date:20040506

Re: [Clamav-users] New Clamav / Clamav-milter Logwatch scripts

2004-05-06 Thread Søren Schimkat

Hi Tod

> >
> >New version of the Clamav / Clamav-milter Logwatch scripts awailable. You
may
> >download from here:
http://www.schimkat.dk/clamav/clamav-logwatch-0.30.tar.gz
>
> I'm going to assume that these scripts are not intended to be run from
> the commandline.  I had to hack at it a bit before I could get what I
> wanted out of it.  I'm assuming that logwatch is stripping the date,
> timestamp, syslog facility, and pid info from the stream being fed to
> it.
>

This script is not intended to run as standalone logparsing scripts .. but
only through Logwatch (www.logwatch.org). If you need Logwatvh to display
more ClamAV log - you are velcome to send me your wishes.

> Any interest in making it commandline friendly?

Just set "Print = Yes" in your logwatch.conf .. and run the logwatch
program. This will cause Logwatch to display it´s output in the shell.

Regards Søren

> -- 
> Regards... Todd
> They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety.   --Benjamin Franklin
> Linux kernel 2.6.3-8mdkenterprise   3 users,  load average: 0.00, 0.00,
0.00
>
>
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Failure to recognise known viruses

2004-05-06 Thread Graham Toal

> Try 
>
> clamscan --mbox /tmp/virus.test
>
> This tells clamscan to treat it as a mail (mime/uuencoded) file.

Doh!  Excuse me while I make myself very small and hide.

I did actually know this when I first picked up clamav many months ago,
but then I built it into my spamfilter and never had to run it manually
again until last week when some viruses started turning up in my mailbox.

( This is what invokes it in my code ...
   sprintf(command, "clamscan --stdout --mbox %s", fname);
  ... I guess old age is getting to my memory at last :-/  )

Now I need to go back and check the ones which slipped through to
my mailbox and see if they still do, or if the updated signature files
have fixed that problem.


Mea Culpa.  Thanks for the fix.

G


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Failure to recognise known viruses

2004-05-06 Thread Joe Maimon



Steven Stern wrote:

On Thu, 06 May 2004 21:41:48 -0500, Graham Toal <[EMAIL PROTECTED]> wrote:

 

--
pizzabox:/usr/local/src/clamav-devel-20040505 # freshclam --version
freshclam / ClamAV version devel-20040505
pizzabox:/usr/local/src/clamav-devel-20040505 # clamscan --version
clamscan / ClamAV version devel-20040505
pizzabox:/usr/local/src/clamav-devel-20040505 # freshclam
ClamAV update process started at Thu May  6 21:18:41 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
Reading CVD header (daily.cvd): OK
daily.cvd is up to date (version: 305, sigs: 1208, f-level: 2, builder: diego)
pizzabox:/usr/local/src/clamav-devel-20040505 # clamscan /tmp/virus.test
/tmp/virus.test: OK
   



Try 

clamscan --mbox /tmp/virus.test

This tells clamscan to treat it as a mail (mime/uuencoded) file.

 

To the best of my knowledge it doesnt, it just enables clamscan to scan 
it as an mbox IF it recognizes it as such.



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Failure to recognise known viruses

2004-05-06 Thread Steven Stern

On Thu, 06 May 2004 21:41:48 -0500, Graham Toal <[EMAIL PROTECTED]> wrote:


>--
>pizzabox:/usr/local/src/clamav-devel-20040505 # freshclam --version
>freshclam / ClamAV version devel-20040505
>pizzabox:/usr/local/src/clamav-devel-20040505 # clamscan --version
>clamscan / ClamAV version devel-20040505
>pizzabox:/usr/local/src/clamav-devel-20040505 # freshclam
>ClamAV update process started at Thu May  6 21:18:41 2004
>Reading CVD header (main.cvd): OK
>main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
>Reading CVD header (daily.cvd): OK
>daily.cvd is up to date (version: 305, sigs: 1208, f-level: 2, builder: diego)
>pizzabox:/usr/local/src/clamav-devel-20040505 # clamscan /tmp/virus.test
>/tmp/virus.test: OK
>


Try 

clamscan --mbox /tmp/virus.test

This tells clamscan to treat it as a mail (mime/uuencoded) file.

For example, here's a clamscan on my clamav-milter quarantined files in
/var/spool/clamav

--- SCAN SUMMARY ---
Known viruses: 21437
Scanned directories: 0
Scanned files: 30
Infected files: 4
Data scanned: 1.38 MB
I/O buffer size: 131072 bytes
Time: 4.825 sec (0 m 4 s)

Here's the same set with clamscan --mbox

 
--- SCAN SUMMARY ---
Known viruses: 21437
Scanned directories: 0
Scanned files: 30
Infected files: 30
Data scanned: 1.00 MB
I/O buffer size: 131072 bytes
Time: 6.538 sec (0 m 6 s)

--
   Steve
   


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Source install vs RPM install

2004-05-06 Thread Galactic

Title: Source install vs RPM install






Hello all, I've installed Clamav using the clamav-0.70-rc.tar.gz and now I'd like to move to a RPM install of the most current flavor. Any issues just using the RPM or should I remove the source install first? Also is there an RPM version for RHE 3?

Thanks,

Franklyn Halamka

Galactic Zero.

[Clamav-users] Failure to recognise known viruses

2004-05-06 Thread Graham Toal

I hope you don't mind me starting a new thread when this is related to
several existing threads, but I wanted to get away from the topics where
the problem is being assigned to reasons like incompatible versions or
multiple config files.

My explorations started a few days ago when a SomeFool virus wasn't
recognised, and I mailed the authors on the contact address from the
web page, only to be told that I had a config error and that I should
read the current threads to understand it.

Since then I have been reading for some days, am reasonably up to date
on the issues, and have been extremely rigorous in checking my facts.

I have only one .conf file (/usr/local/etc/freshclam.conf), and only
one main.cvd and daily.cvd on my entire system (in /usr/local/share/clamav).
I deleted every other copy on the system (which was only the one in the
source directory anyway).  I have only one copy of freshclam and one
copy of clamscan.  I'm not using clamdscan and clamd is not running.

I deleted all the tmp directories and db files.

I have a clearly infected test file, which the online web page upload
does recognise as infected, and as you can see below it is not
recognised.  I am 5 nines certain that my config is by the book.

And after doing all the above carefully, I wiped out the entire
installation, and re-installed from scratch with the latest development
version.  It behaves exactly the same.

I have run both freshclam and clamscan under 'strace' and confirmed that
they are accessing the same config file (successfully) and the same
cvd files.

There is a problem here.  The authors need to address it and stop
blaming the users.  I will be happy to make any tests and supply logs
that will help them diagnose this problem.


Graham

--
pizzabox:/usr/local/src/clamav-devel-20040505 # freshclam --version
freshclam / ClamAV version devel-20040505
pizzabox:/usr/local/src/clamav-devel-20040505 # clamscan --version
clamscan / ClamAV version devel-20040505
pizzabox:/usr/local/src/clamav-devel-20040505 # freshclam
ClamAV update process started at Thu May  6 21:18:41 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 22, sigs: 20229, f-level: 1, builder: tkojm)
Reading CVD header (daily.cvd): OK
daily.cvd is up to date (version: 305, sigs: 1208, f-level: 2, builder: diego)
pizzabox:/usr/local/src/clamav-devel-20040505 # clamscan /tmp/virus.test
/tmp/virus.test: OK

--- SCAN SUMMARY ---
Known viruses: 21437
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.07 MB
I/O buffer size: 131072 bytes
Time: 0.925 sec (0 m 0 s)


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamd still hangs with 0.70

2004-05-06 Thread Jesse Guardiani

Jason Haar wrote:

> On Wed, May 05, 2004 at 02:15:29PM -0400, Jesse Guardiani wrote:
>> past 0.70-rc a month or two ago. 0.70 (upgraded just yesterday) does the
>> same thing. I'm running FreeBSD 4.8-RELEASE + daemontools. I don't see
>> the seg fault, but my clamd is hanging every 5 or 10 minutes and I'm
>> forced to use monit to test the socket and restart it if it's not
>> working. This bug is really crimping my style. :)
> 
> Yup. I still haven't heard anything more about it but have found a
> workaround - don't use daemontools - more precisely - don't use ForeGround
> mode.
> 
> Either ForeGround is making clamd run in some single-threaded mode which
> it buggy,

I stopped using daemontools and it didn't help. I even turned of Foreground
mode in clamav.conf.


> or the softlimit RAM limiting feature routinely used within
> daemontools is triggering a bug in clamd.

softlimit is a program. I don't think it is actually used within daemontools.


> Either way, using clamd in a
> more "standard" rc-script mode is fine. Once I changed to that, clamd has
> worked fine.

Rrrr... I guess I'm just the lucky guy that gets stuck with this odd bug
until someone accidentally fixes it then. Thanks for the reply, Jason!

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net




---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] New Clamav / Clamav-milter Logwatch scripts

2004-05-06 Thread Todd Lyons

Soren Schimkat wanted us to know:

>Hi guys
>
>New version of the Clamav / Clamav-milter Logwatch scripts awailable. You may 
>download from here: http://www.schimkat.dk/clamav/clamav-logwatch-0.30.tar.gz

I'm going to assume that these scripts are not intended to be run from
the commandline.  I had to hack at it a bit before I could get what I
wanted out of it.  I'm assuming that logwatch is stripping the date,
timestamp, syslog facility, and pid info from the stream being fed to
it.

Any interest in making it commandline friendly?
-- 
Regards...  Todd
They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety.   --Benjamin Franklin
Linux kernel 2.6.3-8mdkenterprise   3 users,  load average: 0.00, 0.00, 0.00


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] New Clamav / Clamav-milter Logwatch scripts

2004-05-06 Thread Søren Schimkat

I wrote the ones included in the Logwatch distribution .. and this new
version is an update matching the latest Clamav stable version. This update
will, in a few days, be sent to the maintainer of logwatch if no errors is
reported.


- Original Message - 
From: "Richard Humphrey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 06, 2004 10:21 PM
Subject: Re: [Clamav-users] New Clamav / Clamav-milter Logwatch scripts


How do they differ from the ones from the Logwatch site?

Soren Schimkat wrote:
> Hi guys
>
> New version of the Clamav / Clamav-milter Logwatch scripts awailable. You
may
> download from here:
http://www.schimkat.dk/clamav/clamav-logwatch-0.30.tar.gz
>
> Regards Søren Schimkat
>
>
>
>
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>

-- 

Richard Humphrey

Useful phrases for the workplace, #22

It might look like I'm doing nothing, but at the cellular level I'm
really quite busy.
---


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=dnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] New Clamav / Clamav-milter Logwatch scripts

2004-05-06 Thread Richard Humphrey

How do they differ from the ones from the Logwatch site?

Soren Schimkat wrote:
> Hi guys
> 
> New version of the Clamav / Clamav-milter Logwatch scripts awailable. You may 
> download from here: http://www.schimkat.dk/clamav/clamav-logwatch-0.30.tar.gz
> 
> Regards Søren Schimkat
> 
> 
> 
> 
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 

-- 

Richard Humphrey

Useful phrases for the workplace, #22

It might look like I'm doing nothing, but at the cellular level I'm
really quite busy.
---


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freebsd port: (clamav-milter), uid 1029: exited on signal 11

2004-05-06 Thread Nigel Horne

On Thursday 06 May 2004 8:01 pm, Koos van den Hout wrote:
> I'm using the freebsd port of clamav and clamav milter, and I get the
> message in the kernel log:
>
> pid 1812 (clamav-milter), uid 1029: exited on signal 11

Please update to the latest version from CVS. If the problem still occurs
let me know.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] freebsd port: (clamav-milter), uid 1029: exited on signal 11

2004-05-06 Thread Koos van den Hout


I'm using the freebsd port of clamav and clamav milter, and I get the
message in the kernel log:

pid 1812 (clamav-milter), uid 1029: exited on signal 11
pid 1852 (clamav-milter), uid 1029: exited on signal 11
pid 1883 (clamav-milter), uid 1029: exited on signal 11
pid 1885 (clamav-milter), uid 1029: exited on signal 11
pid 1980 (clamav-milter), uid 1029: exited on signal 11

I tried a google search for the error but besides the nice suggestion "Did
you mean: (climax-milter), uid 1029: exited on signal 11" I don't get any
search results.

It seems clamav-milter coredumps on a signal 11 (segmentation violation).

Info from freebsd ports:

pkg_info clamav\*
Information for clamav-0.70_1:

Comment:
Command line virus scanner written entirely in C

Description:
Clam Antivirus is command line virus scanner written entirely in C
and its database is kept up to date. It also detects polymorphic
viruses, scans compressed files and supported by AMaViS.
Optionally you can use the clamav-milter interface to connect
clamav with sendmail.

WWW: http://www.clamav.net/

Koos


-- 
Koos van den Hout,   PGP keyid RSA/1024 0xCA845CB5 via keyservers
[EMAIL PROTECTED]or DSS/1024 0xF0D7C263-?)
Fax +31-30-2817051  Visit the site about books with reviews/\\
http://idefix.net/~koos/http://www.virtualbookcase.com/   _\_V


pgp0.pgp
Description: PGP signature

Re: [Clamav-users] undefined reference to `messageAddLineAtTop'

2004-05-06 Thread Alex S Moore

On Thu, 06 May 2004 19:55:01 +0200
Andrzej Migdalski <[EMAIL PROTECTED]> wrote:

> when compiling 20040506 clamav-devel snapshot i've got:
> 
> gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o clamscan.o 
> options.o others.o manager.o treewalk.o -L/blabla/clamav-devel/libclamav 
> /blabla/clamav-devel/libclamav/.libs/libclamav.so -lz -lbz2 -lgmp -lpthread
> /blabla/clamav-devel/libclamav/.libs/libclamav.so: undefined reference 
> to `messageAddLineAtTop'
> collect2: ld returned 1 exit status
> 

I have the same problem with clamav builds when new functions are added to libraries.  
Try changing the line to move '-L/blabla/clamav-devel/libclamav' to be after ../.libs/
After that object builds, just run make again.  I usually have to do this seven times.

Another option is to uninstall the existing clamav.  If you can do this, it is the 
simpler option.

Alex


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] New Clamav / Clamav-milter Logwatch scripts

2004-05-06 Thread Soren Schimkat

Hi guys

New version of the Clamav / Clamav-milter Logwatch scripts awailable. You may 
download from here: http://www.schimkat.dk/clamav/clamav-logwatch-0.30.tar.gz

Regards Søren Schimkat




---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Mail confusion / savemail panics

2004-05-06 Thread Soren Schimkat

Hi Nigel

Citat Nigel Horne <[EMAIL PROTECTED]>:

> On Wednesday 05 May 2004 7:53 pm, S=F8ren Schimkat wrote:
> 
> > When using the same config file at shown below .. and starting
> > clamav-milter with these options:
> >
> > --force-scan --config-file=3D/opt/clamav-0.70/etc/clamav.conf
> > --quarantine-dir =3D/var/quarantine /var/run/clamav/clmilter.sock
> 
> > Could someone please tell me what to do, in order to just send mail to
> > the sender, the reciepient and postmaster ... and to ensure that only
> > one copy of the mail is quarantined.
> 
> Try turning off the scanning of local e-mails (don't use the --force-scan=
>  option,
> you may wish to add --local that's up to you).


Thanks for the tip. I´m sorry to say that i´t didn´t work. What did work was 
using the --quiet option for not sending any mails at all. This prevented the 
looping.

I'm going to the --quiet option in the future - so the problems is solved.

Regards Søren


> 
> > Regards S=F8ren Schimkat
> 
> -Nigel
> 
> --=20
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK.  ICQ#20252325
> [EMAIL PROTECTED] http://www.bandsman.co.uk
> 
> 
> 
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 





---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Problems Compiling clamav-devel-20040506

2004-05-06 Thread Nigel Horne

On Thursday 06 May 2004 6:38 pm, Ing. Germán González B. wrote:

> When I compile clamav-devel-20040506 I obtain:
>
> undefined reference to `messageAddLineAtTop'

Fixed in CVS.

> Germán González

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] undefined reference to `messageAddLineAtTop'

2004-05-06 Thread Andrzej Migdalski

when compiling 20040506 clamav-devel snapshot i've got:

gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o clamscan.o 
options.o others.o manager.o treewalk.o -L/blabla/clamav-devel/libclamav 
/blabla/clamav-devel/libclamav/.libs/libclamav.so -lz -lbz2 -lgmp -lpthread
/blabla/clamav-devel/libclamav/.libs/libclamav.so: undefined reference 
to `messageAddLineAtTop'
collect2: ld returned 1 exit status

configured with:
./configure --prefix=/usr --disable-clamuko --enable-milter 
--sysconfdir=/etc/clamav --with-dbdir=/var/lib/clamav

previous 0.70 snapshots compiled without any problems on my RH 9.0 and 
old RH 7.0 boxes.

TIA,
A.
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Problems Compiling clamav-devel-20040506

2004-05-06 Thread =?x-unknown?q?Ing=2E_Germ=E1n_Gonz=E1lez_B=2E?=


Hi

When I compile clamav-devel-20040506 I obtain:

undefined reference to `messageAddLineAtTop'

If I compile clamav-devel-20040505 version everything works fine.

Is a clamav-devel-20040506 error or I am doing something wrong.


Regards


Germán González


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] New to the list w an install issue

2004-05-06 Thread Harrell, Roger

Greetings all. I found out about clamav through the qmail list. I'm trying
to install clamAV to work with qmail and qscanq. I followed the instructions
in the INSTALL doc with clamav 0.70. That all went fine. In addition I am
running clamd per instructions under "Running Clamd" on:
http://www.qscanq.org/clamdscan.html


svstat shows clamd as up. ps -aux | grep clamd

root 19244  0.0  0.0  1392  412 ?S08:28   0:00 setuidgid
Gqscanq /usr/local/sbin/clamd
root 27404  0.0  0.0  1348  276 ?S08:42   0:00 supervise
clamd
root 28048  0.0  0.0  1392  412 ?S08:45   0:00 setuidgid
Gqscanq /usr/local/sbin/clamd
root 11178  0.0  0.1  3568  624 pts/0S10:26   0:00 grep clamd

when I try to test clamd with:
clamdscan ./
I get:
connect(): Connection refused
ERROR: Can't connect to clamd.

--- SCAN SUMMARY ---
Infected files: 0
Time: 0.000 sec (0 m 0 s)


Any ideas?

Thanks,
Roger


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[OT] Re: [Clamav-users] Quarantine files (was Temp file issues)

2004-05-06 Thread Jakub Jankowski

On 2004-05-06, Alex V. Kovirshin wrote:

>Nope, but i made little hack to clamav-milter, see my previose post...
>it works good. But thanx, i'll check it out.
>
>On Thu, May 06, 2004 at 10:32:40AM +0100, Nigel Horne wrote:
>> On Thursday 06 May 2004 8:08 am, Alex V. Kovirshin wrote:
[...]

Please don't top-post. It makes you unreadable.

s.

-- 
(0>  Jakub Jankowski  [url]: s.atn.pl  "Nawet w Krainie Czarow
//\   [EMAIL PROTECTED]   [rlu]: 174516 latwiej jest spotkac
V_/_  [EMAIL PROTECTED]   [ekg]: 921514 Babe Jage niz Alicje"
Fingerprint: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Sasser Worm Virus not shown with sigtool

2004-05-06 Thread Lynn Duerksen

 
|
|You probably have 2 versions of the database. Happened to me 

I finally figured that out when I tried doing sigtool --unpack-current and
it prepended the directory it was using to my entry.

|and many others. Simple to rectify: search for main.cvd on 
|your box. Then find which one is being updated by freshclam. 
|Delete the others and setup symbolic links to the one that's 

Symolic Links,  why didn't I think of that?  Sometimes a good poke in the
head is in order.

|updated by freshclam. I'm sure there are better ways to do 
|this like recompile with the proper path but I couldn't be bothered.
|Works like a charm for me now.
|
|cheers,
|Colin
|
|Colin A. Bartlett
|Kinetic Web Solutions


Lots of good discussion on this one.  Maybe some improvements will come of
it.

Thanks


L. A. Duerksen
Technical Manager
Futureware Distributing, Inc
OpenBSD 3.4
amavisd-new-20030616-p9
spamassassin 2.63
postfix-2.0.19
ClamAV version 0.70



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamav - Qmail - Ezmlm

2004-05-06 Thread Niek

Scott Ryan wrote:

I may be posting to the wrong link, but I am just trying to cover all
angles:
I am using qmail - qmailscanner - clamav-0.70 and ezmlm.
All regular mail is passed to qmailscanner and thus virus scanned. But
all mail sent to a mailing list is not.
Is there anywhere in Ezmlm that i must configure for it to be parsed
through qmail scanner before hitting the queue?
Thanks in advance

Scott Ryan
Scott,

turn on debugging in qmailscanner, send a few mails with attachments to the list,
(or a testlist, if you don't want to bother the listusers) and check the QS logs.
Hope this point you in the right direction.

Regards,

Niek

---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: Worm/virus not recognized locally

2004-05-06 Thread Ender

Hi,

I have also the same problem with netsky.ab or Worm.SomeFool.AB. The
message could not be recognized by clamscan. But the attached file
abuses.pif alone was recognized. I'm using clamav-0.70-1 + qmail +
qmail-scan combination on my mail erver. What can be the problem ? And
how to solve it? Any idea_

Thanx...

Ender

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Flynn
Sent: Wednesday, May 05, 2004 6:33 PM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Re: Worm/virus not recognized locally

(following my previous answer)  :

Now this is interesting :
If I submit the internal message to the on-line scanner, it doesn't find
any
virus in it.

so to resume : We have a Message A containing a message B containing a
virus
V
(I hope the following array stays readable)

detection?  AB   V
on line scanner YESNO(n/a)
clamscan  NO NOYES

I feel like I should submit my "B" files right away now, right ?

Regards,
Flynn

- Original Message - 
From: "Antony Stone" <[EMAIL PROTECTED]>
Newsgroups: gmane.comp.security.virus.clamav.user
Sent: Wednesday, May 05, 2004 4:17 PM
Subject: Re: Worm/virus not recognized locally


> On Wednesday 05 May 2004 3:09 pm, Flynn wrote:
>
> > Hi everyone ...
> >
> > I have a file, which I suppose is infected with W32/[EMAIL PROTECTED], if
I
trust
> > some other AV.
> > If I submit it to the clam on-line scan server, it finds it as
> > "Worm.SomeFool.Gen-1"
> >
> > but... clamscan does not find it.
> >
> > Inside the file there is some .scr attachement,
>
> If you extract this attachment to a file on its own (without any email
headers
> or Mime encoding etc) does clamscan identify it then?
>
> Regards,
>
> Antony
>
> -- 
> All matter in the Universe can be placed into one of two categories:
>
> 1. Things which need to be fixed.
> 2. Things which need to be fixed once you've had a few minutes to play
with
> them.
>
>  Please reply to
the
list;
>please
don't CC
me.
>
>
>
> ---
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle
10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
>



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.

Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: SV: [Clamav-users] Unmatchet Entries

2004-05-06 Thread Krištof Petr

Jeany Zoita Jakobsen wrote:

Hi Peter,
Do you mean that i should disable the debug in clamav.conf?
If you mean that, so it is allredy disabled.
May be i should eneble it?
Hello Jeany Zoita,

the 'enable-debug' is compile-time option. High level of debugging is 
interesting
for developers only. Normal users  should live happy without it 
(according to Nigel).

Compile clamav byself or pick up the another binary package.

Petr



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FAQ update?

2004-05-06 Thread Rob MacGregor

Is there any chance of getting the FAQ entry for the functionality level 
problem a bit more detailed?  It might stop the regular postings to the 
list.  A reference to removing old versions first would be particularly 
useful (and a reminder of the flag to identify the running version).

Something like this maybe?

The functionality level of the database determines which scanner engine 
version is required to use all of its signatures. If you don't upgrade 
immediately you will be in big trouble :)

If you're still seeing this error after you upgrade you've installed the new 
version in a different location to the old version.  Remove both installs 
and try again.  Don't forget you can check the version you're calling with 
'clamscan --version'.

Thoughts?

 Please DO NOT send me ANY email directly unless it's a privacy issue.
  Reply-to mangled to assist those who don't read the above.
--
Rob  |  What part of "no" was it you didn't understand?


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] /temp directory

2004-05-06 Thread Bart Silverstrim

On May 6, 2004, at 1:54 AM, Cecilia Mtz wrote:

Hello

I noticed that space used on my server went up more than 1 GB in two 
days. I
searched for possible causes and found that on the /temp directory 
there are
hundreds of folders with names like:

/clamav-32a04d8981dc9029
/clamav-64c3234be1ab21c8
/clamav-97724bb815cf6a6d
/clamav-cd4876490bf92691
/clamav-32c0801d981cdb60
/clamav-64c9409eac801901
/clamav-978c3d0a247cf62b
/clamav-cd50cd0972aef749
Are you running with the debug option enabled?



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Installation outdated error in freshclam

2004-05-06 Thread Rob MacGregor

From: Phil Schilling <[EMAIL PROTECTED]>

Sorry, I know this was discussed at the end of April, but apparently
much of Aprils list archive is missing.
When running freshclam directly or via cron it gives the error:
WARNING: Your ClamAV installation is OUTDATED - please update
immediately!
I did update to the latest stable yesterday, which did not cure the
issue.  Thanks, and I know this was already discussed but as archives
of the mailing list are incomplete and can not find the previous
answer.
As I said to somebody else yesterday - the problem is most likely that 
you've installed the new version in a different location to the old version 
and are still running the old version.

Deinstall every version of clamav you've got installed and then start with a 
fresh install of the latest.  If you're still getting the error then you've 
not got rid of the old version.  There is an option (--version I think) to 
find out what version you're calling.

 Please DO NOT send me ANY email directly unless it's a privacy issue.
  Reply-to mangled to assist those who don't read the above.
--
Rob  |  What part of "no" was it you didn't understand?


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: SV: [Clamav-users] Unmatchet Entries

2004-05-06 Thread Nigel Horne

On Thu, 2004-05-06 at 13:20, Jeany Zoita Jakobsen wrote:
> Do you mean that i can install 
> clamav-0.70.tar.gz  2292 kb Apr 17, 2004 02:07
> over the actual version? (I installed for to days ago)
> Or i have to uninstall firt the actual ClamAv befor i download and install the new 
> version.

Uninstall the previous version first.
> And one more question :)
> Please point me to the best version of ClamAv for the fedora core1.

That version will configure itself for many operating systems, including
Fedora Core 1.

> Jeany




---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

SV: [Clamav-users] Unmatchet Entries

2004-05-06 Thread Jeany Zoita Jakobsen

Title: is: SV: [Clamav-users] Unmatchet Entries






Hi Peter,

Do you mean that i should disable the debug in clamav.conf?

If you mean that, so it is allredy disabled.

May be i should eneble it?


Thanks,

Jeany 



-Opprinnelig melding-

Fra:    [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED] På vegne av Krištof Petr

Sendt:  06. mai 2004 13:35

Til:    [EMAIL PROTECTED]

Emne:   Re: [Clamav-users] Unmatchet Entries


Nigel Horne wrote:


>On Thursday 06 May 2004 9:46 am, Jeany Zoita Jakobsen wrote:

>

>  

>

>>**Unmatched Entries**

>>    

>>

>[snip]

>  

>

>>clamfi_close

>>    

>>

>

>  

>

>>What i am  concerned about is the "**Unmatchet Entries**" messagees.

>>Is there sommething wrong?

>>    

>>

>

>Yes, the yum people have configured clamav with "enable-debug". Best thing is

>to not use the yum version, it would appear they are shipping a debug version

>for some reason, go to www.clamav.net and download from there.

>


I removed 'enable-debug' when users did frustrated by this and when you 

confirmed this option

is not necessary for standard usage. It was a month ago.


Petr







---

This SF.Net email is sponsored by Sleepycat Software

Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 

deliver higher performing products faster, at low TCO.

http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3

___

Clamav-users mailing list

[EMAIL PROTECTED]

https://lists.sourceforge.net/lists/listinfo/clamav-users

SV: [Clamav-users] Unmatchet Entries

2004-05-06 Thread Jeany Zoita Jakobsen

Do you mean that i can install 
clamav-0.70.tar.gz  2292 kb Apr 17, 2004 02:07
over the actual version? (I installed for to days ago)
Or i have to uninstall firt the actual ClamAv befor i download and install the new 
version.
And one more question :)
Please point me to the best version of ClamAv for the fedora core1.
Thankyou,
Jeany


> -Opprinnelig melding-
> Fra:  [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED] På vegne av Nigel Horne
> Sendt:06. mai 2004 11:37
> Til:  [EMAIL PROTECTED]
> Emne: Re: [Clamav-users] Unmatchet Entries
> 
> On Thursday 06 May 2004 9:46 am, Jeany Zoita Jakobsen wrote:
> 
> > **Unmatched Entries**
> [snip]
> > clamfi_close
> 
> > What i am  concerned about is the "**Unmatchet Entries**" messagees.
> > Is there sommething wrong?
> 
> Yes, the yum people have configured clamav with "enable-debug". Best thing is
> to not use the yum version, it would appear they are shipping a debug version
> for some reason, go to www.clamav.net and download from there.
> 
> > Jeany
> 
> -Nigel
> 
> -- 
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK.  ICQ#20252325
> [EMAIL PROTECTED] http://www.bandsman.co.uk
> 
> 
> 
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
<>

Re: [Clamav-users] Unmatchet Entries

2004-05-06 Thread Krištof Petr

Nigel Horne wrote:

On Thursday 06 May 2004 9:46 am, Jeany Zoita Jakobsen wrote:

 

**Unmatched Entries**
   

[snip]
 

clamfi_close
   

 

What i am  concerned about is the "**Unmatchet Entries**" messagees.
Is there sommething wrong?
   

Yes, the yum people have configured clamav with "enable-debug". Best thing is
to not use the yum version, it would appear they are shipping a debug version
for some reason, go to www.clamav.net and download from there.
I removed 'enable-debug' when users did frustrated by this and when you 
confirmed this option
is not necessary for standard usage. It was a month ago.

Petr





---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Sendmail, clamav-milter and libmilter errors.

2004-05-06 Thread Nigel Horne

On Thursday 06 May 2004 11:48 am, Mr Mailing List wrote:

> Do the changes address the 'timeout before data read' issue also?

It's all part and parcel of the same issue.

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Sendmail, clamav-milter and libmilter errors.

2004-05-06 Thread Mr Mailing List


On May 6, 2004, at 11:40, Nigel Horne wrote:

On Thursday 06 May 2004 7:38 am, Mr Mailing List wrote:

www sendmail[4015]: i2UL7MvV004015: SYSERR(root): out of memory:
Cannot allocate memory

This is using ClamAV version 0.70, clamav-milter version 0.70 (the
released version)

Please try the version in CVS, it has some fixes which I hope will address this,
especially for BSD (all 3 main flavours).


Do the changes address the 'timeout before data read' issue also?



--
/jørgen nørgaard
e-mail: [EMAIL PROTECTED] | Phone: +45 2627 3769
http://anneli.dk/~jnp/
    |\  _,,,---,,_
    /,`.-'`'    -.  ;-;;,_ 
    |,4-  ) )-,_. ,\ (  `'-'
   '---''(_/--'  `-'\_)

[Clamav-users] Re: Re: There is something I dont get here ...

2004-05-06 Thread Flynn

> I'm not, but you're welcome to submit the _full_ e-mail (I suspect the
> sample I'm looking at is only a partial bounced sample) :-)
>
Hello again,

To fullfill with Nigel Horne's request,
I downloaded the latest tarball, and one of my samples is now detected.

So please ignore submission n# 3075 (Netsky.D)

The other sample is still left undetected, and I just sent it to Nigel
Horne,
make sure you both don't spend time with this ;-)

Best Regards,
Flynn



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Quarantine files (was Temp file issues)

2004-05-06 Thread Alex V. Kovirshin

Nope, but i made little hack to clamav-milter, see my previose post...
it works good. But thanx, i'll check it out.

On Thu, May 06, 2004 at 10:32:40AM +0100, Nigel Horne wrote:
> On Thursday 06 May 2004 8:08 am, Alex V. Kovirshin wrote:
> > Ops, sorry. I just don't understand the point...
> > I was talking about "quarantine_dir". 
> 
> Ahah, that's different from the temporary files.
> Have you tried the latest version in CVS?
> 
> -- 
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK.  ICQ#20252325
> [EMAIL PROTECTED] http://www.bandsman.co.uk
> 
> 
> 
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

-- 
 Alex V. Kovirshin 


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: Re: There is something I dont get here ...

2004-05-06 Thread Flynn

> > Honest: I am convinced we face a bug here.
>
> I'm not, but you're welcome to submit the _full_ e-mail (I suspect the
> sample I'm looking at is only a partial bounced sample) :-)
>

I sent the full emails as sub. number 3074 & 3075
I should have done that first, but the fact that your remote scanner found'm
infected stopped me.

Thank you for taking care of this.

Regards,
Flynn.



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] segmentation fault in 0.70 ?due to filename of infected virus?

2004-05-06 Thread Tomasz Kojm

On Wed, 05 May 2004 13:55:29 -0400
Chris Conn <[EMAIL PROTECTED]> wrote:

> 
> >>this segmentation fault that occurred at the exact second it scanned
> >
> >>this Klez virus?
> > 
> > 
> > As a temporary work-around please disable the LogSyslog directive.
> > The format string problem is connected with the vsyslog() call in
> > shared/output.c and currently I have no (good) idea how to fix it.
> > 
> 
> Hello,
> 
> I have re-instated my clamd and have disabled the LogSyslog in the 
> clamd.conf and I am happy to say that my Eicar-test signature virus
> does get caught and no longer crashes the clamd process =)
> 
> Thank you for this workaround.

The problem is now fixed in CVS.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Thu May  6 11:25:09 CEST 2004


pgp0.pgp
Description: PGP signature

[Clamav-users] Installation outdated error in freshclam

2004-05-06 Thread Phil Schilling

Sorry, I know this was discussed at the end of April, but apparently
much of Aprils list archive is missing.

When running freshclam directly or via cron it gives the error:
WARNING: Your ClamAV installation is OUTDATED - please update
immediately!

I did update to the latest stable yesterday, which did not cure the
issue.  Thanks, and I know this was already discussed but as archives
of the mailing list are incomplete and can not find the previous
answer.

Phil

-- 
Phil Schilling
GCS Tech



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: There is something I dont get here ...

2004-05-06 Thread Joe Maimon



Flynn wrote:

There are many ways to do this - using the --mbox option should detect
the virus if the _full_ e-mail is scanned by ClamAV.
   

Well - let me clarify this situation very carefully :

(v0.70)-clamscan --mbox does *NOT* recognized the _full_ email as a virus.
 

I have experienced the same issue.
There is always supposed to be a Received: header but..stuff was 
being quarantined by amavis that did not have one or be otherwise 
recognized as mbox..
See mbox-force patch at http://www.jmaimon.com/clamav for an 
experimental workaround.

---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Unmatchet Entries

2004-05-06 Thread Nigel Horne

On Thursday 06 May 2004 9:46 am, Jeany Zoita Jakobsen wrote:

> **Unmatched Entries**
[snip]
> clamfi_close

> What i am  concerned about is the "**Unmatchet Entries**" messagees.
> Is there sommething wrong?

Yes, the yum people have configured clamav with "enable-debug". Best thing is
to not use the yum version, it would appear they are shipping a debug version
for some reason, go to www.clamav.net and download from there.

> Jeany

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk

---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: There is something I dont get here ...

2004-05-06 Thread Nigel Horne

On Thursday 06 May 2004 9:46 am, Flynn wrote:

> Honest: I am convinced we face a bug here.

Have you tried with the latest version in CVS? If so and
it still fails, zip the e-mail, password virus, and send me copy.

> Rgds,
> Flynn

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Sendmail, clamav-milter and libmilter errors.

2004-05-06 Thread Nigel Horne

On Thursday 06 May 2004 7:38 am, Mr Mailing List wrote:

>   www sendmail[4015]: i2UL7MvV004015: SYSERR(root): out of memory:
> Cannot allocate memory

> This is using ClamAV version 0.70, clamav-milter version 0.70 (the
> released version)

Please try the version in CVS, it has some fixes which I hope will address this,
especially for BSD (all 3 main flavours).

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Patching clamd to log to stdout

2004-05-06 Thread Andrej Trobentar

Andrej Trobentar wrote:

Really nobody knows an answer to this?
I have found a solution on qmail list :

>>> Jeremy Kitchen wrote:
>>>
>>> there's no reason to patch clamav to have clamd log to stderr.
>>>
>>> in clamav.conf:
>>> LogFile /dev/stdout
>>> LogFileUnlock
>>>
>>> works on every system I've ever installed it on.
>>
>> Mine runs as the qscand user (started as root, though)  works fine.
>>
>> http://scriptkitchen.com/qmail/clamav.conf
>>
>> -Jeremy
>
Ahh, you're right. I invoked it with a "setuidgid qscanq" wrapper, 
and that was what was preventing proper logging. Take that out, make 
sure the config has the "User qscanq" line, and it works perfectly. 
Thanks for the tip!

~Kyle
Thanks anyway and have a nice day,

	Andrej.

---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Quarantine files (was Temp file issues)

2004-05-06 Thread Nigel Horne

On Thursday 06 May 2004 8:08 am, Alex V. Kovirshin wrote:
> Ops, sorry. I just don't understand the point...
> I was talking about "quarantine_dir". 

Ahah, that's different from the temporary files.
Have you tried the latest version in CVS?

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: There is something I dont get here ...

2004-05-06 Thread Diego d'Ambra

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Flynn
> Sent: 6. maj 2004 10:46
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] Re: There is something I dont get here ...
> 
> > There are many ways to do this - using the --mbox option should
detect
> > the virus if the _full_ e-mail is scanned by ClamAV.
> 
> Well - let me clarify this situation very carefully :
> 
> (v0.70)-clamscan --mbox does *NOT* recognized the _full_ email as a
virus.
>

Sorry, but this is not true.

If I add the missing header line:
---snip, header sample---
Received: from some.domain.com (localhost [127.0.0.1])
by localhost (Postfix) with ESMTP id CD9322FB24
for <[EMAIL PROTECTED]>; Sun, 14 Mar 2004 06:09:04 +0100 (CET)
---snip---

The result is:
---snip---
[EMAIL PROTECTED] virus]# clamscan --mbox ./virus.eml
./virus.eml: Worm.SomeFool.Gen-1 FOUND

--- SCAN SUMMARY ---
Known viruses: 21425
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
I/O buffer size: 131072 bytes
Time: 1.656 sec (0 m 1 s)
--snip---

> snapshot-clamscan --mbox does *NOT* recognized the _full_ email as a
> virus.
> clamscan --mbox does *NOT* recognized the included corrupted email as
a
> virus.
> clamscan does recognized the included script (the virus itself) as a
> virus.
> 

Hmm, again I'm able to detect the virus.

Extract of the binary:
---snip---
[EMAIL PROTECTED] virus]# reformime -e -s 1.2 < virus.eml > virus.bin
[EMAIL PROTECTED] virus]# clamscan ./virus.bin
./virus.bin: Worm.SomeFool.Gen-1 FOUND

--- SCAN SUMMARY ---
Known viruses: 21425
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
I/O buffer size: 131072 bytes
Time: 1.358 sec (0 m 1 s)
---snip---

> 
> Honest: I am convinced we face a bug here.
> 

I'm not, but you're welcome to submit the _full_ e-mail (I suspect the
sample I'm looking at is only a partial bounced sample) :-)

Best regards,
Diego d'Ambra



smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Mail confusion / savemail panics

2004-05-06 Thread Nigel Horne

On Wednesday 05 May 2004 7:53 pm, Søren Schimkat wrote:

> When using the same config file at shown below .. and starting
> clamav-milter with these options:
>
> --force-scan --config-file=/opt/clamav-0.70/etc/clamav.conf
> --quarantine-dir =/var/quarantine /var/run/clamav/clmilter.sock

> Could someone please tell me what to do, in order to just send mail to
> the sender, the reciepient and postmaster ... and to ensure that only
> one copy of the mail is quarantined.

Try turning off the scanning of local e-mails (don't use the --force-scan option,
you may wish to add --local that's up to you).

> Regards Søren Schimkat

-Nigel

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: There is something I dont get here ...

2004-05-06 Thread Flynn

> There are many ways to do this - using the --mbox option should detect
> the virus if the _full_ e-mail is scanned by ClamAV.

Well - let me clarify this situation very carefully :

(v0.70)-clamscan --mbox does *NOT* recognized the _full_ email as a virus.
snapshot-clamscan --mbox does *NOT* recognized the _full_ email as a virus.
clamscan --mbox does *NOT* recognized the included corrupted email as a
virus.
clamscan does recognized the included script (the virus itself) as a virus.

Fprot does recognize tha _full_ email as a virus
Fprot does recognized the included corrupted email as a virus.
Fprot does recognized the included script (the virus itself) as a virus.

your on-line scanner does recognize tha _full_ email as a virus
your on-line scanner does *NOT* recognized the included corrupted email as a
virus.
I suppose that your on-line scanner does recognized the included script (the
virus itself) as a virus.

Honest: I am convinced we face a bug here.

Rgds,
Flynn



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Unmatchet Entries

2004-05-06 Thread Jeany Zoita Jakobsen

Title: is: Unmatchet Entries








Hi,
After installing Fedora C 1, SA the pakkage that follows Fedora C1, clamav and MailScanner.

Used a very nise link to install clamav:

(<>)

(used yum to get the latest version (ClamAv)) and the program was installed in this directory:

/usr/share/doc/clamav-0.70/Spanish/Sendmail+Amavis+ClamAv-Como.html

Now i keep geting this:


Subject: LogWatch for line.haraldsplass.no
X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70j
X-Haraldsplass-MailScanner-Information: Please contact the ISP for more information
X-Haraldsplass-MailScanner: Found to be clean
X-MailScanner-From: [EMAIL PROTECTED]


 ### LogWatch 4.3.2 (02/18/03) 
   Processing Initiated: Thu May  6 04:02:01 2004
   Date Range Processed: yesterday
 Detail Level of Output: 0
  Logfiles for Host: line.haraldsplass.no
 

 - Clamav Begin 

Daemon check list:
   Database status OK.  - 1 Time(s)
 
Virus database reloads:
   Now protecting against 21406 viruses - 2 Time(s)
 
**Unmatched Entries**
No stats for Database check - forcing reload
Exiting (clean)
clamd avsluttes succeeded
Running as user clamav (UID 46, GID 46)
Setting /tmp as global temporary directory
Bound to address 127.0.0.1 on port 3310
clamd oppstart succeeded
Blocking encrypted archives.
OLE2 support enabled.
 
 -- Clamav End -
 
 
 - Clamav-milter Begin 
 
 
**Unmatched Entries**
clamfi_envfrom: <[EMAIL PROTECTED]>
clamfi_envrcpt: <[EMAIL PROTECTED]>
clamfi_header: Received: (from [EMAIL PROTECTED]) ^Iby Line.haraldsplass.no (8.12.10/8.12.10/Submit) id i45222TD004892 ^Ifor root; Wed, 5 May 2004 04:02:02 +0200
clamfi_header: Date: Wed, 5 May 2004 04:02:02 +0200
clamfi_header: From: root <[EMAIL PROTECTED]>
clamfi_header: Message-Id: <[EMAIL PROTECTED]>
clamfi_header: To: [EMAIL PROTECTED]
clamfi_header: Subject: LogWatch for line.haraldsplass.no
clamfi_eoh
clamfi_envbody: 9148 bytes
clamfi_eom
clamfi_eom: read stream: OK
clamfi_close
 
 -- Clamav-milter End -


What i am  concerned about is the "**Unmatchet Entries**" messagees.
Is there sommething wrong?

What should i change in the clamav.conf?

Becouse it looks like someone've done the job allredy in this file
by commenting the Exemple line, and other thinks was changed to make our lives easier. (Thanks)
But now what should i do to get this "**Unmatchet Entries**" fixed?

Great thaks,

Jeany

[Clamav-users] Clamav - Qmail - Ezmlm

2004-05-06 Thread Scott Ryan

I may be posting to the wrong link, but I am just trying to cover all
angles:
I am using qmail - qmailscanner - clamav-0.70 and ezmlm.

All regular mail is passed to qmailscanner and thus virus scanned. But
all mail sent to a mailing list is not.

Is there anywhere in Ezmlm that i must configure for it to be parsed
through qmail scanner before hitting the queue?

Thanks in advance

Scott Ryan



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Patching clamd to log to stdout

2004-05-06 Thread Andrej Trobentar

Dale Gallagher wrote:

Hi everyone

Anyone wishing to run clamd under daemontools 
http://cr.yp.to/daemontools.html can use the attached patch I
hacked together, which is almost identical to Len Budney's patch: 
http://mysite.verizon.net/vze1ypud/software/qscanq/clamav-0.70-stderr.patch.gz
 I didn't notice Len had updated his previous patch, so I rolled my
own based on his old patch, without checking first. Anyway, here it
is if anyone is interested.

[...]
Hello,

I have aplied the appended patch and now I see all the output of clam
in "ps axwww|grep readpro" insted of /var/log/clamd/current.
Currently I'm using clamav 0.67-1 with a patch that Tomasz Kojm send
in
http://www.mail-archive.com/[EMAIL PROTECTED]/msg07148.html
and everything works. Any ideas what I have done wrong?
Really nobody knows an answer to this?

--
Greetings from Slovenija,
	Andrej.

---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Latest stable version 0.70 doesn't detect dummy viruses

2004-05-06 Thread Trog

On Thu, 2004-05-06 at 09:10, Clamav wrote:
> Hi!
> I'm using sendmail with clamav-milter and the latest stable version
> 0.70.
> 
> I used a german website which provides dummy viruses for checking clamav
> (http://www.heise.de/security/dienste/emailcheck/).
> 
> I realised that the following dummy viruses pass clamav:
> Virus Bagle.Q 
> Virus Netsky.P 
> 
> Anyone who knows the reason for this behaviour?

Because it's a useless test.

It doesn't send any kind of viral code (dummy or otherwise).

-trog



signature.asc
Description: This is a digitally signed message part

RE: [Clamav-users] There is something I dont get here ...

2004-05-06 Thread Diego d'Ambra

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Flynn
> Sent: 6. maj 2004 09:50
> To: [EMAIL PROTECTED]
> Subject: [Clamav-users] There is something I dont get here ...
> 
> "E-mail sample with missing headers. SomeFool
> found if headers are added."
> 
> So removing headers is a good way to let viruses go through ?
>

No MTA will create an e-mail without adding at least a 
line. Your sample is missing these - this is not a problem regarding
ClamAV, but probably your MTA -> scanner configuration.

>
> You could argue that without headers, a message cannot go through.
> Well, it's wrong if this message is itself included in another one,
like
> the
> one I got.
> 

The submitted sample isn't a bounced message.

> So, what's next ? Clam will never recognize those ?
> Do I need to write a program to fix headers and/or parse the mbox
files
> myself
> before passing them to clam ?
> 

There are many ways to do this - using the --mbox option should detect
the virus if the _full_ e-mail is scanned by ClamAV.

Otherwise I suggest using "ripmime" or "reformime" to extract embedded
attachments. 

Best regards,
Diego d'Ambra


smime.p7s
Description: S/MIME cryptographic signature

[Clamav-users] Latest stable version 0.70 doesn't detect dummy viruses

2004-05-06 Thread Clamav

Hi!
I'm using sendmail with clamav-milter and the latest stable version
0.70.

I used a german website which provides dummy viruses for checking clamav
(http://www.heise.de/security/dienste/emailcheck/).

I realised that the following dummy viruses pass clamav:
Virus Bagle.Q 
Virus Netsky.P 

Anyone who knows the reason for this behaviour?
Thanks
Wolfgang



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] There is something I dont get here ...

2004-05-06 Thread Flynn

Hello again everyone.

I received a file that has been recognized as a virus by f-prot, but not  by
clam.
Indeed it is a virus, since I can open it with my mailer and execute it,
and really get infected.

So I submitted it, and I got this response from Diego d'Ambra :

"E-mail sample with missing headers. SomeFool
found if headers are added."

So removing headers is a good way to let viruses go through ?
You could argue that without headers, a message cannot go through.
Well, it's wrong if this message is itself included in another one, like the
one I got.

So, what's next ? Clam will never recognize those ?
Do I need to write a program to fix headers and/or parse the mbox files
myself
before passing them to clam ?

Flynn





---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Temp file issues

2004-05-06 Thread Alex V. Kovirshin

Btw, if you use quarantine-dir option(with localsocket of couse), for
perfomance reason, but do not need all that quarantine files, you could
make them deleted, by patching clamav-milter:

--- clamav-milter.c.orig2004-05-06 11:20:10.0 +0400
+++ clamav-milter.c 2004-05-06 11:20:32.0 +0400
@@ -2159,8 +2159,8 @@
/*
 * Cleanup filename here! Default procedure
 * would delete quarantine file
 */
-   free(privdata->filename);
-   privdata->filename = NULL;
+   /*free(privdata->filename);
+   privdata->filename = NULL;*/
}
 
if(quarantine) {


On Wed, May 05, 2004 at 09:00:42AM -0500, Matthew Myers wrote:
> Is there a way to auto delete the temp files created when scanning?  My
> system (v 0.70) hung yesterday due to the temp files not being
> deleted...they tend to grow and grow and grow.  Today I already have over
> 10,000 temp files, and although it may take a month or so, this will
> eventually become an issue again.  Any help you can provide to resolve this
> matter is appreciated.
>  
> Thanks,
> Matthew

-- 
 Alex V. Kovirshin <[EMAIL PROTECTED]>


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Temp file issues

2004-05-06 Thread Alex V. Kovirshin

Ops, sorry. I just don't understand the point...
I was talking about "quarantine_dir". I use local socket, and as said
"When using Localsocket in %s\nyou may improve performance if you use the
--quarantine_dir option\n" - i use --quarantine-dir, but i need only
perfomance improvement, not all that files in "quarantine-dir". So i
remove quarantine files by cron every 5 minutes. It's a temportary
solution, until i found better way(rtfm ... etc...)


On Wed, May 05, 2004 at 06:29:15PM +0200, Jakub Jankowski wrote:
> On 2004-05-05, Alex V. Kovirshin wrote:
> 
> >First - hack milter ...
> >Second - cron job rm -f /path/to/quarantine
> 
> Zero - read docs.
> 
> s.
> 
> -- 
> (0>  Jakub Jankowski  [url]: s.atn.pl  "Nawet w Krainie Czarow
> //\   [EMAIL PROTECTED]   [rlu]: 174516 latwiej jest spotkac
> V_/_  [EMAIL PROTECTED]   [ekg]: 921514 Babe Jage niz Alicje"
> Fingerprint: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> 
> 
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

-- 
 Alex V. Kovirshin <[EMAIL PROTECTED]>


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: /temp directory

2004-05-06 Thread Odhiambo Washington

* Cecilia Mtz <[EMAIL PROTECTED]> [20040506 09:21]: wrote:
> never mind!
> sorry but I didn't see a message posted earlier with the same topic, that
> answered my questions.
> 
> Cecilia
> -
> 
> admins, you may delete this post

If only that was so easy and wouldn't break the archives ;)



cheers
   - wash 
+--+-+
Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE)  |
  . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI |
GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 |
+-+--+
"Oh My God! They killed init! You Bastards!"  
 --from a /. post


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Temp file issues

2004-05-06 Thread Alex V. Kovirshin

Ha ha :-) Good answer but i don't have Debug enabled even...

On Wed, May 05, 2004 at 06:29:15PM +0200, Jakub Jankowski wrote:
> On 2004-05-05, Alex V. Kovirshin wrote:
> 
> >First - hack milter ...
> >Second - cron job rm -f /path/to/quarantine
> 
> Zero - read docs.
> 
> s.
> 
> -- 
> (0>  Jakub Jankowski  [url]: s.atn.pl  "Nawet w Krainie Czarow
> //\   [EMAIL PROTECTED]   [rlu]: 174516 latwiej jest spotkac
> V_/_  [EMAIL PROTECTED]   [ekg]: 921514 Babe Jage niz Alicje"
> Fingerprint: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
> 
> 
> ---
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users

-- 
 Alex V. Kovirshin <[EMAIL PROTECTED]>


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Sendmail, clamav-milter and libmilter errors.

2004-05-06 Thread Mr Mailing List


I have installed clamav and clamav-milter on netbsd 1.6 (all packages,include sendmail, libmilter and pth, are current) and it
appears to work fine (i.e. catching viruses).



Most of the time it is reliable and gives proper warnings when attempting to send infected mails.
Yesterday, how ever, it gave produces out-of-memory errors like:

www sendmail[4015]: i2UL7MvV004015: SYSERR(root): out of memory: Cannot allocate memory


After a restart of sendmail, clamav-milter and clamd everything reverted to normal operation again.

This is using ClamAV version 0.70, clamav-milter version 0.70 (the released version)



With the cvs version (as of May 5th around 18:00 CET) there appears to be some instability. In the spam of a few hour most mails failed with:

May  5 22:16:08 www sendmail[17315]: i45KC8GE017315: Milter (clmilter): timeout before data read
May  5 22:16:08 www sendmail[17315]: i45KC8GE017315: Milter (clmilter): to error state
May  5 22:16:08 www sendmail[17315]: i45KC8GE017315: Milter (clmilter): init failed to open
May  5 22:16:08 www sendmail[17315]: i45KC8GE017315: Milter (clmilter): to error state

After a time-out they appear to be send anyway.


Is this a known issue with the cvs version?


Regards,
--
/jørgen nørgaard
e-mail: [EMAIL PROTECTED] | Phone: +45 2627 3769
http://anneli.dk/~jnp/
    |\  _,,,---,,_
    /,`.-'`'    -.  ;-;;,_ 
    |,4-  ) )-,_. ,\ (  `'-'
   '---''(_/--'  `-'\_)

59 matches

Mail list logo