[Clamav-users] softlimit+clamav
Jason, I Googled my clamav problem (memory usage grows!) and found this thread. I've had numerous OOM with my production box so I thought running Softlimit+Clamd would be a good idea. The problem is I get get segmentation fault error and all the clamd processes seems to hang. You mentioned that you figured out the problem, can you please provide details on this? Thanks! -Richie >Re: [Clamav-users] clamd still hangs with 0.70 >--- - >From: Jason Haar >Subject: Re: [Clamav-users] clamd still hangs with 0.70 >Date: Tue, 20 Apr 2004 19:44:54 -0700 >--- - >>On Tue, Apr 20, 2004 at 01:11:40PM -0400, Mike Cathey wrote: >> ...lsof the pid and see what files it has open...then copy the files to >> somewhere else and fire them off to the develpers. :) >Nope - that won't help. I just did that - twice within 10 minutes on my >(currently) hung mail server. The first shows clamd (running just below the >softlimit memory setting - again it ran out of memory) having bunches of >library files, logfiles,etc open - plus one eml file. 10 minutes later it >hasn't got that file open but has others open... >i.e. it hasn't hung - it's now just going E.X.T.R.E.M.E.L.Y slowly... >OK, I think I can trigger this at will at the moment. If I let clamdscan run >over my SPAM Maildir folder (32,580 msgs) - which will be full of >atrociously written MIME mail messages (if that matters), then over a few >minutes clamd climbs up to the softlimit RAM limit and then clamd hangs (or >goes slow - take your pick). Then all further clamdscan processes hang. If I >then kill the "clamdscan -r SPAM/" process, then almost immediately all the >other clamdscan processes finish (not crash!), and clamd memory usage drops >back down to around 16M. >Gah. I think I've figured out the problem. I'm running clamd under >daemontools - which means I've set "Foreground" in clamav.conf... How does >that affect the running of clamd? Does it force clamd to serialize requests >by any chance...? >-- >Cheers > >Jason Haar >Information Security Manager, Trimble Navigation Ltd. >Phone: +64 3 9635 377 Fax: +64 3 9635 417 >PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Updates to my patches
Hello All, For those who care, There are new versions of these patches on my http://www.jmaimon.com/clamav page - clamav-devel.jm-pl4 OR - max-child-wait - clamav-milter 0.70x (with the recent fix) - streammaxlength - clamav-milter 0.70x - ALLOC_CHECK - clamav-milter 0.70x - vsnprintf_alloc has now become vasprintf. There is now a patch which should apply against un-jm patched clamav-milter. - Loginfected - new version that applies against a jm patched clamav-milter 0.70x As usual any feedback, including flames is welcome, Joe --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd Leaking?
Rich wrote: I tried softlimit but each clamscan process hangs :-/ clamscan should not have anything to do with clamd. Did you mean clamdscan? Did you also use clamdwatch? Did you add the script to kill clamd and start it when clamdwatch says clamd dead/hung? Just using softlimit is not enough :) Regards, Fajar -- Please avoid sending me Microsoft Office attachments. See http://www.fsf.org/philosophy/no-word-attachments.html --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] What is this Exploit.JUnksurf.A ?
On Wed, 12 May 2004, N S Srikanth wrote: > I recently ran clamscan on my machine and th following is a > partial output.(Clamav 0.60) > > I run RH9 on a dual boot m/c with Win98 in another partition. > > //usr/bin/kmail: Exploit.Junksurf.A FOUND [snip about 100 other files] > > > Is this something serious? > > Some thing in my home directory I can accept, but some thing in my > system documentation directories too? > DO I have to reinstall RH LInux? When I run clamscan (0.70) on my RH9 box I don't get those files listed, so there's definitely something fishy. Here's a check: astro: [20:31] [10] ~>md5sum /usr/bin/kmail df82e822af0ecb12a2e04f832144a87d /usr/bin/kmail If your md5sum matches mine, then your box is safe and it's clamav that's screwy. You should update to 0.70 and run freshclam to update your database, then try again. If your md5sum does NOT match, then reinstalling is probably your best option. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers: |#=- -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=- --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd Leaking?
I tried softlimit but each clamscan process hangs :-/ - Original Message - From: "Fajar A. Nugraha" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, May 12, 2004 1:20 PM Subject: Re: [Clamav-users] Clamd Leaking? > Rich wrote: > > >Is it advisable to use softlimits with clamd? > > > > exec /usr/local/bin/setuidgid qscand \ > > /usr/local/bin/softlimit -a 4000 /usr/local/sbin/clamd > > > > > > > An immediate solution would be to use softlimit and clamdwatch. > So, > > clamd exceeds memory usage -> ulimit prevents allocationg memory -> > scanning stops > -> clamdwatch reports clamd dead -> kill clamd -> start clamd > > Something like that. > Although personally my clamd works great without leaks, I still use > clamdwatch. > http://mikecathey.com/code/clamdwatch/ > You might have to add script to kill & start clamd manually > > Regards, > > Fajar > > > -- > Please avoid sending me Microsoft Office attachments. > See http://www.newsforge.com/software/04/03/27/0134204.shtml > > > --- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Mail::ClamAV
Shoval, The errors from your Mail::ClamAV installation indicate that you are missing the package bzip2-devel. You should be able to find the RPM for it on your local Redhat/Fedora mirror. You can check if this is the case: rpm -q bzip2-devel After bzip2-devel is installed, Mail::ClamAV should build without a problem Regards Geoff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shoval Tomer Sent: Thursday, 13 May 2004 8:23 AM To: [EMAIL PROTECTED] Subject: [Clamav-users] Mail::ClamAV I can't seem to install the ClamAV perl module. I'm running fedora core 1 and the install Mail::ClamAV command gives thi error: Starting "make" Stage make[1]: Entering directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.3/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/root/.cpan/build/Mail-ClamAV-0.08 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386 -mcpu=i686 -DVERSION=\"0.08\" -DXS_VERSION=\"0.08\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" ClamAV.c Running Mkbootstrap for Mail::ClamAV () chmod 644 ClamAV.bs rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so LD_RUN_PATH="/usr/local/lib:/usr/lib" gcc -shared -L/usr/local/lib ClamAV.o -o blib/arch/auto/Mail/ClamAV/ClamAV.so -lz -lbz2 -lgmp -lpthread -lclamav /usr/bin/ld: cannot find -lbz2 collect2: ld returned 1 exit status make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1 make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 150 BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 429. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 /usr/bin/make -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible please help. --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Mail::ClamAV
On Thu, 13 May 2004, Shoval Tomer wrote: > I can't seem to install the ClamAV perl module. > > /usr/bin/ld: cannot find -lbz2 > You need to install bzip2 with shared libs (and probably the devel stuff) Seems strange they'd be left out of a modern distro. -S > -- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Mail::ClamAV
On 2004-05-13, Shoval Tomer wrote: >I can't seem to install the ClamAV perl module. > >I'm running fedora core 1 and the install Mail::ClamAV command gives thi >error: [...] >LD_RUN_PATH="/usr/local/lib:/usr/lib" gcc -shared -L/usr/local/lib >ClamAV.o -o blib/arch/auto/Mail/ClamAV/ClamAV.so -lz -lbz2 -lgmp >-lpthread -lclamav > >/usr/bin/ld: cannot find -lbz2 [...] >please help. Install bzip2. s. -- (0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow //\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje" Fingerprint: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Mail::ClamAV
I can’t seem to install the ClamAV perl module. I’m running fedora core 1 and the install Mail::ClamAV command gives thi error: Starting "make" Stage make[1]: Entering directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV' /usr/bin/perl /usr/lib/perl5/5.8.3/ExtUtils/xsubpp -typemap /usr/lib/perl5/5.8.3/ExtUtils/typemap ClamAV.xs > ClamAV.xsc && mv ClamAV.xsc ClamAV.c gcc -c -I/root/.cpan/build/Mail-ClamAV-0.08 -I/usr/include -D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -march=i386 -mcpu=i686 -DVERSION=\"0.08\" -DXS_VERSION=\"0.08\" -fPIC "-I/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE" ClamAV.c Running Mkbootstrap for Mail::ClamAV () chmod 644 ClamAV.bs rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so LD_RUN_PATH="/usr/local/lib:/usr/lib" gcc -shared -L/usr/local/lib ClamAV.o -o blib/arch/auto/Mail/ClamAV/ClamAV.so -lz -lbz2 -lgmp -lpthread -lclamav /usr/bin/ld: cannot find -lbz2 collect2: ld returned 1 exit status make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1 make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 150 BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 429. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 2 /usr/bin/make -- NOT OK Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible please help.
Re: [Clamav-users] Clamd Leaking?
> >This might be slightly off-base here, but anyone know if clamd leaks and if > >there's any current patch? I'm running 0.70-rc. Below's the memory usage > >showing clamd eating up the mem resource. > >2621 qscand15 0 815M 477M 352 S 0.5 47.4 462:01 1 clamd > > Update to 0.70. The problem exists in 0.70, too. I'll do some more debugging, but any solution as mentioned (restarting clamd after crashed) is not suitable in an production environment. I take a look at the list of contrib tools, and there found gadyavirus (or similar, complicate name ;). It uses clamav.h and works as a daemon too and works extremely fast - without the leaking problem. As the normal clamscan also seems to work well, it must be something thats specific to the clamd itself causing the (sporadic, but fatal) problem. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ERROR: You must specify at least one database mirror.
At 05:59 AM 5/12/2004, Marc wrote: It could be that freshclam.conf is installed in /usr/local/etc (which is the default for clamav) after installing clamav 0.70 manually. Also, wherever it is, check the permissions on freshclam.conf and the path leading to it. It should be readable by the user that is calling freshclam. Kelson Vibber SpeedGate Communications --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Recommendation RedHat replacement
Kelson Vibber said: > As for what to put on new servers, we haven't decided yet here. I've had > good experiences with Fedora Core 1 on workstations, but we'll probably > avoid using it on servers for now. If you're interested, it's at > http://fedora.redhat.com/ . FC1 really is Red Hat 10 renamed, so it has > all > the same tools you're used to, and most of the third-party packagers > building for RHL have started building for Fedora Core as well. Plus it's > the only distro you can upgrade a RHL system to without reinstalling. > > If you like the way Red Hat works, there are also several RH-based distros > you can look at. I upgraded my 50 desktops from redhat 9 to Lineox. The upgrade actually works. I reccomend it for least upgrade effort from redhat 7.3/9 systems. I reccomemd it, it includes apt support for updates. It's 2 dollars per machine if you buy 100+ licenses. I'm moving my server from redhat 7.3/9 to debian and lineox. Servers are going to debian, (just upgraded yesterday) and desktops are going to lineox. -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] What is this Exploit.JUnksurf.A ?
Hi All. I recently ran clamscan on my machine and th following is a partial output.(Clamav 0.60) I run RH9 on a dual boot m/c with Win98 in another partition. //usr/bin/kmail: Exploit.Junksurf.A FOUND //usr/lib/mozilla-1.2.1/chrome/comm.jar: Exploit.Junksurf.A FOUND //usr/lib/mozilla-1.2.1/chrome/de-AT.jar: Exploit.Junksurf.A FOUND //usr/lib/mozilla-1.2.1/chrome/en-US.jar: Exploit.Junksurf.A FOUND //usr/lib/mozilla-1.2.1/chrome/es-ES.jar: Exploit.Junksurf.A FOUND //usr/lib/mozilla-1.2.1/chrome/fr-FR.jar: Exploit.Junksurf.A FOUND //usr/lib/mozilla-1.2.1/chrome/it-IT.jar: Exploit.Junksurf.A FOUND //usr/lib/mozilla-1.2.1/chrome/pt-BR.jar: Exploit.Junksurf.A FOUND //usr/lib/qt-3.1/bin/qtconfig: Exploit.Junksurf.A FOUND //usr/lib/qt-3.1/lib/libdesigner.so.1.0.0: Exploit.Junksurf.A FOUND //usr/share/doc/freetype-2.1.3/docs/design/modules.html: Exploit.Junksurf.A FOUN D //usr/share/doc/freetype-2.1.3/docs/reference/ft2-base_interface.html: Exploit.J unksurf.A FOUND //usr/share/doc/freetype-2.1.3/docs/reference/ft2-basic_types.html: Exploit.Junk surf.A FOUND //usr/share/doc/freetype-2.1.3/docs/reference/ft2-raster.html: Exploit.Junksurf. A FOUND //usr/share/doc/ImageMagick-5.4.7/www/install.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxslt-1.0.27/bugs.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxslt-1.0.27/extensions.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxslt-1.0.27/internals.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxslt-1.0.27/python.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-python-2.5.4/python.html: Exploit.Junksurf.A FOUND //usr/share/doc/openjade-1.3.1/jadedoc/index.htm: Exploit.Junksurf.A FOUND //usr/share/doc/openjade-1.3.1/jadedoc/tex.htm: Exploit.Junksurf.A FOUND //usr/share/doc/expat-devel-1.95.5/doc/reference.html: Exploit.Junksurf.A FOUND //usr/share/doc/libstdc++-devel-3.2.2/html/17_intro/porting-howto.html: Exploit. Junksurf.A FOUND //usr/share/doc/libstdc++-devel-3.2.2/html/22_locale/codecvt.html: Exploit.Junks urf.A FOUND //usr/share/doc/libstdc++-devel-3.2.2/html/ext/lwg-active.html: Exploit.Junksurf .A FOUND //usr/share/doc/libstdc++-devel-3.2.2/html/ext/lwg-defects.html: Exploit.Junksur f.A FOUND //usr/share/doc/libstdc++-devel-3.2.2/html/ext/sgiexts.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/FAQ.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/catalog.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/entities.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/example.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/python.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/upgrade.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/xmlio.html: Exploit.Junksurf.A FOUND //usr/share/doc/libxml2-devel-2.5.4/xmlmem.html: Exploit.Junksurf.A FOUND //usr/share/doc/linuxdoc-tools-0.9.20/example/example.sgml: Exploit.Junksurf.A F OUND //usr/share/doc/linuxdoc-tools-0.9.20/guide.sgml: Exploit.Junksurf.A FOUND //usr/share/doc/xmltex-2118/manual.html: Exploit.Junksurf.A FOUND //usr/share/doc/passivetex-1.21/index.html: Exploit.Junksurf.A FOUND //usr/share/ImageMagick/www/install.html: Exploit.Junksurf.A FOUND //home/srikanth/download/clamav-0.54/test/test1: //home/srikanth/download/clamav-0.54/test/test1: ClamAV-Test-Signature FOUND //home/srikanth/download/clamav-0.54/test/test2.zip: ClamAV-Test-Signature FOUND //home/srikanth/download/clamav-0.54/test/test3.rar: ClamAV-Test-Signature FOUND //home/srikanth/download/clamav-0.54.tar.gz: ClamAV-Test-Signature FOUND //home/srikanth/download/webpages/Luxury of Ignorance: Exploit.Junksurf.A FOUND //home/srikanth/download/clamav-0.65/test/test1: ClamAV-Test-Signature FOUND //home/srikanth/download/clamav-0.65/test/test2.zip: ClamAV-Test-Signature FOUND //home/srikanth/download/clamav-0.65/test/test3.rar: ClamAV-Test-Signature FOUND //home/srikanth/download/clamav-0.65/test/test2.badext: ClamAV-Test-Signature FO UND //home/srikanth/download/clamav-0.65.tar.gz: ClamAV-Test-Signature FOUND //home/srikanth/caughtspam: Exploit.MhtRedir FOUND //home/srikanth/caughtspam~: Exploit.Junksurf.A FOUND //home/srikanth/Trial.tar: Exploit.Junksurf.A FOUND //home/srikanth/guten.iso: Exploit.Junksurf.A FOUND //home/srikanth/winwp/about intor debian.htm: Exploit.Junksurf.A FOUND //home/srikanth/winwp/aptget for RH.html: Exploit.Junksurf.A FOUND //home/srikanth/winwp/clamav-0.54.tar.gz: ClamAV-Test-Signature FOUND //home/srikanth/winwp/Gentoo Linux Documentation -- Gentoo Linux 1_4_rc3 Install ation Instructions.htm: Exploit.Junksurf.A FOUND //home/srikanth/winwp/leafnode-1.9.33.rel.tar.gz: Exploit.Junksurf.A FOUND //home/srikanth/winwp/Slashdot Job Chances for Older Coders.htm: Exploit.Junksu rf.A FOUND //home/srikanth/winwp/slrnpull info.html: Exploit.Junksurf.A FOUND //home/srikanth/winwp/SRS page2.htm: Exploit.Junksurf.A FOUND //home/srikanth/winwp/SRS pag
Re: [Clamav-users] Problem with daily: 308
On Tue, 11 May 2004, Frank Richter wrote: > since my freshclam got daily 308 yesterday I've experiencing an unusual > high load on my mail servers running clamd: Ok, ok, it wasn't daily 308 at all ... it was the same time when it arrived and trouble starts here. Actually the reason were ill-formatted e-mails containing > 1024 MIME parts. clamd doesn't handle this reasonably, so I added a rule to the MTA config to deny such messages. - Frank -- Email: [EMAIL PROTECTED] http://www.tu-chemnitz.de/~fri/ Work: Computing Services, Chemnitz University of Technology, Germany --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] upgrading clamav changes permissions on directories?
Jim Maul wrote:
Jim Maul wrote:
I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
Since i am running qmail with qmail-scanner, i run clamav as
user qscand and
have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to be
owned by qscand. While upgrading to 0.70 i noticed that all
three of these
directories have changed back to clamav.clamav. Would it be possible to
NOT change ownership back to clamav during an upgrade?
Its not that big of a deal, just sorta annoying.
Hello Jim,
thanks for feedback.
RPM has ability to enforce file/directory permissions and owners. This
is usualy
used for security reason on critical directories/files as a protection
against
inexperienced admins.
But your request is valid.
I will try to change package behaviour to
- first instance of package on system will install these directories
with clamav user
- all next pieces will respect the actual setting, so if you changed
owner, your
setting will be untouched.
Does it meet your needing?
Petr
Sounds very good to me. The only time i see this behavior being a problem
is if someone wants to reinstall the rpm to fix a permission problem. In
that case i suppose they would have to delete the directories and then
reinstall so even that wouldnt be too bad.
As promised before, I spent time to play with it.
Rpm always install files with root ownership until you name explicit user
in spec file. No way to ignore file owner or leave it untouched.
Only solution is to make %post install script and run it after each upgrade
to check actual clamav user and turn it back - look at code below.
There is new package at
http://crash.fce.vutbr.cz/crash-hat/testing/1/clamav/
%changelog
* Mon May 10 2004 Petr Kriïtof 0.70-2
- Update to clamav-logwatch 0.30
- Add %post check for non clamav user file ownership
- Add freshclam cron script by Milan Kerïlïger
- Remove --noreject option to clamav-milter
Test it and let me know.
Petr
Post install script is:
# Change back file owner for systems with non clamav user
CLAMUSER=`grep ^User /etc/clamav.conf | cut -d ' ' -f2`
if [ -z $CLAMUSER ] ; then
CLAMUSER="clamav"
fi
if [ $CLAMUSER != "clamav" -a `/usr/bin/id $CLAMUSER > /dev/null 2>&1 ;
echo $?` = 0 ] ; then
chown root:$CLAMUSER %{_sysconfdir}/clamav.conf
chown root:$CLAMUSER %{_sysconfdir}/freshclam.conf
chown -R $CLAMUSER:$CLAMUSER %{_localstatedir}/lib/clamav/
chown -R $CLAMUSER:$CLAMUSER %{_localstatedir}/log/clamav/
chown -R $CLAMUSER:$CLAMUSER %{_localstatedir}/run/clamav/
fi
#
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ERROR: You must specify at least one database mirror.
Stephen Gran wrote: On Tue, May 11, 2004 at 05:05:24PM -0300, KlauX Anderson said: Hello, I'm using clamav 0.70, debian woody, kernel 2.4.18 and msg 'ERROR: You must specify at least one database mirror.' is present. with clamav 0.65 it was ok. I only made upgrade What are the contents of /etc/clamav/freshclam.conf? Do you have a DataBaseMirror option there? It could be that freshclam.conf is installed in /usr/local/etc (which is the default for clamav) after installing clamav 0.70 manually. Marc --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: qscanq with qmail (+clamd)
Thanks for the help. The issue was the user which clamd runs as. I now run qscanq as setuid 'clamav'. - Steve Philson wrote: > I believe the temporary files unpacked by qscanq > (actually by whatever mime unpacker you use) are > readable only by the owner, which is whatever owner > is set up in conf-users in the qscanq compile. Clamd, > however, normally loses its privileges after startup > and runs as whatever user is set in clamav.conf file > (and I believe it is clavav by default), so even if > you run clamdscan as a user with access to files, > unless they are readable by the clamd user it won't > work. Just set the user in clamav.conf to qscan and > it should work. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamd Leaking?
Yes thanks. I did update to .70, everything's OK so far. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Niek Sent: Wednesday, May 12, 2004 6:07 PM To: [EMAIL PROTECTED] Subject: Re: [Clamav-users] Clamd Leaking? Rich wrote: > This might be slightly off-base here, but anyone know if clamd leaks and if > there's any current patch? I'm running 0.70-rc. Below's the memory usage > showing clamd eating up the mem resource. > > 2621 qscand15 0 815M 477M 352 S 0.5 47.4 462:01 1 clamd > > Tia, > -Rich Update to 0.70. Regards, Niek --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Alias Database
On Mon, 10 May 2004, Kevin Spicer wrote: > My current thinking is to do it as automatically as possible, otherwise > I'll just get bored / occupied doing something else and not keep the > alias mapping up to date Not to dis your excellent work, but has anyone contacted the corporate anti-virus companies and offered to share names with them? I might be being totally naive here (and I do assume that the "majors" wouldn't like to let the world know about a free product that's better than what they're selling), but it couldn't hurt to ask, right? Even if we could just get one of the majors to include the ClamAV alias, then we wouldn't have to re-invent the wheel. I just can't think of an easy way to automate the process. I mean, at SOME point, some human has to make the link between Netsky and SomeFool. It can be done in the ClamAV update e-mails, but not if ClamAV discovers the virus first and doesn't know what the commercials are going to call it. I dunno, just throwing stuff out there. Again, no disrespect. You've done some great work creating that database. Jeffrey Moskot System Administrator [EMAIL PROTECTED] --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error during MAKE..
On Wednesday 12 May 2004 9:39 am, turgut kalfaoglu wrote: > I just changed the syslog facility flags to their nearest values in > output.c ; replacing LOG_AUTHPRIV with LOG_AUTH and LOG_FTP with > LOG_DAEMON.. It's still compiling but I think it will work.. -t Please update to the version in CVS, that now compiles on Solaris 9. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error during MAKE..
On Wednesday 12 May 2004 9:25 am, turgut kalfaoglu wrote: > Yep! Solaris is mine too .. GCC is the compiler.. > Thanks - I will check options.c This is being looked in to at the moment. > -t -n :=) -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error during MAKE..
I just changed the syslog facility flags to their nearest values in output.c ; replacing LOG_AUTHPRIV with LOG_AUTH and LOG_FTP with LOG_DAEMON.. It's still compiling but I think it will work.. -t --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error during MAKE..
I have the same problem on Solaris, the LOG_AUTHPRIV and LOG_FTP facilities aren't available on that platform - presumably they're Linux extensions ? If you remove the lines in options.c which contain LOG_AUTHPRIV and LOG_FTP then it should compile. Andy I found such definitions in 'output.c' not in any of the 'options.c'... I am not sure how to disable them actually.. -t --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Error during MAKE..
Yep! Solaris is mine too .. GCC is the compiler.. Thanks - I will check options.c -t Andy Fiddaman wrote: On Tue, 11 May 2004, Alex V. Kovirshin wrote: ; On Tue, May 11, 2004 at 05:22:02PM +0300, turgut kalfaoglu wrote: ; > I haven;t had any problems with other compilations, but this time the ; > 'latest' gives me a hard time: ; > ; > ; > Making all in clamscan ; > ../shared/output.c:296: error: `LOG_AUTHPRIV' undeclared here (not in a ; > function) ; > ../shared/output.c:299: error: `LOG_FTP' undeclared here (not in a function) ; ; What os? compiler? etc... ; missing syslog.h ? I have the same problem on Solaris, the LOG_AUTHPRIV and LOG_FTP facilities aren't available on that platform - presumably they're Linux extensions ? If you remove the lines in options.c which contain LOG_AUTHPRIV and LOG_FTP then it should compile. Andy --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd Leaking?
Rich wrote: This might be slightly off-base here, but anyone know if clamd leaks and if there's any current patch? I'm running 0.70-rc. Below's the memory usage showing clamd eating up the mem resource. 2621 qscand15 0 815M 477M 352 S 0.5 47.4 462:01 1 clamd Tia, -Rich Update to 0.70. Regards, Niek --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
