date:20041019

Re: [Clamav-users] Unable to open file or directory ERROR

2004-10-19 Thread Bogusław Brandys

Hello,

Grant Supp wrote:
I'm using Clam AV 0.80 with Qmail-Scanner 1.23 and receive the following lines in my 
clamd.log:
Tue Oct 19 15:22:34 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com109821735148216078/1098217354.16090-1.newmail01.readyhosting.com:
 Trojan.Dropper.JS.Zerolin-6 FOUND
Tue Oct 19 15:30:44 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com109821784448218517/test.zip: 
ClamAV-Test-Signature FOUND
Tue Oct 19 15:40:14 2004 -> SelfCheck: Database status OK.
Tue Oct 19 15:53:44 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com109821922448224690/Order - Hearing and 
Appeal.pdf: Unable to open file or directory ERROR
Tue Oct 19 16:10:29 2004 -> SelfCheck: Database status OK.
Tue Oct 19 16:32:40 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com10982215584824569/text.zip: 
Worm.Mydoom.I FOUND
Tue Oct 19 16:36:09 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com10982217694825599/Untitled Attachment: 
Unable to open file or directory ERROR
"Unable to open file or directory ERROR" -- does anyone have any idea how to begin 
troubleshooting this intermittent problem?
Is it always when scanning the same files ? Could You try another ? 
Could You try the same file with OLE2 support disabled ?

I'm curious if this is OLE2 related 
Regards
Boguslaw Brandys
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] New version Clamd with Daemontools

2004-10-19 Thread Awie

Finally I can supervise new version of clamd. There are some parameter of
clamav.conf that no need anymore in clamd.conf. After editing some lines, it
works well.

However, Qmail-scanner still has unrecognize command that I sure it should
be OK.

Wed, 20 Oct 2004 11:50:22 EDT:4600: run
/usr/local/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space
=10 /var/spool/qmailscan/tmp/Cybergate10982874224824600 2>&1

WARNING: Ignoring option -r: please edit clamd.conf instead.

WARNING: Ignoring option --max-recursion: please edit clamd.conf instead.

WARNING: Ignoring option --max-space: please edit clamd.conf instead.

/var/spool/qmailscan/tmp/Cybergate10982874224824600: OK

Thx & Rgds,

Awie


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

2004-10-19 Thread Stephen Gran

On Tue, Oct 19, 2004 at 06:26:30PM -0700, Todd Lyons said:
> Christopher X. Candreva wanted us to know:
> 
> >> Yes, I'm seeing them, and they're annoying as hell.  Most of them seem to be
> >> from Trog, thought the other poster that said they were forwarded messages
> >> broke his own claim, since his had the same issue.
> >Ah -- could this be people who PGP-sign their messages ?
> 
> Yes, inline signing would probably fix that issue.

In my last message, I see:
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="TakKZr9L6Hm6aLOc"
Content-Disposition: inline

It is an inline, gpg signed message.  I had no idea how many broken
MUA's there are out there :)  My girlfriend tells me that she has to
jump through hoops to open a signed message in Outlook, but I didn't
think that would be the case with *nix mailers for the most part.
-- 
 --
|  Stephen Gran  | If your aim in life is nothing, you |
|  [EMAIL PROTECTED] | can't miss. |
|  http://www.lobefin.net/~steve | |
 --


pgpIsbrgZIe0i.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] New version Clamd with Daemontools

2004-10-19 Thread Awie

All,

When will the version of ClamAV 0.75-1 be expired? I hope it will be after I
solve my problem of supervise clamd of new version.

Thx & Rgds,

Awie

- Original Message - 
From: "Awie" <[EMAIL PROTECTED]>
To: "ClamAV users ML" <[EMAIL PROTECTED]>
Sent: Tuesday, October 19, 2004 7:57 PM
Subject: Re: [Clamav-users] New version Clamd with Daemontools


> > I use daemontools to run clamd.
> > I didn't change a thing when upgrading from 0.75.1
> > to 0.80rc-series, and 0.80 final.
> >
> > My run script and clamd.conf attached.
> >
> > Regards,
> > Niek
> > -- 
>
> Hello Niek,
>
> I used your script and clamd.conf. The readproctitle said error in
> Library..bla.. bla...
>
> Then I renamed my clamav.conf to clamd.conf, below my readproctitle said:
>
> root   590  0.0  0.0  1332  232 ?S19:39   0:00
readproctitle
> service errors: ...en file or directory?Warning: bad sy
> root   591  0.0  0.1  1340  268 ?S19:39   0:00 supervise
> clamd
> root   592  0.0  0.1  1340  268 ?S19:39   0:00 supervise
log
> root   593  0.0  0.1  1340  268 ?S19:39   0:00 supervise
> qmail-smtpd
> root   594  0.0  0.1  1340  268 ?S19:39   0:00 supervise
log
> root   595  0.0  0.1  1340  268 ?S19:39   0:00 supervise
> qmail-send
> root   596  0.0  0.1  1340  268 ?S19:39   0:00 supervise
log
> root   597  0.0  0.1  1340  268 ?S19:39   0:00 supervise
> dnscache
> root   598  0.0  0.1  1340  268 ?S19:39   0:00 supervise
log
> qscand 600  0.0  0.1  1352  268 ?S19:39   0:00
> /usr/local/bin/multilog t s100 n20 /var/log/clamd
> qmaild 601  0.0  0.1  1412  448 ?S19:39   0:00
> /usr/local/bin/tcpserver -v -R -H -l 0 -x /etc/tcp.smtp.cdb -c 20 -u
> qmails 602  0.0  0.1  1392  352 ?S19:39   0:00 qmail-send
> qmaill 603  0.0  0.1  1352  268 ?S19:39   0:00
> /usr/local/bin/multilog t /var/log/qmail/smtpd
> qmaill 604  0.0  0.1  1352  268 ?S19:39   0:00
> /usr/local/bin/multilog t /var/log/qmail
> dnscache   605  0.0 11.5 30968 29660 ?   S19:39   0:00
> /usr/local/bin/dnscache
> dnslog 606  0.0  0.1  1352  268 ?S19:39   0:00 multilog t
> ./main
> root   616  0.0  0.1  1352  292 ?S19:39   0:00
qmail-lspawn
> ./Mailbox
> qmailr 617  0.0  0.1  1348  292 ?S19:39   0:00
qmail-rspawn
> qmailq 618  0.0  0.1  1344  300 ?S19:39   0:00 qmail-clean
> root  1951  0.0  0.0 00 ?Z19:46   0:00 [run]
> 
>
> I followed all of Jesse's script (I attached it) that be included in old
> version of ClamAV.
>
> Does clamd.conf have different parameter from clamav.conf?
>
> Thx & Rgds,
>
> Awie
>
>
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] freshclam: Chunked Transfer Coding

2004-10-19 Thread shivaken

On Tuesday 19 October 2004 17:37, Jo Mills wrote:
> Hi,
>
> First let me apologize if this is way off the mark, but it has aroused
> my curiosity.  When you say "freshclam fails", do you get a return
> value of 1?  I only ask because we have two Web Proxies in the office,
> one is a Novell box and the other is Squid/Debian.  I built the
> Squid/Debian box as freshclam would not work through the Novell box
> and for various reasons too boring to go into here, it was just easier
> to re-route all non vpn traffic via a new proxy than get RSSI of the
> forehead negotiating with the IT dept - they control the Novell box.

If your problem is the same, there are two ways to solve.

1. Change Squid setting 
   Make squid not to use transfer coding.

  Accourding to http://www.imc.org/ietf-openproxy/mail-archive/msg02605.html
  > Note that HTTP/1.1 default is (identity, chunked).
  So, Squid also uses transfer encoding by default.
  # I couldn't find any document describes about that settings.

2 . Change freshclam to use HTTP/1.0
   I attached a simple patch changes freshclam to use HTTP/1.0

Quick check: 
You can check which your proxy uses transfer-encoding or not.

  $ telnet your.proxy.server 8080
  Connected to your.proxy.server (xxx.xxx.xxx.xxx).
  Escape character is '^]'.
  GET http://www.google.com/ HTTP/1.1

  HTTP/1.1 200 OK
  ..
  ..
  Transfer-Encoding: chunked

If your server uses transfer-encoding, you can see that header.

-- 
-- shivaken
antshell: Ant command line front end
http://www.antshell.org
diff -ur clamav-0.80/freshclam/manager.c clamav-0.80.new/freshclam/manager.c
--- clamav-0.80/freshclam/manager.c	2004-10-18 01:50:34.0 +0900
+++ clamav-0.80.new/freshclam/manager.c	2004-10-20 09:11:20.928348968 +0900
@@ -1,6 +1,6 @@
 /*
  *  Copyright (C) 2002 - 2004 Tomasz Kojm <[EMAIL PROTECTED]>
- *  HTTP/1.1 compliance by Arkadiusz Miskiewicz <[EMAIL PROTECTED]>
+ *  HTTP/1.0 compliance by Arkadiusz Miskiewicz <[EMAIL PROTECTED]>
  *  Proxy support by Nigel Horne <[EMAIL PROTECTED]>
  *  Proxy authorization support by Gernot Tenchio <[EMAIL PROTECTED]>
  *		 (uses fmt_base64() from libowfat (http://www.fefe.de))
@@ -474,7 +474,7 @@
 mprintf("Reading CVD header (%s): ", file);
 
 #ifdef	NO_SNPRINTF
-sprintf(cmd, "GET %s/%s HTTP/1.1\r\n"
+sprintf(cmd, "GET %s/%s HTTP/1.0\r\n"
 	"Host: %s\r\n%s"
 	"User-Agent: "PACKAGE"/"VERSION"\r\n"
 	"Cache-Control: no-cache\r\n"
@@ -482,7 +482,7 @@
 	"Range: bytes=0-511\r\n"
 	"\r\n", (remotename != NULL)?remotename:"", file, hostname, (authorization != NULL)?authorization:"");
 #else
-snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n"
+snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.0\r\n"
 	"Host: %s\r\n%s"
 	"User-Agent: "PACKAGE"/"VERSION"\r\n"
 	"Cache-Control: no-cache\r\n"
@@ -508,7 +508,7 @@
 	return NULL;
 }
 
-if ((strstr(buffer, "HTTP/1.1 404")) != NULL) { 
+if ((strstr(buffer, "HTTP/1.0 404")) != NULL) { 
   mprintf("@CVD file not found on remote server\n");
   return NULL;
 }
@@ -585,14 +585,14 @@
 }
 
 #ifdef NO_SNPRINTF
-sprintf(cmd, "GET %s/%s HTTP/1.1\r\n"
+sprintf(cmd, "GET %s/%s HTTP/1.0\r\n"
 	 "Host: %s\r\n%s"
 	 "User-Agent: "PACKAGE"/"VERSION"\r\n"
 	 "Cache-Control: no-cache\r\n"
 	 "Connection: close\r\n"
 	 "\r\n", (remotename != NULL)?remotename:"", dbfile, hostname, (authorization != NULL)?authorization:"");
 #else
-snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n"
+snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.0\r\n"
 	 "Host: %s\r\n%s"
 	 "User-Agent: "PACKAGE"/"VERSION"\r\n"
 	 "Cache-Control: no-cache\r\n"
@@ -629,7 +629,7 @@
 
 /* check whether the resource actually existed or not */
 
-if ((strstr(buffer, "HTTP/1.1 404")) != NULL) { 
+if ((strstr(buffer, "HTTP/1.0 404")) != NULL) { 
   mprintf("@%s not found on remote server\n", dbfile);
   close(fd);
   unlink(file);
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

2004-10-19 Thread Todd Lyons

Christopher X. Candreva wanted us to know:

>> Yes, I'm seeing them, and they're annoying as hell.  Most of them seem to be
>> from Trog, thought the other poster that said they were forwarded messages
>> broke his own claim, since his had the same issue.
>Ah -- could this be people who PGP-sign their messages ?

Yes, inline signing would probably fix that issue.
-- 
Regards...  Todd
OS X: We've been fighting the "It's a mac" syndrome with upper management
for  years  now.  Lately  we've  taken  to  just  referring  to  new  mac 
installations  as  "Unix"  installations  when  presenting proposals  and 
updates.  For some reason, they have no problem with that.  -- /.
Linux kernel 2.6.3-19mdkenterprise   2 users,  load average: 0.01, 0.02, 0.02
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

2004-10-19 Thread Christopher X. Candreva

On Tue, 19 Oct 2004, Damian Menscher wrote:

> Yes, I'm seeing them, and they're annoying as hell.  Most of them seem to be
> from Trog, thought the other poster that said they were forwarded messages
> broke his own claim, since his had the same issue.

Ah -- could this be people who PGP-sign their messages ?

==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

2004-10-19 Thread Damian Menscher

On Tue, 19 Oct 2004, Daniel J McDonald wrote:
Am I the only one who sees several of the posters with embedded:
Content-Type: message/rfc822
that includes embedded text/plain attachments.  Evolution opens them up
with only one extra step, but if I'm stuck with Outlook (or worse, OWA)
you have to open three levels of attachments to read the text of the
e-mail.
Just started when we switched from sourceforge to Luca's mailman server.
If I'm the only one seeing it I'll troubleshoot my amavis-new config to
see if it is doing something bizarre...
Yes, I'm seeing them, and they're annoying as hell.  Most of them seem 
to be from Trog, thought the other poster that said they were forwarded 
messages broke his own claim, since his had the same issue.

I'm about ready to give up on this list... no sense going through 
multiple steps to read an email that asks a FAQ.

Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

2004-10-19 Thread Stephen Gran

On Tue, Oct 19, 2004 at 05:20:38PM -0500, Daniel J McDonald said:
> Am I the only one who sees several of the posters with embedded:
> 
> Content-Type: message/rfc822
> 
> that includes embedded text/plain attachments.  Evolution opens them up
> with only one extra step, but if I'm stuck with Outlook (or worse, OWA)
> you have to open three levels of attachments to read the text of the
> e-mail.
> 
> Just started when we switched from sourceforge to Luca's mailman server.
> 
> If I'm the only one seeing it I'll troubleshoot my amavis-new config to
> see if it is doing something bizarre...

They appear to all be forwarded messages, with the message being
forwarded attached as an inline attachment, sometimes in several parts.
mutt deals with them just fine.
-- 
 --
|  Stephen Gran  | If you see an onion ring -- answer it!  |
|  [EMAIL PROTECTED] | |
|  http://www.lobefin.net/~steve | |
 --


pgpjSTT5a4qgH.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list

2004-10-19 Thread Daniel J McDonald

Am I the only one who sees several of the posters with embedded:

Content-Type: message/rfc822

that includes embedded text/plain attachments.  Evolution opens them up
with only one extra step, but if I'm stuck with Outlook (or worse, OWA)
you have to open three levels of attachments to read the text of the
e-mail.

Just started when we switched from sourceforge to Luca's mailman server.

If I'm the only one seeing it I'll troubleshoot my amavis-new config to
see if it is doing something bizarre...

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Unable to open file or directory ERROR

2004-10-19 Thread Grant Supp

I'm using Clam AV 0.80 with Qmail-Scanner 1.23 and receive the following lines in my 
clamd.log:

Tue Oct 19 15:22:34 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com109821735148216078/1098217354.16090-1.newmail01.readyhosting.com:
 Trojan.Dropper.JS.Zerolin-6 FOUND
Tue Oct 19 15:30:44 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com109821784448218517/test.zip: 
ClamAV-Test-Signature FOUND
Tue Oct 19 15:40:14 2004 -> SelfCheck: Database status OK.
Tue Oct 19 15:53:44 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com109821922448224690/Order - Hearing 
and Appeal.pdf: Unable to open file or directory ERROR
Tue Oct 19 16:10:29 2004 -> SelfCheck: Database status OK.
Tue Oct 19 16:32:40 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com10982215584824569/text.zip: 
Worm.Mydoom.I FOUND
Tue Oct 19 16:36:09 2004 -> 
/var/spool/qmailscan/tmp/newmail01.readyhosting.com10982217694825599/Untitled 
Attachment: Unable to open file or directory ERROR

"Unable to open file or directory ERROR" -- does anyone have any idea how to begin 
troubleshooting this intermittent problem?

Thanks,
Grant Supp 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Freshclam warning

2004-10-19 Thread Jeff Smelser

On Tuesday 19 October 2004 04:29 pm, Todd Lyons wrote:
> Tomasz Kojm wanted us to know:
> >> WARNING: DNS record is older than 3 hours.
> >> WARNING: Invalid DNS reply.
> >
> >Please read my today's post in this case.
>
> Could I suggest different verbage:
> WARNING: DNS record is older than 3 hours, falling back to HTTP GET.
>
> Would get rid of the questions of "what does the error mean?"

I agree, but I bet you will still see them in here.. ;)

Jeff


pgpUllFJDNpvZ.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Freshclam warning

2004-10-19 Thread Todd Lyons

Tomasz Kojm wanted us to know:

>> WARNING: DNS record is older than 3 hours.
>> WARNING: Invalid DNS reply.
>Please read my today's post in this case.

Could I suggest different verbage:
WARNING: DNS record is older than 3 hours, falling back to HTTP GET.

Would get rid of the questions of "what does the error mean?"
-- 
Regards...  Todd
OS X: We've been fighting the "It's a mac" syndrome with upper management
for  years  now.  Lately  we've  taken  to  just  referring  to  new  mac 
installations  as  "Unix"  installations  when  presenting proposals  and 
updates.  For some reason, they have no problem with that.  -- /.
Linux kernel 2.6.3-19mdkenterprise   2 users,  load average: 0.12, 0.08, 0.02


pgpLoBFRaQ1eE.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Freshclam warning

2004-10-19 Thread Vernon A. Fort





Tomasz Kojm wrote:

  On Tue, 19 Oct 2004 14:58:56 -0500
"Vernon A. Fort" <[EMAIL PROTECTED]> wrote:

  
  
I have been getting the following warning with freshclam for the last 
several hours.

WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply.

All cvd files seem to be up-to-date but why am I getting this?

  
  
Please read my today's post in this case.
  

Thanks and understood,  I overlooked that post  O:-) 

Vernon


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Freshclam warning

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 14:58:56 -0500
"Vernon A. Fort" <[EMAIL PROTECTED]> wrote:

> I have been getting the following warning with freshclam for the last 
> several hours.
> 
> WARNING: DNS record is older than 3 hours.
> WARNING: Invalid DNS reply.
> 
> All cvd files seem to be up-to-date but why am I getting this?

Please read my today's post in this case.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 22:05:14 CEST 2004


pgp7xHshAZxxa.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Freshclam warning

2004-10-19 Thread Jeff Smelser

On Tuesday 19 October 2004 02:58 pm, Vernon A. Fort wrote:

> WARNING: DNS record is older than 3 hours.
> WARNING: Invalid DNS reply.

This was just asked and answered.. Its telling something is suspicious with 
the dns update, so it is looking for updates the old way.

Now pay attention next time..

Jeff

pgpsLUZ92a5bX.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Freshclam warning

2004-10-19 Thread Vernon A. Fort

I have been getting the following warning with freshclam for the last 
several hours.

WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply.
All cvd files seem to be up-to-date but why am I getting this?
Vernon
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] [Solved] ClamAV 0.80 Compilation

2004-10-19 Thread Robin, Rob

Thanks Thomas..

It compiled just fine..


Rob Robin 
Network Analyst
Green Apple, Inc.
740-653-9890
[EMAIL PROTECTED]
www.greenapple.com
Internet access, hosting and development solutions since 1995.


-Original Message-
From: Thomas Lamy [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 19, 2004 2:22 PM
To: ClamAV users ML
Subject: Re: [Clamav-users] ClamAV 0.80 Compilation


Robin, Rob wrote:
> All,
> 
>   Tried to upgrade to ClamAV 0.80 from 0.75.1. Failed to compile it.
> 
> ~~~ ./configure --prefix=/usr/local/clamav/0.80 's warnings -
> 
> configure: WARNING: resolv.h: present but cannot be compiled
> configure: WARNING: resolv.h: check for missing prerequisite headers?
> configure: WARNING: resolv.h: see the Autoconf documentation
> configure: WARNING: resolv.h: section "Present But Cannot Be Compiled"
> configure: WARNING: resolv.h: proceeding with the preprocessor's result
> configure: WARNING: resolv.h: in the future, the compiler will take precedence
> configure: WARNING: ## -- ##
> configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists.  ##
> configure: WARNING: ## -- ##
> 
You may either ignore this (sometimes it works despite the warning), or 
use the --disable-dns configure switch.

> ---
> 
> 
> Make's error started w/:
> chmunpack.c:72: syntax error before `uint64_t'
> chmunpack.c:114: syntax error before `uint64_t'
> 
Edit libclamav/cltypes.h and add
typedef unsigned long long uint64_t;
at the bottom of the file (where the other typedefs are, just above the 
latest #endif. _Perhaps_ that works; I gave this tip to another guy with 
old gcc but just can't remember if that worked it out.

>   Any ClamAV or C experts willing to help here.
> 
>   gcc version 2.95.2. BSDi 4.2 (i hate to be on a dead OS, moving to linux 
> soon). 
Open Source is moving fast... ;-)
> 
> Thanks,
> 
> Rob Robin 
> Network Analyst
> Green Apple, Inc.


Thomas
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Upgrade from 75.1 to 80

2004-10-19 Thread lnx

I have downloaded ver80 and now I'm not sure how to proceed.  I've read the
manual but I can't info on how to upgrade, is it best to remove the previous
version or install over it.?

Lnx



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: pipechk: [kegger-daily:world-writable files (-222)]

2004-10-19 Thread clamav


Is there a reason that clamav comes with 777 modes in the tar? I would 
hate for someone to change something while I'm compiling, even though my 
parent directory is a bit more secure (700).  Ideas?

-- 
Eric Wheeler
Vice President
National Security Concepts, Inc.
PO Box 3567
Tualatin, OR 97062

http://www.nsci.us/
Voice: (503) 293-7656
Fax:   (503) 885-0770



On Tue, 19 Oct 2004, root wrote:
> pipechk v.14 copyright (c) 2001-2002 Eric Wheeler, all rights reserved.
> --- diff output of kegger-daily:world-writable files (-222) (357 seconds) ---
> 7177a7178,7205
> > /dload/clamav-0.80
> > /dload/clamav-0.80/etc
> > /dload/clamav-0.80/docs
> > /dload/clamav-0.80/docs/man
> > /dload/clamav-0.80/docs/html
> > /dload/clamav-0.80/docs/MacOSX
> > /dload/clamav-0.80/test
> > /dload/clamav-0.80/test/mbox
> > /dload/clamav-0.80/contrib
> > /dload/clamav-0.80/contrib/init
> > /dload/clamav-0.80/contrib/init/SuSE
> > /dload/clamav-0.80/contrib/init/RedHat
> > /dload/clamav-0.80/contrib/Windows
> > /dload/clamav-0.80/contrib/Windows/res
> > /dload/clamav-0.80/contrib/clamavmon
> > /dload/clamav-0.80/contrib/clamdwatch
> > /dload/clamav-0.80/database
> > /dload/clamav-0.80/clamd
> > /dload/clamav-0.80/clamav-milter
> > /dload/clamav-0.80/sigtool
> > /dload/clamav-0.80/clamdscan
> > /dload/clamav-0.80/shared
> > /dload/clamav-0.80/freshclam
> > /dload/clamav-0.80/examples
> > /dload/clamav-0.80/clamscan
> > /dload/clamav-0.80/libclamav
> > /dload/clamav-0.80/libclamav/zziplib
> > /dload/clamav-0.80/libclamav/mspack
> 
> 
> 

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 11:47:33 -0700 (PDT)
[EMAIL PROTECTED] wrote:

> 
> I'm not sure what is more obnoxious.  Top posting a short response ...
> 
> 
> On Tue, 19 Oct 2004, Tomasz Kojm wrote:
> > On Tue, 19 Oct 2004 12:39:44 +0200
> > "Kareem Mahgoub" <[EMAIL PROTECTED]> wrote:
> > 
> > > Thanks for the quick help.
> > > I thought it is something in clamav not QS ( on a second thought,
> > > it should really go to QS mailing list ) my apology.
> > > For hitting reply on a previous thread,
> > > I thought it won't harm anybody, but it seems to be something bad.
> > > It will be my last time.
> > 
> > And please don't top-post.
> 
>  or bottom posting to tell someone not to top post.

Not to "tell someone" but to "ask someone"!

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 21:17:10 CEST 2004


pgp5NmZdHRTYO.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread clamav


I'm not sure what is more obnoxious.  Top posting a short response ... 

On Tue, 19 Oct 2004, Tomasz Kojm wrote:
> On Tue, 19 Oct 2004 12:39:44 +0200
> "Kareem Mahgoub" <[EMAIL PROTECTED]> wrote:
> 
> > Thanks for the quick help.
> > I thought it is something in clamav not QS ( on a second thought, it
> > should really go to QS mailing list ) my apology.
> > For hitting reply on a previous thread,
> > I thought it won't harm anybody, but it seems to be something bad. It
> > will be my last time.
> 
> And please don't top-post.

 or bottom posting to tell someone not to top post.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV 0.80 and leave-temps

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 10:23:52 -0700 (PDT)
Pete D <[EMAIL PROTECTED]> wrote:

> I posted your response here to the ASSP forum.  In the
> ASSP documentation, it mentions that ASSP lacks the

Thank you!

> This is a bit off topic, but I noticed that there is a
> clamav-milter for sendmail.  Would using this simply
> do away with having to use amavisd?

Yes, clamav-milter is a fully featured mail scanner for sendmail.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 20:51:27 CEST 2004


pgpGhYYbbvQXl.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Upgrade from 75.1 to 80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 18:59:02 +0100
"lnx" <[EMAIL PROTECTED]> wrote:

> I have downloaded ver80 and now I'm not sure how to proceed.  I've
> read the manual but I can't info on how to upgrade, is it best to
> remove the previous version or install over it.?

The first option.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 20:47:00 CEST 2004


pgppntJVx0NX8.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Zip AV Bypass Vulnerability

2004-10-19 Thread clamav

> > > http://www.securiteam.com/securitynews/6E00G2ABFY.html
> > > 
> > > Bit hard to say if this would impact ClamAV?
> > 
> > Does clam skip the decompression if the local/global header contain a
> > zero filesize?  It sounds like from the article that those of use who
> 
> Yes, it does. Unfortunately.

The article says that even with zero-size archives, it still decompresses 
properly.  Can we decompress zero-size files from zips without having 
memory allocation and stack overflow problems or is the file size used in 
decompression into temporary memory buffers?


-- 
Eric Wheeler
Vice President
National Security Concepts, Inc.
PO Box 3567
Tualatin, OR 97062

http://www.nsci.us/
Voice: (503) 293-7656
Fax:   (503) 885-0770

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed (Bad file descriptor)

2004-10-19 Thread Graeme

Odhiambo Washington said:
> * Graeme <[EMAIL PROTECTED]> [20041019 19:18]: wrote:
>> Just upgraded my FreeBSD 4.10 to exim 4.43 exiscan patch 28 and clamav
>> 0.80 using ports.
>>
>> I mow get the error
>>
>> malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed
>> (Bad file descriptor)
>>
>> Any help would be appreciated
>
> While ignoring the technicalities that might lead to this, are you able
> to connect to clamd manually?
>
> telnet 127.0.0.1 3310
>
> On my side, I use Unix sockets so in my Exim configuration, I have
>
> av_scanner  = clamd:/var/spool/exim/clamd.sock
>
>
> Then in /usr/local/etc/clamd.conf I have:
>
> LocalSocket /var/spool/exim/clamd.sock
> User exim
>
>
> So that clamd runs as the exim_user (exim -bP exim_user) and so can
> write the socket file to Exim's spool directory.
>
>
Thanks for the help.   It was entirely my fault, the clamd config file
having changed from clamav.conf to clamd.conf.  I updated the name and
everything's working now.  I'll try to engage my brain first next time!

Cheers
Graeme

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV 0.80 Compilation

2004-10-19 Thread Thomas Lamy

Robin, Rob wrote:
All,
Tried to upgrade to ClamAV 0.80 from 0.75.1. Failed to compile it.
~~~ ./configure --prefix=/usr/local/clamav/0.80 's warnings -
configure: WARNING: resolv.h: present but cannot be compiled
configure: WARNING: resolv.h: check for missing prerequisite headers?
configure: WARNING: resolv.h: see the Autoconf documentation
configure: WARNING: resolv.h: section "Present But Cannot Be Compiled"
configure: WARNING: resolv.h: proceeding with the preprocessor's result
configure: WARNING: resolv.h: in the future, the compiler will take precedence
configure: WARNING: ## -- ##
configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING: ## -- ##
You may either ignore this (sometimes it works despite the warning), or 
use the --disable-dns configure switch.

---
Make's error started w/:
chmunpack.c:72: syntax error before `uint64_t'
chmunpack.c:114: syntax error before `uint64_t'
Edit libclamav/cltypes.h and add
typedef unsigned long long uint64_t;
at the bottom of the file (where the other typedefs are, just above the 
latest #endif. _Perhaps_ that works; I gave this tip to another guy with 
old gcc but just can't remember if that worked it out.

Any ClamAV or C experts willing to help here.
	gcc version 2.95.2. BSDi 4.2 (i hate to be on a dead OS, moving to linux soon). 
Open Source is moving fast... ;-)
Thanks,

Rob Robin 
Network Analyst
Green Apple, Inc.

Thomas
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] ClamAV 0.80 Compilation

2004-10-19 Thread Robin, Rob

All,

Tried to upgrade to ClamAV 0.80 from 0.75.1. Failed to compile it.

~~~ ./configure --prefix=/usr/local/clamav/0.80 's warnings -

configure: WARNING: resolv.h: present but cannot be compiled
configure: WARNING: resolv.h: check for missing prerequisite headers?
configure: WARNING: resolv.h: see the Autoconf documentation
configure: WARNING: resolv.h: section "Present But Cannot Be Compiled"
configure: WARNING: resolv.h: proceeding with the preprocessor's result
configure: WARNING: resolv.h: in the future, the compiler will take precedence
configure: WARNING: ## -- ##
configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING: ## -- ##

---


Make's error started w/:
chmunpack.c:72: syntax error before `uint64_t'
chmunpack.c:114: syntax error before `uint64_t'

Any ClamAV or C experts willing to help here.

gcc version 2.95.2. BSDi 4.2 (i hate to be on a dead OS, moving to linux 
soon). 

Thanks,

Rob Robin 
Network Analyst
Green Apple, Inc.
740-653-9890
[EMAIL PROTECTED]
www.greenapple.com
Internet access, hosting and development solutions since 1995.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] clamdscan / results in "ACCESS DENIED"

2004-10-19 Thread Tomasz Papszun

On Tue, 19 Oct 2004 at 11:38:17 -0400, Peter A Farago wrote:
> I recently switched from Fedora Core 1 to Fedora Core 2. At the same 
> time I upgraded to clamav 0.80. I have been using 'clamscan /' to scan 
> my system in cron.daily. I am now running the clamd daemon and have 
> changed from to 'clamscan /' to 'clamdscan /'.
> 
> I am getting  "access denied" messages  from clamdsan. I guess this is 
> not surprising since I have not changed the user=clamav in clamd.conf. 
> If I change the user=root then the scan completes as expected.
> 
> I had the same problem with clamav 0.75 on Fedora Core 2 but clamdscan 
> 0.75 works without a "user=" line in clamav.conf under Fedora Core 1.
> 
> My questions are:
> 
> 1) is it necessary to set user=root in clamd.conf to scan  / and, if 
> not, please describe any better alternatives
> 2) can clamdscan damage my system if I run clamd as root (assuming that 
> clamdscan and clamd have not been tampered with)
> 

I don't know Fedora (was that the monster which Japan Gozilla fought
with? ;-), so I'm not giving the straight answer...

First of all, you earn almost nothing when you replace clamscan with
clamdscan for scanning many files at once. Clamdscan saves you time and
resources when invoked again and again, every time for every file (like
scanning email messages in transit).
When you invoke 'clamscan /', the executable is run one time and the
database is loaded one time anyway, so there's no need to use clamdscan
for scannning '/'.

Can clamdscan damage anything when clamd is run as root?...
There are no known exploits, but one should always use only minimal
priviliges to do a task, and separate users. That's why you don't run
HTTPD, DNS server etc. as root, do you? End email can be especially
dangerous as the data depends on sending users very much.

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV 0.80 and leave-temps

2004-10-19 Thread Pete D

Tomasz,

I posted your response here to the ASSP forum.  In the
ASSP documentation, it mentions that ASSP lacks the
ability to block all viruses (I guess that is what
they mean by "basic anti-virus filtering").  I use
ASSP in combination with a amavisd/clamd setup. 
Whatever ASSP doesn't catch, the amavisd/clamd does.

This is a bit off topic, but I noticed that there is a
clamav-milter for sendmail.  Would using this simply
do away with having to use amavisd?

Thanks.

--- Tomasz Kojm <[EMAIL PROTECTED]> wrote:

> On Tue, 19 Oct 2004 08:26:36 -0700 (PDT)
> Pete D <[EMAIL PROTECTED]> wrote:
> 
> > Hello all.
> > 
> > I just upgraded to the new ClamAV 0.80.  I use the
> > clamscan command along with the --leave-temps flag
> to
> > generate the main.db and daily.db files.  I am
> using a
> > SMTP proxy spam program called ASSP that uses
> these db
> > files for preliminary virus detection.  The
> > --leave-temps flag, which worked just fine in
> 0.75.1
> > is not working at all in 0.80.  When specified, no
> 
> http://assp.sourceforge.net/:
> 8. Basic anti-virus filtering using the ClamAV virus
> databases.
> 
> They should use libclamav. Currently that software
> will miss most 
> of the new malware. If you are with contact with
> them please ask them to
> remove the above point from their main site as this
> is a false sense of
> security.
> 
> -- 
>oo. Tomasz Kojm
> <[EMAIL PROTECTED]>
>   (\/)\.
> http://www.ClamAV.net/gpg/tkojm.gpg
>  \..._
> 0DCA5A08407D5288279DB43454822DC8985A444B
>//\   /\  Tue Oct 19 17:53:58
> CEST 2004
> 

> ATTACHMENT part 1.2 application/pgp-signature 
> ___
>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 

__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed (Bad file descriptor)

2004-10-19 Thread Brian Morrison

On Tue, 19 Oct 2004 17:17:11 +0100 (BST) in
[EMAIL PROTECTED] "Graeme"
<[EMAIL PROTECTED]> wrote:

>  malware acl condition: clamd: connection to, 127.0.0.1, port 3310
>  failed(Bad file descriptor)

Can you post the av_scanner entry in your exim.conf file and the socket
entries from clamd.conf.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed (Bad file descriptor)

2004-10-19 Thread Graeme

Just upgraded my FreeBSD 4.10 to exim 4.43 exiscan patch 28 and clamav
0.80 using ports.

I mow get the error

malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed
(Bad file descriptor)

Any help would be appreciated

Thanks
Graeme


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV 0.80 and leave-temps

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 08:26:36 -0700 (PDT)
Pete D <[EMAIL PROTECTED]> wrote:

> Hello all.
> 
> I just upgraded to the new ClamAV 0.80.  I use the
> clamscan command along with the --leave-temps flag to
> generate the main.db and daily.db files.  I am using a
> SMTP proxy spam program called ASSP that uses these db
> files for preliminary virus detection.  The
> --leave-temps flag, which worked just fine in 0.75.1
> is not working at all in 0.80.  When specified, no

http://assp.sourceforge.net/:
8. Basic anti-virus filtering using the ClamAV virus databases.

They should use libclamav. Currently that software will miss most 
of the new malware. If you are with contact with them please ask them to
remove the above point from their main site as this is a false sense of
security.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 17:53:58 CEST 2004


pgpoGc4uZ1Orw.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV 0.80 and leave-temps

2004-10-19 Thread Pete D

Thanks for the great tip!  The sigtool command works
beautifully.  However, it does make me wonder if there
is a bug with the leave-temps flag.

Thanks again.

--- aCaB <[EMAIL PROTECTED]> wrote:

> On 10/19/04 17:26, Pete D wrote:
> > Hello all.
> > 
> > I just upgraded to the new ClamAV 0.80.  I use the
> > clamscan command along with the --leave-temps flag
> to
> > generate the main.db and daily.db files.  I am
> using a
> > SMTP proxy spam program called ASSP that uses
> these db
> > files for preliminary virus detection.  The
> > --leave-temps flag, which worked just fine in
> 0.75.1
> > is not working at all in 0.80.  When specified, no
> > temporary clamav-xxx directories are to be
> found. 
> > I am running on Redhat 9 and tested on SuSE 9.0
> and a
> > Redhat 7.3 all with the same result.  Is anyone
> else
> > experiencing this problem?  Any help would be
> greatly
> > appreciated.
> > 
> > Thanks.
> > 
> > 
> 
> "sigtool --unpack" is your friend (man sigtool)
> "--leave-temps" is a debugging feature not meant to
> do what your trying to
> 
> ___
>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 




___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Exploit.JPEG.Comment.1

2004-10-19 Thread Scott Ryan

On Tuesday 19 October 2004 16:38, Tomasz Kojm shaped the electrons to say:
> On Tue, 19 Oct 2004 16:09:54 +0200
>
> Scott Ryan <[EMAIL PROTECTED]> wrote:
> > ClamAV databases updated (2004.10.19 12:59 +): daily.cvd
> > version: 540
> >
> > Submission: n/a
> > Sender: Trog
> > Updated: Exploit.JPEG.Comment.1
> >
> > I dont know about anyone else, but this caused me huge issues...
> > Flagged every jpeg attachment as a virus on 0.80rc3.
> >
> > Upgraded to 0.80rc4 and problem went away.
>
> To 0.80rc4?!

I will now install 0.80

-- 

+--+
(0> Scott Ryan
//\ Senior Unix/Linux Engineer
V_/_Telkom Internet - South Africa
+--+
He who controls the past, controls the future,
He who controls the present, controls the past.
- George Orwell, 1984


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] What Just Happened??

2004-10-19 Thread Scott Ryan

On Tuesday 19 October 2004 16:34, Trog shaped the electrons to say:
> On Tue, 2004-10-19 at 15:07, Scott Ryan wrote:
> > I saw on my monitoring application just now that clamav was outdated and
> > that i must update immediately. I was running 0.80rc3, and the moment I
> > got this message i was inundated with users complaining that any jpeg
> > attachment is flagged as a virus / comment 1.
> > I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the
> > warning telling me to upgrade...
> >
> > is there a release i am missing ??
>
> Yes, 0.80
>
> You should leave your cave more often :-)

Or take the bucket of my head ;)

>
> -trog

-- 

+--+
(0> Scott Ryan
//\ Senior Unix/Linux Engineer
V_/_Telkom Internet - South Africa
+--+
He who controls the past, controls the future,
He who controls the present, controls the past.
- George Orwell, 1984


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] ClamAV 0.80 and leave-temps

2004-10-19 Thread aCaB

On 10/19/04 17:26, Pete D wrote:
Hello all.
I just upgraded to the new ClamAV 0.80.  I use the
clamscan command along with the --leave-temps flag to
generate the main.db and daily.db files.  I am using a
SMTP proxy spam program called ASSP that uses these db
files for preliminary virus detection.  The
--leave-temps flag, which worked just fine in 0.75.1
is not working at all in 0.80.  When specified, no
temporary clamav-xxx directories are to be found. 
I am running on Redhat 9 and tested on SuSE 9.0 and a
Redhat 7.3 all with the same result.  Is anyone else
experiencing this problem?  Any help would be greatly
appreciated.

Thanks.

"sigtool --unpack" is your friend (man sigtool)
"--leave-temps" is a debugging feature not meant to do what your trying to
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamdscan / results in "ACCESS DENIED"

2004-10-19 Thread Peter A Farago

I recently switched from Fedora Core 1 to Fedora Core 2. At the same 
time I upgraded to clamav 0.80. I have been using 'clamscan /' to scan 
my system in cron.daily. I am now running the clamd daemon and have 
changed from to 'clamscan /' to 'clamdscan /'.

I am getting  "access denied" messages  from clamdsan. I guess this is 
not surprising since I have not changed the user=clamav in clamd.conf. 
If I change the user=root then the scan completes as expected.

I had the same problem with clamav 0.75 on Fedora Core 2 but clamdscan 
0.75 works without a "user=" line in clamav.conf under Fedora Core 1.

My questions are:
1) is it necessary to set user=root in clamd.conf to scan  / and, if 
not, please describe any better alternatives
2) can clamdscan damage my system if I run clamd as root (assuming that 
clamdscan and clamd have not been tampered with)

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] ClamAV 0.80 and leave-temps

2004-10-19 Thread Pete D

Hello all.

I just upgraded to the new ClamAV 0.80.  I use the
clamscan command along with the --leave-temps flag to
generate the main.db and daily.db files.  I am using a
SMTP proxy spam program called ASSP that uses these db
files for preliminary virus detection.  The
--leave-temps flag, which worked just fine in 0.75.1
is not working at all in 0.80.  When specified, no
temporary clamav-xxx directories are to be found. 
I am running on Redhat 9 and tested on SuSE 9.0 and a
Redhat 7.3 all with the same result.  Is anyone else
experiencing this problem?  Any help would be greatly
appreciated.

Thanks.




___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] What Just Happened??

2004-10-19 Thread Trog

On Tue, 2004-10-19 at 15:49, Christopher X. Candreva wrote:
> On Tue, 19 Oct 2004, Trog wrote:
> 
> > You should leave your cave more often :-)

>  . . This from someone calling himself  trog ?  :-)
> 

Ohh, the irony :-)

-trog



signature.asc
Description: This is a digitally signed message part
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] What Just Happened??

2004-10-19 Thread Christopher X. Candreva

On Tue, 19 Oct 2004, Trog wrote:

> You should leave your cave more often :-)
> 
> -trog

 . . This from someone calling himself  trog ?  :-)


-Chris


==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Exploit.JPEG.Comment.1

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 16:09:54 +0200
Scott Ryan <[EMAIL PROTECTED]> wrote:

> ClamAV databases updated (2004.10.19 12:59 +): daily.cvd
> version: 540
> 
> Submission: n/a
> Sender: Trog
> Updated: Exploit.JPEG.Comment.1
> 
> I dont know about anyone else, but this caused me huge issues...
> Flagged every jpeg attachment as a virus on 0.80rc3.
> 
> Upgraded to 0.80rc4 and problem went away.

To 0.80rc4?!

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 16:37:48 CEST 2004


pgpUgGtURyUSc.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] What Just Happened??

2004-10-19 Thread Ken Jones


> I saw on my monitoring application just now that clamav was outdated and
> that
> i must update immediately. I was running 0.80rc3, and the moment I got
> this
> message i was inundated with users complaining that any jpeg attachment is
> flagged as a virus / comment 1.
> I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the
> warning telling me to upgrade...
>
> is there a release i am missing ??

Yes, .80 has been released yesterday

>
> --
>
> +--+
> (0>   Scott Ryan
> //\   Senior Unix/Linux Engineer
> V_/_  Telkom Internet - South Africa
> +--+
> He who controls the past, controls the future,
> He who controls the present, controls the past.
> - George Orwell, 1984
> 
>
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>


-- 
Ken Jones
[EMAIL PROTECTED]


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Exploit.JPEG.Comment.1

2004-10-19 Thread Scott Ryan

ClamAV databases updated (2004.10.19 12:59 +): daily.cvd
version: 540

Submission: n/a
Sender: Trog
Updated: Exploit.JPEG.Comment.1

I dont know about anyone else, but this caused me huge issues...
Flagged every jpeg attachment as a virus on 0.80rc3.

Upgraded to 0.80rc4 and problem went away.

-- 

+--+
(0> Scott Ryan
//\ Senior Unix/Linux Engineer
V_/_Telkom Internet - South Africa
+--+
He who controls the past, controls the future,
He who controls the present, controls the past.
- George Orwell, 1984


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] What Just Happened??

2004-10-19 Thread Trog

On Tue, 2004-10-19 at 15:07, Scott Ryan wrote:
> I saw on my monitoring application just now that clamav was outdated and that 
> i must update immediately. I was running 0.80rc3, and the moment I got this 
> message i was inundated with users complaining that any jpeg attachment is 
> flagged as a virus / comment 1.
> I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the 
> warning telling me to upgrade...
> 
> is there a release i am missing ??

Yes, 0.80

You should leave your cave more often :-)

-trog



signature.asc
Description: This is a digitally signed message part
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] What Just Happened??

2004-10-19 Thread Scott Ryan

I saw on my monitoring application just now that clamav was outdated and that 
i must update immediately. I was running 0.80rc3, and the moment I got this 
message i was inundated with users complaining that any jpeg attachment is 
flagged as a virus / comment 1.
I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the 
warning telling me to upgrade...

is there a release i am missing ??

-- 

+--+
(0> Scott Ryan
//\ Senior Unix/Linux Engineer
V_/_Telkom Internet - South Africa
+--+
He who controls the past, controls the future,
He who controls the present, controls the past.
- George Orwell, 1984


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] milter version

2004-10-19 Thread Nigel Horne

On Tuesday 19 Oct 2004 08:32, christian laubscher wrote:
> 
> when i enter 'clamd -V' i get a version line reflecting the i get a 
> version line indicating the current database version, eg .../535/..., 
> currently.
> 
> the clamav-milter X-Virus-Scanned lines, however, seem to reflect the 
> version feedback of clamd when the milter was started, not the current 
> one.
> 
> since the pingServer function seems to be only called at initialization 
> time, i presume this is a feature, not a bug - although it would be 
> much more informative to have the X-Virus-Scanned line reflect the 
> clamd version info valid at scanning time, not the historic one, imho?

I'll file it as an issue to be investigated.

> btw: thank you for an *excellent* piece of software!

Thank you!

> christian

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread Jim Maul

Alex Pleiner wrote:
* Kareem Mahgoub <[EMAIL PROTECTED]> [2004-10-19 10:32]:
Hello list,
I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2.
after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav.
I have recompiles qmail-scanner, ran qmail-scanner.pl -z and
qmail-scanner.pl -g , with the same result.
Any clue??

Besides this is the wrong list, Q-S does work with clamav 0.80. There
are just some minor annoyances - you detected one.
1. version information has changed, so Q-S version detection fails (it
still detects and call s clamav but fails to print the version
information). You might edit qmail-scanner-queue.pl and search for:
if (/ersion ([0-9\.\-a-z]+)/i) {
  $SCANINFO .="clamscan: $1. ";
replace with
   if (/lamav ([0-9\.\-a-z]+)/i) { 
  $SCANINFO .="clamscan: $1. ";   

2. clamdscan is called with obsolete args. This doesn't hurt, but fills
your log. I didn't check whether clamscan is affected. Replace
my $clamdscan_options="-r --disable-summary --max-recursion=10 --max-space=10";
with
my $clamdscan_options="--disable-summary";

Its actually "--no-summary" although "--disable-summary" may still work.
-Jim
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Brian Morrison

On Tue, 19 Oct 2004 14:32:08 +0200 in
[EMAIL PROTECTED] "Graham Dodd" <[EMAIL PROTECTED]>
wrote:

>  > Won't standard exim work with LDAP, assuming you set correct
> 
>  If only I had a standard Exim, or the source and patches.
> 
>  > parameter during compile? I compiled one successfully, but 

I'd suggest a look at the Exim mailing lists to see if someone knows how
to sort this out for you.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] non detection problem

2004-10-19 Thread Jeff Smelser

On Tuesday 19 October 2004 08:49 am, Tomasz Kojm wrote:
> Jeff Smelser <[EMAIL PROTECTED]> wrote:
> > > I KNOW thatand i still work clamAV...I'm not looking for
> > > guarantees, just striving for perfection
> > > All I ment to say is that I learned of a problem (through the
> > > mailing list!!) and is it going to be fixed??
> > > Which i did not get an answer 'till now (cause i missed one email!)
> >
> > It will be fixed ASAP. Grow some patience..
>
> It has been already fixed :-)

lol, opps.. ;) What Tomasz said! 

Jeff


pgplvrBgiiLyo.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] non detection problem

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 08:46:21 -0500
Jeff Smelser <[EMAIL PROTECTED]> wrote:

> > I KNOW thatand i still work clamAV...I'm not looking for
> > guarantees, just striving for perfection
> > All I ment to say is that I learned of a problem (through the
> > mailing list!!) and is it going to be fixed??
> > Which i did not get an answer 'till now (cause i missed one email!)
> 
> It will be fixed ASAP. Grow some patience..

It has been already fixed :-)

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 15:49:32 CEST 2004


pgpJr7m8GAndl.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] non detection problem

2004-10-19 Thread Jeff Smelser

On Tuesday 19 October 2004 01:34 am, Meni Shapiro wrote:

> > Two or more scanners from different vendors are recommended in these
> > days...
>
> OK, but the more is NOT the marrierthe more you got the more
> problems you have with interacting with the sendmail.

Either find a better mailer, or figure another way to run them if this is a 
problem. There are a few different ways to run a scanner.. Using the mailer 
itself, or even using procmail.

> >>(i don't want to - but can i trust ClamAV??)
> >
> > We don't guarantee you anything. See COPYING.
>
> I KNOW thatand i still work clamAV...I'm not looking for guarantees,
> just striving for perfection
> All I ment to say is that I learned of a problem (through the mailing
> list!!) and is it going to be fixed??
> Which i did not get an answer 'till now (cause i missed one email!)

It will be fixed ASAP. Grow some patience..

Jeff


pgpZSKsAaLGv1.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Upgrade from 0.6 to 0.8 ? - clamd doesn't see viruses

2004-10-19 Thread Serge Leschinsky

Dear Sirs ,

I've seen quite strange behavior of new clamd:

I try to send a message with virus:

If old clamd 0.6 used:
>clamd.log
> Tue Oct 19 07:25:47 2004 -> +++ Started at Tue Oct 19 07:25:47 2004
> Tue Oct 19 07:25:47 2004 -> Log file size limited to 1048576 bytes.
> Tue Oct 19 07:25:47 2004 -> Setting /tmp as global temporary directory
> Tue Oct 19 07:25:47 2004 -> Reading databases from /bases/clamav
> Tue Oct 19 07:25:47 2004 -> Protecting against 25254 viruses.
> Tue Oct 19 07:25:47 2004 -> Unix socket file /run/clamd.sock
> Tue Oct 19 07:25:47 2004 -> Setting connection queue length to 30
> Tue Oct 19 07:25:47 2004 -> Archive: Archived file size limit set to 10485760 bytes.
> Tue Oct 19 07:25:47 2004 -> Archive: Recursion level limit set to 5.
> Tue Oct 19 07:25:47 2004 -> Archive: Files limit set to 1000.
> Tue Oct 19 07:25:47 2004 -> Archive: Compression ratio limit set to 200.
> Tue Oct 19 07:25:47 2004 -> Archive support enabled.
> Tue Oct 19 07:25:47 2004 -> RAR support enabled.
> Tue Oct 19 07:25:47 2004 -> Mail files support enabled.
> Tue Oct 19 07:25:47 2004 -> OLE2 support enabled.
> Tue Oct 19 07:25:47 2004 -> Self checking every 3600 seconds.
> Tue Oct 19 07:26:34 2004 -> /tst//16986.tmp: Worm.SCO.A FOUND


If clamd 0.8 used:
>clamd.log
> clamd daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686)
> Log file size limited to 2097152 bytes.
> Reading databases from /bases/clamav
> Protecting against 25254 viruses.
> Unix socket file /run/clamd.sock
> Setting connection queue length to 15
> Archive: Archived file size limit set to 10485760 bytes.
> Archive: Recursion level limit set to 5.
> Archive: Files limit set to 1000.
> Archive: Compression ratio limit set to 250.
> Archive support enabled.
> Archive: RAR support disabled.
> Portable Executable support enabled.
> Mail files support enabled.
> OLE2 support enabled.
> HTML support enabled.
> Self checking every 1800 seconds.
> /tst//16697.tmp: OK

8-\
The message is identical for both cases.

I check clamd 0.6 with clamdscan
> athlon:/clamdscan --config-file=/etc/clamd.conf /tst/message.zip
> /tst/message.zip: Worm.SCO.A FOUND
> 
> --- SCAN SUMMARY ---
> Infected files: 1
> Time: 0.002 sec (0 m 0 s)
It's work correct.

The same file with 0.8
> athlon:/clamdscan --config-file=/etc/clamd.conf /tst/message.zip
> /tst/message.zip: OK
> 
> --- SCAN SUMMARY ---
> Infected files: 0
> Time: 0.001 sec (0 m 0 s)


That is the possible reason?

-- 
Best regards,
 Serge Leschinsky  mailto:[EMAIL PROTECTED]


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] can't compile clamav 0.80

2004-10-19 Thread Ken Jones


> Hi
>
> I'v got next errors and warnings whe try configure clamav 0.80:
>
> configure: WARNING: resolv.h: present but cannot be compiled
> configure: WARNING: resolv.h: check for missing prerequisite headers?
> configure: WARNING: resolv.h: see the Autoconf documentation
> configure: WARNING: resolv.h: section "Present But Cannot Be Compiled"
> configure: WARNING: resolv.h: proceeding with the preprocessor's result
> configure: WARNING: resolv.h: in the future, the compiler will take
> precedence
> configure: WARNING: ## -- ##
> configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists.  ##
> configure: WARNING: ## -- ##
> checking for resolv.h... yes

These are warnings that resolv.h can't be compiled by autoconf. They may
still work when compiled in with the software. You should be able to
ignore these.
> checking whether setpgrp takes no argument... no
> checking for __gmpz_init in -lgmp... yes
> checking for curl >= 7.10.0... FAILED

Looks like you don't have curl installed
It's available here: http://curl.haxx.se/

> configure: WARNING: curl-config was not found
> checking for mi_stop in -lmilter... no
> checking for library containing strlcpy... no
> checking for mi_stop in -lmilter... no
> configure: error: Cannot find libmilter

libmilter is part of the sendmail source, but is not installed by default.
In the source tree for sendmail change directory into libmilter and do a
make install. This sould install the necessary files.

>
> OS: FreeBSD 5.2.1-RELEASE-p1
> Sendmail 8.13.1
> clamav 0.80
> 'configure' options: --disable-clamuko --enable-milter --disable-pthreads
> --sysconfdir=/usr/local/etc --with-dbdir=/var/clamav/db
>
> How can I solve this problems?
>
> --
>  Korchmenuk Nickolay
> 19 Oct 2004 10:06:33
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>


-- 
Ken Jones
[EMAIL PROTECTED]


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

[EMAIL PROTECTED] <> wrote:
> Graham Dodd wrote:
> 
>> I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the
>> system and it has custom patches to work with LDAP.
>> 
>> 
>> 
> Won't standard exim work with LDAP, assuming you set correct

If only I had a standard Exim, or the source and patches.

> parameter during compile? I compiled one successfully, but I never
> did use the LDAP lookups for production use. I prefer using DNSDB

I was thinking of MySQL as I'm familiar with it, what's DNSDB

Graham


-- 

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] 80 question: clamav.conf

2004-10-19 Thread Frank Elsner

On Tue, 19 Oct 2004 08:12:31 EDT [EMAIL PROTECTED] wrote:
> Trying to upgrade to .80 on SuSE Linux PPC distro, from 0.75.
> 
> It looks like /etc/clamav.conf in the .75 release, has been replaced by
> /etc/clamd.conf in the 80 release.  Can anyone confirm, because this will
> effect my upgrade procedures.

Confirmed. 

--Frank Elsner


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] 80 question: clamav.conf

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 08:12:31 -0400
[EMAIL PROTECTED] wrote:

> 
> 
> 
> 
> Trying to upgrade to .80 on SuSE Linux PPC distro, from 0.75.
> 
> It looks like /etc/clamav.conf in the .75 release, has been replaced
> by/etc/clamd.conf in the 80 release.  Can anyone confirm,

Confirmed. But next time please read the release notes.

>because this will effect my upgrade procedures.

Oh, sounds serious :-)

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 14:19:22 CEST 2004


pgpGAS4cO9ATf.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] 80 question: clamav.conf

2004-10-19 Thread alaslavic





Trying to upgrade to .80 on SuSE Linux PPC distro, from 0.75.

It looks like /etc/clamav.conf in the .75 release, has been replaced by
/etc/clamd.conf in the 80 release.  Can anyone confirm, because this will
effect my upgrade procedures.
Alex Laslavic
Havertys Tech Services

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Fajar A. Nugraha

Graham Dodd wrote:
I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the system
and it has custom patches to work with LDAP.
 

Won't standard exim work with LDAP, assuming you set correct parameter 
during compile?
I compiled one successfully, but I never did use the LDAP lookups for 
production use.
I prefer using DNSDB instead.

Regards,
Fajar
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 14:06:44 +0200
"Graham Dodd" <[EMAIL PROTECTED]> wrote:

> Let's see.
> 
> Exim 4.24   exiscan-acl patch rev. 12  ClamAV 0.75.1 - works
> Exim 4.24   exiscan-acl patch rev. 12  ClamAV 0.80 - doesn't work
> 
> What changed ?

Session handling has been improved in ClamAV and the old version of
exiscan was making some nasty things on the socket the new ClamAV
doesn't like.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 14:12:12 CEST 2004


pgpuEg6A85d8F.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 14:01:13 +0200
"Graham Dodd" <[EMAIL PROTECTED]> wrote:

> Yep, and now that I've switched back to 0.75.1 it's running fine.
> 
> I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the
> system and it has custom patches to work with LDAP.

Sounds like a laziness. Remember 0.75.1 is _very_ obsolete and 
installing it you're just saying "Hello malware, you're welcome!"

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 14:10:47 CEST 2004


pgpUUjMYeDbm6.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

[EMAIL PROTECTED] <> wrote:
> On Tue, 19 Oct 2004 13:54:14 +0200
> "Graham Dodd" <[EMAIL PROTECTED]> wrote:
> 
>> Well some people would say bug . :-)
>> 
>> What happened to backward compatibility ?
> 
> What do you call a backward incompatibility? The bug in exiscan? ;-)

I wonder what Tom would say :-)

Let's see.

Exim 4.24   exiscan-acl patch rev. 12  ClamAV 0.75.1 - works
Exim 4.24   exiscan-acl patch rev. 12  ClamAV 0.80 - doesn't work

What changed ?

Quickly switching the subject before the flames get too hot

Would it make any difference if I used the socket to connect to ClamAV


Graham

-- 

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

[EMAIL PROTECTED] <> wrote:
> On Tue, 19 Oct 2004 13:23:21 +0200 "Graham Dodd" wrote:
> 
>   [ ... ]
> 
>> av_scanner = clamd:127.0.0.1 3310
> 
> That means your clamd listems for TCP connections on port 3310
> 
>> And in check_data have the following:
>> 
>> # Check for Virus/virii exiscan
>>   deny message = This message contains malware ($malware_name)  
>>   demime = * malware = *
>>   delay = 10s
>> 
>> 
>> Until 0.80 this worked
> 
> Your "clamd.conf" should contain
> 
> #LocalSocket /tmp/clamd
> TCPSocket 3310
> 

Yep, and now that I've switched back to 0.75.1 it's running fine.

I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the system
and it has custom patches to work with LDAP.

I'm going to switch to Vexim once I get time to setup a test server


Graham
-- 

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 13:54:14 +0200
"Graham Dodd" <[EMAIL PROTECTED]> wrote:

> Well some people would say bug . :-)
> 
> What happened to backward compatibility ?

What do you call a backward incompatibility? The bug in exiscan? ;-)

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 13:55:57 CEST 2004


pgppLGYSCWo1T.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

[EMAIL PROTECTED] <> wrote:
> On Tue, 19 Oct 2004 13:23:21 +0200
> "Graham Dodd" <[EMAIL PROTECTED]> wrote:
> 
>> Until 0.80 this worked
> 
> Oh, I remember that issue. But this is due to an improvement
> in ClamAV and not a bug!

Well some people would say bug . :-)

What happened to backward compatibility ?

Please don't take my replies too seriously I really appreciate all the work
the ClamAv team does


Graham

-- 

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] New version Clamd with Daemontools

2004-10-19 Thread Awie

> I use daemontools to run clamd.
> I didn't change a thing when upgrading from 0.75.1
> to 0.80rc-series, and 0.80 final.
>
> My run script and clamd.conf attached.
>
> Regards,
> Niek
> -- 

Hello Niek,

I used your script and clamd.conf. The readproctitle said error in
Library..bla.. bla...

Then I renamed my clamav.conf to clamd.conf, below my readproctitle said:

root   590  0.0  0.0  1332  232 ?S19:39   0:00 readproctitle
service errors: ...en file or directory?Warning: bad sy
root   591  0.0  0.1  1340  268 ?S19:39   0:00 supervise
clamd
root   592  0.0  0.1  1340  268 ?S19:39   0:00 supervise log
root   593  0.0  0.1  1340  268 ?S19:39   0:00 supervise
qmail-smtpd
root   594  0.0  0.1  1340  268 ?S19:39   0:00 supervise log
root   595  0.0  0.1  1340  268 ?S19:39   0:00 supervise
qmail-send
root   596  0.0  0.1  1340  268 ?S19:39   0:00 supervise log
root   597  0.0  0.1  1340  268 ?S19:39   0:00 supervise
dnscache
root   598  0.0  0.1  1340  268 ?S19:39   0:00 supervise log
qscand 600  0.0  0.1  1352  268 ?S19:39   0:00
/usr/local/bin/multilog t s100 n20 /var/log/clamd
qmaild 601  0.0  0.1  1412  448 ?S19:39   0:00
/usr/local/bin/tcpserver -v -R -H -l 0 -x /etc/tcp.smtp.cdb -c 20 -u
qmails 602  0.0  0.1  1392  352 ?S19:39   0:00 qmail-send
qmaill 603  0.0  0.1  1352  268 ?S19:39   0:00
/usr/local/bin/multilog t /var/log/qmail/smtpd
qmaill 604  0.0  0.1  1352  268 ?S19:39   0:00
/usr/local/bin/multilog t /var/log/qmail
dnscache   605  0.0 11.5 30968 29660 ?   S19:39   0:00
/usr/local/bin/dnscache
dnslog 606  0.0  0.1  1352  268 ?S19:39   0:00 multilog t
./main
root   616  0.0  0.1  1352  292 ?S19:39   0:00 qmail-lspawn
./Mailbox
qmailr 617  0.0  0.1  1348  292 ?S19:39   0:00 qmail-rspawn
qmailq 618  0.0  0.1  1344  300 ?S19:39   0:00 qmail-clean
root  1951  0.0  0.0 00 ?Z19:46   0:00 [run]


I followed all of Jesse's script (I attached it) that be included in old
version of ClamAV.

Does clamd.conf have different parameter from clamav.conf?

Thx & Rgds,

Awie


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Freshclam DNS Warnings

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 14:42:48 +1000
Bill Maidment <[EMAIL PROTECTED]> wrote:

> One of my servers is giving these warnings. What causes this and is it
> 
> anything to worry about?
> 
> 
> freshclam daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686)
> ClamAV update process started at Tue Oct 19 14:39:06 2004
> WARNING: DNS record is older than 3 hours.
> WARNING: Invalid DNS reply.
> main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder:
> 
> tomek)
> WARNING: DNS record is older than 3 hours.
> WARNING: Invalid DNS reply.
> daily.cvd is up to date (version: 535, sigs: 1272, f-level: 3,
> builder: trog)

freshclam attempts to detect potential problems with DNS caches and
switches to the old mode if something looks suspicious

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 13:32:42 CEST 2004


pgpoXWWMZ2Zfl.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Frank Elsner

On Tue, 19 Oct 2004 13:23:21 +0200 "Graham Dodd" wrote:

  [ ... ]

> av_scanner = clamd:127.0.0.1 3310

That means your clamd listems for TCP connections on port 3310

> And in check_data have the following:
> 
> # Check for Virus/virii exiscan
>   deny message = This message contains malware ($malware_name)
>   demime = *
>   malware = *
>   delay = 10s
> 
> 
> Until 0.80 this worked

Your "clamd.conf" should contain

#LocalSocket /tmp/clamd
TCPSocket 3310

This works perfect with exim-4.43 including exiscan-acl-4.43-28

--Frank Elsner



___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 13:23:21 +0200
"Graham Dodd" <[EMAIL PROTECTED]> wrote:

> Until 0.80 this worked

Oh, I remember that issue. But this is due to an improvement in ClamAV
and not a bug!

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 13:26:50 CEST 2004


pgp1rDPcdOeMB.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

[EMAIL PROTECTED] <> wrote:
> On Tue, 19 Oct 2004 13:00:03 +0200
> "Graham Dodd" <[EMAIL PROTECTED]> wrote:
> 
>> [EMAIL PROTECTED] <> wrote:
>>> On Tue, 19 Oct 2004 09:42:23 +0200
>>> "Graham Dodd" <[EMAIL PROTECTED]> wrote:
>>> 
 So I made the leap from 0.75.1 to 0.80 and get the following error
 in exim log 
 
 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd:
 unable to read from socket (No such file or directory)
>>> 
>>> It's trying to use the local socket, isn't it? (and you're using
>>> TCPSocket)
>> 
>> That would be my guess too, but why when LocalSocket is commented
>> out. 
>> 
>> I only have TCPSocket and TCPAddr defined
> 
> And what do you have enabled in the config file of exiscan?

Errhh, there is no .conf that I know of.

I'm calling clamav using the following:

av_scanner = clamd:127.0.0.1 3310

And in check_data have the following:

# Check for Virus/virii exiscan
  deny message = This message contains malware ($malware_name)
  demime = *
  malware = *
  delay = 10s


Until 0.80 this worked


Graham

-- 

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] New version Clamd with Daemontools

2004-10-19 Thread Niek

On 10/19/2004 10:54 AM +0200, Awie wrote:
All,
I stuck to use clamd of version 0.80 with daemontools (I used this scheme
very nicely for older version). Does anyone know how to do it?
Thx & Rgds,
Awie
I use daemontools to run clamd.
I didn't change a thing when upgrading from 0.75.1
to 0.80rc-series, and 0.80 final.
My run script and clamd.conf attached.
Regards,
Niek
--
___
Read about mime:http://www.geoapps.com/nomime.shtml
Read about quoting: http://www.netmeister.org/news/learn2quote.html
Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
#!/bin/sh
exec 2>&1
CLAMD_FILE=/tmp/clamd
SCAN_FILE=$0

# Check for a leftover socket.
if [ -e $CLAMD_FILE ]
then
  echo "run: WARNING: file $CLAMD_FILE exists"
  if clamdscan $SCAN_FILE
  then
echo "run: FATAL: Clamd is already running. Trying to start anyway..."
  else
echo "run: INFO: Clamd is not running. Deleting $CLAMD_FILE"
rm -f $CLAMD_FILE
  fi
fi

# Run the scanner daemon.
exec /usr/sbin/clamd
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##

LogFile /dev/stderr
DatabaseDirectory /usr/share/clamav
LocalSocket /tmp/clamd
FixStaleSocket
Foreground
MaxThreads 30
MaxDirectoryRecursion 20
# Scan options, turn off everything, then enable a couple
DisableDefaultScanOptions
ScanPE
ScanOLE2
ScanHTML
ScanArchive
ArchiveMaxFileSize 15M
ArchiveMaxRecursion 8
ArchiveMaxFiles 1500
ArchiveMaxCompressionRatio 300

#LogFileUnlock
#LogFileMaxSize 2M
#LogTime
#LogClean
#LogSyslog
#LogFacility LOG_MAIL
#LogVerbose
#PidFile /var/run/clamd.pid
#TemporaryDirectory /var/tmp
#TCPSocket 3310
#TCPAddr 127.0.0.1
#MaxConnectionQueueLength 30
#StreamMaxLength 20M
#MaxThreads 20
#ReadTimeout 300
#IdleTimeout 60
#MaxDirectoryRecursion 20
#FollowDirectorySymlinks
#FollowFileSymlinks
#SelfCheck 600
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
#User clamav

#AllowSupplementaryGroups
#Debug
#ScanMail
#MailFollowURLs
#ScanRAR
#ArchiveLimitMemoryUsage
#ArchiveBlockEncrypted
#ArchiveBlockMax
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 13:00:03 +0200
"Graham Dodd" <[EMAIL PROTECTED]> wrote:

> [EMAIL PROTECTED] <> wrote:
> > On Tue, 19 Oct 2004 09:42:23 +0200
> > "Graham Dodd" <[EMAIL PROTECTED]> wrote:
> > 
> >> So I made the leap from 0.75.1 to 0.80 and get the following error
> >> in exim log 
> >> 
> >> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd:
> >> unable to read from socket (No such file or directory)
> > 
> > It's trying to use the local socket, isn't it? (and you're using
> > TCPSocket)
> 
> That would be my guess too, but why when LocalSocket is commented out.
> 
> I only have TCPSocket and TCPAddr defined

And what do you have enabled in the config file of exiscan?

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 13:07:48 CEST 2004


pgpdSWfmlL4vU.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

[EMAIL PROTECTED] <> wrote:
> On Tue, 19 Oct 2004 09:42:23 +0200
> "Graham Dodd" <[EMAIL PROTECTED]> wrote:
> 
>> So I made the leap from 0.75.1 to 0.80 and get the following error
>> in exim log 
>> 
>> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd:
>> unable to read from socket (No such file or directory)
> 
> It's trying to use the local socket, isn't it? (and you're using
> TCPSocket)

That would be my guess too, but why when LocalSocket is commented out.

I only have TCPSocket and TCPAddr defined


Graham

-- 

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 12:39:44 +0200
"Kareem Mahgoub" <[EMAIL PROTECTED]> wrote:

> Thanks for the quick help.
> I thought it is something in clamav not QS ( on a second thought, it
> should really go to QS mailing list ) my apology.
> For hitting reply on a previous thread,
> I thought it won't harm anybody, but it seems to be something bad. It
> will be my last time.

And please don't top-post.

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 12:39:22 CEST 2004


pgpZCvSi9qFaZ.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread Kareem Mahgoub

Thanks for the quick help.
I thought it is something in clamav not QS ( on a second thought, it should
really go to QS mailing list ) my apology.
For hitting reply on a previous thread,
I thought it won't harm anybody, but it seems to be something bad. It will
be my last time.

Best Regards,
Kareem Mahgoub

- Original Message - 
From: "Niek" <[EMAIL PROTECTED]>
To: "ClamAV users ML" <[EMAIL PROTECTED]>
Sent: Tuesday, October 19, 2004 12:09 PM
Subject: Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80


> On 10/19/2004 10:32 AM +0200, Kareem Mahgoub wrote:
> > Hello list,
> > I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2.
> > after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav.
> > I have recompiles qmail-scanner, ran qmail-scanner.pl -z and
> > qmail-scanner.pl -g , with the same result.
> > Any clue??
> >
> > Best Regards,
> > Kareem Mahgoub
>
> Hi,
> Like Alex stated, wrong list.
> Oh, and don't start a new conversation by replying to an old
> message you received from this list.
> It messes things up for the threaded readers.
>
> Regards,
> Niek
> -- 
> ___
> Read about mime:http://www.geoapps.com/nomime.shtml
> Read about quoting: http://www.netmeister.org/news/learn2quote.html
> Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Tomasz Kojm

On Tue, 19 Oct 2004 09:42:23 +0200
"Graham Dodd" <[EMAIL PROTECTED]> wrote:

> So I made the leap from 0.75.1 to 0.80 and get the following error in
> exim log
> 
> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd:
> unable to read from socket (No such file or directory)

It's trying to use the local socket, isn't it? (and you're using
TCPSocket)

-- 
   oo. Tomasz Kojm <[EMAIL PROTECTED]>
  (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg
 \..._ 0DCA5A08407D5288279DB43454822DC8985A444B
   //\   /\  Tue Oct 19 12:34:29 CEST 2004


pgpaT4zWHFTf5.pgp
Description: PGP signature
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread Niek

On 10/19/2004 10:32 AM +0200, Kareem Mahgoub wrote:
Hello list,
I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2.
after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav.
I have recompiles qmail-scanner, ran qmail-scanner.pl -z and
qmail-scanner.pl -g , with the same result.
Any clue??
Best Regards,
Kareem Mahgoub
Hi,
Like Alex stated, wrong list.
Oh, and don't start a new conversation by replying to an old
message you received from this list.
It messes things up for the threaded readers.
Regards,
Niek
--
___
Read about mime:http://www.geoapps.com/nomime.shtml
Read about quoting: http://www.netmeister.org/news/learn2quote.html
Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread Alex Pleiner

* Kareem Mahgoub <[EMAIL PROTECTED]> [2004-10-19 10:32]:
> Hello list,
> I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2.
> after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav.
> I have recompiles qmail-scanner, ran qmail-scanner.pl -z and
> qmail-scanner.pl -g , with the same result.
> Any clue??

Besides this is the wrong list, Q-S does work with clamav 0.80. There
are just some minor annoyances - you detected one.

1. version information has changed, so Q-S version detection fails (it
still detects and call s clamav but fails to print the version
information). You might edit qmail-scanner-queue.pl and search for:

if (/ersion ([0-9\.\-a-z]+)/i) {
  $SCANINFO .="clamscan: $1. ";

replace with

   if (/lamav ([0-9\.\-a-z]+)/i) { 
  $SCANINFO .="clamscan: $1. ";   

2. clamdscan is called with obsolete args. This doesn't hurt, but fills
your log. I didn't check whether clamscan is affected. Replace

my $clamdscan_options="-r --disable-summary --max-recursion=10 --max-space=10";

with

my $clamdscan_options="--disable-summary";

HTH.

BTW, the next version of Q-S will fix this.

Alex

-- 
Alex Pleinerzeitform Internet Dienste
mailto:[EMAIL PROTECTED]  Fraunhoferstraße 5
PGP S/MIME: http://key.zeitform.de/ap   64283 Darmstadt, Germany
Tel./Fax: +49 (0) 6151 155-635 / -634   http://www.zeitform.de
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] can't compile clamav 0.80

2004-10-19 Thread Rob MacGregor

On Tue, 19 Oct 2004 10:24:07 +0300, Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote:
> On Tue, 19 Oct 2004 03:16:53 -0400
> Dale Walsh <[EMAIL PROTECTED]> wrote:
> 
> > > OS: FreeBSD 5.2.1-RELEASE-p1

Update your ports and install from there.

-- 
 Please keep list traffic on the list.
Rob MacGregor
  Whoever fights monsters should see to it that in the process he 
doesn't become a monster.  Friedrich Nietzsche
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] New version Clamd with Daemontools

2004-10-19 Thread Awie

All,

I stuck to use clamd of version 0.80 with daemontools (I used this scheme
very nicely for older version). Does anyone know how to do it?

Thx & Rgds,

Awie


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Re: clamav-users Digest, Vol 2, Issue 57

2004-10-19 Thread Michael Hübler

PERFECT!

> --
>
> Message: 12
> Date: Tue, 19 Oct 2004 01:23:37 -0700
> From: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Your ClamAV installation is OUTDATED ?
> To: ClamAV users ML <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Quoting Michael Hübler <[EMAIL PROTECTED]>:
>
> > I couldnt find something about it on the net. So i ask you: What is
this?
> > Are my hourly updates not enough? How can i solve this problem?
> > I have the Clamwin  0.35.2 running. IT IS the latest release. What is
> > "Outdated" then?
>
> As people have already said, ClamWin is using the old ClamAV engine.
While
> you'll have to wait for a new version of ClamWin to come out, you *may* be
> able to update the engine yourself:
>
> 1) Download the following file and install (it's the win32 port of ClamAV:
> http://www.sosdg.org/clamav-win32/clamav-devel.exe
>
> 2) Copy the contents of c:\clamav-devel\bin and overwrite to c:\Program
> Files\ClamWin\bin (this will update the ClamWin engine)
>
> Now try and update ClamWin and do testing, to make sure it still works.
>
> Note/Disclaimer thingy:  This has worked for me, use above at own risk,
etc.
> etc.  if anyone things this is wrong... yell ;)
>
> If you're at all worried, just wait for the new version...
>
> Good luck...
>
> Steve


STEVE ! THIS WORKS ;)
Thank you

bye Michael

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] freshclam: Chunked Transfer Coding

2004-10-19 Thread Jo Mills

Hi,

First let me apologize if this is way off the mark, but it has aroused
my curiosity.  When you say "freshclam fails", do you get a return
value of 1?  I only ask because we have two Web Proxies in the office,
one is a Novell box and the other is Squid/Debian.  I built the
Squid/Debian box as freshclam would not work through the Novell box
and for various reasons too boring to go into here, it was just easier
to re-route all non vpn traffic via a new proxy than get RSSI of the
forehead negotiating with the IT dept - they control the Novell box.

As I say, just curious.

Regards,

Jo.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] qmail-scanner-1.23 and clamav 0.80

2004-10-19 Thread Kareem Mahgoub

Hello list,
I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2.
after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav.
I have recompiles qmail-scanner, ran qmail-scanner.pl -z and
qmail-scanner.pl -g , with the same result.
Any clue??

Best Regards,
Kareem Mahgoub

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Brian Morrison

On Tue, 19 Oct 2004 10:23:04 +0200 in
[EMAIL PROTECTED] "Graham Dodd" <[EMAIL PROTECTED]>
wrote:

> [EMAIL PROTECTED] <> wrote:
> > On Tue, 19 Oct 2004 15:03:13 +0700 "Fajar A. Nugraha" wrote:
> > 
> >   [ ... ]
> > 
> >> exim 4.24 (the exiscan patch of it, to be exact) seems to have that
> >> problem. Use exim 4.41 instead.
> > 
> > Or use the newest exim-4.43/exiscan-acl-4.43-28 combination. Works
> > great with ClamAV 0.80. 
> > 
> > --Frank Elsner
> > 
> 
> Upgrading Exim is not an option at the moment so I guess I'll switch
> back to 0.75.1

I think the patch needed is as shown below, from a previous posting to
the list:

 I've just compared the clamd code between exiscan-acl-4.33-20 and 
 exiscan-acl-4.33-28 and found the following (which looks like it could 
 be the cause of the problem):

 --- exiclam.old 2004-10-13 21:04:43.036454125 +0100
 +++ exiclam.new 2004-10-13 21:04:08.433816809 +0100
 @@ -87,8 +87,14 @@
   +return DEFER;
   +  }
   +
 -+  /* we're done sending, close socket for writing */
 -+  shutdown(sock, SHUT_WR);
 ++  /*
 ++We're done sending, close socket for writing.
 ++
 ++One user reported that clamd 0.70 does not like this any more
...
 ++
 ++  */
 ++
 ++  /* shutdown(sock, SHUT_WR); */
   +
   +  /* Read the result */
   +  memset(av_buffer, 0, sizeof(av_buffer));

It may be possible to patch your existing Exim with this simple change.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Your ClamAV installation is OUTDATED ?

2004-10-19 Thread steve

Quoting Michael Hübler <[EMAIL PROTECTED]>:

> I couldnt find something about it on the net. So i ask you: What is this?
> Are my hourly updates not enough? How can i solve this problem?
> I have the Clamwin  0.35.2 running. IT IS the latest release. What is
> "Outdated" then?

As people have already said, ClamWin is using the old ClamAV engine.   While
you'll have to wait for a new version of ClamWin to come out, you *may* be
able to update the engine yourself:

1) Download the following file and install (it's the win32 port of ClamAV:
http://www.sosdg.org/clamav-win32/clamav-devel.exe

2) Copy the contents of c:\clamav-devel\bin and overwrite to c:\Program
Files\ClamWin\bin (this will update the ClamWin engine)

Now try and update ClamWin and do testing, to make sure it still works.

Note/Disclaimer thingy:  This has worked for me, use above at own risk, etc.
etc.  if anyone things this is wrong... yell ;)

If you're at all worried, just wait for the new version...

Good luck...

Steve



___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

RE: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

[EMAIL PROTECTED] <> wrote:
> On Tue, 19 Oct 2004 15:03:13 +0700 "Fajar A. Nugraha" wrote:
> 
>   [ ... ]
> 
>> exim 4.24 (the exiscan patch of it, to be exact) seems to have that
>> problem. Use exim 4.41 instead.
> 
> Or use the newest exim-4.43/exiscan-acl-4.43-28 combination. Works
> great with ClamAV 0.80. 
> 
> --Frank Elsner
> 

Upgrading Exim is not an option at the moment so I guess I'll switch back to
0.75.1

thanks to both Frank and Fajar for the help

Graham

-- 

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Frank Elsner

On Tue, 19 Oct 2004 15:03:13 +0700 "Fajar A. Nugraha" wrote:

  [ ... ]

> exim 4.24 (the exiscan patch of it, to be exact) seems to have that 
> problem. Use exim 4.41 instead.

Or use the newest exim-4.43/exiscan-acl-4.43-28 combination.
Works great with ClamAV 0.80.

--Frank Elsner


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

AW: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Mehnert


--> So I made the leap from 0.75.1 to 0.80 and get the following 
--> error in exim
--> log
--> 
--> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: 
--> clamd: unable to
--> read from socket (No such file or directory)
--> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 H=floyd.blarg.net (mail.blarg.net)
--> [206.124.128.8]:56990 F=<[EMAIL PROTECTED]>
--> temporarily rejected after DATA
--> 
--> I enabled debugging, restarted clamd and can see no errors

had the same problem using exim 4.24 + clamav 0.8
upgraded to exim 4.43/exiscan 28 and the problem was gone

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Brian Morrison

On Tue, 19 Oct 2004 15:03:13 +0700 in [EMAIL PROTECTED]
"Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote:

>  exim 4.24 (the exiscan patch of it, to be exact) seems to have that 
>  problem. Use exim 4.41 instead.

Or even 4.43 with exiscan-acl-28.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Your ClamAV installation is OUTDATED ?

2004-10-19 Thread Fajar A. Nugraha

Michael Hübler wrote:
I have an scheudled update every hour. but now i always got this warnings
here:
---
WARNING: Your ClamAV installation is OUTDATED - please update immediately !
WARNING: Current functionality level = 2, required = 3
---
I couldnt find something about it on the net. So i ask you: What is this?
Are my hourly updates not enough? How can i solve this problem?
I have the Clamwin  0.35.2 running. IT IS the latest release. 

Latest ClamWin, but NOT latest clamav :)
What is
"Outdated" then?
 

Basicly it means there are some functionality in the current db version
that will not work unless you use the latest clamav version.
Until the new clamwin comes out, your only choice is to ignore this warning.
Regards,
Fajar
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Your ClamAV installation is OUTDATED ?

2004-10-19 Thread Brian Morrison

On Tue, 19 Oct 2004 10:00:41 +0200 in [EMAIL PROTECTED]
Michael Hübler <[EMAIL PROTECTED]> wrote:

>  I couldnt find something about it on the net. So i ask you: What is
>  this? Are my hourly updates not enough? How can i solve this problem?
>  I have the Clamwin  0.35.2 running. IT IS the latest release. What is
>  "Outdated" then?

Clamwin 0.35.2 uses clamav 0.75.1 as its base. Since yesterday, clamav
0.80 is released, so you need to check for a later version of Clamwin
although I expect it will take a little while for this to appear.

In the meantime, Clamwin will not use the signatures that require 0.80
so you can keep on using what you have for now.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Fajar A. Nugraha

Graham Dodd wrote:
So I made the leap from 0.75.1 to 0.80 and get the following error in exim
log
2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: unable to
read from socket (No such file or directory)
2004-10-19 09:20:52 1CJoIe-0002Ut-E3 H=floyd.blarg.net (mail.blarg.net)
[206.124.128.8]:56990 F=<[EMAIL PROTECTED]>
temporarily rejected after DATA
 

exim 4.24 (the exiscan patch of it, to be exact) seems to have that 
problem. Use exim 4.41 instead.

Regards,
Fajar
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Brian Morrison

On Tue, 19 Oct 2004 09:42:23 +0200 in
[EMAIL PROTECTED] "Graham Dodd" <[EMAIL PROTECTED]>
wrote:

>  I'm still searching the archives, but if anyone can point me in the
>  right direction it would help

Have a look at the thread about Exim entitled "Upgrading to 0.80rc3
breaks Exim malware acl".

The problem is the version of the exiscan patch you have, you need later
than -21.

-- 

Brian Morrison

bdm at fenrir dot org dot uk

GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Your ClamAV installation is OUTDATED ?

2004-10-19 Thread Michael Hübler

Hello together

Iam a new ClamAV user. I have installed it a few days ago on my win2k
windows PC.

I have an scheudled update every hour. but now i always got this warnings
here:
---
WARNING: Your ClamAV installation is OUTDATED - please update immediately !
WARNING: Current functionality level = 2, required = 3
---

I couldnt find something about it on the net. So i ask you: What is this?
Are my hourly updates not enough? How can i solve this problem?
I have the Clamwin  0.35.2 running. IT IS the latest release. What is
"Outdated" then?

Please help me out. How can i fix it.

bye Michael


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Problems after upgrading to 0.80

2004-10-19 Thread Graham Dodd

So I made the leap from 0.75.1 to 0.80 and get the following error in exim
log

2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: unable to
read from socket (No such file or directory)
2004-10-19 09:20:52 1CJoIe-0002Ut-E3 H=floyd.blarg.net (mail.blarg.net)
[206.124.128.8]:56990 F=<[EMAIL PROTECTED]>
temporarily rejected after DATA

I enabled debugging, restarted clamd and can see no errors

Tue Oct 19 09:14:45 2004 -> +++ Started at Tue Oct 19 09:14:45 2004
Tue Oct 19 09:14:45 2004 -> clamd daemon 0.80 (OS: linux-gnu, ARCH: i386,
CPU: i686)
Tue Oct 19 09:14:45 2004 -> Log file size limited to 1048576 bytes.
Tue Oct 19 09:14:45 2004 -> Verbose logging activated.
Tue Oct 19 09:14:45 2004 -> Running as user root (UID 0, GID 0)
Tue Oct 19 09:14:45 2004 -> Reading databases from /usr/local/share/clamav
Tue Oct 19 09:14:47 2004 -> Protecting against 25254 viruses.
Tue Oct 19 09:14:47 2004 -> Bound to address 127.0.0.1 on port 3310
Tue Oct 19 09:14:47 2004 -> Setting connection queue length to 15
Tue Oct 19 09:14:47 2004 -> Listening daemon: PID: 9460
Tue Oct 19 09:14:47 2004 -> Archive: Archived file size limit set to
10485760 bytes.
Tue Oct 19 09:14:47 2004 -> Archive: Recursion level limit set to 5.
Tue Oct 19 09:14:47 2004 -> Archive: Files limit set to 1000.
Tue Oct 19 09:14:47 2004 -> Archive: Compression ratio limit set to 200.
Tue Oct 19 09:14:47 2004 -> Archive support enabled.
Tue Oct 19 09:14:47 2004 -> Archive: RAR support enabled.
Tue Oct 19 09:14:47 2004 -> Portable Executable support enabled.
Tue Oct 19 09:14:47 2004 -> Mail files support enabled.
Tue Oct 19 09:14:47 2004 -> OLE2 support enabled.
Tue Oct 19 09:14:47 2004 -> HTML support enabled.
Tue Oct 19 09:14:47 2004 -> Self checking every 1800 seconds.

Output from ps ax

 9460 ?S  0:00 /usr/local/sbin/clamd --config-file
/etc/clamav.conf

I saved my running config and call it direct from clamd start

Here is the appropriate part from the .conf

#LocalSocket /tmp/clamd

# Remove stale socket after unclean shutdown.
FixStaleSocket

# TCP port address.
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
TCPAddr 127.0.0.1



I'm still searching the archives, but if anyone can point me in the right
direction it would help

Thanks,

Graham


--

Graham K. Dodd
Director of Operations
Falk & Ross GmbH
Tel: 06301 717 0
 



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] milter version

2004-10-19 Thread christian laubscher


when i enter 'clamd -V' i get a version line reflecting the i get a 
version line indicating the current database version, eg .../535/..., 
currently.

the clamav-milter X-Virus-Scanned lines, however, seem to reflect the 
version feedback of clamd when the milter was started, not the current 
one.

since the pingServer function seems to be only called at initialization 
time, i presume this is a feature, not a bug - although it would be 
much more informative to have the X-Virus-Scanned line reflect the 
clamd version info valid at scanning time, not the historic one, imho?

btw: thank you for an *excellent* piece of software!

christian

-- 
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] can't compile clamav 0.80

2004-10-19 Thread Korchmenuk Nickolay

On Tue, 19 Oct 2004 03:16:53 -0400
Dale Walsh <[EMAIL PROTECTED]> wrote:

> > OS: FreeBSD 5.2.1-RELEASE-p1

-- 
 Korchmenuk Nickolay
19 Oct 2004 10:23:50
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] can't compile clamav 0.80

2004-10-19 Thread Dale Walsh

On Oct 19, 2004, at 03:10, Korchmenuk Nickolay wrote:
Hi
I'v got next errors and warnings whe try configure clamav 0.80:
configure: WARNING: resolv.h: present but cannot be compiled
configure: WARNING: resolv.h: check for missing prerequisite 
headers?
configure: WARNING: resolv.h: see the Autoconf documentation
configure: WARNING: resolv.h: section "Present But Cannot Be 
Compiled"
configure: WARNING: resolv.h: proceeding with the preprocessor's result
configure: WARNING: resolv.h: in the future, the compiler will take 
precedence
configure: WARNING: ## -- 
##
configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists.  
##
configure: WARNING: ## -- 
##
checking for resolv.h... yes
checking whether setpgrp takes no argument... no
checking for __gmpz_init in -lgmp... yes
checking for curl >= 7.10.0... FAILED
configure: WARNING: curl-config was not found
checking for mi_stop in -lmilter... no
checking for library containing strlcpy... no
checking for mi_stop in -lmilter... no
configure: error: Cannot find libmilter

OS: FreeBSD 5.2.1-RELEASE-p1
Sendmail 8.13.1
clamav 0.80
'configure' options: --disable-clamuko --enable-milter 
--disable-pthreads --sysconfdir=/usr/local/etc 
--with-dbdir=/var/clamav/db

How can I solve this problems?
--
 Korchmenuk Nickolay
What OS are you using? (Mac OSX???)
-- Dale
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] can't compile clamav 0.80

2004-10-19 Thread Korchmenuk Nickolay

Hi 

I'v got next errors and warnings whe try configure clamav 0.80:

configure: WARNING: resolv.h: present but cannot be compiled
configure: WARNING: resolv.h: check for missing prerequisite headers?
configure: WARNING: resolv.h: see the Autoconf documentation
configure: WARNING: resolv.h: section "Present But Cannot Be Compiled"
configure: WARNING: resolv.h: proceeding with the preprocessor's result
configure: WARNING: resolv.h: in the future, the compiler will take precedence
configure: WARNING: ## -- ##
configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists.  ##
configure: WARNING: ## -- ##
checking for resolv.h... yes
checking whether setpgrp takes no argument... no
checking for __gmpz_init in -lgmp... yes
checking for curl >= 7.10.0... FAILED
configure: WARNING: curl-config was not found
checking for mi_stop in -lmilter... no
checking for library containing strlcpy... no
checking for mi_stop in -lmilter... no
configure: error: Cannot find libmilter

OS: FreeBSD 5.2.1-RELEASE-p1
Sendmail 8.13.1
clamav 0.80
'configure' options: --disable-clamuko --enable-milter --disable-pthreads 
--sysconfdir=/usr/local/etc --with-dbdir=/var/clamav/db

How can I solve this problems?

-- 
 Korchmenuk Nickolay
19 Oct 2004 10:06:33
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

99 matches

Mail list logo