Re: [Clamav-users] clamav-milter doesn't "see" virus on emails? (help!)

2004-05-04 Thread Stephen Gran 
On Tue, May 04, 2004 at 05:06:49PM -0300, Matias Lopez Bergero said:
> Hello list!
> After reading a little bit in google and in the list it self, I have 
> successfully installed the clamav antivirus with the clamav-milter mail 
> scanner.
> But I have one problem:
> clamav-milter do not stops or informs the presence of virus in the emails.
> 
> I have redhat linux and sendmail from the rpms packages. I have 
> installed the sendmail-devel package to compile clamav with milter support.
> 
> I tested clamavscan and works ok. I have no problems updating the virus dbs.
> I can run clamd and clamav-milter with no problems and no error messages.
> 
> sh-2.04# ps ax | grep clam
> 19746 ?S  0:00 clamd
> 19780 ?S  0:00 clamd
> 20405 ?S  0:00 clamav-milter -DloHNP /var/run/clmilter.sock

> sh-2.04# netstat --unix -nap | grep clam
> unix  2  [ ACC ] STREAM LISTENING 87640433 
> 20405/clamav-milter /var/run/clmilter.sock
> unix  2  [ ACC ] STREAM LISTENING 87634193 19746/clamd 
>/var/run/clamd.sock
> unix  2  [ ] DGRAM87640431 
> 20405/clamav-milter
> unix  2  [ ] DGRAM87634184 19746/clamd
> sh-2.04#
> 
> Everything looks good.
> 
> I have added ed the line:
> INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl
> define(`confINPUT_MAIL_FILTERS', `clamav')
> at the end of the sendmail.mc and rebuild the sendmail.cf.
> (should I see some config instance of this in the cf file???)

Note that clamav-milter is listening on the socket
/var/run/clmilter.sock, but you told sendmail to connect to it over the
socket at local:/var/run/clamav.sock.  That will never work.

-- 
 --
|  Stephen Gran  | New members are urgently needed in the  |
|  [EMAIL PROTECTED] | Society for Prevention of Cruelty to|
|  http://www.lobefin.net/~steve | Yourself.  Apply within.|
 --


pgp0.pgp
Description: PGP signature

Fw: [Clamav-users] problems using sendmail with clamav on rh7.3

2004-05-04 Thread Roberto Espinosa 
add the followings lines to sendmail.mc and  run again m4

define(_FFR_MILTER)dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl

Roberto


- Original Message - 
From: "Todd Lyons" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 04, 2004 5:32 PM
Subject: Re: [Clamav-users] problems using sendmail with clamav on rh7.3


> Raul Elizondo wanted us to know:
>
> >Perhaps rh7.3 (sendmail 8.11.6) need someother command rather than
> >INPUT_MAIL_FILTER and define?
>
> Make sure that sendmail-cf is installed.
> --
> Regards... Todd
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety.   --Benjamin Franklin
> Linux kernel 2.6.3-8mdkenterprise   2 users,  load average: 0.00, 0.02,
0.00
>
>
> ---
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>
>



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Fw: [Clamav-users] Re: clamav-milter doesn't "see" virus on emails? (help!)

2004-05-04 Thread Roberto Espinosa 
Hi

I test adding the followings lines to sendmail.mc

define(_FFR_MILTER)dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamav.sock,
F=,T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl

Now see the changes in sendmail.cf


Roberto


- Original Message - 
From: "Matias Lopez Bergero" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 04, 2004 4:25 PM
Subject: [Clamav-users] Re: clamav-milter doesn't "see" virus on emails?
(help!)


> I think that I have found the problem.
> Wen I regenerate the sendmail.cf the file laks of the filter options.
> I am doing this with the following command:
> m4 sendmail.mc > sendmail.cf
> It creates the file, but can't find anything about filters, milter,
> clamav or something like that.
>
> I hav add the following lines in sendmail.mc:
> INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=,
> T=S:4m;R:4m')dnl
> define(`confINPUT_MAIL_FILTERS', `clamav')
>
> I have installed the sendmail-cf rpm packege.
>
> What can be wrong???
>
> Thanks in advanced.
> Regards!
> Matías.
>
>
> Matias Lopez Bergero wrote:
> > Hello list!
> > After reading a little bit in google and in the list it self, I have
> > successfully installed the clamav antivirus with the clamav-milter mail
> > scanner.
> > But I have one problem:
> > clamav-milter do not stops or informs the presence of virus in the
emails.
>  >[...]
>
>
>
>
> ---
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>
>



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems using sendmail with clamav on rh7.3

2004-05-04 Thread Todd Lyons 
Raul Elizondo wanted us to know:

>Perhaps rh7.3 (sendmail 8.11.6) need someother command rather than
>INPUT_MAIL_FILTER and define?

Make sure that sendmail-cf is installed.
-- 
Regards...  Todd
They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety.   --Benjamin Franklin
Linux kernel 2.6.3-8mdkenterprise   2 users,  load average: 0.00, 0.02, 0.00


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] segmentation fault in 0.70 ?due to filename of infected virus?

2004-05-04 Thread Chris Conn 
Hello,

I am running clamav-0.70 with mailscanner (rebuilt the Fedora RPMs on 
RHEL3), and I have had for the first time something I have not had in a 
very long time; Segmentation fault, :-( Bye..

I searched the logs, and this occurred as follows:



 Tue May  4 16:08:13 2004 -> Segmentation fault :-( Bye..

and at precisely 16:08:13, MailScanner reports the following virus:

May  4 16:08:13 MailScanner[16448]: /var/spool/MailScanner/incoming/16448/
.i44K7gOj020343/%nTips.exe: Worm.Klez.H FOUND
Is it possible that a %n in the filename (*which is surely illegal*) 
could cause clamd to crash in such a way?  This is obviously the scan 
that caused the segmentation fault, however is this the reason?

Thanks in advance,

Chris



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] How to submit email from Exchange Server?

2004-05-04 Thread Michael St. Laurent 
Diego d'Ambra  wrote:
>> Does a procedure exist for exporting an email from Exchange Server
>> in a format that is useable by the team?
> 
> You may take a look at Spamsource
> (http://www.daesoft.com/SpamSource/index.htm).
> 
> It allows you easy to "extract the original non Exchange formatted"
> e-mail. Just use the "copy to clipboard" function then paste the text
> to a Notepad file.
> 
> (otherwise you're welcome to submit this .msg sample directly to me).

Thank you Diego.  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamav-milter doesn't "see" virus on emails? (help!)

2004-05-04 Thread Matias Lopez Bergero 
I think that I have found the problem.
Wen I regenerate the sendmail.cf the file laks of the filter options.
I am doing this with the following command:
m4 sendmail.mc > sendmail.cf
It creates the file, but can't find anything about filters, milter, 
clamav or something like that.

I hav add the following lines in sendmail.mc:
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, 
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')

I have installed the sendmail-cf rpm packege.

What can be wrong???

Thanks in advanced.
Regards!
Matías.
Matias Lopez Bergero wrote:
Hello list!
After reading a little bit in google and in the list it self, I have 
successfully installed the clamav antivirus with the clamav-milter mail 
scanner.
But I have one problem:
clamav-milter do not stops or informs the presence of virus in the emails.
>[...]



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] problems using sendmail with clamav on rh7.3

2004-05-04 Thread Roberto Espinosa 
add the followings lines to sendmail.mc and  run again m4

define(_FFR_MILTER)dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl

Roberto


- Original Message - 
From: "Steven Stern" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 04, 2004 2:22 PM
Subject: Re: [Clamav-users] problems using sendmail with clamav on rh7.3


> On Tue, 4 May 2004 11:16:20 -0600, "Raul Elizondo"
> <[EMAIL PROTECTED]> wrote:
>
>
> >and when i run m4, this 2 lines does not even make any change in
> >sendmail.cf.
> >
>
> Run m4?
>
>make -C /etc/mail
>
> should compile the .m4 file into the .cf result.
> --
>Steve
>
>
>
> ---
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id149&alloc_id66&opÌk
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>
>
>



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems using sendmail with clamav on rh7.3

2004-05-04 Thread Ed Kasky 
Check to see if it has compiled into the binary:

$ sendmail -d0 < /dev/null | grep MILTER
 Compiled with: DNSMAP LOG MATCHGECOS MILTER MIME7TO8 MIME8TO7
At 10:16 AM Tuesday, 5/4/2004, Raul wrote -=>
I finnally could compile it and it runs at least the tests, but now the
problem comes when i try to add it in sendmail
INPUT_MAIL_FILTER(`clamav', `S=local:/usr/local/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl


This worked for me on RH 7.2, Sendmail 8.12.11.  Try it step by step:
http://sial.org/howto/clamav/clamav-milter/
"Adding MILTER support to Sendmail usually involves adding the following 
entries to a site.config.m4 used to build Sendmail from source then 
rebuilding Sendmail. The second entry is disabled here by default for 
debugging, though can be enabled if clamav-milter is not running as the 
root user."

APPENDDEF(`confENVDEF', `-DMILTER')
dnl APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE')
Then add the following to the sendmail.mc and rebuild the cf:

INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=S, 
T=S:4m;R:4m;E:10m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl

I tried to copy/paste these lines in a sendmail.cf from another running
Never a good idea

Ed
. . . . . . . .
An optimist is someone who hasn't learned all the facts yet.


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FreeBSD 4.8-RELEASE + clamd 0.70 (stable) hanging

2004-05-04 Thread Jesse Guardiani 
Howdy folks,

I'm running clamd 0.70 with:

FreeBSD chortos.wingnet.net 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Fri Apr 11 12:59:08 
EDT 2003 [EMAIL PROTECTED]:/usr/src/sys/compile/CHORTOS  i386

I am (and have been since a CVS upgrade sometime after 0.70-rc)
having serious problems with clamd hanging. I'm
currently monitoring it with monit, and monit
is having to restart clamd every couple of
minutes because clamd keeps hanging:

May  4 15:53:09 chortos monit[51854]: Trying to restart 'clamd'
May  4 15:55:16 chortos monit[51854]: Trying to restart 'clamd'
May  4 15:57:35 chortos monit[51854]: Trying to restart 'clamd'
May  4 15:59:49 chortos monit[51854]: Trying to restart 'clamd'
May  4 16:15:36 chortos monit[51854]: Trying to restart 'clamd'

I'm testing clamd by sending a VERSION command
to the unix socket. If clamd fails to respond within
monit's specified timeout then monit kills and
restarts clamd.

Is anyone else seeing this behavior? Have any
fixes been made in CVS that may prevent it?

My mailserver is considerably less reliable with
clamd having to be restarted every few minutes.
For example, it's making long multi-meg mail
transfers near impossible. The up side is that
my mail is virus free. :) But I'd really love
to see a solution to this problem.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamav-milter doesn't "see" virus on emails? (help!)

2004-05-04 Thread Matias Lopez Bergero 
Hello list!
After reading a little bit in google and in the list it self, I have 
successfully installed the clamav antivirus with the clamav-milter mail 
scanner.
But I have one problem:
clamav-milter do not stops or informs the presence of virus in the emails.

I have redhat linux and sendmail from the rpms packages. I have 
installed the sendmail-devel package to compile clamav with milter support.

I tested clamavscan and works ok. I have no problems updating the virus dbs.
I can run clamd and clamav-milter with no problems and no error messages.
sh-2.04# ps ax | grep clam
19746 ?S  0:00 clamd
19780 ?S  0:00 clamd
20405 ?S  0:00 clamav-milter -DloHNP /var/run/clmilter.sock
20406 ?S  0:00 clamav-milter -DloHNP /var/run/clmilter.sock
20407 ?S  0:00 clamav-milter -DloHNP /var/run/clmilter.sock
sh-2.04# netstat --unix -nap | grep clam
unix  2  [ ACC ] STREAM LISTENING 87640433 
20405/clamav-milter /var/run/clmilter.sock
unix  2  [ ACC ] STREAM LISTENING 87634193 19746/clamd 
   /var/run/clamd.sock
unix  2  [ ] DGRAM87640431 
20405/clamav-milter
unix  2  [ ] DGRAM87634184 19746/clamd
sh-2.04#

Everything looks good.

I have added ed the line:
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, 
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')
at the end of the sendmail.mc and rebuild the sendmail.cf.
(should I see some config instance of this in the cf file???)

I have restarted sendmail, clamav and clamav-milter several times and 
search for errors in the logs, but I found nothing.

I have read a post about this, it says that this problem occurs wen 
sendmail have being compiled with out milter support.
In my case installing the sendmail-devel package will solve this issue? 
Because I did it :)

Any help will be most welcome!
with Best Regards!
Matías.






---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems using sendmail with clamav on rh7.3

2004-05-04 Thread Steven Stern 
On Tue, 4 May 2004 11:16:20 -0600, "Raul Elizondo"
<[EMAIL PROTECTED]> wrote:


>and when i run m4, this 2 lines does not even make any change in
>sendmail.cf.
>

Run m4?

   make -C /etc/mail

should compile the .m4 file into the .cf result.
--
   Steve
   


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149&alloc_id66&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Numbers of viruses

2004-05-04 Thread Russ Phillips 
On Tuesday 04 May 2004 17:27, Antony Stone wrote:

> Yes.   ClamAV is not a commercial product with an associated marketing
> division, and therefore the project does not have the same attitude towards
> "one-upmanship" and "marketing b*llsh*t" which commercial vendors do.

That's what I suspected, but I wanted to get some sort of confirmation.

Thanks to everyone that responded to my query. I had already looked at the 
archive of the clamav-virusdb mailing list, and noted how quickly new viruses 
got added. I was pretty sure that the number of viruses wouldn't be an issue, 
but it may be an issue in my boss's mind, so I wanted to have some ammunition 
for the inevitable questions. I think I'm starting to get him sold on open 
source (we recently rolled out OpenOffice.org) but I think he's still a bit 
sceptical.

Russ



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Numbers of viruses

2004-05-04 Thread Daniel J McDonald 
On Tue, 2004-05-04 at 10:46, Russ Phillips wrote:
> Hi,
> 
> I have a query. Most commercial AV software claims to catch something 
> like 70,000+ viruses. On the other hand, ClamAV claims to catch 20,000+ 
> viruses.
> 
> Why the difference? Is it because McAfee, Sophos et al consider each and 
> every variant to be a different virus, and ClamAV doesn't?
Not often.
>  Or does 
> ClamAV not detect some older viruses? Or something else?

ClamAV has not been focusing on detecting older viruses.  Instead, it is
ideal for detecting late-breaking and fast-spreading
viruses/worms/trojans and what-not.

The clamav team has been making great strides in picking up the older
viruses - they recently released (.07-rc1) an OLE engine to detect macro
viruses, and they added two new signature writers to work on the backlog
of macro-viruses in their library.

I don't think clamav will ever get completely "caught up" with the old,
but they will detect most of the new outbreaks before anyone else.
> 
> I ask because I'm planning to deploy ClamAV at work, and I want to be 
> able to give my boss an honest answer when he asks (as he's bound to) 
> why ClamAV doesn't catch as many viruses as McAfee.
> 

-- 
Daniel J McDonald <[EMAIL PROTECTED]>
Austin Energy



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] How to submit email from Exchange Server?

2004-05-04 Thread Diego d'Ambra 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Michael St. Laurent
> Sent: 4. maj 2004 18:42
> To: '[EMAIL PROTECTED]'
> Subject: [Clamav-users] How to submit email from Exchange Server?
> 
> Does a procedure exist for exporting an email from Exchange Server in
a
> format that is useable by the team?
> 

You may take a look at Spamsource
(http://www.daesoft.com/SpamSource/index.htm).

It allows you easy to "extract the original non Exchange formatted"
e-mail. Just use the "copy to clipboard" function then paste the text to
a Notepad file.

(otherwise you're welcome to submit this .msg sample directly to me).

Best regards,
Diego d'Ambra


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] no bounce notice

2004-05-04 Thread B. van Ouwerkerk 

How could I stop clamav-milter from responding with a bounce notice while 
still rejecting infected messages from the incoming queue? The recipient 
of the infected message should still receive a notification from clamav.

Someone suggested an option "-p" but it's not in the manpage or 
`clamav-milter --help`.
man clamav-milter

-P (upper case) should solve your problem. if not then -N

What they mean? type man clamav-milter..

B.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] problems using sendmail with clamav on rh7.3

2004-05-04 Thread Joe Maimon 


Raul Elizondo wrote:

Hi agian,

I finnally could compile it and it runs at least the tests, but now the
problem comes when i try to add it in sendmail
INPUT_MAIL_FILTER(`clamav', `S=local:/usr/local/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl
and when i run m4, this 2 lines does not even make any change in
sendmail.cf.
I tried to copy/paste these lines in a sendmail.cf from another running
system (rh9) with clamav to see if at least i could have an idea, but i get
errors regarding to a TSL path not found.
Perhaps rh7.3 (sendmail 8.11.6) need someother command rather than
INPUT_MAIL_FILTER and define?
Regards,

-=Raul=-
 

Please enclose your sendmail.mc and the command you used to produce the 
senmail.cf

(typicaly you can use
m4 < sendmail.mc > sendmail.cf
on a redhat system. Please sanity check the above before doing something 
you might regret)

---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] A newbie question

2004-05-04 Thread Antony Stone 
On Tuesday 04 May 2004 6:30 pm, chintan chintan wrote:

> Hi guys,
>
> I am a new user of clamav. I was testing clamAv against various worms and
> viruses I have collected from McAfee's AV. A lot of them dont trigger any
> alert.

Are you sure these are (still) viruses?   Some commercial A-V products encrypt 
a virus sample after detecting it, so as to render it harmless on a system, 
and of this is no longer the original virus which you would expect to be 
recognised by ClamAV.

If you really do have genuine virus samples which are not recognised by ClamAV 
then please submit them on the webform available from the ClamAV website at 
http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi

> Also i would like to add my own signatures. Can someone suggest me
> what will be the best way to do that??

See http://www.clamav.net/doc/0.70/signatures.pdf

Regards,

Antony.

-- 
"Note: Windows 98, Windows 98SE and Windows 95 are not affected by [MS
Blaster].   However, these products are no longer supported.   Users of these
products are strongly encouraged to upgrade to later versions."

(which *are* affected by MS Blaster...)

http://www.microsoft.com/security/security_bulletins/ms03-026.asp

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Numbers of viruses

2004-05-04 Thread Scott Call 
On Tue, 4 May 2004, Russ Phillips wrote:

> Hi,
>
> I have a query. Most commercial AV software claims to catch something
> like 70,000+ viruses. On the other hand, ClamAV claims to catch 20,000+
> viruses.
>

As a user I an assure you the clamav team is as fast (or faster in the
case of MyDoom) than the commercial AV implementors, and they are
backfilling older viruses, and adding new capabilities to better scan M$
office docos, so the number keeps going up.

Since I (and I get the impression most others) use clamav in a
mail-scanning function, so 15 year old MBR dos viruses are a much lower
priority than the latest Gaobot varient.

I'm more than happy with the success rate and continueing progress clamav
makes.

-S




-- 
Scott Call  Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] A newbie question

2004-05-04 Thread chintan chintan 

Hi guys,
I am a new user of clamav. I was testing clamAv against various worms and viruses I have collected from McAfee's AV. A lot of them dont trigger any alert. Also i would like to add my own signatures. Can someone suggest me what will be the best way to do that?? Should i just go through the worm and pick up any patter from its sample. Or what else will be the method to implement it?
Also what are the criteria in the virusdb file patterns??? If anyone knows, what is the criteria to choose a pattern??
Any help is really appreciated.
Thanks in advance.Chintan
		Do you Yahoo!?Win a $20,000 Career Makeover at Yahoo! HotJobs

[Clamav-users] problems using sendmail with clamav on rh7.3

2004-05-04 Thread Raul Elizondo 
Hi agian,

I finnally could compile it and it runs at least the tests, but now the
problem comes when i try to add it in sendmail

INPUT_MAIL_FILTER(`clamav', `S=local:/usr/local/clamav/clamav.sock, F=,
T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav')dnl

and when i run m4, this 2 lines does not even make any change in
sendmail.cf.

I tried to copy/paste these lines in a sendmail.cf from another running
system (rh9) with clamav to see if at least i could have an idea, but i get
errors regarding to a TSL path not found.

Perhaps rh7.3 (sendmail 8.11.6) need someother command rather than
INPUT_MAIL_FILTER and define?

Regards,

-=Raul=-



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] no bounce notice

2004-05-04 Thread Nigel Horne 
On Tuesday 04 May 2004 4:38 pm, M.W. Chang wrote:
> How could I stop clamav-milter from responding with a bounce notice
> while still rejecting infected messages from the incoming queue? 

Don't use the -b (--bounce) optionb when starting the program.

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] How to submit email from Exchange Server?

2004-05-04 Thread Michael St. Laurent 
This morning I got a suspiscious email with executable attachments claiming
to be a security update from Microsoft.  This email made it past both clamav
and Norton Antivirus.  Thinking that this might be a sample of a new virus I
wanted to submit it on the web page.  However, since the mail is on an
Exchange Server the only way I could figure out how to do this was to save
it out as a .msg file.  The last time I submitted a .msg file to the web
page I was told that they were not useable and so instead of submitting this
email I simply deleted it.

Does a procedure exist for exporting an email from Exchange Server in a
format that is useable by the team?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Numbers of viruses

2004-05-04 Thread Antony Stone 
On Tuesday 04 May 2004 4:46 pm, Russ Phillips wrote:

> Hi,
>
> I have a query. Most commercial AV software claims to catch something
> like 70,000+ viruses. On the other hand, ClamAV claims to catch 20,000+
> viruses.
>
> Why the difference? Is it because McAfee, Sophos et al consider each and
> every variant to be a different virus, and ClamAV doesn't?

Yes.

> Or does ClamAV not detect some older viruses?

Yes.

> Or something else?

Yes.   ClamAV is not a commercial product with an associated marketing 
division, and therefore the project does not have the same attitude towards 
"one-upmanship" and "marketing b*llsh*t" which commercial vendors do.

Cynical attitude turned down for a moment, though, it's worth asking any 
commercial vendor claiming to recognise 70k+ viruses "how many of those have 
ever been seen in the wild?", as a large number of them are likely to be 
research viruses only, never found outside the lab and the private 
virus-exchange club run by these companies.

> I ask because I'm planning to deploy ClamAV at work, and I want to be
> able to give my boss an honest answer when he asks (as he's bound to)
> why ClamAV doesn't catch as many viruses as McAfee.

You pick a good example there - I run a mail server with both A-V scanners on 
it (along with a few others), and I consider McAfee to be quite terrible 
regarding how long it can take them to publish a signature for a new virus.

I would say the way to convince your boss is simple - set up a mail server 
running ClamAV and put it in front of the machine running McAfee (ie: the 
mail goes through ClamAV and gets cleaned before it gets seen by McAfee).   
Let him see how many (or rather, how few) viruses get seen by the McAfee box.

Even better would be if you could put them the other way around - scan with 
McAfee first, then ClamAV, and show him that ClamAV picks up things which 
McAfee misses (at least for the first few days after a new virus, before 
McAfee get round to creating a signature).   However, I suspect that's not so 
easy, since you probably have mailboxes hosted on the existing server, which 
you couldn't easily move.

Regards,

Antony.

-- 
There's no such thing as bad weather - only the wrong clothes.

 - Billy Connolly

 Please reply to the list;
   please don't CC me.



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Numbers of viruses

2004-05-04 Thread Simon Fishley 
Because the other 50,000 are mostly viruses from years ago which are dead
and gone and very unlikeyl to infect anyones machine. 

-Original Message-
From: Russ Phillips [mailto:[EMAIL PROTECTED] 
Sent: 04 May 2004 05:47 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Numbers of viruses

Hi,

I have a query. Most commercial AV software claims to catch something like
70,000+ viruses. On the other hand, ClamAV claims to catch 20,000+ viruses.

Why the difference? Is it because McAfee, Sophos et al consider each and
every variant to be a different virus, and ClamAV doesn't? Or does ClamAV
not detect some older viruses? Or something else?

I ask because I'm planning to deploy ClamAV at work, and I want to be able
to give my boss an honest answer when he asks (as he's bound to) why ClamAV
doesn't catch as many viruses as McAfee.

Russ



---
This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest
thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamd and clamav-milter won't start!

2004-05-04 Thread Cecilia Mtz 
Clamd started 'hanging' this morning. I tried to start it again but it would
not start! After several tries, I manually removed clamd.sock and the
command 'service clamd status' throws 'clamd is stopped'
Then 'service clamd start' takes a long time and then it shows this:

Starting Clam AntiVirus Daemon: /sbin/service: line 65: 30458 Terminated
env -i LANG=$LANG "${SERVICEDIR}/${SERVICE}" ${OPTIONS}

after this, 'service clamd status' shows it is running but then
clamav-milter doesnt work:

clamav-milter dead but subsys locked and it won't start!

please help!

Cecilia Martínez





---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Numbers of viruses

2004-05-04 Thread Russ Phillips 
Hi,

I have a query. Most commercial AV software claims to catch something 
like 70,000+ viruses. On the other hand, ClamAV claims to catch 20,000+ 
viruses.

Why the difference? Is it because McAfee, Sophos et al consider each and 
every variant to be a different virus, and ClamAV doesn't? Or does 
ClamAV not detect some older viruses? Or something else?

I ask because I'm planning to deploy ClamAV at work, and I want to be 
able to give my boss an honest answer when he asks (as he's bound to) 
why ClamAV doesn't catch as many viruses as McAfee.

Russ



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] no bounce notice

2004-05-04 Thread M.W. Chang 
How could I stop clamav-milter from responding with a bounce notice 
while still rejecting infected messages from the incoming queue? The 
recipient of the infected message should still receive a notification 
from clamav.

Someone suggested an option "-p" but it's not in the manpage or 
`clamav-milter --help`.

--
  .~.http://toylet.homeip.net
 / v \   Linux 2.4.26
/( _ )\  11:34pm up 4 days 57 min
  ^ ^load average: 1.08 1.13 1.05
--
Scanned by ClamAv - http://www.clamav.net
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Patching clamd to log to stderr (for use with multilog)

2004-05-04 Thread Andrej Trobentar 
Dale Gallagher wrote:

Hmmm...

Did you patch clamav-0.70, or clamav-0.67? The patch I
included, is for clamav-0.70 which is quite different to
preceding versions. I'm guessing that you've patched
clamav-0.67 which doesn't have the source files
shared/output.c and shared/output.h which the patch also
patches. The other file affected is clamd/clamd.c (3 in
all).
Don't forget the following in clamav.conf:

LogFile stderr
LogFileUnlock
LogFileMaxSize 0
FixStaleSocket
Foreground
...
Hello Dave,

I patched 0.70 ;) and yes I have those settings in my clamav.conf. I 
guess clamd should log to "stdout" and NOT to "stderr" for multilog to 
work - at least 0.67-1 did that. Or am I wrong?

Thanks for your help and have a nice day,

	Andrej.

---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] sigtool not working correctly

2004-05-04 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Mark Novak
> Sent: Monday, May 03, 2004 6:20 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] sigtool not working correctly
>
>
> Jim,
>
>
> On May 3, 2004, at 3:27 PM, Jim Maul wrote:
>
> >
> >
> >> -Original Message-
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED] Behalf Of Mark
> >> Novak
> >> Sent: Monday, May 03, 2004 2:44 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: Re: [Clamav-users] sigtool not working correctly
> >>
> >>
> >> What is odd is that I was using the /usr/local/share/clamav path but
> >> changed it to /var/lib/clamav because that is what freshclam.conf has
> >> as it's default.  I changed the line in the /etc/clamav.conf to
> >> reflect
> >> the /var/lib/clamav location.
> >>
> >> Clam is catching the newest viruses, and the database is getting
> >> updated.
> >>
> >> It is just sigtool that doesn't work when I do a "sigtool -l | grep -i
> >> somevirusnamehere"
> >>
> >
> > Because sigtool uses a virus database path that is specified at compile
> > time.  It does not use and .conf
> >
> > Jim
>
> Thanks!  That makes sense.  I'll move the DataDir back and see if that
> fixes it.
>

You dont have to move it back, you could just link them together to prevent
future problems.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] sigtool not working correctly [solved]

2004-05-04 Thread Mark Novak 
All,

What is odd is that I was using the /usr/local/share/clamav path but
changed it to /var/lib/clamav because that is what freshclam.conf has
as it's default.  I changed the line in the /etc/clamav.conf to 
reflect
the /var/lib/clamav location.

Clam is catching the newest viruses, and the database is getting
updated.
It is just sigtool that doesn't work when I do a "sigtool -l | grep 
-i
somevirusnamehere"

Because sigtool uses a virus database path that is specified at 
compile
time.  It does not use and .conf
I went ahead and left the .CVD files where they were at: 
/var/lib/clamav since that is the default for freshclam.

I then linked /var/lib/clamav to /usr/local/share/clamav using ln -s, 
as per Henry Harvey.

Now sigtool works!

Thanks for everyone's help!

Thanks,

Mark

---
[This E-mail scanned for viruses by Declude Virus]


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Mail taking a *long* time to hit the list

2004-05-04 Thread Jim Maul 


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Michael
> St. Laurent
> Sent: Monday, May 03, 2004 5:11 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [Clamav-users] Mail taking a *long* time to hit the list
>
>
> Antony Stone  wrote:
> > On Monday 03 May 2004 7:10 pm, Michael St. Laurent wrote:
> >
> >> Wow.  I posted a message to the list at 9:23 AM (PDT) and as of
> >> 11:06 AM (PDT) it *still* hasn't posted.  I wonder if this one will
> >> do any better?
> >
> > You mean the one saying: "According to http://sarc.com/ there are
> > several variants of the Sasser worm running around on the net.  A
> > "sigtool -l | grep -i sasser" command reports "Worm.Sasser.A" but no
> > others.  Does this one signature catch all the variants?"
> >
> > If so, it arrived here ages ago; I didn;t reply to it then because
> > the only answer I could think of was "We don't know until someone
> > sends us a variant which the signature doesn't match."
>
> I asked because it didn't arrive in my own mailbox until 12:19 PM, almost
> three hours after I had sent it.  How curious that it arrived
> elsewhere more
> quickly.
>
> --


I sometimes receive replies to messages before the original message itself.
I understand delays in mail servers, but i find it odd that a reply would
come before the message it is in reply to.

Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problem installing .70 on freebsd

2004-05-04 Thread Vision Net Admin 
Hi all,
Attempting to upgrade to .70 on FreeBSD 4.7
I have installed gmp-4.1.3
./configure without options
make returns the following errers
/usr/lib/libc.so: WARNING!  setkey(3) not present in the system!
/usr/lib/libc.so: warning: this program uses gets(), which is unsafe.
/usr/lib/libc.so: warning: mktemp() possibly used unsafely; consider 
using mkstemp()
/usr/lib/libc.so: WARNING!  des_setkey(3) not present in the system!
/usr/lib/libc.so: WARNING!  encrypt(3) not present in the system!
/usr/lib/libc.so: warning: tmpnam() possibly used unsafely; consider 
using mkstemp()
/usr/lib/libc.so: warning: this program uses f_prealloc(), which is not 
recommended.
/usr/lib/libc.so: WARNING!  des_cipher(3) not present in the system!
/usr/lib/libc.so: warning: tempnam() possibly used unsafely; consider 
using mkstemp()
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_powm'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_get_ui'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_tdiv_qr_ui'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_add'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_clear'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_init_set_str'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_mul_2exp'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_init'
/usr/src/clamav-0.70/libclamav/.libs/libclamav.so: undefined reference 
to `mpz_set_ui'
*** Error code 1

Stop in /usr/src/clamav-0.70/clamscan.
*** Error code 1
Any help would be appreciated.

Aaron



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Patching clamd to log to stderr (for use with multilog)

2004-05-04 Thread Dale Gallagher 
 Andrej Trobentar wrote 
> Hello,
> 
> I have aplied the appended patch and now I see all the
> output of clam in "ps axwww|grep readpro" insted of
> /var/log/clamd/current. Currently I'm using clamav 0.67-1
> with a patch that Tomasz Kojm send in

Hmmm...

Did you patch clamav-0.70, or clamav-0.67? The patch I
included, is for clamav-0.70 which is quite different to
preceding versions. I'm guessing that you've patched
clamav-0.67 which doesn't have the source files
shared/output.c and shared/output.h which the patch also
patches. The other file affected is clamd/clamd.c (3 in
all).

Don't forget the following in clamav.conf:

LogFile stderr
LogFileUnlock
LogFileMaxSize 0
FixStaleSocket
Foreground
...


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Patching clamd to log to stderr (for use with multilog)

2004-05-04 Thread Andrej Trobentar 
Dale Gallagher wrote:
Hi everyone

Anyone wishing to run clamd under daemontools
http://cr.yp.to/daemontools.html
can use the attached patch I hacked together, which is
almost identical to Len Budney's patch:
http://mysite.verizon.net/vze1ypud/software/qscanq/clamav-0.70-stderr.patch.gz
I didn't notice Len had updated his previous patch, so I
rolled my own based on his old patch, without checking
first. Anyway, here it is if anyone is interested.
>
> [...]
Hello,

I have aplied the appended patch and now I see all the output of clam in 
"ps axwww|grep readpro" insted of /var/log/clamd/current. Currently I'm 
using clamav 0.67-1 with a patch that Tomasz Kojm send in 
http://www.mail-archive.com/[EMAIL PROTECTED]/msg07148.html 
and everything works. Any ideas what I have done wrong?

--
Thanks for your help,
	Andrej.

---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Mail taking a *long* time to hit the list

2004-05-04 Thread Colin A. Bartlett 
Michael St. Laurent Sent: Monday, May 03, 2004 2:11 PM

> Wow.  I posted a message to the list at 9:23 AM (PDT) and as of 11:06 AM
> (PDT) it *still* hasn't posted.  I wonder if this one will do any better?

The list has been slow for me too. Welcome to SourceForge. Used to happen
all the time on the SpamAssassin list until it moved to Apache. SF is free
though so I hesitate to complain. :) But because of it, I always try to CC
the person I'm replying to directly.

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: malformed pattern

2004-05-04 Thread peter 
Jim Maul wrote:

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of peter
Sent: Monday, May 03, 2004 11:29 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Re: malformed pattern
Look at these lines bottom (/var/spool/qmailscan/qmail-queue.log). In
qmail-scanner-queue.pl is exactly what is in this log file
'--database=/usr/local/share/clamav'. And next line (--output of
clamscan was) showes that clamscan is looking somewhere else
'/var/spool/qmailscan/tmp/samko.domain.tld24234/clamav-ab54545/VIR
USES.DB'
. I really don't understand WHY. Btw I think, that clamscan does not
search for clamav.conf - this should do clamd/clamdscan only. But just
to be sure i already put these settings in clamav.conf.


You are correct, clamscan does not use clamav.conf.  Im not sure where
clamscan looks for *.cvd files by default, but if its anything like sigtool,
it uses a hardcoded path specified at compile time.  However
specifiying --database=/usr/local/share/clamav should overwrite any default
values.  So basically i have no idea why it is still looking in
/var/spool/qmailscan/tmp/samko.domain.tld24234/clamav-ab54545/VIRUSES.DB.
What i was trying to suggest earlier was that you should remove these .DB
files wherever they are.  This wont prevent clamscan from looking for them,
but it WILL prevent clamscan from using them.  If the problem still persists
after removing these .db files then this was not the actual problem.

I don't understand why I tried check files/mbox as non-privileged
user or root via command line and it worked. And if I run it via
qmail-scanner I'm falling in this odd situation.
Mon, 03 May 2004 16:59:25 CEST:17541: scanloop: starting scan of
directory "/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541"...
Mon, 03 May 2004 16:59:25 CEST:17541: scanloop:
scanner=clamscan_scanner,plain_text_msg=0
Mon, 03 May 2004 16:59:25 CEST:17541: clamscan: starting scan of
directory "/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541"...
Mon, 03 May 2004 16:59:25 CEST:17541: run /usr/local/bin/clamscan -r -m
--disable-summary --database=/usr/local/share/clamav/
/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541 2>&1
Mon, 03 May 2004 16:59:28 CEST:17541: --output of clamscan was:
LibClamAV Error: readdb(): Malformed pattern line 13771 (file
/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541/clamav
-ab19271867b1b5cf/viruses.db).
LibClamAV Error: Incomplete block read.
LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
ERROR: CVD extraction failure.
--
Mon, 03 May 2004 16:59:28 CEST:17541: error_condition:
X-Qmail-Scanner-1.22: clamscan: corrupt or unknown ClamAV scanner error
or memory/resource/perms problem - exit status 50


If scanning manually works but you get the above error in your log then you
may want to try raising your softlimit value in the qmail-smtpd run script.
It may be failing to load the database because of insufficient memory
allowed to the process.
Jim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

You are correct. Problem is exactly in softlimit for qmail-smptd. I am 
runnig qmail in similar scenario 
(qmail+clamav+spamassassin+qmail-scanner) on another computer for 1 year 
already, but with different versions of software than now. And i put the 
same amount of memory for qmail-smptd in this new scenario too. It was 
990 bytes. But it seems to be not enough for now. I just increased 
it to 23MB (in this moment for tests only) and it works perfectly. I 
also removed "--database=/path/to/database/directory" from options to 
pass to clamscan and it works without it as well. I was confused by 
clamscan message saying that clamscan is still looking somewhere else 
than it should. There could by better error reporting for it, but there 
is also that it may be memory/resource problem.

Thank you very much, Jim, for your help.

Peter



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users