Re: [Clamav-users] Regd. ClamAV Virus protection
--- Nigel Horne [EMAIL PROTECTED] wrote: On Saturday 18 Sep 2004 13:24, Sandeep Agarwal wrote: hello list, I have recently installed ClamAV on my Linux box, it is working fine, but when i tested my mail server against virus attach (http://www.testvirus.org/), it successfully blocked 21 out 25 different ways of sending virus which indeed is a good result, but was unable to block test number 20,23,24 and 25, 24 and 25 contain no virus so there is nothing to detect. You haven't said what version of clamAV you're using, but it's probably 0.75.1, you should find that the latest development version catches 20 and 23. Sandeep sorry for not mentioning the verison, yes i am using 0.75.1, will test for the undetected virus with the latest development. 24 and 25 contains no virus but the mail i received for these virus says: For test #24 Test #24 (non-virus): Test for the Partial (Fragmented) Vulnerability. BThis does not include the Eicar virus/B, however your mail server should still block this since a virus can use this technique to break itself into multiple emails, bypassing virus scanners, and reassembling itself in your inbox. (attachment can be opened by virtually any mail program) For test #25 Test #25 (non-virus): Attachment with a CLSID extension which may hide the real file extension. BThis does not include the Eicar virus/B, however your mail server should still block this since the CLSID technique can be used to hide the true extension of a malicious file. (attachment can be opened by any Windows computer) thanks Sandeep __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Regd. ClamAV Virus protection
The MIME vulnerabilities (last two tests) are an MTA issue not a clamav issue. Depending on your MTA (sendmail, exim , qmail, etc) there are different ways of dealing with that. The eximscan patch for exim, for example, includes a mime ACL you can use to reject them, and it's included in the docs for the patch and is beyond the scope or charter of the clamav message list :) -S Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Regd. ClamAV Virus protection
On Monday 20 Sep 2004 07:57, Sandeep Agarwal wrote: 24 and 25 contains no virus but the mail i received for these virus says: For test #24 snip For test #25 snip Indeed it does. But (1) notice is says mail server not AV software and (2) just because you read it on a web site doesn't make it true ;-) thanks Sandeep -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Regd. ClamAV Virus protection
--- Scott Call [EMAIL PROTECTED] wrote: The MIME vulnerabilities (last two tests) are an MTA issue not a clamav issue. Depending on your MTA (sendmail, exim , qmail, etc) there are different ways of dealing with that. The eximscan patch for exim, for example, includes a mime ACL you can use to reject them, and it's included in the docs for the patch and is beyond the scope or charter of the clamav message list :) -S thanks for the details Sandeep __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Windows port ?
On Mon, 20 Sep 2004 at 1:44:20 +0200, Tomasz Kojm wrote: On Mon, 20 Sep 2004 01:00:42 +0200 [EMAIL PROTECTED] wrote: By the way - do You interested also in old ms-dos viruses not No, we are not. We currently only focus on W32 malware (and it's still a LOT to do). Personally, I wouldn't say it so categorically. Protecting against Windows malware is indeed the most important and we focus on it because our time and resources are limited, but when some day time permits, we may be able to process also MS-DOS malware. So, as you'll be doing bigger uploads by FTP anyway, please also upload MS-DOS samples. Submitting them normal way ( http://www.clamav.net/sendvirus.html ) would be probably a waste of your and our time, but via FTP is OK. Thank you -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav on debian stable
Hi, I've installed the clamav (clamav clamav-base clamav-deamon clamav-freshclean alibclamav1) debian packages taken from www.clamav.net/binary.html At the end of the installation/configuration I've tried as root #clamd PING in the document I've read the clamav deamon should answer with something, that didn't come back. Instead of that, I've found in the log this: ERROR: Socket file /var/run/clamav/clamd.ctl is in use by another process. From ps aux | grep clam I've got this: clamav 640 0.0 0.1 2036 984 ?S15:35 0:00 /usr/bin/freshclam -d --quiet -p /var/run/clamav/freshclam.pid clamav 694 0.0 3.0 16824 15836 ? S15:35 0:00 /usr/sbin/clamd clamav 697 0.0 3.0 16824 15836 ? S15:36 0:00 /usr/sbin/clamd this is the clamav.conf file: #Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket User clamav AllowSupplementaryGroups ScanMail ScanArchive ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 StreamSaveToDisk LogFile /var/log/clamav/clamav.log LogTime LogFileMaxSize 0 PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav/ SelfCheck 3600 this is the freshclam.conf file: # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogFileMaxSize 0 MaxAttempts 5 # Check for new database 12 times a day Checks 12 DatabaseMirror db.it.clamav.net DatabaseDirectory /var/lib/clamav/ NotifyClamd Anyone knows what does this situation means? Is the antivirus working? Thanks in advance, Enrico --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Getting clamav to log with multilog
Hi all, I've been trying to get ClamAV to log via multilog so that I can generate reports via mrtg. I followed the instructions here: http://www.clamav.net/doc/0.75.1/clamd_supervised/clamd-daemontools-guide.txt but logging still goes to syslog. Have there been changes to this since the doc was written for 0.60? Thanks in advance, -Matt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav on debian stable
agenteo wrote: Hi, I've installed the clamav (clamav clamav-base clamav-deamon clamav-freshclean alibclamav1) debian packages taken from www.clamav.net/binary.html At the end of the installation/configuration I've tried as root #clamd PING in the document I've read the clamav deamon should answer with something, that didn't come back. Instead of that, I've found in the log this: ERROR: Socket file /var/run/clamav/clamd.ctl is in use by another process. From ps aux | grep clam I've got this: clamav 640 0.0 0.1 2036 984 ?S15:35 0:00 /usr/bin/freshclam -d --quiet -p /var/run/clamav/freshclam.pid clamav 694 0.0 3.0 16824 15836 ? S15:35 0:00 /usr/sbin/clamd clamav 697 0.0 3.0 16824 15836 ? S15:36 0:00 /usr/sbin/clamd You tried to use the server binary as a client. Socket file in use tells you that clamd is really running, as tells you the ps output. Anyone knows what does this situation means? Is the antivirus working? RTFM (in /usr/share/clamav or on http://www.clamav.net/). And install the package clamav-testfiles, you can use clamscna and/or clamdscan to test if your installation was successful. Thanks in advance, Enrico Thomas --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Qmail, clamav on a separate box]
Hello, It looks possible to have clamd running on a separate box, running clamdscan locally. However, the man page doesn't seem to indicate how to get clamdscan to contact the remote clamd. Also, the config files for the latest 0.75 version recommend running the daemon only in local mode (using a Unix domain socket), though you could effectively lock the box down with iptables rules. The other question is, how do you intend to integrate with qmail? There are several ways to call an external content scanner with qmail. Here are a few options: 1) qmail-scanner http://qmail-scanner.sourceforge.net/ 2) manually replacing the qmail-queue binary with a shell script of your own calling whichever scanner you choose 3) dual-mta setup (phenomenal site on doing this) http://www.imladris.sk/howto/howto_dual_mta.html Depending on the setup you choose, figuring out how to separate the clam components may not be necessary (for instance, amavis on the remote box calling clamdscan/clamd locally). Or, that an external box isn't necessary. -Jeff From: Starting out [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Clamav-users] Qmail, clamav on a separate box Date: Sat, 18 Sep 2004 19:27:11 +0800 im using qmail, is it possible to put clamav on a separate box or it just complicate things. Anyone care to provide links / howto on how i go about it. Thanks. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Jeffrey M. Hardy Systems Administrator [EMAIL PROTECTED] --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Getting clamav to log with multilog
On 9/20/2004 4:32 PM +0200, Matt Gourley wrote: Hi all, I've been trying to get ClamAV to log via multilog so that I can generate reports via mrtg. I followed the instructions here: http://www.clamav.net/doc/0.75.1/clamd_supervised/clamd-daemontools-guide.txt Here are my relevant clamav.conf settings: LogFile /dev/stderr LocalSocket /tmp/clamd #LogTime #LogClean #LogSyslog #LogVerbose #LogFileUnlock #LogFileMaxSize 2M FixStaleSocket StreamSaveToDisk MaxThreads 30 MaxDirectoryRecursion 15 Foreground Regards, Niek Baakman -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Getting clamav to log with multilog
Niek wrote: On 9/20/2004 4:32 PM +0200, Matt Gourley wrote: Hi all, I've been trying to get ClamAV to log via multilog so that I can generate reports via mrtg. I followed the instructions here: http://www.clamav.net/doc/0.75.1/clamd_supervised/clamd-daemontools-guide.txt Here are my relevant clamav.conf settings: LogFile /dev/stderr LocalSocket /tmp/clamd #LogTime #LogClean #LogSyslog #LogVerbose #LogFileUnlock #LogFileMaxSize 2M FixStaleSocket StreamSaveToDisk MaxThreads 30 MaxDirectoryRecursion 15 Foreground Regards, Niek Baakman Thanks for your response, Niek. My clamav.conf is setup exactly the same way, however, when I start clamd using clamdctl, clamd exits, supervise restarts it, clamd exits, etc. Logging is running but I get this in /var/log/clamd/current: @4000414f05f53a5b23ec server ended; result=0 @4000414f05f53a5b3b5c free() copt Any ideas? -Matt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] kernel: Out of Memory:Killed process xxxxx (clamd).
- Original Message - From: Nigel Horne [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 14, 2004 11:23 AM Subject: Re: [Clamav-users] kernel: Out of Memory:Killed process x (clamd). On Tuesday 14 Sep 2004 06:30, Meni Shapiro wrote: Hi Fajar, Thanks for you answer. It's the most usefull i got 'till today. I will take a look at the tools you suguested... The leak is from clamd...i checked 'top' and saw how it swallows all avialble memory until it is killed by kernel. That is not evidence of a memory leak. It is evidence of as lot of memory being used at runtime which is a very different thing. OK Please let me know how to findout what it is because it is killed by kernel every 1/2h , so i put a little script in cron.hourly to restart clamd. i run clamAV on 2 systems: 1) linux crux 1.2 kernel 2.4.26 works fine! 2) R.H.9 kernel 2.4.20-8 SUCKS!!! any suguestions Sincerely, Meni Shapiro Meni Shapiro [EMAIL PROTECTED] -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav on debian stable
Thomas Lamy wrote: RTFM (in /usr/share/clamav or on http://www.clamav.net/). And install the package clamav-testfiles As much as I would generally agree with the read the documentation reply as a rule, the clamd options, i.e: PING, are not clearly explained in the documentation, and could lead to some confusion. Relevant snippet below: clamd recognizes the following commands: PING Check the server's state. It should reply with PONG. It could be easily construed that issuing this command would result in a reply from the clamd daemon running on the local machine. A little leniency regarding the grey areas of the documentation would not go amiss. Matt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Getting clamav to log with multilog
On Sep 20, 2004, at 12:41 PM, Matt Gourley wrote: Niek wrote: On 9/20/2004 4:32 PM +0200, Matt Gourley wrote: Hi all, I've been trying to get ClamAV to log via multilog so that I can generate reports via mrtg. I followed the instructions here: http://www.clamav.net/doc/0.75.1/clamd_supervised/clamd-daemontools- guide.txt Here are my relevant clamav.conf settings: LogFile /dev/stderr LocalSocket /tmp/clamd #LogTime #LogClean #LogSyslog #LogVerbose #LogFileUnlock #LogFileMaxSize 2M FixStaleSocket StreamSaveToDisk MaxThreads 30 MaxDirectoryRecursion 15 Foreground Regards, Niek Baakman Thanks for your response, Niek. My clamav.conf is setup exactly the same way, however, when I start clamd using clamdctl, clamd exits, supervise restarts it, clamd exits, etc. Logging is running but I get this in /var/log/clamd/current: @4000414f05f53a5b23ec server ended; result=0 @4000414f05f53a5b3b5c free() copt Any ideas? -Matt I have version 0.75. I had to patch clamd to be able to log to stderr. Then in the run file redirect stderr to stdout... like this: exec /usr/local/bin/setuidgid qscand $path_to_clamd 21 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Getting clamav to log with multilog
Daniel Alberto Cañas wrote: On Sep 20, 2004, at 12:41 PM, Matt Gourley wrote: Niek wrote: On 9/20/2004 4:32 PM +0200, Matt Gourley wrote: Hi all, I've been trying to get ClamAV to log via multilog so that I can generate reports via mrtg. I followed the instructions here: http://www.clamav.net/doc/0.75.1/clamd_supervised/clamd-daemontools- guide.txt Here are my relevant clamav.conf settings: LogFile /dev/stderr LocalSocket /tmp/clamd #LogTime #LogClean #LogSyslog #LogVerbose #LogFileUnlock #LogFileMaxSize 2M FixStaleSocket StreamSaveToDisk MaxThreads 30 MaxDirectoryRecursion 15 Foreground Regards, Niek Baakman Thanks for your response, Niek. My clamav.conf is setup exactly the same way, however, when I start clamd using clamdctl, clamd exits, supervise restarts it, clamd exits, etc. Logging is running but I get this in /var/log/clamd/current: @4000414f05f53a5b23ec server ended; result=0 @4000414f05f53a5b3b5c free() copt Any ideas? -Matt I have version 0.75. I had to patch clamd to be able to log to stderr. Then in the run file redirect stderr to stdout... like this: exec /usr/local/bin/setuidgid qscand $path_to_clamd 21 Woo-hoo! This works. Thanks, everybody. -Matt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Notification E-mail
We have Clam Av installed and running. It is blocking virus e-mails but is not generating any notification. Is it possible to send a message onto the user that they had an e-mail blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to them? Thanks in advance. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
AW: [Clamav-users] Notification E-mail
Hi We have Clam Av installed and running. It is blocking virus e-mails but is not generating any notification. Right. clamav is just a virus scanner. It's sole purpose is to detect virii. So, how are you passing your mails to clamav? That component or your mail server could do that. However, if you do such things, PLEASE only send a notification to the intended user, NOT to the author. This would cause lot of collateral damage. Regards, Steffen smime.p7s Description: S/MIME cryptographic signature
Re: [Clamav-users] Notification E-mail
Jonathan Pitcher wrote: Is it possible to send a message onto the user that they had an e-mail blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to them? http://www.mailscanner.info -- /Peter Bonivart --Unix lovers do it in the Sun --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Syn Flooding Virus/Worm/Trojan?
On Mon, 20 Sep 2004, Lucky Leavell wrote: We are a small ISP suffering from repeated SYN Flood DoS/DDoS type attacks. After putting a bridging firewall in place and using a packet sniffer, we are certain the attacks are coming from within our own network with machine A attacking machine B, both of which are in the same subnet. If you cut off machine A, the attack merely resumes with machine C attacking machine D, etc. Attacks rarely last more than a few minutes at a time. What port are the attacks from/to? I wouldn't be surprised if it was an accidental attack due to misconfigured software. (I recently had a bunch of machines attack their NFS server due to a bug in the RH9 init scripts.) Any further ideas/suggestions? Posting to comp.security.misc or [EMAIL PROTECTED] might get you more useful answers. Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamav on debian stable
From: agenteo I've installed the clamav (clamav clamav-base clamav-deamon clamav-freshclean alibclamav1) debian packages taken from www.clamav.net/binary.html Are you also using amavisd-new? _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] announcing ClamAV 0.80rc
Dear ClamAV users, the development version of ClamAV is ready for general testing! New mechanisms have already proved very nasty to Internet worms successfully protecting against the new versions R, S, T, U, V and W of the infamous Mydoom worm and detecting them as Worm.Mydoom.Gen before they were analysed and specific signatures added by the ClamAV database maintainers. That means servers running the new version of ClamAV have detected and blocked 100% of Mydoom attacks! New features in this release include: -) libclamav + Portable Executable analyser (CL_SCAN_PE) featuring: o UPX decompression (all versions) o Petite decompression (2.x) o FSG decompression (1.3, 1.31, 1.33) o detection of broken executables (CL_SCAN_BLOCKBROKEN) + new, memory efficient, pattern matching algorithm (multipattern variant of Boyer-Moore) - its now primary matcher and Aho-Corasick is only used for regular expression extended signatures + new signature format with advanced target type and offset specification + support for MD5 based signatures + extended regular expression scanner + added support for MS cabinet files + added support for CHM files + added support for POSIX tar archives + scanning inside PowerPoint documents + HTML normaliser with support for decoding of MS Script Encoder code + great improvements in e-mail scanner (now handles even more worm tricks) + new method of mail files detection + all e-mail attachments are now scanned (previously only the first ten attachments were scanned) + added support for scanning URLs in e-mails (CL_SCAN_MAILURL) + detection of Worm.Mydoom.M.log + updated API (still backward compatible but please consult clamdoc.pdf (Section 6) and adapt your software) -) clamd + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder) + new directive ScanPE (win32 executable analyser and decompressor) + new directive DetectBrokenExecutables (try to detect broken executables and mark them as Broken.Executable) + new directive MailFollowURLs (try to download and scan files from URLs in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS) + new directive ArchiveBlockMax (archives that exceed limits will be marked as viruses) + clamav.conf was renamed clamd.conf -) clamscan + mail files are scanned by default, use --no-mail to disable it + new option --no-html (disables HTML normalisator) + new option --no-pe (disables PE analyser) + new option --detect-broken + new option --block-max + new option --mail-follow-urls (download and scan files from URLs in mails) -) clamdscan + now prints warnings if some activated command line options are only supported by clamscan + added support for archive scanning in stdin mode -) clamav-milter + improved template file format + quarantined file names now contain virus names + initial support for SESSION mode of clamd -) freshclam: + new directive DNSDatabaseInfo that enables ultra lightweight version verification method through DNS (using TXT records). Based on idea by Christopher X. Candreva and enabled by default. (see http://www.gossamer-threads.com/lists/clamav/users/11102) + new option --no-dns (quick option to disable DNS method without editing freshclam.conf) -) sigtool + removed ability of automatic signature generation (use MD5 sums to create your own signatures, see signatures.pdf for details) + new option --md5 + new option --html-normalise (saves HTML normalisation and decryption results in three html files in current directory) -) configure: + new option --disable-gethostbyname_r (try enabling it if clamav-milter compilation fails) + new option --disable-dns (try enabling it if freshclam compilation fails) + extended regular expression scanner -) documentation + included new Mac OS X installation instructions + official documentation rewritten and outdated docs removed -) new 3rd party software with support for ClamAV: + OdeiaVir - an e-mail filter for qmail and Exim + ClamSMTP - a lightweight (written in C) and simple filter for Postfix + Protea AntiVirus Tools - a virus filter for Lotus Domino + PTSMail Utilities - an e-mail filter for Sendmail + mxGuard for IMail - a mail filter for Ipswitch IMail (W32) + Zabit - a content and attachment filter for qmail + BeClam - ClamAV port for BeOS + clamXav - a virus scanner with GUI for Mac OS X Special thanks to aCaB for his work on UPX, FSG and Petite decompressors. Thanks to good reaction times on new threats, ClamAV was awarded as best security tool for 2004 by Linux Journal. Quoting from http://www.linuxjournal.com/article.php?sid=7564 :
RE: [Clamav-users] Notification E-mail
Steffen Heil wrote: Hi We have Clam Av installed and running. It is blocking virus e-mails but is not generating any notification. ... PLEASE only send a notification to the intended user, NOT to the author. This would cause lot of collateral damage. With one caveat. It is perfectly acceptable to place an explanatory message in an SMTP REJECT message. Something like EHLO (hi) MAIL FROM (ok) RCPT TO (ok) DATA (can't accept for delivery, contains the EICAR virus!) If the mail is being sent by a virus, the virus will usually just give up and go on to the next recipient server on their list. No you sent a virus mail is sent to a (usually) innocent third party. If the virus is a false positive, and is really good mail being sent by a legitimate mail server, the sending mail server will keep the responsibility of generating the undeliverable message. It would be nice if the SMTP reject message was customizable - say, to include a phone number to call in case of false positives. I didn't see anything in the man pages for 0.75.1 - did I miss it? [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg, --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Notification E-mail
On Mon, 20 Sep 2004, Jonathan Pitcher wrote: Is it possible to send a message onto the user that they had an e-mail blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to them? Yes. It is also a bad idea. Since most viruses forge the From: address, you will not be proideing any usefull information. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] announcing ClamAV 0.80rc
On Tue, 21 Sep 2004, Luca Gibelli wrote: -) clamd + new directive ScanHTML (enables HTML normalisator and ScrEnc decoder) + new directive ScanPE (win32 executable analyser and decompressor) + new directive DetectBrokenExecutables (try to detect broken executables and mark them as Broken.Executable) + new directive MailFollowURLs (try to download and scan files from URLs in mails. BE CAREFUL! DO NOT ENABLE IT ON LOADED MAIL SERVERS) + new directive ArchiveBlockMax (archives that exceed limits will be marked as viruses) + clamav.conf was renamed clamd.conf Add to this -- the StreamSaveToDisk option has been removed. If it is in your config file, clamd will not start. Developers -- could we possibly have a grace period where it will generate an error, but run, if no longer used options are in the config file ? Or generate an error but run anyway if possible on errors in the config file ? It would seem it would be better to at last run and scan something, possibly with wrong values, then to not run at all. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] 0.80rc and the new .ndb sig file format
I'm just playing about with this and I can't seem to get it to work quite the way I expect. I've created two signatures, to match the jpeg exploit we discussed recently. My idea is that although the signature is very small it minimises false positives by being restricted to graphics files and then looking for the jpeg magic number at the start of the file. Since we established the other day that the four byte sequence that triggers the exploit can't appear in a genuine jpeg this should be okay. Anyway, I created signatures in local.ndb as follows... Exploit.Jpeg.comment.1:5:0:ffd8*fffe Exploit.Jpeg.comment.2:5:0:ffd8*fffe0001 And tried scanning the exploit sample from here http://www.gulftech.org/?node=downloads Nothing! Trying again with --debug I see this message LibClamAV debug: Type: 501, expected: 514 (Exploit.Jpeg.comment.2) LibClamAV debug: Type: 501, expected: 514 (Exploit.Jpeg.comment.1) I only seem able to get this to work by changing the target type in the sig to 0 i.e. Exploit.Jpeg.comment.1:0:0:ffd8*fffe Exploit.Jpeg.comment.2:0:0:ffd8*fffe0001 At which point it all works, but surely it should work with a target type of 5? BTW. I tried both scanning the jpg and a message containing it same result BTW2. Symantec is now detecting this exploit as Bloodhound.exploit.13 BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Notification E-mail
Christopher X. Candreva said: On Mon, 20 Sep 2004, Jonathan Pitcher wrote: Is it possible to send a message onto the user that they had an e-mail blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to them? Yes. It is also a bad idea. Since most viruses forge the From: address, you will not be proideing any usefull information. And since most users are idiots, you'll create needless anxiety and extra work for the admin who has to explain that the message you've sent is bogus. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] 0.80rc build fails (differently) on OSX @ mbox.c, with AND without --with-libcurl
hi, just starting to play with this ... config as: ./configure \ --prefix=/usr/local/clamav080rc \ --mandir=/usr/local/man \ --enable-shared \ --enable-static \ --with-user=clamav \ --with-group=clamav \ --with-tcpwrappers fails @ make with: mbox.c: In function `checkURLs': mbox.c:2536: warning: assignment discards qualifiers from pointer target type mbox.c:2537: warning: assignment discards qualifiers from pointer target type mbox.c: At top level: mbox.c:2588: error: parse error before static mbox.c:2601: error: `arg' undeclared here (not in a function) mbox.c:2602: error: `arg' undeclared here (not in a function) mbox.c:2603: error: `arg' undeclared here (not in a function) mbox.c:2608: error: parse error before if mbox.c:2615: error: redefinition of `initialised' mbox.c:2596: error: `initialised' previously defined here mbox.c:2615: warning: data definition has no type or storage class mbox.c:2616: error: parse error before '}' token mbox.c:2622: error: conflicting types for `curl' mbox.c:2593: error: previous declaration of `curl' mbox.c:2622: warning: data definition has no type or storage class mbox.c:2623: error: parse error before if mbox.c:2631: warning: initialization makes integer from pointer without a cast mbox.c:2631: error: initializer element is not constant mbox.c:2631: warning: data definition has no type or storage class mbox.c:2633: error: parse error before if mbox.c:2638: error: parse error before string constant mbox.c:2638: warning: conflicting types for built-in function `sprintf' mbox.c:2638: warning: data definition has no type or storage class mbox.c:2640: error: conflicting types for `fp' mbox.c:2594: error: previous declaration of `fp' mbox.c:2640: warning: passing arg 1 of `fopen' makes pointer from integer without a cast mbox.c:2640: warning: data definition has no type or storage class mbox.c:2642: error: parse error before if mbox.c:2644: warning: parameter names (without types) in function declaration mbox.c:2644: error: conflicting types for `free' /usr/include/stdlib.h:136: error: previous declaration of `free' mbox.c:2644: warning: data definition has no type or storage class mbox.c:2645: warning: parameter names (without types) in function declaration mbox.c:2645: error: conflicting types for `curl_easy_cleanup' /usr/include/curl/easy.h:32: error: previous declaration of `curl_easy_cleanup' mbox.c:2645: warning: data definition has no type or storage class mbox.c:2646: error: parse error before return mbox.c:2650: warning: parameter names (without types) in function declaration mbox.c:2650: warning: data definition has no type or storage class mbox.c:2651: warning: parameter names (without types) in function declaration mbox.c:2651: warning: data definition has no type or storage class mbox.c:2652: error: parse error before return mbox.c:2659: error: conflicting types for `headers' mbox.c:2595: error: previous declaration of `headers' mbox.c:2659: warning: data definition has no type or storage class mbox.c:2660: warning: parameter names (without types) in function declaration mbox.c:2660: error: conflicting types for `curl_easy_setopt' /usr/include/curl/easy.h:30: error: previous declaration of `curl_easy_setopt' mbox.c:2660: warning: data definition has no type or storage class mbox.c:2663: error: parse error before numeric constant mbox.c:2663: warning: data definition has no type or storage class mbox.c:2664: error: parse error before numeric constant mbox.c:2664: warning: data definition has no type or storage class mbox.c:2683: warning: parameter names (without types) in function declaration mbox.c:2683: warning: data definition has no type or storage class mbox.c:2684: error: parse error before '}' token mbox.c:2686: warning: parameter names (without types) in function declaration mbox.c:2686: warning: data definition has no type or storage class mbox.c:2687: warning: parameter names (without types) in function declaration mbox.c:2687: error: conflicting types for `curl_slist_free_all' /usr/include/curl/curl.h:1058: error: previous declaration of `curl_slist_free_all' mbox.c:2687: warning: data definition has no type or storage class mbox.c:2688: warning: parameter names (without types) in function declaration mbox.c:2688: warning: data definition has no type or storage class mbox.c:2689: warning: parameter names (without types) in function declaration mbox.c:2689: warning: data definition has no type or storage class mbox.c:2691:
Re: [Clamav-users] 0.80rc and the new .ndb sig file format
On Tue, 21 Sep 2004 01:06:23 +0100 Kevin Spicer [EMAIL PROTECTED] wrote: I'm just playing about with this and I can't seem to get it to work quite the way I expect. I've created two signatures, to match the jpeg exploit we discussed recently. My idea is that although the signature is very small it minimises false positives by being restricted to graphics files and then looking for the jpeg magic number at the start of the file. Since we established the other day that the four byte sequence that triggers the exploit can't appear in a genuine jpeg this should be okay. Anyway, I created signatures in local.ndb as follows... Exploit.Jpeg.comment.1:5:0:ffd8*fffe Exploit.Jpeg.comment.2:5:0:ffd8*fffe0001 And tried scanning the exploit sample from here http://www.gulftech.org/?node=downloads Nothing! Trying again with --debug I see this message LibClamAV debug: Type: 501, expected: 514 (Exploit.Jpeg.comment.2) LibClamAV debug: Type: 501, expected: 514 (Exploit.Jpeg.comment.1) That means it doesn't recognize JPEG as CL_TYPE_GRAPHICS but as CL_TYPE_UNKNOWN_DATA. It seems there's a small type in filetypes.c. Try changing {0, \377\330\377, 4, JPEG, CL_TYPE_GRAPHICS}, to {0, \377\330\377, 3, JPEG, CL_TYPE_GRAPHICS} -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Sep 21 03:16:15 CEST 2004 pgpAD8YoX4gYB.pgp Description: PGP signature
RE: [Clamav-users] Notification E-mail
With one caveat. It is perfectly acceptable to place an explanatory message in an SMTP REJECT message. Something like EHLO (hi) MAIL FROM (ok) RCPT TO (ok) DATA (can't accept for delivery, contains the EICAR virus!) If the mail is being sent by a virus, the virus will usually just give up and go on to the next recipient server on their list. No you sent a virus mail is sent to a (usually) innocent third party. If the virus is a false positive, and is really good mail being sent by a legitimate mail server, the sending mail server will keep the responsibility of generating the undeliverable message. It would be nice if the SMTP reject message was customizable - say, to include a phone number to call in case of false positives. I didn't see anything in the man pages for 0.75.1 - did I miss it? [EMAIL PROTECTED] 805.964.4554 x902 Clam doesn't do this at all. It's the widget that is used to integrate with the MTA that has control of this. I use courier, and this is exactly how my mail server handles it. Whatever integration tool you use to tie clam to your MTA (or the MTA itself) has this job - that's why it's not in the clam man pages ;-) m/ --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 0.80rc build fails (differently) on OSX @ mbox.c, with AND without --with-libcurl
On Mon, 20 Sep 2004 17:50:45 -0700 OpenMacNews [EMAIL PROTECTED] wrote: results in a DIFFERENT failed make @: then mv -f .deps/dns.Tpo .deps/dns.Po; else rm -f .deps/dns.Tpo; exit 1; fi dns.c: In function `txtquery': dns.c:53: error: `C_IN' undeclared (first use in this This problem can be fixed with --disable-dns -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Sep 21 03:39:04 CEST 2004 pgpMG90KkgLZH.pgp Description: PGP signature
Re: [Clamav-users] 0.80rc build fails (differently) on OSX @ mbox.c, with AND without --with-libcurl
hi tomasz, results in a DIFFERENT failed make @: then mv -f .deps/dns.Tpo .deps/dns.Po; else rm -f .deps/dns.Tpo; exit 1; fi dns.c: In function `txtquery': dns.c:53: error: `C_IN' undeclared (first use in this This problem can be fixed with --disable-dns h. tried that already; unfortunately does not work for me ... after an appropriate make distclean a subsequent: ./configure \ --prefix=/usr/local/clamav080rc \ --mandir=/usr/local/man \ --enable-shared \ --enable-static \ --with-user=clamav \ --with-group=clamav \ --with-tcpwrappers \ --without-libcurl \ --disable-dns still results in a failed make ... Making all in freshclam if gcc -DHAVE_CONFIG_H -DCL_NOTHREADS -I. -I. -I.. -I.. -I../shared -I../libclamav-g -O2 -MT dns.o -MD -MP -MF .deps/dns.Tpo -c -o dns.o dns.c; \ then mv -f .deps/dns.Tpo .deps/dns.Po; else rm -f .deps/dns.Tpo; exit 1; fi dns.c: In function `txtquery': dns.c:53: error: `C_IN' undeclared (first use in this function) dns.c:53: error: (Each undeclared identifier is reported only once dns.c:53: error: for each function it appears in.) dns.c:53: error: `T_TXT' undeclared (first use in this function) dns.c:58: error: `HEADER' undeclared (first use in this function) dns.c:73: error: `INT16SZ' undeclared (first use in this function) make[2]: *** [dns.o] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 richard --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Getting clamav to log with multilog
Matt Gourley wrote: Hi all, I've been trying to get ClamAV to log via multilog so that I can generate reports via mrtg. $ pkg_info | grep clamav clamav-0.75Free Virus Scanner $ cat /etc/supervise/clamd/run #!/bin/sh exec 21 exec /usr/local/sbin/clamd $ cat /etc/supervise/clamd/log/run #!/bin/sh exec setuidgid _clamav multilog t /var/log/clamd and in /etc/clamav.conf: ... LogFile /dev/stderr FixStaleSocket Foreground ... --- Lars Hansson --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 0.80rc build fails (differently) on OSX @ mbox.c, with AND without --with-libcurl
On 2004/09/21, at 11:08, OpenMacNews wrote: results in a DIFFERENT failed make @: then mv -f .deps/dns.Tpo .deps/dns.Po; else rm -f .deps/dns.Tpo; exit 1; fi dns.c: In function `txtquery': dns.c:53: error: `C_IN' undeclared (first use in this This problem can be fixed with --disable-dns h. tried that already; unfortunately does not work for me ... after an appropriate make distclean a subsequent: ./configure \ --prefix=/usr/local/clamav080rc \ --mandir=/usr/local/man \ --enable-shared \ --enable-static \ --with-user=clamav \ --with-group=clamav \ --with-tcpwrappers \ --without-libcurl \ --disable-dns still results in a failed make ... on my osx 10.3.5, HAVE_RESOLV_H still defined after --disable-dns switch. $ tar zxvf clamav-0.80-rc.tar.gz $ cd clamav-0.80rc $ ./configure --disable-dns --without-libcurl $ grep HAVE_RESOLV_H clamav-config.h #define HAVE_RESOLV_H 1 so make will pass after undef HAVE_RESOLV_H. $ vi clamav-config.h $ grep HAVE_RESOLV_H clamav-config.h /* #undef HAVE_RESOLV_H */ $ make $ sudo make install I think this issue caused by double AC_CHECK_HEADER for resolv.h. The attached patch will fix. -- Masaki Ogawa [EMAIL PROTECTED] clamav-0.80rc-dns.patch Description: Binary data
[Clamav-users] Re: Windows port ?
[EMAIL PROTECTED] wrote: Hi, Is there any reason why Windows port of clamav exists only based on cygwin ? Regards Boguslaw Brandys Hi, There will be one soon ! This is the first time I talk about it. UScanIT is about to be ready in a few week. It uses ClamDB and is not based on cygwin because it's 100% new Windows code. Inside it's 100% object oriented C++ code. The objective is a very easy to install and lite virus scanner solution to help people make their computer run again. You put it on an USB disk or CDROM and you can help people that are in trouble (it should have fit on a floppy but ClamDB is too big now :-) It's not a resident anti-virus solution. Have a look at http://www.uscanit.com for 1.0 alpha 01 version. Exe size is 280K and no setup. Please keep it confidential to this forum until version 1.0 final is available. If I have too many visit I can close the web site because user forum is not available yet. Try it and give your feedback here or on [EMAIL PROTECTED] Sincerely, Remi --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] announcing ClamAV 0.80rc
Luca Gibelli wrote: -) clamd + clamav.conf was renamed clamd.conf Um, this has got the one of the most annoying change for me in the history of clamav (the other ones was the change of libclamav.so.1.0.3 to libclamav.so.1.0.4, and the now-missing ThreadTimeout option.) Tomasz, can you please make future changes to clamav backward-compatible? In this case, renaming my clamav.conf to clamd.conf simply works, but wouldn't it be better if clamd and clamdscan looks for clamav.conf in the absence of clamd.conf? Especially since make install does not even put clamd.conf it the default etc dir (I'm using latest CVS snapshot, which is newer that the 0.80rc, on Solaris). Regards, Fajar --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] 0.80rc build fails (differently) on OSX @ mbox.c, with AND without --with-libcurl
The attached patch will fix. ok! i can verify that Masaki's patch (removing the check for resolv.h) does the trick and allows a successful make with: ./configure \ --prefix=/usr/local/clamav080rc \ --mandir=/usr/local/man \ --enable-shared \ --enable-static \ --with-user=clamav \ --with-group=clamav \ --with-tcpwrappers \ --without-libcurl \ --disable-dns --with-libcurl still is an issue tho. richard --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users