Re: [Clamav-users] Problem with clamscan .vs. clamdscan
On Wed, 28 Apr 2004 08:20:03 +1000 Bill Maidment [EMAIL PROTECTED] wrote: My point is that if we could make the names of the processes more distinguishable and match the conf files (if any) then we remove the chance of error. For example clamscan could be renamed to scanclam (with NO scanclam.conf), clamdscan renamed as daemonclam (with daemonclam.conf) or something like that. No way. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Apr 28 09:50:40 CEST 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
Don Levey wrote: Apr 27 21:38:54 davinci sendmail[7174]: i3S1csjm007174: from=[EMAIL PROTECTED], size=700, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter (clmilter): timeout during data read Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter (clmilter): to error state This looks like exactly what it seems. clamav-milter did not respond during the 5 minute timeout (check your sendmail cf readme or look at www.sendmail.org) Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: from=[EMAIL PROTECTED], size=703, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: Milter: data, reject=451 4.7.1 Please try again later Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: to=[EMAIL PROTECTED], delay=00:00:00, pri=30695, stat=Please try again later Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: from=[EMAIL PROTECTED], size=703, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: Milter: data, reject=451 4.7.1 Please try again later Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: to=[EMAIL PROTECTED], delay=00:00:00, pri=30695, stat=Please try again later What seem to be corresponding entries from an strace run of clamav-milter: accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 2 setsockopt(2, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 clone(child_stack=0x410cba90, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7175], {entry_number:6, base_addr:0x410cbb30, limit:1048575, seg_32bit:1, contents:0 , read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 7175 accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 3 setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 clone(child_stack=0x418cca90, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7213], {entry_number:6, base_addr:0x418ccb30, limit:1048575, seg_32bit:1, contents:0 , read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 7213 select(2, [1], NULL, [1], {5, 0}) = 1 (in [1], left {4, 78}) accept(1, {sa_family=AF_UNIX, [EMAIL PROTECTED], [2]) = 3 setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 clone(child_stack=0x418cca90, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SETTLS|CLONE_PARENT_SETTI D|CLONE_CHILD_CLEARTID|CLONE_DETACHED, [7215], {entry_number:6, base_addr:0x418ccb30, limit:1048575, seg_32bit:1, contents:0 , read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 7215 Your strace looks like the code in libmilter. Exactly what version of sendmail and sendmail-devel do you have? --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Trying to install on old machine
Christian Hack [EMAIL PROTECTED] ???/ ? ?: news:[EMAIL PROTECTED] I'm running an old RH6.2 based box, which does most things OK for now (it's still kernel 2.2 though). I'm looking to upgrade soon, but would like to get ClamAV going on it for now. When I run configure, I get these errors: checking pthread.h usability... no checking pthread.h presence... yes configure: WARNING: pthread.h: present but cannot be compiled configure: WARNING: pthread.h: check for missing prerequisite headers? configure: WARNING: pthread.h: proceeding with the preprocessor's result checking for pthread.h... yes but it continues on. When I run make I get: /bin/sh ../libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib-g -O2 -c -o others.lo `test -f 'others.c' || echo './'`others.c rm -f .libs/others.lo gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -g -O2 -c others.c -Wp,-MD,.deps/others.TPlo -fPIC -DPIC -o .libs/others.lo In file included from others.c:43: /usr/include/pthread.h:141: parse error before `*' /usr/include/pthread.h:143: `pthread_create' declared as function returning a function followed by a big bunch of errors. It's strange, because I am able to compile clamav on an even older, RH6.0-based system. Looks like something is wrong with your pthread headers. From the error message, it looks like the compiler does not recogniz the pthread_attr_t type. You may want to check that the header /usr/include/bits/pthreadtypes.h is present and declares pthread_attr_t. You may also want to verify the integrity of your headers with rpm -V glibc-devel command. Leonid. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clam assigns wrong virus name??
Hi First of all: Kudos to the ClamAV team it's so useful in stopping worms. On to my question: For some reason, clamav is labelling almost each virus it finds in incoming mail as Win32.Mix like so Wed Apr 28 12:28:30 2004 - /var/spool/qmailscan/tmp/mx2108314810947010970/data.rtf .scr: Win32.Mix FOUND I am sure that is rather a sample of the Netsky worm, which other systems running clam identify as Worm.Somefool.xx What could be the cause of the wrong name? Thanks Regards Ralf G. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
On Wed, 2004-04-28 at 05:57, Joe Maimon wrote: Don Levey wrote: Apr 27 21:38:54 davinci sendmail[7174]: i3S1csjm007174: from=[EMAIL PROTECTED], size=700, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter (clmilter): timeout during data read Apr 27 21:42:54 davinci sendmail[7174]: i3S1csjm007174: Milter (clmilter): to error state This looks like exactly what it seems. clamav-milter did not respond during the 5 minute timeout (check your sendmail cf readme or look at www.sendmail.org) Hmm... This is a 4-minute lag, which would correspond with the line in sendmail.mc: INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clamav-milter.sock, F=, T=C:1m;S:4m;R:4m')dnl Any ideas on why it would take so long to (fail to) respond? Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: from=[EMAIL PROTECTED], size=703, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: Milter: data, reject=451 4.7.1 Please try again later Apr 27 21:40:43 davinci sendmail[7212]: i3S1egjm007212: to=[EMAIL PROTECTED], delay=00:00:00, pri=30695, stat=Please try again later Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: from=[EMAIL PROTECTED], size=703, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=smtp03.mrf.mail.rcn.net [207.172.4.62] Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: Milter: data, reject=451 4.7.1 Please try again later Apr 27 21:40:43 davinci sendmail[7214]: i3S1ehjm007214: to=[EMAIL PROTECTED], delay=00:00:00, pri=30695, stat=Please try again later Your strace looks like the code in libmilter. Exactly what version of sendmail and sendmail-devel do you have? My sendmail and sendmail-devel are both 8.12.8-9.90. Is this known to cause problems? Thanks again! -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [PATCH] clamav-milter --max-child-wait
This is actualy a lot worse than I thought. Apr 27 04:25:50 nameserver2 clamav-milter[4431]: ClamAv: private data not NULL Apr 27 04:25:50 nameserver2 clamav-milter[4417]: ClamAv: private data not NULL Apr 27 04:25:52 nameserver2 clamav-milter[4427]: ClamAv: private data not NULL Apr 27 04:25:52 nameserver2 clamav-milter[4429]: ClamAv: private data not NULL Apr 27 04:25:52 nameserver2 sendmail[4484]: i3R8PMaZ004484: Milter (clamav-milter): timeout before data read Apr 27 04:25:52 nameserver2 sendmail[4484]: i3R8PMaZ004484: Milter (clamav-milter): to error state Apr 27 04:25:53 nameserver2 sendmail[4484]: i3R8PMaZ004484: from=[EMAIL PROTECTED], size=1043, class=0, nrcpts =1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=mx20.blackberry.net [206.51.26.249] Apr 27 04:25:54 nameserver2 clamav-milter[4435]: ClamAv: private data not NULL Apr 27 04:25:54 nameserver2 clamav-milter[4518]: hit max-children limit (11253 = 25): waiting for some to exit Apr 27 04:25:56 nameserver2 sendmail[4487]: i3R8PO9w004487: Milter (clamav-milter): timeout before data read Apr 27 04:25:56 nameserver2 sendmail[4487]: i3R8PO9w004487: Milter (clamav-milter): to error state Something obviously went horribly wrong. Patches at http://www.jmaimon.com/clamav (the ClamAv: private data not NULL are libmilter errors. I think the reason they occur is because sendmail places the mail filter into error state and closes the connection. Therefore I do not yet see how clamfi_cleanup would get called) Joe Maimon wrote: So this morning clamd hung up. But then to add insult to injury max-children of clamav-milter piled up behind it like a car wreck. This patch adds the argument --max-child-wait=, which works like this. * -1 wait 60 seconds for max_children and continue.(Old behavior) * 0 or no value, no waiting, exit if max_children.(New default) * 0 means wait that long, then exit if neccessary.(Mix) Justification: If there are too many milters, hanging around doing nothing for 60 seconds wont make it any better. Besides, sendmail milter could be configured to time out before that. Also, you would expect that saying --max-children actualy limited it to --max-children. Joe --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
Don Levey wrote: On My sendmail and sendmail-devel are both 8.12.8-9.90. Is this known to cause problems? Thanks again! -Don I dont know. Perhaps you would like to try compiling sendmail,libmilter,clamav from source? --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problem with clamscan .vs. clamdscan
On Fri, 2004-04-23 at 14:40, Stephen Gran wrote: What DOES read clamav.conf? clamd, clamdscan, and clamav-milter. freshclam also looks at it to find out how to notify clamd if you have it set to notify clamd after updates. It _is_ in the various docs, you know :) The RPM I'm using has a clamd.conf, freshclam.conf, and clamav.conf so I must have assumed that the rest of the programs used clamav.conf, and must have assumed that clamdscan and clamscan both read the same config file. Maybe it's because I use spamassassin and spamassassin and spamc (the daemon client) try to act the same way and try to be drop-in replacements for each other. I just assumed that clamscan and clamdscan tried to be drop in replacements for each other as well. --Eric -- Eric Wieling * BTEL Consulting * 504-899-1387 x2111 In a related story, the IRS has recently ruled that the cost of Windows upgrades can NOT be deducted as a gambling loss. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re[2]: [Clamav-users] External script for clamav-milter (VirusEvent?)
Hello Tomasz, Monday, April 26, 2004, 11:56:22 PM, you wrote: TK On Mon, 26 Apr 2004 19:21:15 +0400 TK Marin Alexey [EMAIL PROTECTED] wrote: Hello, clamav-users, Using Clamav above 3 month. Now prepare to deal with realtime DRBL blocking for virus-source hosts (above 100 hosts/messages per day, 5 mail-servers). Is it rcorrect to use VirusEvent config options to run external script for infected mail processing, with delete infected file after source ip is obtained? TK No, it isn't. So, what is the way to process whole mail (with headers) by external script? As I find, quarantine give only message content, not headers, but if I need process all headers in infected message? _ , , . [EMAIL PROTECTED] . +7(095) 775-49-33 . +7(095) 775-49-33 1Z - C ! --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] scanning streams
We are using clamd and clamscan for our mail and are very pleased with it. Keep up the good work. I was wondering if it is possible to scan streams too (http-traffic, ...)? Marc --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam assigns wrong virus name??
On Wed, 28 Apr 2004 at 13:42:07 +0200, Ralf Guenthner wrote: First of all: Kudos to the ClamAV team it's so useful in stopping worms. On to my question: For some reason, clamav is labelling almost each virus it finds in incoming mail as Win32.Mix like so Wed Apr 28 12:28:30 2004 - /var/spool/qmailscan/tmp/mx2108314810947010970/data.rtf .scr: Win32.Mix FOUND I am sure that is rather a sample of the Netsky worm, which other systems running clam identify as Worm.Somefool.xx What could be the cause of the wrong name? I guess that you use very old database - Win32.Mix isn't present in the database since the end of February 2004. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
[EMAIL PROTECTED] wrote: Don Levey wrote: On My sendmail and sendmail-devel are both 8.12.8-9.90. Is this known to cause problems? Thanks again! -Don I dont know. Perhaps you would like to try compiling sendmail,libmilter,clamav from source? Well, I'm willing to try most anything at this point, though I tried to compile the clamav packages from source and that seemed to cause quite a few other problems. I admit I'm a little reluctant to recompile sendmail unless it's absolutely necessary, since it works (otherwise) now, but if that's what I need to do, so be it. -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] error on make in OS X/Panther clamav
I'm getting similar errors during make, however I can't see an answer in the error ;-) Snip depmode=gcc3 /bin/sh ../depcomp \ /bin/sh ../libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib-g -O2 -c -o matcher.lo `test -f 'matcher.c' || echo './'`matcher.c ../libtool: line 1: s%^.*/%%: No such file or directory ../libtool: line 1: -e: command not found *** Warning: inferring the mode of operation is deprecated. *** Future versions of Libtool will require -mode=MODE be specified. ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found : compile: cannot determine name of library object from `' make[2]: *** [matcher.lo] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 /Snip Anyone have any ideas as to what could be going on with this? I'm stuck. There's something about -mode=MODE being depreciated but I don't know enough to be able to get round the problem. Thanks Huw Jenkins From: OpenMacNews [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 30 Mar 2004 09:22:09 -0800 To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] error on make in OS X/Jaguar clamav-0.70-rc you'll need to do exactly what the error suggests: % ranlib /usr/lib/libbz2.a richard -- On Tuesday, March 30, 2004 10:18 AM -0500 Robert Kudyba [EMAIL PROTECTED] wrote: Any idea how to fix this? Happens on a make... ld: table of contents for archive: /usr/lib/libbz2.a is out of date; rerun ranlib(1) (can't load from it) make[2]: *** [clamscan] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam assigns wrong virus name??
I guess that you use very old database - Win32.Mix isn't present in the database since the end of February 2004. Tomasz, thanks a lot for replying. I'm afraid that's not the problem, though. Here's the result of a fresclam: ClamAV update process started at Wed Apr 28 16:00:00 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 291, sigs: 1072, f-level: 2, builder: ccordes) What now? --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clam-av/milter, NOW: that one resolved, moved on
[EMAIL PROTECTED] wrote: Don Levey wrote: On My sendmail and sendmail-devel are both 8.12.8-9.90. Is this known to cause problems? Thanks again! -Don I dont know. Perhaps you would like to try compiling sendmail,libmilter,clamav from source? You mentioned that the code shown in the strace looked like that of libmilter. Would that suggest that sendmail/libmilter were operating, and that for some reason libmilter wasn't talking to clamav-milter? As I mentioned, I'm reluctant to recompile sendmail unless I absolutely need that to get this working. -Don --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam assigns wrong virus name??
Ralf Guenthner wrote: ClamAV update process started at Wed Apr 28 16:00:00 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 291, sigs: 1072, f-level: 2, builder: ccordes) What now? Make sure your clamav is using THAT database.. ? try: sigtool -l | grep Mix You should get: Mix.1502 Mix-664 Mixer-1A Mixer-1B Mixer (Boot) Mix-I Mix-II Mixx.570 ScreenMixer.1072 W32.Mix.1852 To make sure you get all the SomeFool's, try the same with SomeFool.. you should get a lot of these :) My guess is, 2 versions of the CVD's exist on your system..? Cheers.. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav 0.70 gmp-devel
I actually had to load: gnump Description is GNU MP3 Streaming?? but once I installed that package it all worked... Running SuSE 9 pro On Apr 23, 2004, at 10:26 AM, Alex S Moore wrote: On Fri, 2004-04-23 at 10:07, McWhirter,Julia wrote: Can you just verify gmp-devel is part of gmp? I think that you are asking me. I have no idea what 'gmp-devel' is. I have a gmp (GNU Multiple Precision Arithmetic Library) package that includes libraries and includes files. The name that I use is libgmp, but that is just the CSW way of identifying the library. I use the libgmp pkg when building clamav and libgmp is a dependency of the CSW clamav package. Alex --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] error on make in OS X/Panther clamav
I'm getting similar errors during make, however I can't see an answer in the error ;-) Snip depmode=gcc3 /bin/sh ../depcomp \ /bin/sh ../libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib-g -O2 -c -o matcher.lo `test -f 'matcher.c' || echo './'`matcher.c ../libtool: line 1: s%^.*/%%: No such file or directory ../libtool: line 1: -e: command not found *** Warning: inferring the mode of operation is deprecated. *** Future versions of Libtool will require -mode=MODE be specified. ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found ../libtool: line 1: -e: command not found : compile: cannot determine name of library object from `' make[2]: *** [matcher.lo] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 /Snip Anyone have any ideas as to what could be going on with this? I'm stuck. There's something about -mode=MODE being depreciated but I don't know enough to be able to get round the problem. Thanks Huw Jenkins From: OpenMacNews [EMAIL PROTECTED] Subject: Re: [Clamav-users] error on make in OS X/Jaguar clamav-0.70-rc you'll need to do exactly what the error suggests: % ranlib /usr/lib/libbz2.a richard -- On Tuesday, March 30, 2004 10:18 AM -0500 Robert Kudyba [EMAIL PROTECTED] wrote: Any idea how to fix this? Happens on a make... ld: table of contents for archive: /usr/lib/libbz2.a is out of date; rerun ranlib(1) (can't load from it) make[2]: *** [clamscan] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 Apologies for the top post, I've had a long day :( I've made some progress, running $export SED=sed seems to fix the original error. However I have another problem. The following error message will hopefully shed some light on my problems: snip /usr/bin/ld: -o: multiply specified make[2]: *** [libclamav.la] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 /snip I can provide the whole thing if required however it's not very small... Am I missing something obvious here? I should probably specify my system spec here too: Running the latest clam av from cvs. Mac OSX 10.3.2 (server) running on Xserve Installed gmp-4.1.2 without any problems However make still won't run correctly. My knowledge is fairly limited here so unfortunately I'm stuck. Please help ;-) Huw Jenkins --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam assigns wrong virus name??
On Wed, 28 Apr 2004 at 16:09:57 +0200, Ralf Guenthner wrote: I guess that you use very old database - Win32.Mix isn't present in the database since the end of February 2004. Tomasz, thanks a lot for replying. I'm afraid that's not the problem, though. Here's the result of a fresclam: ClamAV update process started at Wed Apr 28 16:00:00 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 291, sigs: 1072, f-level: 2, builder: ccordes) What now? Strange. Your database is fresh, indeed. But the valid fact is that there are _no_ a sig called Win32.Mix now. Does 'sigtool -l | grep -i Win32.Mix' give anything? There is another possibility - that your qmail (or what - I don't remember) uses some other database or that there are some old forgotten database left which also is used by your mail subsystem. Search the filesystem for .cvd and .db files. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clam assigns wrong virus name??
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ralf Guenthner Sent: Wednesday, April 28, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Clam assigns wrong virus name?? I guess that you use very old database - Win32.Mix isn't present in the database since the end of February 2004. Tomasz, thanks a lot for replying. I'm afraid that's not the problem, though. Here's the result of a fresclam: ClamAV update process started at Wed Apr 28 16:00:00 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 291, sigs: 1072, f-level: 2, builder: ccordes) What now? if you run sigtool -l|grep Win32.Mix do you get any results? I assume that freshclam is downloading the database to one location and clamav is using an older database in another directory. try running a locate or a find for main.cvd Jim --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re[2]: [Clamav-users] Clam assigns wrong virus name??
On Wednesday, April 28, 2004, 4:09:57 PM, Ralf Guenthner wrote: I guess that you use very old database - Win32.Mix isn't present in the database since the end of February 2004. RG Tomasz, RG thanks a lot for replying. I'm afraid that's not the problem, though. RG Here's the result of a fresclam: RG ClamAV update process started at Wed Apr 28 16:00:00 2004 RG SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES RG main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: RG tkojm) RG daily.cvd is up to date (version: 291, sigs: 1072, f-level: 2, builder: RG ccordes) RG What now? Please check your database directory - are there any .db(2) files ? If yes, remove them and restart clamd. -- Best regards, Christophmailto:[EMAIL PROTECTED] --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] error on make in OS X/Panther clamav
On Wed, 28 Apr 2004 16:50:19 +0100 Huw Jenkins wrote: snip /usr/bin/ld: -o: multiply specified make[2]: *** [libclamav.la] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 /snip Each time I have had a compilation error, it's been down to an oldish version of gcc on the system. Try upgrading your gcc first. Matt --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam assigns wrong virus name??
Ralf Guenthner wrote: I guess that you use very old database - Win32.Mix isn't present in the database since the end of February 2004. sigtool -l |grep -i mix .. .. W32.Mix.1852 Tomasz, thanks a lot for replying. I'm afraid that's not the problem, though. Here's the result of a fresclam: ClamAV update process started at Wed Apr 28 16:00:00 2004 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) daily.cvd is up to date (version: 291, sigs: 1072, f-level: 2, builder: ccordes) What now? Read the faq: http://www.clamav.net/faq.html Regards, Niek --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] error on make in OS X/Panther clamav
Apologies for the top post, I've had a long day :( I've made some progress, running $export SED=sed seems to fix the original error. However I have another problem. The following error message will hopefully shed some light on my problems: snip /usr/bin/ld: -o: multiply specified make[2]: *** [libclamav.la] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 /snip I can provide the whole thing if required however it's not very small... Am I missing something obvious here? I should probably specify my system spec here too: Running the latest clam av from cvs. Mac OSX 10.3.2 (server) running on Xserve Installed gmp-4.1.2 without any problems However make still won't run correctly. My knowledge is fairly limited here so unfortunately I'm stuck. Please help ;-) Huw Jenkins Huw, I think you may be bumping into some version conflicts. Can you provide the output of the following? % gcc --version glibtool --version sed --version autoconf --version automake --version richard --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamscan didn't work in the real world
Greeting, I just installed Clam on a Linux server. After installation, I run #clamscan /usr/local/share/clamav/test, it found the virus, the output like this: - /usr/local/share/clamav/test/test1: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/README: OK /usr/local/share/clamav/test/rarfail.rar: RAR module failure. /usr/local/share/clamav/test/rarfail.rar: OK /usr/local/share/clamav/test/debugm.c: OK /usr/local/share/clamav/test/test1.bz2: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test2.zip: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test3.rar: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test2.badext: ClamAV-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 21303 Scanned directories: 1 Scanned files: 8 Infected files: 5 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.726 sec (0 m 0 s) - But when I scanned a file with virus, it found nothing. I scanned the file using clamav online specimen scanner (http://www.gietl.com/test-clamav/), it said found something: Worm.SomeFool.Gen-1 I listed signature names in my virus signature database by running #sigtool --list-sigs, and found Worm.SomeFool.Gen-1 in it. so why clamscan could not catch the virus in the file? Any idea? Thank you, Best regards, Virus Hater --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clam assigns wrong virus name??
Wed Apr 28 12:28:30 2004 - /var/spool/qmailscan/tmp/mx2108314810947010970/data.rtf .scr: Win32.Mix FOUND I am sure that is rather a sample of the Netsky worm, which other systems running clam identify as Worm.Somefool.xx What could be the cause of the wrong name? Clamav is having it's own names for viri. Just like McAfee, Norton, Panda etc etc.. B. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamscan didn't work in the real world
Victor Yu wrote: Greeting, I just installed Clam on a Linux server. After installation, I run #clamscan /usr/local/share/clamav/test, it found the virus, the output like this: - /usr/local/share/clamav/test/test1: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/README: OK /usr/local/share/clamav/test/rarfail.rar: RAR module failure. /usr/local/share/clamav/test/rarfail.rar: OK /usr/local/share/clamav/test/debugm.c: OK /usr/local/share/clamav/test/test1.bz2: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test2.zip: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test3.rar: ClamAV-Test-Signature FOUND /usr/local/share/clamav/test/test2.badext: ClamAV-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 21303 Scanned directories: 1 Scanned files: 8 Infected files: 5 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 0.726 sec (0 m 0 s) - But when I scanned a file with virus, it found nothing. I scanned the file using clamav online specimen scanner (http://www.gietl.com/test-clamav/), it said found something: Worm.SomeFool.Gen-1 I listed signature names in my virus signature database by running #sigtool --list-sigs, and found Worm.SomeFool.Gen-1 in it. so why clamscan could not catch the virus in the file? Any idea? The type of FILE you reference would help. Would this file by chance be a mime encoded email message? Either way, use the option: -m (-mbox, treat file as a message file) or clamscan --help Vernon --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ClamAV on Windows and Sendmail on Unix
I currently have ClamAV (0.65) and Sendmail running on the same server Pentium 200 MHz. ClamAV scans inbound and outbound mails for Sendmail via local TCP (localhost, port ) The performance is not that great given the specs of the server. I have a Windows 2000 Advance Server on a AMD 2.6 GHz on the same subnet. Can I install ClamAV on the Window server and have it scanning inbound and outbound mails for the mail server on the old Pentium ? I hope with the better hardware specs, I can speed up the AV scanning process. TIA, Zoong --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV on Windows and Sendmail on Unix
Zoong Pham wrote: Can I install ClamAV on the Window server and have it scanning inbound and outbound mails for the mail server on the old Pentium ? If you use clamav-milter, the answer is yes. If you use other glues (e.g. mail-scanner, amavis, etc.) that depends on the glue. Try man clamav-milter, then use --server=HOSTNAME/ADDRESS However, that would result in high amount of data transfer on your LAN during message scanning. Other than that, I don't know anybody who actually runs ClamAV on Windows (with cygwin, usually) for mail scanning on PRODUCTION servers. I would recommend formatting your Windows Server and put Fedora on it :) Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] ClamAV on Windows and Sendmail on Unix
-Original Message- From: Fajar A. Nugraha [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 April 2004 12:05 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] ClamAV on Windows and Sendmail on Unix If you use clamav-milter, the answer is yes. If you use other glues (e.g. mail-scanner, amavis, etc.) that depends on the glue. Try man clamav-milter, then use --server=HOSTNAME/ADDRESS Yes, I am already using clamav-milter. However, that would result in high amount of data transfer on your LAN during message scanning. Other than that, I don't know anybody who actually runs ClamAV on Windows (with cygwin, usually) for mail scanning on PRODUCTION servers. The Windows server has cyswin installed as well. Should I install ClamAV natively to windows or to cygwin? I would recommend formatting your Windows Server and put Fedora on it :) I love to do it but we require a Windows server. It's the only server in our LAN Regards, Zoong --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users