[Clamav-users] clamd 0.70 pthread problem
I am having pthread problem with clamd 0.70. I tried to debug the daemon and it allways dies in libpthread.so.0. Here are backtraces from two different segfaults: #0 0x23c6751c in pthread_cond_signal () from /lib/libpthread.so.0 #1 0x0804c6c4 in thrmgr_dispatch (threadpool=0x846a840, user_data=0x8053bb0) at thrmgr.c:251 #2 0x0804d2b1 in acceptloop_th (socketd=0, root=0x805c8d0, copt=0x8054040) at server-th.c:438 #3 0x0804bf00 in localserver (opt=0x8053b60, copt=0x8054040, root=0x805a7b0) at localserver.c:108 #4 0x0804b8c0 in clamd (opt=0x8053b60) at clamd.c:246 #5 0x0804ae83 in main (argc=1, argv=0x5f80fcf4) at options.c:114 #0 0x2336fc90 in __pthread_alt_unlock () from /lib/libpthread.so.0 #1 0x2336c2d3 in pthread_mutex_unlock () from /lib/libpthread.so.0 #2 0x0804c6cd in thrmgr_dispatch (threadpool=0x8b0c610, user_data=0x8b041c0) at thrmgr.c:253 #3 0x0804d2b1 in acceptloop_th (socketd=0, root=0x805f5e0, copt=0x8058e70) at server-th.c:438 #4 0x0804bf00 in localserver (opt=0x8058990, copt=0x8058e70, root=0x805f5e0) at localserver.c:108 #5 0x0804b8c0 in clamd (opt=0x8058990) at clamd.c:246 #6 0x0804ae83 in main (argc=1, argv=0x5f254fc4) at options.c:114 I can send more debug infomation if you want. -- Jari Laurila Pirkanmaan YH-Rakennuttajaosuuskunta puh:+358 40 7159 448 e-mail: [EMAIL PROTECTED] --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Alias Database
Marc a écrit : Kevin Spicer wrote: I've put up a proof-of-concept (read 'ugly') virus alias database at http://www.kevinspicer.co.uk Its currently rather limited in that it only fully indexes Clam, Fsecure and Symantec (although some aliases for other vendors are picked up). If people feel it is worth pursuing then I'll try and find time to add some other vendors and maybe even make it less ugly (and validate the html!) Great idea, keep up the good work... Marc --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users This great idea is no more on line at this time ! what does it occur? -- Emmanuel JORT Département Réseaux et Systèmes Centre de Ressources Informatiques et du Système d'Information Université de CAEN - Basse-Normandie --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] problems using clamav in supervised mode
Hi, I want to use clamav in supervised mode. But I am facing a problem that it is not scanning the mails, it is letting even virus mails pass through. The mail system is qmail and the AV handler is qmvc. When I run clamd as, # clamd & it works beautifully ti fails only in supervised mode. My run script is, # cat run #!/bin/sh exec 2>&1 #exec /usr/local/bin/chpst -u clamav \ #/usr/local/bin/chpst -m 4000 /usr/local/sbin/clamd #exec /usr/local/bin/chpst -m 8000 /usr/local/sbin/clamd exec /usr/local/sbin/clamd Here I am using Gerrit Pape's runit and ipsvd. As you can see from the script above I have tried some combinations too (which I have commented). # ps aux | grep clam clamav 29038 0.2 1.2 13824 12688 ? S20:46 0:00 /usr/local/sbin/clamd popuser 29368 0.0 0.0 1676 512 ?S20:51 0:00 /bin/ksh /usr/qmvc/bin/av_clamdscan clamdscan C 0 1 popuser 29369 0.0 0.0 2008 624 ?S20:51 0:00 /usr/local/bin/clamdscan --verbose --stdout /usr/qmvc/tmp/qmvc.520029107/content This is there for quite some time (2-3 mins) and then the mail is passed through even though there is virus. I also happen to have MaxThreads 30 in clamav.conf. Can someone tell me where the problem lies? FYI the OS is, Red Hat Enterprise Linux ES release 3 Thanks. -Shantanu --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Docs on using clamd & clamav-milter with tcpserver?
Does anyone have experience with this? I'm interested in making the services more available just in case they crash. Thanks, Alton --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] strlcpy - help required
Ajay S wrote: Hi, I have installed calmav on my linux 7.3 successfully but with clamav-milter. When I am trying to install it with ./configure --enable-milter. it gies me the error of strlcpy & strlcat not found. A work around is to build staticly on other linux box, then run it on your (RedHat ?) 7.3 box. An example of such build is http://clamav.or.id/snapshot/clamav-devel-latest.linux-static.tar.gz Perhaps not quite what you want, but at least it works. Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.newsforge.com/software/04/03/27/0134204.shtml --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] freshclam --quiet isn't
Every 2 hours I get the following in my logs: May 2 13:31:34 hostname freshclam[3193]: Received signal 14, wake up May 2 13:31:34 hostname freshclam[3193]: ClamAV update process started at Sun May 2 13:31:34 2004 May 2 13:31:35 hostname freshclam[3193]: main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm) May 2 13:31:35 hostname freshclam[3193]: daily.cvd is up to date (version: 298, sigs: 1141, f-level: 2, builder: diego) May 2 13:31:35 hostname freshclam[3193]: -- This is with the --quiet option. Checking the source it looks like freshclam completely ignores the --quiet option. It would be nice if it only added one line per run, rather than five. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Mail::ClamAV
On Sun, 2004-05-02 at 11:06, Tomasz Kojm wrote: > On Sun, 02 May 2004 09:59:38 +1200 > Glen Eustace <[EMAIL PROTECTED]> wrote: > > > Well, I have gotten further now, my problem seems to be that the > > scandesc function doesn't recognise my temporary file as a mail > > message. > > What is the header of the temporary file ? What I had had the complete SMTP conversation, i.e. HELO, RCPT, MAIL, DATA etc. I had done this to make re-injection easy if any part of the scanning went haywire. I have split the temporary file into a command and data file, a bit like sendmail does and am pointing ClamAV at the data part. It now seems to be working. Glen. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] strlcpy - help required
Hi, I have installed calmav on my linux 7.3 successfully but with clamav-milter. When I am trying to install it with ./configure --enable-milter. it gies me the error of strlcpy & strlcat not found. I was not able to figure out on the mailing list how to reslove it. Please tell me from where I can download these files so that my installation get successfull. Regards Ajay
Re: [Clamav-users] OT: qscanq with qmail (+clamd)
[EMAIL PROTECTED] said: > Dale Gallagher said: >> Hi >> > Dale: > Oops! I misread this to be something it wasn't. I feel so dirty. I need a shower. :-) -- Bob Greene --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: qscanq with qmail (+clamd)
Dale Gallagher said: > Hi > > I appologise for the OT (though related) post. I'm having a > tough time getting qscanq running - the issue is related to > permissions. I'd appreciate a verbose listing of the > relevent dirs on a host where qscanq has been successfully > deployed. Thanks! > > qmail-smtpd (when passing the mail to qscanq) keeps on > rejecting mail. NB. also using qscanq with the QMAILQUEUE > patch. > > qscanq: fatal: unable to chdir to > /var/qmail/qscanq/root/scanq: access denied > > clamd is running under daemontools as user clamav; this > shouldn't pose an issue, as qscanq connects to clamd using > the clamdscan client. > > src/conf-scancmd: > /usr/bin/clamdscan --quiet ./ > > My permission listing: > > # ls -la /var/qmail/ | grep qscanq > drwxr-sr-t 5 root root 4096 May 1 12:49 qscanq/ > > # ls -la /var/qmail/qscanq/root/ | grep sc > drwx--S--- 2 qscan root 4096 May 1 12:49 scanq/ > > with qscanq user/group set as follows: > > qscanq user/group: qscan/qscan (src/conf-users line 1) > qscanq log user/group: qscanlog/qscan (src/conf-users line > 2) > qscanq user for /service: qclean (src/conf-groups line 1) > > Any pointers? > Dale: I ran into the permissions problem on my second deployment. Not quite sure why the first try worked. Anyway, to get around it quickly, I configured clamav .70 --with-user=qscand --with-group=qscand. Netqmail-1.05 + qmail-scanner-1.21 + clamav-0.70 I run clamd under init rather than daemontools just because I haven't had the time to write a startup script. The box went into production immediately after the first successful test; not my choice, but I'm not the boss. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clamav-milter killed by Worm.Lovgate.Z
> Did the e-mail get saved in the quarantine? If so send me a copy. > Actually, I don't think that the virus was necessarily the fatal event. Here is the last log before the milter restarted: May 2 19:37:31 basement sm-mta[17368]: i429bUbk017368: ruleset=check_mail, arg1=<[EMAIL PROTECTED]>, relay=[221.155.192. 222], reject=553 5.1.8 <[EMAIL PROTECTED]>... Domain of sender address [EMAIL PROTECTED] does not exist I'll send you a copy of the last virus that was received (about 20min earlier). Robert. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter killed by Worm.Lovgate.Z
On Sunday 02 May 2004 12:24 pm, Robert S wrote: > I am running clamav-0.70 on a very small home/small office server with a > limited number of users. Recently my clamav-milter died, presumably when > it scanned the Worm.Lovgate.Z virus. I got the following in my > /var/log/maillog: > /clamav-milter --max-children=2 --quarantine-dir=/home/clam -lo > /var/run/clamd/clmilter.sock Did the e-mail get saved in the quarantine? If so send me a copy. > Any suggestions? -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter killed by Worm.Lovgate.Z
I am running clamav-0.70 on a very small home/small office server with a limited number of users. Recently my clamav-milter died, presumably when it scanned the Worm.Lovgate.Z virus. I got the following in my /var/log/maillog: sm-mta[17368]: i429bUbk017368: timeout waiting for input from [221.155.192.222] during server cmd read sm-mta[17368]: i429bUbk017368: Milter (clmilter): write(Q) returned -1, expected 5: Broken pipe sm-mta[17368]: i429bUbk017368: Milter (clmilter): to error state (a few irrelevant bits omitted) There was nothing suspicious in my /var/log/clam/clamd.log. Luckily I have a simple cron job that restarts it. I start clamav-milter with the following command: /clamav-milter --max-children=2 --quarantine-dir=/home/clam -lo /var/run/clamd/clmilter.sock Any suggestions? --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] OT: qscanq with qmail (+clamd)
Hi I appologise for the OT (though related) post. I'm having a tough time getting qscanq running - the issue is related to permissions. I'd appreciate a verbose listing of the relevent dirs on a host where qscanq has been successfully deployed. Thanks! qmail-smtpd (when passing the mail to qscanq) keeps on rejecting mail. NB. also using qscanq with the QMAILQUEUE patch. qscanq: fatal: unable to chdir to /var/qmail/qscanq/root/scanq: access denied clamd is running under daemontools as user clamav; this shouldn't pose an issue, as qscanq connects to clamd using the clamdscan client. src/conf-scancmd: /usr/bin/clamdscan --quiet ./ My permission listing: # ls -la /var/qmail/ | grep qscanq drwxr-sr-t 5 root root 4096 May 1 12:49 qscanq/ # ls -la /var/qmail/qscanq/root/ | grep sc drwx--S--- 2 qscan root 4096 May 1 12:49 scanq/ with qscanq user/group set as follows: qscanq user/group: qscan/qscan (src/conf-users line 1) qscanq log user/group: qscanlog/qscan (src/conf-users line 2) qscanq user for /service: qclean (src/conf-groups line 1) Any pointers? Thanks Dale --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Patching clamd to log to stderr (for use with multilog)
Dale Gallagher wrote > I'm not using clamd, however I run Slackware 9.1 (kernel > 2.4.25), so in case > it helps, here are my ownerships/permissions on the > relevant device files: Antony Stone wrote > $ ls -al /dev/fd > lrwxrwxrwx1 root root 13 Apr 10 12:55 > /dev/fd -> > /proc/self/fd/ > > .. Thanks, no different to my setup; will stick to the patched clamd, as it works - it's not as if the patch is a large, potentially problematic one ;-) --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
