-04-21 Thread Dilip M 
On Wed, 21 Apr 2004 11:02:02 +0200, Kri¨tof Petr <[EMAIL PROTECTED]> 
wrote:

Jim Maul wrote:

I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
Since i am running qmail with qmail-scanner, i run clamav as user 
qscand and
have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to 
be
owned by qscand.  While upgrading to 0.70 i noticed that all three of 
these
directories have changed back to clamav.clamav.   Would it be possible 
to
NOT change ownership back to clamav during an upgrade?

Its not that big of a deal, just sorta annoying.

Same things happened in my case..!! i'm running clamav as mailnull user !
So i need to change all clamav owned files to mailnull users :)


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Fajar A. Nugraha 
Andrea Trasatti wrote:

Hello all,
	I have posted a few messages about clamd not detecting some SomeFool 
variants when scanning mail, but clamscan was detecting them.
While reading some man pages and the conf files, I found another binary called 
clamdscan. I ran it and this is what turned out:

defender2 root # clamscan message.scr
message.scr: Worm.SomeFool.P FOUND
--- SCAN SUMMARY ---
Known viruses: 21161
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.03 MB
I/O buffer size: 131072 bytes
Time: 6.929 sec (0 m 6 s)
defender2 root # clamdscan message.scr
/root/message.scr: OK
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.014 sec (0 m 0 s)


As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more 
than once and I only have one main.cvd and one daily.cvd. How do I get the database 
location of clamdscan? Where should I change it?

 

Just a hunch, but I think you run clamd as non-previledged user (clamav 
user?)
It will not be able to scan files on /root or /home/user, as AFAIK those 
files are only
available for root or owner. It does not matter if you run clamdscan as 
root;
clamd still read it with clamav users's rights (e.g. non-root)

Copy your test file somewhere else readable by clamav user (e.g. /tmp) 
and try again.
To verify that clamd and clamscan reads the same database file, stop 
clamd, and start it again.
You shoud see on clamd's log (or syslog) entry saying how many viruses 
it knows,
and where it reads them from.

Regards,

Fajar
--
Please avoid sending me Microsoft Office attachments.
See http://www.newsforge.com/software/04/03/27/0134204.shtml
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Andrea Trasatti 


On 21 Apr 2004 at 9:49, Trog wrote:

> On Wed, 2004-04-21 at 09:37, Andrea Trasatti wrote:
> 
> > 
> > As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more 
> > than once and I only have one main.cvd and one daily.cvd. How do I get the 
> > database 
> > location of clamdscan? Where should I change it?
> 
> clamdscan sends the file to clamd to scan. You need to tell clamd to
> reload the database when it is updated. See the NotifyClamd option in
> the freshclam.conf and the SelfCheck option in clamav.conf

Thanks, I added/uncommented the SelfCheck. How should I configure The 
NotifyClam? This is what I have in my conf file:
#NotifyClamd [/optional/config/file/path]

Should I specify the clamav.conf path?

Thanks,
Andrea


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems after upgraded to 0.70-1 (from 0.70-rc1)

2004-04-21 Thread Krištof Petr 
Mimmus wrote:

I currently use Sendmail+ClamAV+Sendmail Milter.
I just upgraded to 0.70-1 from 0.70-rc1, using RPM packages, but many
viruses are going through.
How did you know the viruses are going  through?
Do you have viruses in your INBOX?
If yes, look at mail headers for
X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70j
This means email pass chain sendmail->clamav-milter->clamd.

Check you virusdb with sigtool and clamav.conf and freshclam.conf.
Maybe you have doubled configs or virusdb on diffrerent locations.
Are you using some advanced configurations as mailertables, and so?

Petr



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Syslog : write failure to clamd

2004-04-21 Thread Vital 
>> Clamd + clamav-milter work fine BUT:
>>  in syslog sometime
>> >clamav-milter[953]: write failure to clamd
>> >sendmail[18248]: i2SEqA0C018248: Milter: data, reject=451 4.7.1 Please try again 
>> >later
>>  I have to run daemon with option -dont-scan-on-error. Is it normal?
>>
>>  P.S. To my supervision, it occurs only to letters with attachments.
>>  (an attachments different, without viruses)
>>
>>
>Make sure you are running latest version of clamav-milter and browse the
>list archives for previous messages on this topic.


I use ClamAV version 0.70-rc, clamav-milter version 0.70 - Red Hat 9.0
I have seen all mailing-list, have found the description of this
mistake - but its decision is not present.





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] upgrading clamav changes permissions on directories?

2004-04-21 Thread Krištof Petr 
Jim Maul wrote:

I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
Since i am running qmail with qmail-scanner, i run clamav as user qscand and
have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to be
owned by qscand.  While upgrading to 0.70 i noticed that all three of these
directories have changed back to clamav.clamav.   Would it be possible to
NOT change ownership back to clamav during an upgrade?
Its not that big of a deal, just sorta annoying.
 

Hello Jim,

thanks for feedback.

RPM has ability to enforce file/directory permissions and owners. This 
is usualy
used for security reason on critical directories/files as a protection 
against
inexperienced admins.

But your request is valid.

I will try to change package behaviour to
- first instance of package on system will install these directories 
with clamav user
- all next pieces will respect the actual setting, so if you changed 
owner, your
setting will be untouched.

Does it meet your needing?

Petr



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Lionel Bouton 
Andrea Trasatti wrote the following on 04/21/2004 10:37 AM :

[...]

As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more 
than once and I only have one main.cvd and one daily.cvd. How do I get the database 
location of clamdscan? Where should I change it?
 

Do you use the --notify-daemon freshclam parameter ? IIRC, clamd loads 
the db in memory so it must be warned each time the db files are 
updated, freshclam can do it if told to do so.

Regards,

Lionel.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Trog 
On Wed, 2004-04-21 at 09:37, Andrea Trasatti wrote:

> 
> As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more 
> than once and I only have one main.cvd and one daily.cvd. How do I get the database 
> location of clamdscan? Where should I change it?

clamdscan sends the file to clamd to scan. You need to tell clamd to
reload the database when it is updated. See the NotifyClamd option in
the freshclam.conf and the SelfCheck option in clamav.conf

-trog



signature.asc
Description: This is a digitally signed message part

[Clamav-users] clamscan and clamd not synced?

2004-04-21 Thread Andrea Trasatti 
Hello all,
I have posted a few messages about clamd not detecting some SomeFool 
variants when scanning mail, but clamscan was detecting them.
While reading some man pages and the conf files, I found another binary called 
clamdscan. I ran it and this is what turned out:


defender2 root # clamscan message.scr
message.scr: Worm.SomeFool.P FOUND

--- SCAN SUMMARY ---
Known viruses: 21161
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.03 MB
I/O buffer size: 131072 bytes
Time: 6.929 sec (0 m 6 s)
defender2 root # clamdscan message.scr
/root/message.scr: OK

--- SCAN SUMMARY ---
Infected files: 0
Time: 0.014 sec (0 m 0 s)



As you can see, clamscan catches the worm, while clamdscan doesn't. I checked more 
than once and I only have one main.cvd and one daily.cvd. How do I get the database 
location of clamdscan? Where should I change it?

Thanks,
Andrea


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Problems after upgraded to 0.70-1 (from 0.70-rc1)

2004-04-21 Thread Mimmus 
Nothing to do: after upgrading to 0.70-1 from 0.70-rc1, many viruses are
unrecognized.
It is not a problem of signatures because some viruses of same type are
blocked and some not (for istance: Worm.SomeFool.X).
I used RPMs from http://crash.fce.vutbr.cz/crash-hat/1/clamav/
Is there some basic setting I'm missing?

I have no chance to post samples because messages are blocked by another
antivirus.

Thanks for any help.
Mimmus





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Why sometimes my clamav dosen't filter virus

2004-04-21 Thread B. van Ouwerkerk 

The clamav dosen't work at the time 19:44-19:45 , on this time I received 5
virus email.   why?
You're using milter? If so then you might have configured sendmail to let 
through if milter is unavailable.



B. 



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav and microsoft exchange.

2004-04-21 Thread Tomas Charvat 
try google

qmail-scanner


- Original Message - 
From: "Bora" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 21, 2004 3:44 AM
Subject: RE: [Clamav-users] Clamav and microsoft exchange.


> Peter, I know that mailscanner has documentation for everything except
with
> qmail, do know where I can find it?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Peter
> Bonivart
> Sent: Tuesday, April 20, 2004 10:51 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Clamav and microsoft exchange.
>
> Bora wrote:
> > Hi, can the gateway be used to filter multiple domains for different
> > Exchange server? If so, where can I find the documentation? TIA.
>
> If you have Sendmail you do that with the mailertable, like this:
>
> domain1.com smtp:[1.2.3.4]
> domain2.com smtp:[1.2.3.5]
>
> Then in MailScanner you use rulesets if you want it to handle each
> domain different in any way. Almost every option in MailScanner can have
> rulesets, it's very powerful.
>
> -- 
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.29.7,
> SpamAssassin 2.63 + DCC 1.2.39, ClamAV 0.70 + GMP 4.1.2, Vispan 1.3
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>
>
> ---
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Worm.SomeFool.Q not recognized

2004-04-21 Thread Trog 
On Wed, 2004-04-21 at 08:39, Riccardo Ghiglianovich wrote:

> #clamscan --version
> clamscan / ClamAV version 0.70-rc

(upgrade to 0.70)

> 
> the same file I uploaded to test-clamav manually scanned:
> 

Looks like you didn't specify --mbox

-trog



signature.asc
Description: This is a digitally signed message part

[Clamav-users] Worm.SomeFool.Q not recognized

2004-04-21 Thread Riccardo Ghiglianovich 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ADDENDUM:

this is an update to my previous mesg
I noticed that just once clamav doesnt recognize the  Worm.SomeFool.Q
In fact into my virusalert mailbox I have lots of
"A virus (Worm.SomeFool.Q) was found." instances;
Well, this is more and more strange.
So, the situation is:
my updated version of clamav SOMETIMES (i think 1 on 50, i.e. 1%) does 
not recognize the Worm.SomeFool.Q.
Why?

RIc
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFAhifjmtKbrzf6uWURAo9fAJ9H2nSNCqqOt9qXRYlBzIOrvPbYjQCfaUGw
bIty+FEzc8qhkCAxVwmvDVs=
=zShj
-END PGP SIGNATURE-


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: WORM_SWEN.A undetected

2004-04-21 Thread Virgo Pärna 
On Tue, 20 Apr 2004 12:00:54 -0400, Bit Fuzzy <[EMAIL PROTECTED]> wrote:
> It appears ClamAV doesn't detect WORM_SWEN.A
> 

  Yes it does. ClamAV actually detects 9 variants of Gibe virus.
And for me Soemfool is usually blocked by extention, so for my clamav
Gibe is actually most popular virus.

-- 
Virgo Pärna 
[EMAIL PROTECTED]



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Worm.SomeFool.Q not recognized

2004-04-21 Thread Riccardo Ghiglianovich 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,

AVPersonal has detected  Worm.SomeFool.Q  into a mail; clamav does not ;
so I saved the mail and used on line test-clamav
http://www.gietl.com/test-clamav/read.php :
=
File is valid, and was successfully uploaded.
clamav scans the file ...
 Clamav-Output:
/tmp/phpLVMppC: Worm.SomeFool.Q FOUND
And found something:
 Worm.SomeFool.Q
Since clamav already recognizes the content you submitted there is no 
reason to resubmit it.

=

then I used freshclam but
My db is updated :
# freshclam
ClamAV update process started at Wed Apr 21 09:27:25 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: 
tkojm)
Reading CVD header (daily.cvd): OK
daily.cvd is up to date (version: 272, sigs: 932, f-level: 1, builder: 
tomek)

#clamscan --version
clamscan / ClamAV version 0.70-rc
the same file I uploaded to test-clamav manually scanned:

clamscan --debug  5279D9E6.39B
LibClamAV debug: Loading databases from /usr/local/share/clamav
LibClamAV debug: Loading /usr/local/share/clamav/main.cvd
LibClamAV debug: /usr/local/share/clamav/main.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 1b99fa97eec06a4e2946d2c53d63f2c1
LibClamAV debug: Decoded signature: 1b99fa97eec06a4e2946d2c53d63f2c1
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/723343eac6475883/COPYING
LibClamAV debug: Unpacking /tmp/723343eac6475883/viruses.db
LibClamAV debug: Loading databases from /tmp/723343eac6475883
LibClamAV debug: Loading /tmp/723343eac6475883/viruses.db
LibClamAV debug: Initializing trie.
LibClamAV debug: Loading /usr/local/share/clamav/daily.cvd
LibClamAV debug: /usr/local/share/clamav/daily.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 07d39c15afaa19439afbc867f33f74f7
LibClamAV debug: Decoded signature: 07d39c15afaa19439afbc867f33f74f7
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/e5118da9508c0a64/COPYING
LibClamAV debug: Unpacking /tmp/e5118da9508c0a64/viruses.db2
LibClamAV debug: Loading databases from /tmp/e5118da9508c0a64
LibClamAV debug: Loading /tmp/e5118da9508c0a64/viruses.db2
LibClamAV debug: Recognized Maildir file
5279D9E6.39B: OK
- --- SCAN SUMMARY ---
Known viruses: 21161
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.04 MB
I/O buffer size: 131072 bytes
Time: 0.437 sec (0 m 0 s)
What's wrong?
Did I miss something?
Thanks,
regards
RIc
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFAhiVCmtKbrzf6uWURAk+8AJ920G0iJPUft1Xgw0fDYJZkaj7GoQCfXu+0
tVYtA2Eyi0A2c5Kd58W7+Wg=
=1SJu
-END PGP SIGNATURE-


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users