Re: [Clamav-users] freshclam update and the minute of the hour
On Fri, 10 Sep 2004, Maurice Lucas wrote: Would it be possible to post on the website of clamav a subpage with a graphic representation of the folowing data. You already know what it will look like 58 several people have poor time synch 59 *** most are off by only a minute though 0 * hooray for idiots! 1 remaining lag and poor time synch 2 *** getting back to reasonable levels 3 ** ok, pretty much normal now 5 *** multiples of 5 are nice 15 multiples of 15 are better 30 ooh! I'm smart! I'll use half past! 45 *** It's really not hard to figure out the best time to update. Just write down all possible minutes, and cross off those that the average idiot would pick. ;) Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Scan time limits?
(reason: 554 5.6.0 The message could not be processed for viruses within the configured time limit.) 554 5.6.0 The message could not be processed for viruses within the configured time limit. Diagnostic-Code: SMTP; 554 5.6.0 The message could not be processed for viruses within the configured time limit. I have a 384k line and someone is trying to send me a 100mb pdf. Can I set the time line higher or set it to just let the file thru? Regards, Sean Hafeez And with the guts of the last priest let us strangle the last king. - Denis Diderot --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] freshclam update and the minute of the hour
Damian Menscher wrote: It's really not hard to figure out the best time to update. Just write down all possible minutes, and cross off those that the average idiot would pick. ;) Damian Menscher Average idiots don't use freshclam. It takes a very special kind of idiot. ;) Seriously, things like this are why /dev/random was invented. I suggest: 1) Pick a random number X between 0 and 59. Set up a cron job (described below) to run at X minutes past the hour, every hour. 2) Cron job, when run, does the following: A) Pick a random number (different every time) Y between 2 and 57. Sleep Y * 60 seconds. B) Run freshclam. This should balance out the load quite well, if everyone does it. [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] kernel: Out of Memory:Killed process xxxxx (clamd).
hi guys, I got clamd running on a rh9 machine with mimedefang sendmail 8.12.8 (yes i know...should upgrade to 8.13.x ) i got a problem that sometimes apears every 30 minutes!! and sometimes after few days!!(up to 2 weeks!) i get this line in /var/log/messages: Sep 10 19:16:46 kernel: Out of Memory: Killed process x (clamd). this is just one example...BUT that happens all the time. I feagure it is a memory problem (dough?!?) BUT i question is: How do i force mimedefang/sendmail to process the mails and NOT queue them? This is a large organisation and mail can't be queue too much? (last time it queued 7000 messages over the weekend before i noticed and restarted the clamd manualy) Sincerely, Meni Shapiro [EMAIL PROTECTED] --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] daemon restarting while clamdscan is running
I think this was mentioned in a man page somewhere... I believe that clam would return a timeout error, and what happens with that depends on the script that calls clamdscan. If it accepts nothing other than success, the mail should be deferred and tried again later by the MTA. not authoritive, but hope it helps. m/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Yury Tarasievich Sent: Thursday, September 09, 2004 6:46 AM To: [EMAIL PROTECTED] Subject: [Clamav-users] daemon restarting while clamdscan is running Hello, What happens if clamd is restarted while clamdscan was running? Clamdscan just completes its job and returns OK status? Or?.. regards, Yury. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update and the minute of the hour
Dennis Peterson said: A long time ago when I worked at a large aircraft company in Seattle I helped develop a DNS resource balancing methodology that evaluated system load of each server being managed to determine that server's position in the DNS response. In this case it looked to see which server had the most free licenses for a product that runs on each server with the intent that no server run out of licenses as would happen with a true random system. It is a fairly trivial thing to do and provides true balancing via DNS. DNS savvy people can quicky replicate this using wget's of a sample file from each mirror, checking the transfer time (as does BigIP), and using dynamic DNS updates with BIND tools. While this probably won't keep some geeks from creating workarounds it should at least provide the best use of bandwidth for the rest of us. I should add that I'd hope this or something similar would be done on the provider end, not by everyone with too much scripting time available. Resource management shouldn't be a client side activity. dp --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] kernel: Out of Memory:Killed process xxxxx (clamd).
On Friday 10 Sep 2004 19:01, Meni Shapiro wrote: hi guys, I got clamd running on a rh9 machine with mimedefang sendmail 8.12.8 (yes i know...should upgrade to 8.13.x ) i got a problem that sometimes apears every 30 minutes!! and sometimes after few days!!(up to 2 weeks!) i get this line in /var/log/messages: Sep 10 19:16:46 kernel: Out of Memory: Killed process x (clamd). this is just one example...BUT that happens all the time. I feagure it is a memory problem (dough?!?) BUT i question is: How do i force mimedefang/sendmail to process the mails and NOT queue them? Please ask on the mimedefang mailing list, not here. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Win32.HLLM.MyDoom.43520 (DrWeb)
On Fri, 10 Sep 2004 at 14:45:24 +, Virgo Pärna wrote: On Fri, 10 Sep 2004 15:03:16 +0100, Randal, Phil wrote: I think it's time for a ClamAV 0.76 release to address these issues. Probably... Just to check - does all this mean, that support for unpacking upx packed executables has been added into clamav - I also received virus, that is not recognized by last stable version of clamav. Submiting recognizes it as Worm.Mydoom.Gen-unp but the file itself is packed with upx. And vhen I unpack it with upx, it is recognized as Worm.Mydoom.Gen-unp also. As one may find in the ChangeLog, UPX decompressor has been added to devel versions in June/July 2004. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Win32.HLLM.MyDoom.43520 (DrWeb)
On Fri, 10 Sep 2004 at 17:47:49 +0500, Sergey wrote: I have message with Win32.HLLM.MyDoom.43520 (DrWeb's name). ClamAV can't found virus in it (ClamAV 0.75.1/clamav-milter). ClamAV online scanner can't found virus too. But I can't send example via http://clamav.catt.com/cgi-bin/sendvirus.cgi It's say: This virus is already recognized by clamscan / ClamAV version devel-20040809 as Worm.Mydoom.Gen-unp . Be careful when submitting samples and remember to run freshclam! That's right, devel versions have been able to detect this (and an other new variant - Worm.Mydoom.U - also). To enable stable version to detect this, the signature Worm.Mydoom.V has just been added to the database. Similar problem with Worm.Mydoom.U was addresses 2,5 h ago. Thanks -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Scan time limits?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sean Hafeez wrote: I have a 384k line and someone is trying to send me a 100mb pdf. Can I set the time line higher or set it to just let the file thru? :-O My advice - get a gmail account and have them send it there. [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, -BEGIN PGP SIGNATURE- Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc iD8DBQFBQhBbUQQr0VWaglwRAi6yAJkBtocaYUKBLWs8jkGWsphrPa+7mwCgh28e SLzTct8INcLe6dKTcq31njE= =RMF1 -END PGP SIGNATURE- --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ENC: Clamav, amavisd-new and postfix not detecting zafi
On Sep 09, 2004, at 19:51, Erick Dantas Rotole wrote: I am using Clamav, amavisd-new, spamassassin and postfix (all latest version and updated)but It doesn´t detect zafi. When i scan the infected file using clamscan --mbox, the virus is detected, but using amavisd-new with clamd as the primary antivirus scaner it is not detected. Any ideas? I'm using same file configuration and I have no problems detecting the virii. What OS/Version (might be relevant) are you using? How do you have it interfaced with postfix? -- Dale
Re: [Clamav-users] Scan time limits?
Sean Hafeez wrote: I have a 384k line and someone is trying to send me a 100mb pdf. Can I set the time line higher or set it to just let the file thru? Mail wasn't meant for file transfer and certainly not for those sizes. Have them put the file on a web server so you can download it from there. -- /Peter Bonivart --Unix lovers do it in the Sun --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Banned file type is not there!!
On Thu, 2004-09-09 at 18:52, Sean Hafeez wrote: Hi, I have a client trying to send us Premavara files (scheduling drawings) however it get bounced with this error. The thing is that there is not an .exe file attached Remember, amavis-new relies on file(1) to determine the file type. I've been dropping some e-mails that start with the word HURRY, because file(1) matches that as a human68k executable. So... extract your message and run file(1) to see what it thinks... and if he zip's the file we get the same error. Yes. Amavis-new unzips the files and looks at the attachments. The message has been quarantined as: /var/amavisd/quarantine/virus-20040909-095702-17085-07 go grab it and look carefully - you will match some magic-header from file(1). You can either tweak magic or change the way amavis-new parses the output from file(1) -- Daniel J McDonald, CCIE 2495, CNX Austin Energy --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam update and the minute of the hour
On Sep 10, 2004, at 13:32, Dennis Peterson wrote: Dennis Peterson said: A long time ago when I worked at a large aircraft company in Seattle I helped develop a DNS resource balancing methodology that evaluated system load of each server being managed to determine that server's position in the DNS response. In this case it looked to see which server had the most free licenses for a product that runs on each server with the intent that no server run out of licenses as would happen with a true random system. It is a fairly trivial thing to do and provides true balancing via DNS. DNS savvy people can quicky replicate this using wget's of a sample file from each mirror, checking the transfer time (as does BigIP), and using dynamic DNS updates with BIND tools. While this probably won't keep some geeks from creating workarounds it should at least provide the best use of bandwidth for the rest of us. I should add that I'd hope this or something similar would be done on the provider end, not by everyone with too much scripting time available. Resource management shouldn't be a client side activity. Nice concept and a good idea, hope it's implemented. -- Dale --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Mail antivirus help
Please help me, i have a very urgent problem. I must provide a virus free mail service for my employer, and I must do it fast or my job is on the line :) We curently have about 6 POP3 acounts stored on our ISP server. The viral trafic (incoming, of course) on them is very high, up to the point where we cannot longer use them. My task is to provide some kind of filtering server, to keep the viri out using a free antivirus like Clamav. Idealy, the server would work like this: continuously fetch the mail from the external servers, delete the infected messages, and keep a IMAP accesible local copy of the good messages. The computers on the local network will be configured to get their mail from the local server. I cant use something like P3Scan, or any type of on acces transparent POP proxy because: - it must be installed on the router/firewal, and i have no access to it (it's a hardware model) - it would slow the access to the mail because the viral trafic is probably 97% of all mail trafic. Any input is wellcomed. Home, no matter how far... http://www.home.ro --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Scan time limits?
I have a gmail account ;) I still need this setup so that files in the 10-20mb range work. Regards, Sean Hafeez And with the guts of the last priest let us strangle the last king. - Denis Diderot On Sep 10, 2004, at 1:36 PM, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sean Hafeez wrote: I have a 384k line and someone is trying to send me a 100mb pdf. Can I set the time line higher or set it to just let the file thru? :-O My advice - get a gmail account and have them send it there. [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, -BEGIN PGP SIGNATURE- Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc iD8DBQFBQhBbUQQr0VWaglwRAi6yAJkBtocaYUKBLWs8jkGWsphrPa+7mwCgh28e SLzTct8INcLe6dKTcq31njE= =RMF1 -END PGP SIGNATURE- --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Mail antivirus help
What kind of hardware/software are you running on? On Sep 10, 2004, at 7:33 AM, Stelian wrote: Please help me, i have a very urgent problem. I must provide a virus free mail service for my employer, and I must do it fast or my job is on the line :) We curently have about 6 POP3 acounts stored on our ISP server. The viral trafic (incoming, of course) on them is very high, up to the point where we cannot longer use them. My task is to provide some kind of filtering server, to keep the viri out using a free antivirus like Clamav. Idealy, the server would work like this: continuously fetch the mail from the external servers, delete the infected messages, and keep a IMAP accesible local copy of the good messages. The computers on the local network will be configured to get their mail from the local server. I cant use something like P3Scan, or any type of on acces transparent POP proxy because: - it must be installed on the router/firewal, and i have no access to it (it's a hardware model) - it would slow the access to the mail because the viral trafic is probably 97% of all mail trafic. Any input is wellcomed. Home, no matter how far... http://www.home.ro --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users