Re: [Clamav-users] ArchiveBlockEncrypted

2004-05-03 Thread Fajar A. Nugraha 
Sam Smith wrote:

I have not kept up with the password protected archive virus 
development. Is it still necessary to block password protected zip files? 
No need :)

Or can clamd now detect viruses in a password protected zrchive?

It has been for a long time. If you're paranoid, however, you can still 
choose to block
all encrypted archives.

Regards,

Fajar
--
Don't use GIF. Use PNG instead
http://www.gnu.org/philosophy/gif.html


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Mail taking a *long* time to hit the list

2004-05-03 Thread Michael St. Laurent 
Wow.  I posted a message to the list at 9:23 AM (PDT) and as of 11:06 AM
(PDT) it *still* hasn't posted.  I wonder if this one will do any better?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Raul Elizondo 
Hi,

I am having this problem to compile clamav, the problem comes when i
do --enable-milter in the ./configure then make.  If i dont use that, it
compile with no problem.

Any hint or help?

Regards...

-=Raul=-

gcc -DHAVE_CONFIG_H -DSENDMAIL_BIN=\"/usr/sbin/sendmail\" -I. -I. -I.. -I../
clam
d -I../libclamav -I../shared-g -O2 -c `test -f 'clamav-milter.c' || echo
'./
'`clamav-milter.c
/bin/sh ../libtool --mode=link gcc  -g -O2   -o clamav-milter  cfgparser.o
getop
t.o memory.o
clamav-milter.o  -L../libclamav -lclamav -L/usr/lib/libmilter -lmil
ter  -lwrap -lpthread
gcc -g -O2 -o .libs/clamav-milter cfgparser.o getopt.o memory.o
clamav-milter.o
 -L/usr/local/src/clamav-0.70/libclamav
/usr/local/src/clamav-0.70/libclamav/.li
bs/libclamav.so -lz -lbz2 -lgmp -lnsl -L/usr/lib/libmilter -lmilter -lwrap -
lpth
read
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
functio
n `smfi_register':
main.o(.text+0x74): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
functio
n `smfi_setconn':
main.o(.text+0x12f): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(listener.o): In
fun
ction `mi_milteropen':
listener.o(.text+0x184): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(engine.o): In
funct
ion `st_connectinfo':
engine.o(.text+0x83a): undefined reference to `strlcpy'
collect2: ld returned 1 exit status
make[2]: *** [clamav-milter] Error 1
make[2]: Leaving directory `/usr/local/src/clamav-0.70/clamav-milter'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/clamav-0.70'
make: *** [all] Error 2




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Does the Sasser signature catch all variants?

2004-05-03 Thread Diego d'Ambra 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Michael St. Laurent
> Sent: 3. maj 2004 18:27
> To: '[EMAIL PROTECTED]'
> Subject: [Clamav-users] Does the Sasser signature catch all variants?
> 
> According to http://sarc.com/ there are several variants of the Sasser
> worm
> running around on the net.  A "sigtool -l | grep -i sasser" command
> reports
> "Worm.Sasser.A" but no others.  Does this one signature catch all the
> variants?
> 

No, unfortunately this is not the case...

But if you (or anyone else) has a sample please submit them (for variant
B, C & D).

Thanks in advance.

Best regards,
Diego d'Ambra


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Mail taking a *long* time to hit the list

2004-05-03 Thread Antony Stone 
On Monday 03 May 2004 7:10 pm, Michael St. Laurent wrote:

> Wow.  I posted a message to the list at 9:23 AM (PDT) and as of 11:06 AM
> (PDT) it *still* hasn't posted.  I wonder if this one will do any better?

You mean the one saying: "According to http://sarc.com/ there are several 
variants of the Sasser worm running around on the net.  A "sigtool -l | grep 
-i sasser" command reports "Worm.Sasser.A" but no others.  Does this one 
signature catch all the variants?"

If so, it arrived here ages ago; I didn;t reply to it then because the only 
answer I could think of was "We don't know until someone sends us a variant 
which the signature doesn't match."

Regards,

Antony.

-- 
Late in 1972 President Richard Nixon announced that the rate of increase of 
inflation was decreasing.   This was the first time a sitting president used 
a third derivative to advance his case for re-election.

 - Hugo Rossi, Notices of the American Mathematical Society

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sigtool not working correctly

2004-05-03 Thread Mark Novak 
Niek,

On May 3, 2004, at 3:58 AM, Niek wrote:

Mark Novak wrote:
Hello all,
I recently upgraded my Clamav from 0.70-rc to clamav-0.70.  After the  
 upgrade my sigtool stopped working as it used to.  For example:
[EMAIL PROTECTED] log]# sigtool -i /var/lib/clamav/daily.cvd
Build time: 29 Apr 2004 07-50 +0200
Version: 294
# of signatures: 1075
Functionality level: 2
Builder: diego
MD5: 4a5bcb4e2e696c4e918ef8dd8d0b2ae2
Digital signature:  FUJWP7lblQugBK02KPsQMF2Seg/  
IHEAanlB56P7AxZ84pLAfGnH1zxtW+B2YZyJelLSEyZOprZhHSccdoAzXMD9Q4hUipjpMJ 
8+  
v9RlqHJpXrogrpP8vDJsjeb+N93ikPEa4TwEVmZ8aHgcfNUbhXIOQD4wOEWBWdcya9GRS+ 
Ke
Verification OK.
[EMAIL PROTECTED] log]#
But if I try to grep for a specific virus, I get nothing:
[EMAIL PROTECTED] log]# sigtool -l |grep -i somefool
[EMAIL PROTECTED] log]#
Clam is catching a ton of somefool variants every hour, as well as  
the  newest Bagle variants that I see listed in the update emails,  
but  sigtool won't show them.
Any and all ideas are appreciated!
Thanks,
Mark Novak
Mark,

Maybe the path for the cvd files changed after your upgrade,
and sigtool and clam are looking in the old location for cvd files?
Regards,

Niek
What is odd is that I was using the /usr/local/share/clamav path but  
changed it to /var/lib/clamav because that is what freshclam.conf has  
as it's default.  I changed the line in the /etc/clamav.conf to reflect  
the /var/lib/clamav location.

Clam is catching the newest viruses, and the database is getting  
updated.

It is just sigtool that doesn't work when I do a "sigtool -l | grep -i  
somevirusnamehere"

Kind of strange.

Thanks,

Mark

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Compiling With GNU MP in /sw/lib

2004-05-03 Thread Aaron Jensen 
I am trying to compile clamav.  I am on Mac OS X Server 10.3.  I use 
fink , which makes it easier to 
compile/install open source software.  I have install GMP in /sw/lib, 
but I can't figure out how to tell configure where to find it.  As 
such, clamav doesn't compile with support for GMP.  What option do I 
pass to configure to tell it where to find GMP?

 <:> Aaron Jensen
 <:> [EMAIL PROTECTED]
 <:> Visual Prose, Inc
 <:> www.visualprose.com


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Nigel Horne 
On Monday 03 May 2004 7:27 pm, Raul Elizondo wrote:

> I am having this problem to compile clamav, the problem comes when i
> do --enable-milter in the ./configure then make.  If i dont use that, it
> compile with no problem.

Have you followed the instructions in the INSTALL document, including
installing the sendmail-devel RPM?

> -=Raul=-

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] freshclam without 'net access?

2004-05-03 Thread Steve Brorens 
Some of the boxes I have running ClamAV will be behind behind
restrictive firewalls. 
They receive smtp email, and can do DNS calls, but have no http/80
access to the 
internet. I *do* have ssh access though from the outside, and could
schedule a task 
to ssh in twice daily...

How would you update the clam db in this case?

My immediate thoughts are:

(1) - Port Redirect Over SSH

Fire up ssh into the box, redirecting http/80 back over the
link, pop 
in a temporary default gateway and fire off freshclam

(2) - Drop Updates in Via SSH/SCP

My problem here is that there's no mention of 'manually' picking
up fi
les, or of running freshclam against files rather than site. Is
this possible?

Ideas?

 - steve


=


This e-mail has been scanned for Viruses and Content and cleared by NetIQ MailMarshal


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] sigtool not working correctly

2004-05-03 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Monday, May 03, 2004 2:44 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sigtool not working correctly
>
>
> What is odd is that I was using the /usr/local/share/clamav path but
> changed it to /var/lib/clamav because that is what freshclam.conf has
> as it's default.  I changed the line in the /etc/clamav.conf to reflect
> the /var/lib/clamav location.
>
> Clam is catching the newest viruses, and the database is getting
> updated.
>
> It is just sigtool that doesn't work when I do a "sigtool -l | grep -i
> somevirusnamehere"
>

Because sigtool uses a virus database path that is specified at compile
time.  It does not use and .conf

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Mail taking a *long* time to hit the list

2004-05-03 Thread Michael St. Laurent 
Antony Stone  wrote:
> On Monday 03 May 2004 7:10 pm, Michael St. Laurent wrote:
> 
>> Wow.  I posted a message to the list at 9:23 AM (PDT) and as of
>> 11:06 AM (PDT) it *still* hasn't posted.  I wonder if this one will
>> do any better? 
> 
> You mean the one saying: "According to http://sarc.com/ there are
> several variants of the Sasser worm running around on the net.  A
> "sigtool -l | grep -i sasser" command reports "Worm.Sasser.A" but no
> others.  Does this one signature catch all the variants?"
> 
> If so, it arrived here ages ago; I didn;t reply to it then because
> the only answer I could think of was "We don't know until someone
> sends us a variant which the signature doesn't match."

I asked because it didn't arrive in my own mailbox until 12:19 PM, almost
three hours after I had sent it.  How curious that it arrived elsewhere more
quickly.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam without 'net access?

2004-05-03 Thread Antony Stone 
On Monday 03 May 2004 9:12 pm, Steve Brorens wrote:

> Some of the boxes I have running ClamAV will be behind behind
> restrictive firewalls.
> They receive smtp email, and can do DNS calls, but have no http/80
> access to the internet. I *do* have ssh access though from the outside, and
> could schedule a task to ssh in twice daily...
>
> How would you update the clam db in this case?

Simplest would probably be a cron job to run freshclam followed by scp to the 
firewalled machines.

Keep in mind:

1. There's nothing special about the signatures - they're just files which 
need dumping into the appropriate directory.

2. There's nothing special about collecting them from the authoritative 
servers - it's just an http request (ie: if you don't want to run freshclam, 
you could use wget etc).

Regards,

Antony.

-- 
Perfection in design is achieved not when there is nothing left to add, but 
rather when there is nothing left to take away.

 - Antoine de Saint-Exupery

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] sigtool not working correctly

2004-05-03 Thread Henry Harvey 
This also happened to me. Just so you
won't confuse yourself with two db paths,
delete the other one and just ln -s
to the other one. That way either way you
go, it takes you to the same place.

> > What is odd is that I was using the
> /usr/local/share/clamav path but
> > changed it to /var/lib/clamav because that is what
> freshclam.conf has
> > as it's default.  I changed the line in the
> /etc/clamav.conf to reflect
> > the /var/lib/clamav location.
> >
> > Clam is catching the newest viruses, and the
> database is getting
> > updated.
> >
> > It is just sigtool that doesn't work when I do a
> "sigtool -l | grep -i
> > somevirusnamehere"
> >
> 
> Because sigtool uses a virus database path that is
> specified at compile
> time.  It does not use and .conf
> 
> Jim
> 
> 
> 
>
---
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the
> market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the
> exam FREE. 
>
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/clamav-users





__
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Mail taking a *long* time to hit the list

2004-05-03 Thread Antony Stone 
On Monday 03 May 2004 10:11 pm, Michael St. Laurent wrote:

> Antony Stone  wrote:
> > On Monday 03 May 2004 7:10 pm, Michael St. Laurent wrote:
> >> Wow.  I posted a message to the list at 9:23 AM (PDT) and as of
> >> 11:06 AM (PDT) it *still* hasn't posted.  I wonder if this one will
> >> do any better?
> >
> > You mean the one saying: "According to http://sarc.com/ there are
> > several variants of the Sasser worm running around on the net.  A
> > "sigtool -l | grep -i sasser" command reports "Worm.Sasser.A" but no
> > others.  Does this one signature catch all the variants?"
> >
> > If so, it arrived here ages ago; I didn;t reply to it then because
> > the only answer I could think of was "We don't know until someone
> > sends us a variant which the signature doesn't match."
>
> I asked because it didn't arrive in my own mailbox until 12:19 PM, almost
> three hours after I had sent it.  How curious that it arrived elsewhere
> more quickly.

Check the headers of what you got back from the list if you want to see where 
it got stuck.

(I notice Diego has just posted a signature for Worm.Sasser.D)

Regards,

Antony.

-- 
Ramdisk is not an installation procedure.

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Raul Elizondo 
>Sent: Monday, May 03, 2004 1:19 PM
>
>looks like libsm from sendmail
>
>Try downloading and installing the sendmail-devel kit
>
>Or
>
>downloading and compiling libmilter from sendmail source distribution
>and using that path to the configure script

Hi again,

Sendmail-devel for this distro/version is already installed and updated,
however, i downloaded sendmail-8.12.11 from sendmail (next version of the
one i got installed in that box which is 8.11.6-27.73), and i get the same
error even i re-ran the configure with new paths.

the line for configure was:

./configure --enable-milter --prefix=/usr --sysconfdir=/etc -libdir=/usr/loc
al/src/sendmail-8.12.11/obj.Linux.2.4.20-18.7.i686/sendmail -includedir=/usr
/local/src/sendmail-8.12.11/libmilter/


and the errors compiling are almost the same:

Making all in clamav-milter
make[2]: Entering directory `/usr/local/src/clamav-0.70/clamav-milter'
/bin/sh ../libtool --mode=link gcc  -g -O2   -o clamav-milter  cfgparser.o
getopt.o memory.o
clamav-milter.o  -L../libclamav -lclamav -L/usr/lib/libmilter -lmilter  -lwr
ap -lpthread
gcc -g -O2 -o .libs/clamav-milter cfgparser.o getopt.o memory.o
clamav-milter.o  -L/usr/local/src/clamav-0.70/libclamav
/usr/local/src/clamav-0.70/libclamav/.libs/libclamav.so -lz -lbz2 -lgmp -lns
l -L/usr/lib/libmilter -lmilter -lwrap -lpthread -Wl,--rpath -Wl,/usr/local/
src/sendmail-8.12.11/obj.Linux.2.4.20-18.7.i686/sendmail
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
function `smfi_register':
main.o(.text+0x74): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
function `smfi_setconn':
main.o(.text+0x12f): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(listener.o): In
function `mi_milteropen':
listener.o(.text+0x184): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(engine.o): In
function `st_connectinfo':
engine.o(.text+0x83a): undefined reference to `strlcpy'
collect2: ld returned 1 exit status
make[2]: *** [clamav-milter] Error 1
make[2]: Leaving directory `/usr/local/src/clamav-0.70/clamav-milter'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/clamav-0.70'
make: *** [all] Error 2

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Joe Maimon
Sent: Monday, May 03, 2004 1:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] problems compiling on rh7.3


looks like libsm from sendmail

Try downloading and installing the sendmail-devel kit

Or

downloading and compiling libmilter from sendmail source distribution
and using that path to the configure script


Raul Elizondo wrote:

>Hi,
>
>I am having this problem to compile clamav, the problem comes when i
>do --enable-milter in the ./configure then make.  If i dont use that, it
>compile with no problem.
>
>Any hint or help?
>
>Regards...
>
>-=Raul=-
>
>gcc -DHAVE_CONFIG_H -DSENDMAIL_BIN=\"/usr/sbin/sendmail\" -I. -I. -I.. -I..
/
>clam
>d -I../libclamav -I../shared-g -O2 -c `test -f 'clamav-milter.c' ||
echo
>'./
>'`clamav-milter.c
>/bin/sh ../libtool --mode=link gcc  -g -O2   -o clamav-milter  cfgparser.o
>getop
>t.o memory.o
>clamav-milter.o  -L../libclamav -lclamav -L/usr/lib/libmilter -lmil
>ter  -lwrap -lpthread
>gcc -g -O2 -o .libs/clamav-milter cfgparser.o getopt.o memory.o
>clamav-milter.o
> -L/usr/local/src/clamav-0.70/libclamav
>/usr/local/src/clamav-0.70/libclamav/.li
>bs/libclamav.so -lz -lbz2 -lgmp -lnsl -L/usr/lib/libmilter -lmilter -lwrap 
-
>lpth
>read
>/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
>functio
>n `smfi_register':
>main.o(.text+0x74): undefined reference to `strlcpy'
>/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
>functio
>n `smfi_setconn':
>main.o(.text+0x12f): undefined reference to `strlcpy'
>/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(listener.o):
In
>fun
>ction `mi_milteropen':
>listener.o(.text+0x184): undefined reference to `strlcpy'
>/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(engine.o): In
>funct
>ion `st_connectinfo':
>engine.o(.text+0x83a): undefined reference to `strlcpy'
>collect2: ld returned 1 exit status
>make[2]: *** [clamav-milter] Error 1
>make[2]: Leaving directory `/usr/local/src/clamav-0.70/clamav-milter'
>make[1]: *** [all-recursive] Error 1
>make[1]: Leaving directory `/usr/local/src/clamav-0.70'
>make: *** [all] Error 2
>
>
>
>
>---
>This SF.Net email is sponsored by: Oracle 10g
>Get certified on the hottest thing ever to hit the market... Oracle 10g.
>Take an Oracle 10g class now, and we'll give you the exam FREE.
>http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
>___
>Clamav-users mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>
>
>


---

Re: [Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Roberto Espinosa 
Hi

Te problems is that you don´t have strlcpy function. You can resolve it
adding it to ./clamav-0.70/clamav-milter/clamav-milter.c

size_t strlcpy(char *dst, const char *src, size_t dstsize) {
  if (strlen(src) < dstsize) {
strcpy(dst,src);
  } else {
strncpy(dst,src,dstsize-1);
dst[dstsize-1] = '\0';
  }
  return strlen(src);
}


Roberto


- Original Message - 
From: "Raul Elizondo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 03, 2004 1:27 PM
Subject: [Clamav-users] problems compiling on rh7.3


> Hi,
>
> I am having this problem to compile clamav, the problem comes when i
> do --enable-milter in the ./configure then make.  If i dont use that, it
> compile with no problem.
>
> Any hint or help?
>
> Regards...
>
> -=Raul=-
>
>
gcc -DHAVE_CONFIG_H -DSENDMAIL_BIN=\"/usr/sbin/sendmail\" -I. -I. -I.. -I../
> clam
> d -I../libclamav -I../shared-g -O2 -c `test -f 'clamav-milter.c' ||
echo
> './
> '`clamav-milter.c
> /bin/sh ../libtool --mode=link gcc  -g -O2   -o clamav-milter  cfgparser.o
> getop
> t.o memory.o
> clamav-milter.o  -L../libclamav -lclamav -L/usr/lib/libmilter -lmil
> ter  -lwrap -lpthread
> gcc -g -O2 -o .libs/clamav-milter cfgparser.o getopt.o memory.o
> clamav-milter.o
>  -L/usr/local/src/clamav-0.70/libclamav
> /usr/local/src/clamav-0.70/libclamav/.li
>
bs/libclamav.so -lz -lbz2 -lgmp -lnsl -L/usr/lib/libmilter -lmilter -lwrap -
> lpth
> read
> /usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
> functio
> n `smfi_register':
> main.o(.text+0x74): undefined reference to `strlcpy'
> /usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
> functio
> n `smfi_setconn':
> main.o(.text+0x12f): undefined reference to `strlcpy'
> /usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(listener.o):
In
> fun
> ction `mi_milteropen':
> listener.o(.text+0x184): undefined reference to `strlcpy'
> /usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(engine.o): In
> funct
> ion `st_connectinfo':
> engine.o(.text+0x83a): undefined reference to `strlcpy'
> collect2: ld returned 1 exit status
> make[2]: *** [clamav-milter] Error 1
> make[2]: Leaving directory `/usr/local/src/clamav-0.70/clamav-milter'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/usr/local/src/clamav-0.70'
> make: *** [all] Error 2
>
>
>



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Joe Maimon 
looks like libsm from sendmail

Try downloading and installing the sendmail-devel kit

Or

downloading and compiling libmilter from sendmail source distribution 
and using that path to the configure script

Raul Elizondo wrote:

Hi,

I am having this problem to compile clamav, the problem comes when i
do --enable-milter in the ./configure then make.  If i dont use that, it
compile with no problem.
Any hint or help?

Regards...

-=Raul=-

gcc -DHAVE_CONFIG_H -DSENDMAIL_BIN=\"/usr/sbin/sendmail\" -I. -I. -I.. -I../
clam
d -I../libclamav -I../shared-g -O2 -c `test -f 'clamav-milter.c' || echo
'./
'`clamav-milter.c
/bin/sh ../libtool --mode=link gcc  -g -O2   -o clamav-milter  cfgparser.o
getop
t.o memory.o
clamav-milter.o  -L../libclamav -lclamav -L/usr/lib/libmilter -lmil
ter  -lwrap -lpthread
gcc -g -O2 -o .libs/clamav-milter cfgparser.o getopt.o memory.o
clamav-milter.o
-L/usr/local/src/clamav-0.70/libclamav
/usr/local/src/clamav-0.70/libclamav/.li
bs/libclamav.so -lz -lbz2 -lgmp -lnsl -L/usr/lib/libmilter -lmilter -lwrap -
lpth
read
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
functio
n `smfi_register':
main.o(.text+0x74): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(main.o): In
functio
n `smfi_setconn':
main.o(.text+0x12f): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(listener.o): In
fun
ction `mi_milteropen':
listener.o(.text+0x184): undefined reference to `strlcpy'
/usr/lib/gcc-lib/i386-redhat-linux/2.96/../../../libmilter.a(engine.o): In
funct
ion `st_connectinfo':
engine.o(.text+0x83a): undefined reference to `strlcpy'
collect2: ld returned 1 exit status
make[2]: *** [clamav-milter] Error 1
make[2]: Leaving directory `/usr/local/src/clamav-0.70/clamav-milter'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/clamav-0.70'
make: *** [all] Error 2


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

 



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam without 'net access?

2004-05-03 Thread Daniel J McDonald 
On Mon, 2004-05-03 at 15:12, Steve Brorens wrote:
> Some of the boxes I have running ClamAV will be behind behind
> restrictive firewalls. 
> They receive smtp email, and can do DNS calls, but have no http/80
> access to the 
> internet. I *do* have ssh access though from the outside, and could
> schedule a task 
> to ssh in twice daily...
> 
> How would you update the clam db in this case?

Run freshclam on a machine that does have www access from a cron job,
say at 47 minutes past the hour on odd hours. Schedule an rsync with the
filter box at 57 minutes past the hour.  On the hour clamd will check to
see if the .cvd files have changed - just in case freshclam failed to
notify clamd for whatever reason.

sample crontab entries:
47 1-23/2 * * * freshclam --quiet
57 1-23/2 * * * rsync -rtlzqe ssh --delete /var/lib/clamav/*.cvd
filter.ip.addr:/var/lib/clamav/

-- 
Daniel J McDonald, CCIE 2495, CNX
Austin Energy




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sigtool not working correctly

2004-05-03 Thread Mark Novak 
Jim,

On May 3, 2004, at 3:27 PM, Jim Maul wrote:



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mark 
Novak
Sent: Monday, May 03, 2004 2:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] sigtool not working correctly

What is odd is that I was using the /usr/local/share/clamav path but
changed it to /var/lib/clamav because that is what freshclam.conf has
as it's default.  I changed the line in the /etc/clamav.conf to 
reflect
the /var/lib/clamav location.

Clam is catching the newest viruses, and the database is getting
updated.
It is just sigtool that doesn't work when I do a "sigtool -l | grep -i
somevirusnamehere"
Because sigtool uses a virus database path that is specified at compile
time.  It does not use and .conf
Jim
Thanks!  That makes sense.  I'll move the DataDir back and see if that 
fixes it.

Thanks,

Mark

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Roberto Espinosa 

 Hi

 Te problems is that you don´t have strlcpy function. You can resolve it
 adding it to ./clamav-0.70/clamav-milter/clamav-milter.c

 size_t strlcpy(char *dst, const char *src, size_t dstsize) {
   if (strlen(src) < dstsize) {
 strcpy(dst,src);
   } else {
 strncpy(dst,src,dstsize-1);
 dst[dstsize-1] = '\0';
   }
   return strlen(src);
 }


 Roberto



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Docs on using clamd & clamav-milter with tcpserver?

2004-05-03 Thread Nigel Horne 
On Monday 03 May 2004 5:03 pm, Alton Yu wrote:

> > Does anyone have experience with this? I'm interested in making the
> > services more available just in case they crash.
>
> Specifically, what do you want to know?
>
> Actually, it was a mistake. What I meant was how it would run with
> tcpserver.

It uses socket/connect calls, rather standard stuff really.

> > Alton

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Raul Elizondo 
> Hi
>
> Te problems is that you don´t have strlcpy function. You can resolve it
> adding it to ./clamav-0.70/clamav-milter/clamav-milter.c
>
> size_t strlcpy(char *dst, const char *src, size_t dstsize) {
>   if (strlen(src) < dstsize) {
> strcpy(dst,src);
>   } else {
> strncpy(dst,src,dstsize-1);
> dst[dstsize-1] = '\0';
>   }
>   return strlen(src);
> }
>
>
> Roberto

Yup! it work!

Thanks Roberto

-=Raul=-



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems compiling on rh7.3

2004-05-03 Thread Nigel Horne 
On Monday 03 May 2004 10:21 pm, Raul Elizondo wrote:

> main.o(.text+0x74): undefined reference to `strlcpy'

Try the latest version of clamav from CVS.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: malformed pattern

2004-05-03 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of peter
> Sent: Monday, May 03, 2004 11:29 AM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Re: malformed pattern
>
>
> Look at these lines bottom (/var/spool/qmailscan/qmail-queue.log). In
> qmail-scanner-queue.pl is exactly what is in this log file
> '--database=/usr/local/share/clamav'. And next line (--output of
> clamscan was) showes that clamscan is looking somewhere else
> '/var/spool/qmailscan/tmp/samko.domain.tld24234/clamav-ab54545/VIR
> USES.DB'
> . I really don't understand WHY. Btw I think, that clamscan does not
> search for clamav.conf - this should do clamd/clamdscan only. But just
> to be sure i already put these settings in clamav.conf.

You are correct, clamscan does not use clamav.conf.  Im not sure where
clamscan looks for *.cvd files by default, but if its anything like sigtool,
it uses a hardcoded path specified at compile time.  However
specifiying --database=/usr/local/share/clamav should overwrite any default
values.  So basically i have no idea why it is still looking in
/var/spool/qmailscan/tmp/samko.domain.tld24234/clamav-ab54545/VIRUSES.DB.
What i was trying to suggest earlier was that you should remove these .DB
files wherever they are.  This wont prevent clamscan from looking for them,
but it WILL prevent clamscan from using them.  If the problem still persists
after removing these .db files then this was not the actual problem.

>
> I don't understand why I tried check files/mbox as non-privileged
> user or root via command line and it worked. And if I run it via
> qmail-scanner I'm falling in this odd situation.
>
> Mon, 03 May 2004 16:59:25 CEST:17541: scanloop: starting scan of
> directory "/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541"...
> Mon, 03 May 2004 16:59:25 CEST:17541: scanloop:
> scanner=clamscan_scanner,plain_text_msg=0
> Mon, 03 May 2004 16:59:25 CEST:17541: clamscan: starting scan of
> directory "/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541"...
> Mon, 03 May 2004 16:59:25 CEST:17541: run /usr/local/bin/clamscan -r -m
> --disable-summary --database=/usr/local/share/clamav/
> /var/spool/qmailscan/tmp/samko.domain.tld108359636548217541 2>&1
> Mon, 03 May 2004 16:59:28 CEST:17541: --output of clamscan was:
> LibClamAV Error: readdb(): Malformed pattern line 13771 (file
> /var/spool/qmailscan/tmp/samko.domain.tld108359636548217541/clamav
> -ab19271867b1b5cf/viruses.db).
> LibClamAV Error: Incomplete block read.
> LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
> ERROR: CVD extraction failure.
> --
> Mon, 03 May 2004 16:59:28 CEST:17541: error_condition:
> X-Qmail-Scanner-1.22: clamscan: corrupt or unknown ClamAV scanner error
> or memory/resource/perms problem - exit status 50


If scanning manually works but you get the above error in your log then you
may want to try raising your softlimit value in the qmail-smtpd run script.
It may be failing to load the database because of insufficient memory
allowed to the process.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam --quiet isn't

2004-05-03 Thread Dennis Skinner 
On Sun, 2004-05-02 at 16:22, Damian Menscher wrote:
> Every 2 hours I get the following in my logs:
> 
> May  2 13:31:34 hostname freshclam[3193]: Received signal 14, wake up
> May  2 13:31:34 hostname freshclam[3193]: ClamAV update process started at Sun May  
> 2 13:31:34 2004
> May  2 13:31:35 hostname freshclam[3193]: main.cvd is up to date (version: 22, sigs: 
> 20229, f-level: 1, builder: tkojm)
> May  2 13:31:35 hostname freshclam[3193]: daily.cvd is up to date (version: 298, 
> sigs: 1141, f-level: 2, builder: diego)
> May  2 13:31:35 hostname freshclam[3193]: --
> 
> This is with the --quiet option.  Checking the source it looks like
> freshclam completely ignores the --quiet option.  It would be nice if
> it only added one line per run, rather than five.

My understanding of --quiet is that is suppresses output to stdout. 
Logs still get written.  This is the way it works for me (and has since
0.65 or so). 

> Damian Menscher
-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Zero byte clamd.socket and clmilter.socket

2004-05-03 Thread Karl Hakmiller 
On Mon, 3 May 2004 16:14:55 +0100
Nigel Horne <[EMAIL PROTECTED]> wrote:

> On Monday 03 May 2004 2:48 pm, Karl Hakmiller wrote:
> 
> > Checking /var/clamav I find a zero byte clamav.socket and no
> > clmilter.socket. So, I delete 0-byte clamav.socket, and restart clamd
> > (also, 0.70-1.rhfc1.dag) and clamav-milter in Services.  Now I have the
> > 0-byte clamav.socket back in /var/clamav along with a 0-byte
> > clmilter.socket though Services reports that clamd and clamav-milter are
> > both running.
> 
> These files should not be 0 byte, they should be special files of no length (there
> is a difference of course). 'ls -l' should give 's' in the first column.
> 
> -Nigel
> 
> -- 
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK.  ICQ#20252325
> [EMAIL PROTECTED] http://www.bandsman.co.uk
> 
> 
> 
Thank you for this information.  Indeed, as you suggest these files
do have an s in the first column.  I was misled by du -a (but then
I had no idea about this distinction you mention for such special files
either)

-- 
Karl L
Email: [EMAIL PROTECTED]
Homepage: http://hakmiller.rootsweb.com
= Linux Lives!   


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Zero byte clamd.socket and clmilter.socket

2004-05-03 Thread Karl Hakmiller 
On Mon, 3 May 2004 18:32:50 +0300
Odhiambo Washington <[EMAIL PROTECTED]> wrote:

> * Karl Hakmiller <[EMAIL PROTECTED]> [20040503 18:27]: wrote:
> > Just installed clamav-0.70-1 (rhfc1.dag).  /etc/clamav.conf has LocalSocket set to 
> > /var/clamav.  During boot report from that loader  
> > is the clamd.socket does not exist in /var/clamav and the clmilter
> > ( also, 0.70-1.rhfc1.dag) fails to load.  
> > 
> > Checking /var/clamav I find a zero byte clamav.socket and no clmilter.socket. So, 
> > I delete 0-byte clamav.socket, and 
> > restart clamd (also, 0.70-1.rhfc1.dag) and clamav-milter in Services.  Now I have 
> > the 0-byte clamav.socket back in /var/clamav along with a 0-byte clmilter.socket 
> > though Services reports that clamd and clamav-milter are both running.
> > 
> > I'd appreciate some guidance toward a fix.  Is there a FAQ on this
> > or a man page that I've missed?
> 
> echo FixStaleSocket >> clamav.conf
> 
> 
> 
> cheers
>- wash 
> 
> 

Thanks but I already had FixStaleSocket enabled in clamav.conf  In fact, here is my 
clamav.conf file -- maybe someone can spot a problem there:

##
## Example config file for the Clam AV daemon
## Please read the clamav.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running the daemon.
# Full path is required.
LogFile /var/log/clamav/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option). That's why you shouldn't uncomment
# this option.
#LogFileUnlock

# Maximal size of the log file. Default is 1 Mb.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
LogFileMaxSize 2M

# Log time with an each message.
LogTime

# Log also clean files. May be useful in debugging but will drastically
# increase the log size.
#LogClean

# Use system logger (can work together with LogFile).
LogSyslog

# Enable verbose logging.
LogVerbose

# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default is system specific - usually /var/tmp or /tmp.
TemporaryDirectory /var/tmp

# Path to the database directory.
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
# but it depends on installation options).
DatabaseDirectory /var/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /var/clamav/clamd.socket

# Remove stale socket after unclean shutdown.
FixStaleSocket

# TCP port address.
# TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default is 15.
#MaxConnectionQueueLength 30

# When activated, input stream (see STREAM command) will be saved to disk before
# scanning - this allows scanning within archives.
StreamSaveToDisk

# Close the connection if this limit is exceeded.
StreamMaxLength 10M

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10

# Waiting for data from a client socket will timeout after this time (seconds).
# Default is 120. Value of 0 disables the timeout.
#ReadTimeout 300

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
FollowDirectorySymlinks

# Follow regular file symlinks.
FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
SelfCheck 600

# Execute a command when a virus is found. In the command string %v will
# be replaced by the virus name.
#
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
User

[Clamav-users] Does the Sasser signature catch all variants?

2004-05-03 Thread Michael St. Laurent 
According to http://sarc.com/ there are several variants of the Sasser worm
running around on the net.  A "sigtool -l | grep -i sasser" command reports
"Worm.Sasser.A" but no others.  Does this one signature catch all the
variants?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clamd starts failing after DB reload

2004-05-03 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Jaap
> Scholten
> Sent: Monday, May 03, 2004 10:28 AM
> To: Clamav-Users
> Subject: [Clamav-users] Clamd starts failing after DB reload
>
>
> Hi, can anyone help with this:
>
> I am runing clamd 0.68 on RH8 & Sendmail 8.12.
> Sometimes, during a self-check, calmd detects a pattern DB change, and
> forces a reload, as it's supposed to do.  However, after this, it seems to
> fall over when trying to re-load the DB, untill it is started
> manually.  See
> logfile extract below.
>
> Does anybody know why?  Tanks in advance.
>
>

I think this might have been fixed in .70.  I would try upgrading first.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Docs on using clamd & clamav-milter with tcpserver?

2004-05-03 Thread Alton Yu 
From: Nigel Horne <[EMAIL PROTECTED]>
Organization: NJH Music (bandsman.co.uk)
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Docs on using clamd & clamav-milter with
tcpserver?
Date: Mon, 3 May 2004 12:42:29 +0100
Reply-To: [EMAIL PROTECTED]

On Monday 03 May 2004 3:15 am, Alton Yu wrote:
> Does anyone have experience with this? I'm interested in making the
> services more available just in case they crash.

Specifically, what do you want to know?

Actually, it was a mistake. What I meant was how it would run with
tcpserver.

Thanks!

> Thanks,
> Alton

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: malformed pattern

2004-05-03 Thread peter 
Jim Maul wrote:

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of peter
Sent: Monday, May 03, 2004 6:39 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Re: malformed pattern
peter wrote:

peter wrote:


Jim Maul wrote:


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of peter
Sent: Friday, April 30, 2004 12:05 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] malformed pattern
Hi, I have problem with clamav 0.70 stable.
Malformed patter line 13898 (file
/var/spool/qmailscan/tmp/../viruses.db)
Incomplete block read
cli_cvdload(): Can't unpack CVD file
CVD extraction failure
This problem I see just with clamscan. I tried scan (by
qmail-scanner)

with clamd/clamdscan and this problem did not appear.

I deleted .cvd files and ran freshclam again, but it did not help. I
saw
somewhere that clamdscan uses internal (lib) unrar routine and
clamdscan
does not know to use external unrar3.x. And I want to check rar files
too. If I understand it, then i have to use clamscan with "--unrar"
option to scan rar files. Is it correct.


Are you still using old style .db files?  These can be removed in
favor of
the newer .cvd files.
Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle
10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Hi,

As I wrote I am using .cvd files already. I installed clamav 0.70
stable 4 days ago. After istallation I removed .cvd files and ran
freshclam few times again (I was thinking that perhaps .cvd files are
incorrectly downloaded or something like this). I googled somewhat and
found here:
"http://www.mail-archive.com/[EMAIL PROTECTED]
ge.net/msg02282.html"
this:

.
I was getting plenty of error messages like this:
28/08/2003 10:10:13:3361: --output of clamscan was:
LibClamAV Error: cli_calloc(): Can't allocate memory (98 bytes).
calloc_problem: Cannot allocate memory
LibClamAV Error: readdb(): Malformed pattern line 8706 (file
/usr/local/share/clamav/viruses.db).
ERROR: Malformed database.
--
28/08/2003 10:10:13:3361: tempfail: X-Qmail-Scanner-1.16:
clam_scanner: corrupt or
unknown ClamAV scanner error or memory/resource/perms problem - exit
status 50
If you are getting similar permutations on this theme the
clamd/clamdscan pairing may
be the way to go for you.
Author: Steve Crowder
E-mail: steve (at) crowders (dot) org
Date: 28/08/2003
.
But there is no explanation why to use clamd/clamdscan and what is
wrong or how to fix problem with clamscan.
Thanks.

Peter



This message you googled is most likely a problem with the softlimit.  The
poster mentioned using clamd/clamdscan most likely to reduce the
memory/processor overhead of using clamscan.  This most likely will NOT help
you as i dont believe you have the same problem.


Now I found that clamscan is still looking for viruses.db file. Now I
added "--database=/usr/local/share/clamav/" option to clamscan
and still

the same error message. Clamscan is still looking for .db file(s). In
help for clamscan is this: "Load virus database from FILE or load all
.db and db2 files from DIR" as decription for option "--database".
Question is, how to make it work with .cvd files. Version of
clamscan is

also 0.70. Reason why I want to use clamscan instead of clamd/clamdscan
is that clamd cannot use external .rar files unpacker.


Clamav will attempt to use any .db file that it can find.  These are old
style databases and should most likely be removed from your system.
Removing *.cvd and re-downloading will not help as the .db files are still
there.  Also, you dont have to "make" clamav work with .cvd files as this is
the default.  Your clam installation is not ignoring your .cvd files, its
just using the .db ones also.


I'm running clamscan via qmai-scanner-queue.pl and in $clamscan_option I
have "--database=/usr/local/share/clamav/", but
/var/spool/qmailscann/qmail-queue.log showes me still the same error
message. In this log file I can see correct path pointed to .cvd
directory, but it seems that clamscan is looking stil to
/var/spool/qmailscan/tmp/host.domain.tld21312312/clamav-424242345/
viruses.db
for .db file. If I run clamscan as root (via command line) with the same
options which are in qmail-queue-scanner.pl ($clamscan_option)
everything looks ok.


Im not sure whats telling clamav to use
/var/spool/qmailscan/tmp/host.domain.tld21312312/clamav-424242345/ but you
may want to check /etc/clamav.conf and /etc/freshclam.conf and make sure
these arent telling it to do so.
Hope this helps.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the

Re: [Clamav-users] Zero byte clamd.socket and clmilter.socket

2004-05-03 Thread Odhiambo Washington 
* Karl Hakmiller <[EMAIL PROTECTED]> [20040503 18:27]: wrote:
> Just installed clamav-0.70-1 (rhfc1.dag).  /etc/clamav.conf has LocalSocket set to 
> /var/clamav.  During boot report from that loader  
> is the clamd.socket does not exist in /var/clamav and the clmilter
> ( also, 0.70-1.rhfc1.dag) fails to load.  
> 
> Checking /var/clamav I find a zero byte clamav.socket and no clmilter.socket. So, I 
> delete 0-byte clamav.socket, and 
> restart clamd (also, 0.70-1.rhfc1.dag) and clamav-milter in Services.  Now I have 
> the 0-byte clamav.socket back in /var/clamav along with a 0-byte clmilter.socket 
> though Services reports that clamd and clamav-milter are both running.
> 
> I'd appreciate some guidance toward a fix.  Is there a FAQ on this
> or a man page that I've missed?

echo FixStaleSocket >> clamav.conf



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Zero byte clamd.socket and clmilter.socket

2004-05-03 Thread Nigel Horne 
On Monday 03 May 2004 2:48 pm, Karl Hakmiller wrote:

> Checking /var/clamav I find a zero byte clamav.socket and no
> clmilter.socket. So, I delete 0-byte clamav.socket, and restart clamd
> (also, 0.70-1.rhfc1.dag) and clamav-milter in Services.  Now I have the
> 0-byte clamav.socket back in /var/clamav along with a 0-byte
> clmilter.socket though Services reports that clamd and clamav-milter are
> both running.

These files should not be 0 byte, they should be special files of no length (there
is a difference of course). 'ls -l' should give 's' in the first column.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Zero byte clamd.socket and clmilter.socket

2004-05-03 Thread Karl Hakmiller 
On Mon, 3 May 2004 09:48:16 -0400
Karl Hakmiller <[EMAIL PROTECTED]> wrote:

> Just installed clamav-0.70-1 (rhfc1.dag).  /etc/clamav.conf has LocalSocket set to 
> /var/clamav.  During boot report from that loader  
> is the clamd.socket does not exist in /var/clamav and the clmilter
> ( also, 0.70-1.rhfc1.dag) fails to load.  
> 
> Checking /var/clamav I find a zero byte clamav.socket and no clmilter.socket. So, I 
> delete 0-byte clamav.socket, and 
> restart clamd (also, 0.70-1.rhfc1.dag) and clamav-milter in Services.  Now I have 
> the 0-byte clamav.socket back in /var/clamav along with a 0-byte clmilter.socket 
> though Services reports that clamd and clamav-milter are both running.
> 
> I'd appreciate some guidance toward a fix.  Is there a FAQ on this
> or a man page that I've missed?
> 



I just finished upgrading all clamav progs to 0.70-2 on this FC1
(Linux version 2.4.22-1.2188.nptlsmp) system.  Identical results
with the sockets.


-- 
Karl L
Email: [EMAIL PROTECTED]
Homepage: http://hakmiller.rootsweb.com
= Linux Lives!   


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: malformed pattern

2004-05-03 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of peter
> Sent: Monday, May 03, 2004 6:39 AM
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Re: malformed pattern
>
>
> peter wrote:
> > peter wrote:
> >
> >> Jim Maul wrote:
> >>
> >>>
>  -Original Message-
>  From: [EMAIL PROTECTED]
>  [mailto:[EMAIL PROTECTED] Behalf Of peter
>  Sent: Friday, April 30, 2004 12:05 PM
>  To: [EMAIL PROTECTED]
>  Subject: [Clamav-users] malformed pattern
> 
> 
>  Hi, I have problem with clamav 0.70 stable.
>  Malformed patter line 13898 (file
>  /var/spool/qmailscan/tmp/../viruses.db)
>  Incomplete block read
>  cli_cvdload(): Can't unpack CVD file
>  CVD extraction failure
> 
>  This problem I see just with clamscan. I tried scan (by
> qmail-scanner)
>  with clamd/clamdscan and this problem did not appear.
> 
>  I deleted .cvd files and ran freshclam again, but it did not help. I
>  saw
>  somewhere that clamdscan uses internal (lib) unrar routine and
>  clamdscan
>  does not know to use external unrar3.x. And I want to check rar files
>  too. If I understand it, then i have to use clamscan with "--unrar"
>  option to scan rar files. Is it correct.
> 
> >>>
> >>>
> >>> Are you still using old style .db files?  These can be removed in
> >>> favor of
> >>> the newer .cvd files.
> >>>
> >>> Jim
> >>>
> >>>
> >>>
> >>> ---
> >>> This SF.Net email is sponsored by: Oracle 10g
> >>> Get certified on the hottest thing ever to hit the market... Oracle
> >>> 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
> >>> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> >>> ___
> >>> Clamav-users mailing list
> >>> [EMAIL PROTECTED]
> >>> https://lists.sourceforge.net/lists/listinfo/clamav-users
> >>>
> >> Hi,
> >>
> >> As I wrote I am using .cvd files already. I installed clamav 0.70
> >> stable 4 days ago. After istallation I removed .cvd files and ran
> >> freshclam few times again (I was thinking that perhaps .cvd files are
> >> incorrectly downloaded or something like this). I googled somewhat and
> >> found here:
> >>
> "http://www.mail-archive.com/[EMAIL PROTECTED]
> ge.net/msg02282.html"
> >> this:
> >>
> >> .
> >> I was getting plenty of error messages like this:
> >> 28/08/2003 10:10:13:3361: --output of clamscan was:
> >> LibClamAV Error: cli_calloc(): Can't allocate memory (98 bytes).
> >> calloc_problem: Cannot allocate memory
> >> LibClamAV Error: readdb(): Malformed pattern line 8706 (file
> >> /usr/local/share/clamav/viruses.db).
> >> ERROR: Malformed database.
> >> --
> >> 28/08/2003 10:10:13:3361: tempfail: X-Qmail-Scanner-1.16:
> >> clam_scanner: corrupt or
> >> unknown ClamAV scanner error or memory/resource/perms problem - exit
> >> status 50
> >>
> >> If you are getting similar permutations on this theme the
> >> clamd/clamdscan pairing may
> >> be the way to go for you.
> >>
> >> Author: Steve Crowder
> >> E-mail: steve (at) crowders (dot) org
> >> Date: 28/08/2003
> >> .
> >>
> >> But there is no explanation why to use clamd/clamdscan and what is
> >> wrong or how to fix problem with clamscan.
> >>
> >> Thanks.
> >>
> >> Peter
> >>

This message you googled is most likely a problem with the softlimit.  The
poster mentioned using clamd/clamdscan most likely to reduce the
memory/processor overhead of using clamscan.  This most likely will NOT help
you as i dont believe you have the same problem.




> > Now I found that clamscan is still looking for viruses.db file. Now I
> > added "--database=/usr/local/share/clamav/" option to clamscan
> and still
> > the same error message. Clamscan is still looking for .db file(s). In
> > help for clamscan is this: "Load virus database from FILE or load all
> > .db and db2 files from DIR" as decription for option "--database".
> > Question is, how to make it work with .cvd files. Version of
> clamscan is
> > also 0.70. Reason why I want to use clamscan instead of clamd/clamdscan
> > is that clamd cannot use external .rar files unpacker.

Clamav will attempt to use any .db file that it can find.  These are old
style databases and should most likely be removed from your system.
Removing *.cvd and re-downloading will not help as the .db files are still
there.  Also, you dont have to "make" clamav work with .cvd files as this is
the default.  Your clam installation is not ignoring your .cvd files, its
just using the .db ones also.


> >
> I'm running clamscan via qmai-scanner-queue.pl and in $clamscan_option I
> have "--database=/usr/local/share/clamav/", but
> /var/spool/qmailscann/qmail-queue.log showes me still the same error
> message. In this log file I can see correct path pointed to .cvd
> directory, but it seems that clamscan is looking stil to
> /var/spool/qmailscan/tmp/host.domain.

[Clamav-users] Search tool on www.clamav.net

2004-05-03 Thread Jim Maul 
Would it be possible for the online search at
http://clamav-du.securesites.net/cgi-bin/clamgrok to show the time that the
signature was added to the database?  This would be real handy.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clamd starts failing after DB reload

2004-05-03 Thread Jaap Scholten 
Hi, can anyone help with this:

I am runing clamd 0.68 on RH8 & Sendmail 8.12.
Sometimes, during a self-check, calmd detects a pattern DB change, and
forces a reload, as it's supposed to do.  However, after this, it seems to
fall over when trying to re-load the DB, untill it is started manually.  See
logfile extract below.

Does anybody know why?  Tanks in advance.

___SNIP

Mon May  3 13:41:14 2004 -> stream: Worm.Mydoom.J FOUND
Mon May  3 13:41:18 2004 -> Accepted connection on port 29201, fd 9
Mon May  3 13:41:23 2004 -> Accepted connection on port 7530, fd 9
Mon May  3 13:41:24 2004 -> Accepted connection on port 4098, fd 32
Mon May  3 13:41:26 2004 -> Accepted connection on port 14763, fd 13
Mon May  3 13:41:26 2004 -> Accepted connection on port 44378, fd 32
Mon May  3 13:41:26 2004 -> SelfCheck: Database modification detected.
Forcing reload.
Mon May  3 13:41:26 2004 -> SelfCheck: Integrity OK
Mon May  3 13:41:31 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:43:31 2004 -> Main thread: database reloaded.
Mon May  3 13:43:31 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:43:31 2004 -> Accepted connection on port 14623, fd 13
Mon May  3 13:45:31 2004 -> Main thread: database reloaded.
Mon May  3 13:45:32 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:45:32 2004 -> Accepted connection on port 2963, fd 33
Mon May  3 13:47:32 2004 -> Main thread: database reloaded.
Mon May  3 13:47:32 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:47:32 2004 -> Accepted connection on port 30488, fd 65
Mon May  3 13:49:32 2004 -> Main thread: database reloaded.
Mon May  3 13:49:32 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:49:32 2004 -> Accepted connection on port 18267, fd 13
Mon May  3 13:51:32 2004 -> Main thread: database reloaded.
Mon May  3 13:51:32 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:51:32 2004 -> Accepted connection on port 49535, fd 69
Mon May  3 13:53:33 2004 -> Main thread: database reloaded.
Mon May  3 13:53:33 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:53:33 2004 -> Accepted connection on port 1282, fd 73
Mon May  3 13:55:33 2004 -> Main thread: database reloaded.
Mon May  3 13:55:33 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:55:33 2004 -> Accepted connection on port 30985, fd 77
Mon May  3 13:57:33 2004 -> Main thread: database reloaded.
Mon May  3 13:57:33 2004 -> Main thread: database reloading (waiting).
Mon May  3 13:57:33 2004 -> Accepted connection on port 59907, fd 81
Mon May  3 13:59:34 2004 -> Main thread: database reloaded.
Mon May  3 13:59:34 2004 -> Main thread: database reloading (waiting).
Mon May  3 14:00:21 2004 -> Database reload: some threads must be stopped in
the next iteration.
Mon May  3 14:01:34 2004 -> Main thread: database reloaded.
Mon May  3 14:01:34 2004 -> Main thread: database reloading (waiting).
Mon May  3 14:03:34 2004 -> Main thread: database reloaded.
Mon May  3 14:03:34 2004 -> Main thread: database reloading (waiting).
Mon May  3 14:05:34 2004 -> Main thread: database reloaded.
Mon May  3 14:05:34 2004 -> Main thread: database reloading (waiting).
Mon May  3 14:07:35 2004 -> Main thread: database reloaded.
Mon May  3 14:07:35 2004 -> Main thread: database reloading (waiting).

Jaap Scholten

eNetworks
Cape Town 8001, South Africa




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.672 / Virus Database: 434 - Release Date: 2004/04/28




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Zero byte clamd.socket and clmilter.socket

2004-05-03 Thread Karl Hakmiller 
Just installed clamav-0.70-1 (rhfc1.dag).  /etc/clamav.conf has LocalSocket set to 
/var/clamav.  During boot report from that loader  
is the clamd.socket does not exist in /var/clamav and the clmilter
( also, 0.70-1.rhfc1.dag) fails to load.  

Checking /var/clamav I find a zero byte clamav.socket and no clmilter.socket. So, I 
delete 0-byte clamav.socket, and 
restart clamd (also, 0.70-1.rhfc1.dag) and clamav-milter in Services.  Now I have the 
0-byte clamav.socket back in /var/clamav along with a 0-byte clmilter.socket though 
Services reports that clamd and clamav-milter are both running.

I'd appreciate some guidance toward a fix.  Is there a FAQ on this
or a man page that I've missed?

-- 
Karl L
Email: [EMAIL PROTECTED]
Homepage: http://hakmiller.rootsweb.com
= Linux Lives!   


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OT: qscanq with qmail (+clamd)

2004-05-03 Thread Dale Gallagher 
Thanks for responding Frank.

 Frank Rabitsch wrote 
> with the exception that clamd is running as user qscanq
> and it logs to
> stderr using the qscanlog user and the std-err patch.
> 
> Try to run clamd as qscanq and see what happens.

I tried this over the weekend without luck. This should not
really make a difference anyway, as qscanq calls the
clamdscan client - in fact any user can run the client
which simply passes the file to clamd for scanning. Have I
missed something here?

 Frank Rabitsch wrote 
> Security settings on my box:
> 
> /var/qmail/qscanq/:
> drwxr-sr-x 3 root root 4096 May 2 13:49 root
> 
> /var/qmail/qscanq/root:
> drwx--S--- 2 qscanq root 4096 May 3 18:08 scanq

If I look now, after installing yet again, the permissions
are identical on my system.

 Frank Rabitsch wrote 
> Furthermore the website mentions that the users should
> not belong to the
> group: "Create users named Gqscanq and Gqscanlog (or
> whatever is in
> conf-users), and a group named Gqscanq (or whatever is in
> conf-groups). The
> users should NOT belong to the Gqscanq group".

Yes, followed this.

I created the group qscan purely for the my users qscan and
qscanlog (ie. Gqscanq and Gqscanlog) as per conf-users. I
then used qclean for the group in src/conf-groups to which
my qscan and qscanlog users do _not_ belong. So, my setup
follows the instructions, bar the name differences. Again,
have I misinterpreted the setup?

I'll set it up again carefully later today and report back.

Thanks
Dale


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] ArchiveBlockEncrypted

2004-05-03 Thread Sam Smith 
I have not kept up with the password protected archive virus 
development. Is it still necessary to block password protected zip 
files? Or can clamd now detect viruses in a password protected zrchive?

thanks,
Sam Smith
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Docs on using clamd & clamav-milter with tcpserver?

2004-05-03 Thread Nigel Horne 
On Monday 03 May 2004 3:15 am, Alton Yu wrote:
> Does anyone have experience with this? I'm interested in making the
> services more available just in case they crash.

Specifically, what do you want to know?

> Thanks,
> Alton

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] LibClamAV Warning: Unknown encoding type "us-ascii"

2004-05-03 Thread Nigel Horne 
On Monday 03 May 2004 10:27 am, Frank Rabitsch wrote:

> LibClamAV Warning: Unknown encoding type "us-ascii"
>
> What is happening in this case? I cannot re-produce the error and don't
> know for sure whether the email is delivered or rejected. Should I worry?

No need to worry. It can safely be ignored.

> Frank

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OT: qscanq with qmail (+clamd)

2004-05-03 Thread Frank Rabitsch 

>   qscanq: fatal: unable to chdir to
> /var/qmail/qscanq/root/scanq: access denied
>
> clamd is running under daemontools as user clamav; this
> shouldn't pose an issue, as qscanq connects to clamd using
> the clamdscan client.

I'm running clamav supervised as described on
http://www.clamav.net/doc/0.70/clamd_supervised/clamd-daemontools-guide.txt
with the exception that clamd is running as user qscanq and it logs to
stderr using the qscanlog user and the std-err patch.

Try to run clamd as qscanq and see what happens.

> src/conf-scancmd:
>   /usr/bin/clamdscan --quiet ./
>
> My permission listing:
>
> # ls -la /var/qmail/ | grep qscanq
> drwxr-sr-t 5 root root 4096 May 1 12:49 qscanq/
>
> # ls -la /var/qmail/qscanq/root/ | grep sc
> drwx--S--- 2 qscan root 4096 May 1 12:49 scanq/
>

Security settings on my box:

/var/qmail/qscanq/:
drwxr-sr-x3 root root 4096 May  2 13:49 root

/var/qmail/qscanq/root:
drwx--S---2 qscanq   root 4096 May  3 18:08 scanq

> with qscanq user/group set as follows:
>
> qscanq user/group: qscan/qscan (src/conf-users line 1)
> qscanq log user/group: qscanlog/qscan (src/conf-users line
> 2)
> qscanq user for /service: qclean (src/conf-groups line 1)
>

Don't have any groups in the user file.

cat src/conf-users:
qscanq
qscanlog

cat src/conf-groups
qscanq

Furthermore the website mentions that the users should not belong to the
group: "Create users named Gqscanq and Gqscanlog (or whatever is in
conf-users), and a group named Gqscanq (or whatever is in conf-groups). The
users should NOT belong to the Gqscanq group".

Hope this helps.

regards
Frank



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems using clamav in supervised mode

2004-05-03 Thread Dale Gallagher 

> > Have you applied this patch? (for logging to stderr)
> > http://www.qscanq.org/clamav-0.70-stderr.patch.gz
> 
> No. Is it necessary for my suitation?

Not unless you're piping stderr to a logging facility like
multilog.

> Do you have any more ideas on what might be wrong?
> Or shall I try it under daemontools instead of runit?

runit is very similar to daemontools AFAIK - I doubt it's
necessary to switch.

Can you scan a file when clamd is running under runit?

eg. cat eicar_com.zip | clamdscan -;

What do(es) your logfile(s) say???

Does runit output a 'service' status? What does it report?

bye
Dale


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Strlcpy Problem

2004-05-03 Thread Ajay S 



Hi ,
 
I am having problem with clamav-mitler while 
installing the application i am getting problem of strlcpy. Can any one 
help.
 
Regards
 

[Clamav-users] Clamav on IA-64

2004-05-03 Thread Seve Ho 
Hi All,

I am going to install ClamAV on an Itanium2(IA-64). I found that gcc 
have dedicated compile options for different platform. I am just quite 
interested to know if any of these options can make clamav more 
efficient (faster ?) on IA-64?

The full sets of IA-64 options can be found at:  
http://gcc.gnu.org/onlinedocs/gcc/IA-64-Options.html#IA-64%20Options

Anyone have idea about this?

I have lists some of the possible options below:

|-mno-volatile-asm-stop|
   Generate (or don't) a stop bit immediately before and after volatile
   asm statements.
||
||
|-mno-sdata|
|-msdata|
   Disable (or enable) optimizations that use the small data section.
   This may be useful for working around optimizer bugs.
||
|-minline-float-divide-min-latency|
   Generate code for inline divides of floating point values using the
   minimum latency algorithm.
|-minline-float-divide-max-throughput|
   Generate code for inline divides of floating point values using the
   maximum throughput algorithm.
|-minline-int-divide-min-latency|
   Generate code for inline divides of integer values using the minimum
   latency algorithm.
|-minline-int-divide-max-throughput|
   Generate code for inline divides of integer values using the maximum
   throughput algorithm.
|-mfixed-range=|register-range||
   Generate code treating the given register range as fixed registers.
   A fixed register is one that the register allocator can not use.
   This is useful when compiling kernel code. A register range is
   specified as two registers separated by a dash. Multiple register
   ranges can be specified separated by a comma.
|-mearly-stop-bits|
|-mno-early-stop-bits|
   Allow stop bits to be placed earlier than immediately preceding the
   instruction that triggered the stop bit. This can improve
   instruction scheduling, but does not always do so. 

--
Seve Ho
Programmer
Tel   (852) 3105 2920
Fax   (852) 3105 2926
Email [EMAIL PROTECTED]
Mail Prove Ltd.
806, Cyberport 1
100 Cyberport Rd.
Pokfulam, H. K. 





---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: malformed pattern

2004-05-03 Thread peter 
peter wrote:
peter wrote:

Jim Maul wrote:


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of peter
Sent: Friday, April 30, 2004 12:05 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] malformed pattern
Hi, I have problem with clamav 0.70 stable.
Malformed patter line 13898 (file
/var/spool/qmailscan/tmp/../viruses.db)
Incomplete block read
cli_cvdload(): Can't unpack CVD file
CVD extraction failure
This problem I see just with clamscan. I tried scan (by qmail-scanner)
with clamd/clamdscan and this problem did not appear.
I deleted .cvd files and ran freshclam again, but it did not help. I 
saw
somewhere that clamdscan uses internal (lib) unrar routine and 
clamdscan
does not know to use external unrar3.x. And I want to check rar files
too. If I understand it, then i have to use clamscan with "--unrar"
option to scan rar files. Is it correct.



Are you still using old style .db files?  These can be removed in 
favor of
the newer .cvd files.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 
10g. Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Hi,

As I wrote I am using .cvd files already. I installed clamav 0.70 
stable 4 days ago. After istallation I removed .cvd files and ran 
freshclam few times again (I was thinking that perhaps .cvd files are 
incorrectly downloaded or something like this). I googled somewhat and 
found here: 
"http://www.mail-archive.com/[EMAIL PROTECTED]/msg02282.html" 
this:

.
I was getting plenty of error messages like this:
28/08/2003 10:10:13:3361: --output of clamscan was:
LibClamAV Error: cli_calloc(): Can't allocate memory (98 bytes).
calloc_problem: Cannot allocate memory
LibClamAV Error: readdb(): Malformed pattern line 8706 (file
/usr/local/share/clamav/viruses.db).
ERROR: Malformed database.
--
28/08/2003 10:10:13:3361: tempfail: X-Qmail-Scanner-1.16: 
clam_scanner: corrupt or
unknown ClamAV scanner error or memory/resource/perms problem - exit 
status 50

If you are getting similar permutations on this theme the 
clamd/clamdscan pairing may
be the way to go for you.

Author: Steve Crowder
E-mail: steve (at) crowders (dot) org
Date: 28/08/2003
.
But there is no explanation why to use clamd/clamdscan and what is 
wrong or how to fix problem with clamscan.

Thanks.

Peter



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 
10g. Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Now I found that clamscan is still looking for viruses.db file. Now I 
added "--database=/usr/local/share/clamav/" option to clamscan and still 
the same error message. Clamscan is still looking for .db file(s). In 
help for clamscan is this: "Load virus database from FILE or load all 
.db and db2 files from DIR" as decription for option "--database". 
Question is, how to make it work with .cvd files. Version of clamscan is 
also 0.70. Reason why I want to use clamscan instead of clamd/clamdscan 
is that clamd cannot use external .rar files unpacker.

Thanks.

Peter



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

I'm running clamscan via qmai-scanner-queue.pl and in $clamscan_option I 
have "--database=/usr/local/share/clamav/", but 
/var/spool/qmailscann/qmail-queue.log showes me still the same error 
message. In this log file I can see correct path pointed to .cvd 
directory, but it seems that clamscan is looking stil to 
/var/spool/qmailscan/tmp/host.domain.tld21312312/clamav-424242345/viruses.db 
for .db file. If I run clamscan as root (via command line) with the same 
options which are in qmail-queue-scanner.pl ($clamscan_option) 
everything looks ok.

Any ideas?

Thanks
Peter.


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op

Re: [Clamav-users] problems using clamav in supervised mode

2004-05-03 Thread K. Shantanu 
* Dale Gallagher <[EMAIL PROTECTED]> [040503 03:16]:
> My /service/clamd/run script:
[...]

It looks similar to mine.

> Have you applied this patch? (for logging to stderr)
> http://www.qscanq.org/clamav-0.70-stderr.patch.gz

No. Is it necessary for my suitation?

> What are your clamav.conf params?
> 
> Some obvious ones required to run under daemontools _and_
> scan mail:
> 
> -  -
> # if using above patch
> LogFile stderr

No.

> # for multilog
> LogFileUnlock
> FixStaleSocket

No.

> ScanMail
> Foreground

Yes.

Do you have any more ideas on what might be wrong?
Or shall I try it under daemontools instead of runit?

Regards,
Shantanu



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] LibClamAV Warning: Unknown encoding type "us-ascii"

2004-05-03 Thread Frank Rabitsch 

I'm running ClamAv 0.70 supervised using qscanq 0.42 scanner. Everything
seems to be running fine however this afternoon I find the following warning
in the logfile:

LibClamAV Warning: Unknown encoding type "us-ascii"

What is happening in this case? I cannot re-produce the error and don't know
for sure whether the email is delivered or rejected. Should I worry?

regards
Frank



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems using clamav in supervised mode

2004-05-03 Thread Dale Gallagher 

> it works beautifully ti fails only in supervised mode.
> 
> My run script is,
> # cat run
> #!/bin/sh
> exec 2>&1
> #exec /usr/local/bin/chpst -u clamav \
> #/usr/local/bin/chpst -m 4000 /usr/local/sbin/clamd
> #exec /usr/local/bin/chpst -m 8000
> /usr/local/sbin/clamd
> exec /usr/local/sbin/clamd

My /service/clamd/run script:

#!/bin/sh
exec 2>&1
exec setuidgid clamav \
 softlimit -a 4000 \
 /usr/sbin/clamd

Have you applied this patch? (for logging to stderr)
http://www.qscanq.org/clamav-0.70-stderr.patch.gz

What are your clamav.conf params?

Some obvious ones required to run under daemontools _and_
scan mail:

-  -
# if using above patch
LogFile stderr
# for multilog
LogFileUnlock
FixStaleSocket
ScanMail
Foreground
-  -


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sigtool not working correctly

2004-05-03 Thread Niek 
Mark Novak wrote:
Hello all,

I recently upgraded my Clamav from 0.70-rc to clamav-0.70.  After the  
upgrade my sigtool stopped working as it used to.  For example:

[EMAIL PROTECTED] log]# sigtool -i /var/lib/clamav/daily.cvd
Build time: 29 Apr 2004 07-50 +0200
Version: 294
# of signatures: 1075
Functionality level: 2
Builder: diego
MD5: 4a5bcb4e2e696c4e918ef8dd8d0b2ae2
Digital signature:  FUJWP7lblQugBK02KPsQMF2Seg/ 
IHEAanlB56P7AxZ84pLAfGnH1zxtW+B2YZyJelLSEyZOprZhHSccdoAzXMD9Q4hUipjpMJ8+ 
v9RlqHJpXrogrpP8vDJsjeb+N93ikPEa4TwEVmZ8aHgcfNUbhXIOQD4wOEWBWdcya9GRS+Ke
Verification OK.
[EMAIL PROTECTED] log]#

But if I try to grep for a specific virus, I get nothing:

[EMAIL PROTECTED] log]# sigtool -l |grep -i somefool
[EMAIL PROTECTED] log]#
Clam is catching a ton of somefool variants every hour, as well as the  
newest Bagle variants that I see listed in the update emails, but  
sigtool won't show them.

Any and all ideas are appreciated!

Thanks,

Mark Novak
Mark,

Maybe the path for the cvd files changed after your upgrade,
and sigtool and clam are looking in the old location for cvd files?
Regards,

Niek

---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: malformed pattern

2004-05-03 Thread peter 
peter wrote:

Jim Maul wrote:


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of peter
Sent: Friday, April 30, 2004 12:05 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] malformed pattern
Hi, I have problem with clamav 0.70 stable.
Malformed patter line 13898 (file
/var/spool/qmailscan/tmp/../viruses.db)
Incomplete block read
cli_cvdload(): Can't unpack CVD file
CVD extraction failure
This problem I see just with clamscan. I tried scan (by qmail-scanner)
with clamd/clamdscan and this problem did not appear.
I deleted .cvd files and ran freshclam again, but it did not help. I saw
somewhere that clamdscan uses internal (lib) unrar routine and clamdscan
does not know to use external unrar3.x. And I want to check rar files
too. If I understand it, then i have to use clamscan with "--unrar"
option to scan rar files. Is it correct.


Are you still using old style .db files?  These can be removed in 
favor of
the newer .cvd files.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 
10g. Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Hi,

As I wrote I am using .cvd files already. I installed clamav 0.70 stable 
4 days ago. After istallation I removed .cvd files and ran freshclam few 
times again (I was thinking that perhaps .cvd files are incorrectly 
downloaded or something like this). I googled somewhat and found here: 
"http://www.mail-archive.com/[EMAIL PROTECTED]/msg02282.html" 
this:

.
I was getting plenty of error messages like this:
28/08/2003 10:10:13:3361: --output of clamscan was:
LibClamAV Error: cli_calloc(): Can't allocate memory (98 bytes).
calloc_problem: Cannot allocate memory
LibClamAV Error: readdb(): Malformed pattern line 8706 (file
/usr/local/share/clamav/viruses.db).
ERROR: Malformed database.
--
28/08/2003 10:10:13:3361: tempfail: X-Qmail-Scanner-1.16: clam_scanner: 
corrupt or
unknown ClamAV scanner error or memory/resource/perms problem - exit 
status 50

If you are getting similar permutations on this theme the 
clamd/clamdscan pairing may
be the way to go for you.

Author: Steve Crowder
E-mail: steve (at) crowders (dot) org
Date: 28/08/2003
.
But there is no explanation why to use clamd/clamdscan and what is wrong 
or how to fix problem with clamscan.

Thanks.

Peter



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Now I found that clamscan is still looking for viruses.db file. Now I 
added "--database=/usr/local/share/clamav/" option to clamscan and still 
the same error message. Clamscan is still looking for .db file(s). In 
help for clamscan is this: "Load virus database from FILE or load all 
.db and db2 files from DIR" as decription for option "--database". 
Question is, how to make it work with .cvd files. Version of clamscan is 
also 0.70. Reason why I want to use clamscan instead of clamd/clamdscan 
is that clamd cannot use external .rar files unpacker.

Thanks.

Peter



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam --quiet isn't

2004-05-03 Thread Marc 


Damian Menscher wrote:

Every 2 hours I get the following in my logs:

May  2 13:31:34 hostname freshclam[3193]: Received signal 14, wake up
May  2 13:31:34 hostname freshclam[3193]: ClamAV update process started at Sun May  2 
13:31:34 2004
May  2 13:31:35 hostname freshclam[3193]: main.cvd is up to date (version: 22, sigs: 
20229, f-level: 1, builder: tkojm)
May  2 13:31:35 hostname freshclam[3193]: daily.cvd is up to date (version: 298, sigs: 
1141, f-level: 2, builder: diego)
May  2 13:31:35 hostname freshclam[3193]: --
This is with the --quiet option.  Checking the source it looks like
freshclam completely ignores the --quiet option.  It would be nice if
it only added one line per run, rather than five.
I'm using freshclam 0.70 and with the --quiet options there is no output.

Marc

---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: malformed pattern

2004-05-03 Thread peter 
Jim Maul wrote:

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of peter
Sent: Friday, April 30, 2004 12:05 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] malformed pattern
Hi, I have problem with clamav 0.70 stable.
Malformed patter line 13898 (file
/var/spool/qmailscan/tmp/../viruses.db)
Incomplete block read
cli_cvdload(): Can't unpack CVD file
CVD extraction failure
This problem I see just with clamscan. I tried scan (by qmail-scanner)
with clamd/clamdscan and this problem did not appear.
I deleted .cvd files and ran freshclam again, but it did not help. I saw
somewhere that clamdscan uses internal (lib) unrar routine and clamdscan
does not know to use external unrar3.x. And I want to check rar files
too. If I understand it, then i have to use clamscan with "--unrar"
option to scan rar files. Is it correct.


Are you still using old style .db files?  These can be removed in favor of
the newer .cvd files.
Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Hi,

As I wrote I am using .cvd files already. I installed clamav 0.70 stable 
4 days ago. After istallation I removed .cvd files and ran freshclam few 
times again (I was thinking that perhaps .cvd files are incorrectly 
downloaded or something like this). I googled somewhat and found here: 
"http://www.mail-archive.com/[EMAIL PROTECTED]/msg02282.html" 
this:

.
I was getting plenty of error messages like this:
28/08/2003 10:10:13:3361: --output of clamscan was:
LibClamAV Error: cli_calloc(): Can't allocate memory (98 bytes).
calloc_problem: Cannot allocate memory
LibClamAV Error: readdb(): Malformed pattern line 8706 (file
/usr/local/share/clamav/viruses.db).
ERROR: Malformed database.
--
28/08/2003 10:10:13:3361: tempfail: X-Qmail-Scanner-1.16: clam_scanner: 
corrupt or
unknown ClamAV scanner error or memory/resource/perms problem - exit 
status 50

If you are getting similar permutations on this theme the 
clamd/clamdscan pairing may
be the way to go for you.

Author: Steve Crowder
E-mail: steve (at) crowders (dot) org
Date: 28/08/2003
.
But there is no explanation why to use clamd/clamdscan and what is wrong 
or how to fix problem with clamscan.

Thanks.

Peter



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users