Re: [Clamav-users] Unable to open file or directory ERROR
Hello, Grant Supp wrote: I'm using Clam AV 0.80 with Qmail-Scanner 1.23 and receive the following lines in my clamd.log: Tue Oct 19 15:22:34 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821735148216078/1098217354.16090-1.newmail01.readyhosting.com: Trojan.Dropper.JS.Zerolin-6 FOUND Tue Oct 19 15:30:44 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821784448218517/test.zip: ClamAV-Test-Signature FOUND Tue Oct 19 15:40:14 2004 -> SelfCheck: Database status OK. Tue Oct 19 15:53:44 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821922448224690/Order - Hearing and Appeal.pdf: Unable to open file or directory ERROR Tue Oct 19 16:10:29 2004 -> SelfCheck: Database status OK. Tue Oct 19 16:32:40 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com10982215584824569/text.zip: Worm.Mydoom.I FOUND Tue Oct 19 16:36:09 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com10982217694825599/Untitled Attachment: Unable to open file or directory ERROR "Unable to open file or directory ERROR" -- does anyone have any idea how to begin troubleshooting this intermittent problem? Is it always when scanning the same files ? Could You try another ? Could You try the same file with OLE2 support disabled ? I'm curious if this is OLE2 related Regards Boguslaw Brandys ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New version Clamd with Daemontools
Finally I can supervise new version of clamd. There are some parameter of clamav.conf that no need anymore in clamd.conf. After editing some lines, it works well. However, Qmail-scanner still has unrecognize command that I sure it should be OK. Wed, 20 Oct 2004 11:50:22 EDT:4600: run /usr/local/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space =10 /var/spool/qmailscan/tmp/Cybergate10982874224824600 2>&1 WARNING: Ignoring option -r: please edit clamd.conf instead. WARNING: Ignoring option --max-recursion: please edit clamd.conf instead. WARNING: Ignoring option --max-space: please edit clamd.conf instead. /var/spool/qmailscan/tmp/Cybergate10982874224824600: OK Thx & Rgds, Awie ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
On Tue, Oct 19, 2004 at 06:26:30PM -0700, Todd Lyons said: > Christopher X. Candreva wanted us to know: > > >> Yes, I'm seeing them, and they're annoying as hell. Most of them seem to be > >> from Trog, thought the other poster that said they were forwarded messages > >> broke his own claim, since his had the same issue. > >Ah -- could this be people who PGP-sign their messages ? > > Yes, inline signing would probably fix that issue. In my last message, I see: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TakKZr9L6Hm6aLOc" Content-Disposition: inline It is an inline, gpg signed message. I had no idea how many broken MUA's there are out there :) My girlfriend tells me that she has to jump through hoops to open a signed message in Outlook, but I didn't think that would be the case with *nix mailers for the most part. -- -- | Stephen Gran | If your aim in life is nothing, you | | [EMAIL PROTECTED] | can't miss. | | http://www.lobefin.net/~steve | | -- pgpIsbrgZIe0i.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New version Clamd with Daemontools
All, When will the version of ClamAV 0.75-1 be expired? I hope it will be after I solve my problem of supervise clamd of new version. Thx & Rgds, Awie - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "ClamAV users ML" <[EMAIL PROTECTED]> Sent: Tuesday, October 19, 2004 7:57 PM Subject: Re: [Clamav-users] New version Clamd with Daemontools > > I use daemontools to run clamd. > > I didn't change a thing when upgrading from 0.75.1 > > to 0.80rc-series, and 0.80 final. > > > > My run script and clamd.conf attached. > > > > Regards, > > Niek > > -- > > Hello Niek, > > I used your script and clamd.conf. The readproctitle said error in > Library..bla.. bla... > > Then I renamed my clamav.conf to clamd.conf, below my readproctitle said: > > root 590 0.0 0.0 1332 232 ?S19:39 0:00 readproctitle > service errors: ...en file or directory?Warning: bad sy > root 591 0.0 0.1 1340 268 ?S19:39 0:00 supervise > clamd > root 592 0.0 0.1 1340 268 ?S19:39 0:00 supervise log > root 593 0.0 0.1 1340 268 ?S19:39 0:00 supervise > qmail-smtpd > root 594 0.0 0.1 1340 268 ?S19:39 0:00 supervise log > root 595 0.0 0.1 1340 268 ?S19:39 0:00 supervise > qmail-send > root 596 0.0 0.1 1340 268 ?S19:39 0:00 supervise log > root 597 0.0 0.1 1340 268 ?S19:39 0:00 supervise > dnscache > root 598 0.0 0.1 1340 268 ?S19:39 0:00 supervise log > qscand 600 0.0 0.1 1352 268 ?S19:39 0:00 > /usr/local/bin/multilog t s100 n20 /var/log/clamd > qmaild 601 0.0 0.1 1412 448 ?S19:39 0:00 > /usr/local/bin/tcpserver -v -R -H -l 0 -x /etc/tcp.smtp.cdb -c 20 -u > qmails 602 0.0 0.1 1392 352 ?S19:39 0:00 qmail-send > qmaill 603 0.0 0.1 1352 268 ?S19:39 0:00 > /usr/local/bin/multilog t /var/log/qmail/smtpd > qmaill 604 0.0 0.1 1352 268 ?S19:39 0:00 > /usr/local/bin/multilog t /var/log/qmail > dnscache 605 0.0 11.5 30968 29660 ? S19:39 0:00 > /usr/local/bin/dnscache > dnslog 606 0.0 0.1 1352 268 ?S19:39 0:00 multilog t > ./main > root 616 0.0 0.1 1352 292 ?S19:39 0:00 qmail-lspawn > ./Mailbox > qmailr 617 0.0 0.1 1348 292 ?S19:39 0:00 qmail-rspawn > qmailq 618 0.0 0.1 1344 300 ?S19:39 0:00 qmail-clean > root 1951 0.0 0.0 00 ?Z19:46 0:00 [run] > > > I followed all of Jesse's script (I attached it) that be included in old > version of ClamAV. > > Does clamd.conf have different parameter from clamav.conf? > > Thx & Rgds, > > Awie > > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] freshclam: Chunked Transfer Coding
On Tuesday 19 October 2004 17:37, Jo Mills wrote: > Hi, > > First let me apologize if this is way off the mark, but it has aroused > my curiosity. When you say "freshclam fails", do you get a return > value of 1? I only ask because we have two Web Proxies in the office, > one is a Novell box and the other is Squid/Debian. I built the > Squid/Debian box as freshclam would not work through the Novell box > and for various reasons too boring to go into here, it was just easier > to re-route all non vpn traffic via a new proxy than get RSSI of the > forehead negotiating with the IT dept - they control the Novell box. If your problem is the same, there are two ways to solve. 1. Change Squid setting Make squid not to use transfer coding. Accourding to http://www.imc.org/ietf-openproxy/mail-archive/msg02605.html > Note that HTTP/1.1 default is (identity, chunked). So, Squid also uses transfer encoding by default. # I couldn't find any document describes about that settings. 2 . Change freshclam to use HTTP/1.0 I attached a simple patch changes freshclam to use HTTP/1.0 Quick check: You can check which your proxy uses transfer-encoding or not. $ telnet your.proxy.server 8080 Connected to your.proxy.server (xxx.xxx.xxx.xxx). Escape character is '^]'. GET http://www.google.com/ HTTP/1.1 HTTP/1.1 200 OK .. .. Transfer-Encoding: chunked If your server uses transfer-encoding, you can see that header. -- -- shivaken antshell: Ant command line front end http://www.antshell.org diff -ur clamav-0.80/freshclam/manager.c clamav-0.80.new/freshclam/manager.c --- clamav-0.80/freshclam/manager.c 2004-10-18 01:50:34.0 +0900 +++ clamav-0.80.new/freshclam/manager.c 2004-10-20 09:11:20.928348968 +0900 @@ -1,6 +1,6 @@ /* * Copyright (C) 2002 - 2004 Tomasz Kojm <[EMAIL PROTECTED]> - * HTTP/1.1 compliance by Arkadiusz Miskiewicz <[EMAIL PROTECTED]> + * HTTP/1.0 compliance by Arkadiusz Miskiewicz <[EMAIL PROTECTED]> * Proxy support by Nigel Horne <[EMAIL PROTECTED]> * Proxy authorization support by Gernot Tenchio <[EMAIL PROTECTED]> * (uses fmt_base64() from libowfat (http://www.fefe.de)) @@ -474,7 +474,7 @@ mprintf("Reading CVD header (%s): ", file); #ifdef NO_SNPRINTF -sprintf(cmd, "GET %s/%s HTTP/1.1\r\n" +sprintf(cmd, "GET %s/%s HTTP/1.0\r\n" "Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" @@ -482,7 +482,7 @@ "Range: bytes=0-511\r\n" "\r\n", (remotename != NULL)?remotename:"", file, hostname, (authorization != NULL)?authorization:""); #else -snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n" +snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.0\r\n" "Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" @@ -508,7 +508,7 @@ return NULL; } -if ((strstr(buffer, "HTTP/1.1 404")) != NULL) { +if ((strstr(buffer, "HTTP/1.0 404")) != NULL) { mprintf("@CVD file not found on remote server\n"); return NULL; } @@ -585,14 +585,14 @@ } #ifdef NO_SNPRINTF -sprintf(cmd, "GET %s/%s HTTP/1.1\r\n" +sprintf(cmd, "GET %s/%s HTTP/1.0\r\n" "Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" "Connection: close\r\n" "\r\n", (remotename != NULL)?remotename:"", dbfile, hostname, (authorization != NULL)?authorization:""); #else -snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.1\r\n" +snprintf(cmd, sizeof(cmd), "GET %s/%s HTTP/1.0\r\n" "Host: %s\r\n%s" "User-Agent: "PACKAGE"/"VERSION"\r\n" "Cache-Control: no-cache\r\n" @@ -629,7 +629,7 @@ /* check whether the resource actually existed or not */ -if ((strstr(buffer, "HTTP/1.1 404")) != NULL) { +if ((strstr(buffer, "HTTP/1.0 404")) != NULL) { mprintf("@%s not found on remote server\n", dbfile); close(fd); unlink(file); ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
Christopher X. Candreva wanted us to know: >> Yes, I'm seeing them, and they're annoying as hell. Most of them seem to be >> from Trog, thought the other poster that said they were forwarded messages >> broke his own claim, since his had the same issue. >Ah -- could this be people who PGP-sign their messages ? Yes, inline signing would probably fix that issue. -- Regards... Todd OS X: We've been fighting the "It's a mac" syndrome with upper management for years now. Lately we've taken to just referring to new mac installations as "Unix" installations when presenting proposals and updates. For some reason, they have no problem with that. -- /. Linux kernel 2.6.3-19mdkenterprise 2 users, load average: 0.01, 0.02, 0.02 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
On Tue, 19 Oct 2004, Damian Menscher wrote: > Yes, I'm seeing them, and they're annoying as hell. Most of them seem to be > from Trog, thought the other poster that said they were forwarded messages > broke his own claim, since his had the same issue. Ah -- could this be people who PGP-sign their messages ? == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
On Tue, 19 Oct 2004, Daniel J McDonald wrote: Am I the only one who sees several of the posters with embedded: Content-Type: message/rfc822 that includes embedded text/plain attachments. Evolution opens them up with only one extra step, but if I'm stuck with Outlook (or worse, OWA) you have to open three levels of attachments to read the text of the e-mail. Just started when we switched from sourceforge to Luca's mailman server. If I'm the only one seeing it I'll troubleshoot my amavis-new config to see if it is doing something bizarre... Yes, I'm seeing them, and they're annoying as hell. Most of them seem to be from Trog, thought the other poster that said they were forwarded messages broke his own claim, since his had the same issue. I'm about ready to give up on this list... no sense going through multiple steps to read an email that asks a FAQ. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
On Tue, Oct 19, 2004 at 05:20:38PM -0500, Daniel J McDonald said: > Am I the only one who sees several of the posters with embedded: > > Content-Type: message/rfc822 > > that includes embedded text/plain attachments. Evolution opens them up > with only one extra step, but if I'm stuck with Outlook (or worse, OWA) > you have to open three levels of attachments to read the text of the > e-mail. > > Just started when we switched from sourceforge to Luca's mailman server. > > If I'm the only one seeing it I'll troubleshoot my amavis-new config to > see if it is doing something bizarre... They appear to all be forwarded messages, with the message being forwarded attached as an inline attachment, sometimes in several parts. mutt deals with them just fine. -- -- | Stephen Gran | If you see an onion ring -- answer it! | | [EMAIL PROTECTED] | | | http://www.lobefin.net/~steve | | -- pgpjSTT5a4qgH.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] OT - embedded message/rfc822 mimeparts in messages on this list
Am I the only one who sees several of the posters with embedded: Content-Type: message/rfc822 that includes embedded text/plain attachments. Evolution opens them up with only one extra step, but if I'm stuck with Outlook (or worse, OWA) you have to open three levels of attachments to read the text of the e-mail. Just started when we switched from sourceforge to Luca's mailman server. If I'm the only one seeing it I'll troubleshoot my amavis-new config to see if it is doing something bizarre... ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Unable to open file or directory ERROR
I'm using Clam AV 0.80 with Qmail-Scanner 1.23 and receive the following lines in my clamd.log: Tue Oct 19 15:22:34 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821735148216078/1098217354.16090-1.newmail01.readyhosting.com: Trojan.Dropper.JS.Zerolin-6 FOUND Tue Oct 19 15:30:44 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821784448218517/test.zip: ClamAV-Test-Signature FOUND Tue Oct 19 15:40:14 2004 -> SelfCheck: Database status OK. Tue Oct 19 15:53:44 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com109821922448224690/Order - Hearing and Appeal.pdf: Unable to open file or directory ERROR Tue Oct 19 16:10:29 2004 -> SelfCheck: Database status OK. Tue Oct 19 16:32:40 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com10982215584824569/text.zip: Worm.Mydoom.I FOUND Tue Oct 19 16:36:09 2004 -> /var/spool/qmailscan/tmp/newmail01.readyhosting.com10982217694825599/Untitled Attachment: Unable to open file or directory ERROR "Unable to open file or directory ERROR" -- does anyone have any idea how to begin troubleshooting this intermittent problem? Thanks, Grant Supp ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam warning
On Tuesday 19 October 2004 04:29 pm, Todd Lyons wrote: > Tomasz Kojm wanted us to know: > >> WARNING: DNS record is older than 3 hours. > >> WARNING: Invalid DNS reply. > > > >Please read my today's post in this case. > > Could I suggest different verbage: > WARNING: DNS record is older than 3 hours, falling back to HTTP GET. > > Would get rid of the questions of "what does the error mean?" I agree, but I bet you will still see them in here.. ;) Jeff pgpUllFJDNpvZ.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam warning
Tomasz Kojm wanted us to know: >> WARNING: DNS record is older than 3 hours. >> WARNING: Invalid DNS reply. >Please read my today's post in this case. Could I suggest different verbage: WARNING: DNS record is older than 3 hours, falling back to HTTP GET. Would get rid of the questions of "what does the error mean?" -- Regards... Todd OS X: We've been fighting the "It's a mac" syndrome with upper management for years now. Lately we've taken to just referring to new mac installations as "Unix" installations when presenting proposals and updates. For some reason, they have no problem with that. -- /. Linux kernel 2.6.3-19mdkenterprise 2 users, load average: 0.12, 0.08, 0.02 pgpLoBFRaQ1eE.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam warning
Tomasz Kojm wrote: On Tue, 19 Oct 2004 14:58:56 -0500 "Vernon A. Fort" <[EMAIL PROTECTED]> wrote: I have been getting the following warning with freshclam for the last several hours. WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. All cvd files seem to be up-to-date but why am I getting this? Please read my today's post in this case. Thanks and understood, I overlooked that post O:-) Vernon ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam warning
On Tue, 19 Oct 2004 14:58:56 -0500 "Vernon A. Fort" <[EMAIL PROTECTED]> wrote: > I have been getting the following warning with freshclam for the last > several hours. > > WARNING: DNS record is older than 3 hours. > WARNING: Invalid DNS reply. > > All cvd files seem to be up-to-date but why am I getting this? Please read my today's post in this case. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 22:05:14 CEST 2004 pgp7xHshAZxxa.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam warning
On Tuesday 19 October 2004 02:58 pm, Vernon A. Fort wrote: > WARNING: DNS record is older than 3 hours. > WARNING: Invalid DNS reply. This was just asked and answered.. Its telling something is suspicious with the dns update, so it is looking for updates the old way. Now pay attention next time.. Jeff pgpsLUZ92a5bX.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Freshclam warning
I have been getting the following warning with freshclam for the last several hours. WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. All cvd files seem to be up-to-date but why am I getting this? Vernon ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] [Solved] ClamAV 0.80 Compilation
Thanks Thomas.. It compiled just fine.. Rob Robin Network Analyst Green Apple, Inc. 740-653-9890 [EMAIL PROTECTED] www.greenapple.com Internet access, hosting and development solutions since 1995. -Original Message- From: Thomas Lamy [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 19, 2004 2:22 PM To: ClamAV users ML Subject: Re: [Clamav-users] ClamAV 0.80 Compilation Robin, Rob wrote: > All, > > Tried to upgrade to ClamAV 0.80 from 0.75.1. Failed to compile it. > > ~~~ ./configure --prefix=/usr/local/clamav/0.80 's warnings - > > configure: WARNING: resolv.h: present but cannot be compiled > configure: WARNING: resolv.h: check for missing prerequisite headers? > configure: WARNING: resolv.h: see the Autoconf documentation > configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" > configure: WARNING: resolv.h: proceeding with the preprocessor's result > configure: WARNING: resolv.h: in the future, the compiler will take precedence > configure: WARNING: ## -- ## > configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## > configure: WARNING: ## -- ## > You may either ignore this (sometimes it works despite the warning), or use the --disable-dns configure switch. > --- > > > Make's error started w/: > chmunpack.c:72: syntax error before `uint64_t' > chmunpack.c:114: syntax error before `uint64_t' > Edit libclamav/cltypes.h and add typedef unsigned long long uint64_t; at the bottom of the file (where the other typedefs are, just above the latest #endif. _Perhaps_ that works; I gave this tip to another guy with old gcc but just can't remember if that worked it out. > Any ClamAV or C experts willing to help here. > > gcc version 2.95.2. BSDi 4.2 (i hate to be on a dead OS, moving to linux > soon). Open Source is moving fast... ;-) > > Thanks, > > Rob Robin > Network Analyst > Green Apple, Inc. Thomas ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Upgrade from 75.1 to 80
I have downloaded ver80 and now I'm not sure how to proceed. I've read the manual but I can't info on how to upgrade, is it best to remove the previous version or install over it.? Lnx --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: pipechk: [kegger-daily:world-writable files (-222)]
Is there a reason that clamav comes with 777 modes in the tar? I would hate for someone to change something while I'm compiling, even though my parent directory is a bit more secure (700). Ideas? -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 On Tue, 19 Oct 2004, root wrote: > pipechk v.14 copyright (c) 2001-2002 Eric Wheeler, all rights reserved. > --- diff output of kegger-daily:world-writable files (-222) (357 seconds) --- > 7177a7178,7205 > > /dload/clamav-0.80 > > /dload/clamav-0.80/etc > > /dload/clamav-0.80/docs > > /dload/clamav-0.80/docs/man > > /dload/clamav-0.80/docs/html > > /dload/clamav-0.80/docs/MacOSX > > /dload/clamav-0.80/test > > /dload/clamav-0.80/test/mbox > > /dload/clamav-0.80/contrib > > /dload/clamav-0.80/contrib/init > > /dload/clamav-0.80/contrib/init/SuSE > > /dload/clamav-0.80/contrib/init/RedHat > > /dload/clamav-0.80/contrib/Windows > > /dload/clamav-0.80/contrib/Windows/res > > /dload/clamav-0.80/contrib/clamavmon > > /dload/clamav-0.80/contrib/clamdwatch > > /dload/clamav-0.80/database > > /dload/clamav-0.80/clamd > > /dload/clamav-0.80/clamav-milter > > /dload/clamav-0.80/sigtool > > /dload/clamav-0.80/clamdscan > > /dload/clamav-0.80/shared > > /dload/clamav-0.80/freshclam > > /dload/clamav-0.80/examples > > /dload/clamav-0.80/clamscan > > /dload/clamav-0.80/libclamav > > /dload/clamav-0.80/libclamav/zziplib > > /dload/clamav-0.80/libclamav/mspack > > > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
On Tue, 19 Oct 2004 11:47:33 -0700 (PDT) [EMAIL PROTECTED] wrote: > > I'm not sure what is more obnoxious. Top posting a short response ... > > > On Tue, 19 Oct 2004, Tomasz Kojm wrote: > > On Tue, 19 Oct 2004 12:39:44 +0200 > > "Kareem Mahgoub" <[EMAIL PROTECTED]> wrote: > > > > > Thanks for the quick help. > > > I thought it is something in clamav not QS ( on a second thought, > > > it should really go to QS mailing list ) my apology. > > > For hitting reply on a previous thread, > > > I thought it won't harm anybody, but it seems to be something bad. > > > It will be my last time. > > > > And please don't top-post. > > or bottom posting to tell someone not to top post. Not to "tell someone" but to "ask someone"! -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 21:17:10 CEST 2004 pgp5NmZdHRTYO.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
I'm not sure what is more obnoxious. Top posting a short response ... On Tue, 19 Oct 2004, Tomasz Kojm wrote: > On Tue, 19 Oct 2004 12:39:44 +0200 > "Kareem Mahgoub" <[EMAIL PROTECTED]> wrote: > > > Thanks for the quick help. > > I thought it is something in clamav not QS ( on a second thought, it > > should really go to QS mailing list ) my apology. > > For hitting reply on a previous thread, > > I thought it won't harm anybody, but it seems to be something bad. It > > will be my last time. > > And please don't top-post. or bottom posting to tell someone not to top post. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.80 and leave-temps
On Tue, 19 Oct 2004 10:23:52 -0700 (PDT) Pete D <[EMAIL PROTECTED]> wrote: > I posted your response here to the ASSP forum. In the > ASSP documentation, it mentions that ASSP lacks the Thank you! > This is a bit off topic, but I noticed that there is a > clamav-milter for sendmail. Would using this simply > do away with having to use amavisd? Yes, clamav-milter is a fully featured mail scanner for sendmail. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 20:51:27 CEST 2004 pgpGhYYbbvQXl.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Upgrade from 75.1 to 80
On Tue, 19 Oct 2004 18:59:02 +0100 "lnx" <[EMAIL PROTECTED]> wrote: > I have downloaded ver80 and now I'm not sure how to proceed. I've > read the manual but I can't info on how to upgrade, is it best to > remove the previous version or install over it.? The first option. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 20:47:00 CEST 2004 pgppntJVx0NX8.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Zip AV Bypass Vulnerability
> > > http://www.securiteam.com/securitynews/6E00G2ABFY.html > > > > > > Bit hard to say if this would impact ClamAV? > > > > Does clam skip the decompression if the local/global header contain a > > zero filesize? It sounds like from the article that those of use who > > Yes, it does. Unfortunately. The article says that even with zero-size archives, it still decompresses properly. Can we decompress zero-size files from zips without having memory allocation and stack overflow problems or is the file size used in decompression into temporary memory buffers? -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed (Bad file descriptor)
Odhiambo Washington said: > * Graeme <[EMAIL PROTECTED]> [20041019 19:18]: wrote: >> Just upgraded my FreeBSD 4.10 to exim 4.43 exiscan patch 28 and clamav >> 0.80 using ports. >> >> I mow get the error >> >> malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed >> (Bad file descriptor) >> >> Any help would be appreciated > > While ignoring the technicalities that might lead to this, are you able > to connect to clamd manually? > > telnet 127.0.0.1 3310 > > On my side, I use Unix sockets so in my Exim configuration, I have > > av_scanner = clamd:/var/spool/exim/clamd.sock > > > Then in /usr/local/etc/clamd.conf I have: > > LocalSocket /var/spool/exim/clamd.sock > User exim > > > So that clamd runs as the exim_user (exim -bP exim_user) and so can > write the socket file to Exim's spool directory. > > Thanks for the help. It was entirely my fault, the clamd config file having changed from clamav.conf to clamd.conf. I updated the name and everything's working now. I'll try to engage my brain first next time! Cheers Graeme ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.80 Compilation
Robin, Rob wrote: All, Tried to upgrade to ClamAV 0.80 from 0.75.1. Failed to compile it. ~~~ ./configure --prefix=/usr/local/clamav/0.80 's warnings - configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## You may either ignore this (sometimes it works despite the warning), or use the --disable-dns configure switch. --- Make's error started w/: chmunpack.c:72: syntax error before `uint64_t' chmunpack.c:114: syntax error before `uint64_t' Edit libclamav/cltypes.h and add typedef unsigned long long uint64_t; at the bottom of the file (where the other typedefs are, just above the latest #endif. _Perhaps_ that works; I gave this tip to another guy with old gcc but just can't remember if that worked it out. Any ClamAV or C experts willing to help here. gcc version 2.95.2. BSDi 4.2 (i hate to be on a dead OS, moving to linux soon). Open Source is moving fast... ;-) Thanks, Rob Robin Network Analyst Green Apple, Inc. Thomas ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] ClamAV 0.80 Compilation
All, Tried to upgrade to ClamAV 0.80 from 0.75.1. Failed to compile it. ~~~ ./configure --prefix=/usr/local/clamav/0.80 's warnings - configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## --- Make's error started w/: chmunpack.c:72: syntax error before `uint64_t' chmunpack.c:114: syntax error before `uint64_t' Any ClamAV or C experts willing to help here. gcc version 2.95.2. BSDi 4.2 (i hate to be on a dead OS, moving to linux soon). Thanks, Rob Robin Network Analyst Green Apple, Inc. 740-653-9890 [EMAIL PROTECTED] www.greenapple.com Internet access, hosting and development solutions since 1995. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamdscan / results in "ACCESS DENIED"
On Tue, 19 Oct 2004 at 11:38:17 -0400, Peter A Farago wrote: > I recently switched from Fedora Core 1 to Fedora Core 2. At the same > time I upgraded to clamav 0.80. I have been using 'clamscan /' to scan > my system in cron.daily. I am now running the clamd daemon and have > changed from to 'clamscan /' to 'clamdscan /'. > > I am getting "access denied" messages from clamdsan. I guess this is > not surprising since I have not changed the user=clamav in clamd.conf. > If I change the user=root then the scan completes as expected. > > I had the same problem with clamav 0.75 on Fedora Core 2 but clamdscan > 0.75 works without a "user=" line in clamav.conf under Fedora Core 1. > > My questions are: > > 1) is it necessary to set user=root in clamd.conf to scan / and, if > not, please describe any better alternatives > 2) can clamdscan damage my system if I run clamd as root (assuming that > clamdscan and clamd have not been tampered with) > I don't know Fedora (was that the monster which Japan Gozilla fought with? ;-), so I'm not giving the straight answer... First of all, you earn almost nothing when you replace clamscan with clamdscan for scanning many files at once. Clamdscan saves you time and resources when invoked again and again, every time for every file (like scanning email messages in transit). When you invoke 'clamscan /', the executable is run one time and the database is loaded one time anyway, so there's no need to use clamdscan for scannning '/'. Can clamdscan damage anything when clamd is run as root?... There are no known exploits, but one should always use only minimal priviliges to do a task, and separate users. That's why you don't run HTTPD, DNS server etc. as root, do you? End email can be especially dangerous as the data depends on sending users very much. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.80 and leave-temps
Tomasz, I posted your response here to the ASSP forum. In the ASSP documentation, it mentions that ASSP lacks the ability to block all viruses (I guess that is what they mean by "basic anti-virus filtering"). I use ASSP in combination with a amavisd/clamd setup. Whatever ASSP doesn't catch, the amavisd/clamd does. This is a bit off topic, but I noticed that there is a clamav-milter for sendmail. Would using this simply do away with having to use amavisd? Thanks. --- Tomasz Kojm <[EMAIL PROTECTED]> wrote: > On Tue, 19 Oct 2004 08:26:36 -0700 (PDT) > Pete D <[EMAIL PROTECTED]> wrote: > > > Hello all. > > > > I just upgraded to the new ClamAV 0.80. I use the > > clamscan command along with the --leave-temps flag > to > > generate the main.db and daily.db files. I am > using a > > SMTP proxy spam program called ASSP that uses > these db > > files for preliminary virus detection. The > > --leave-temps flag, which worked just fine in > 0.75.1 > > is not working at all in 0.80. When specified, no > > http://assp.sourceforge.net/: > 8. Basic anti-virus filtering using the ClamAV virus > databases. > > They should use libclamav. Currently that software > will miss most > of the new malware. If you are with contact with > them please ask them to > remove the above point from their main site as this > is a false sense of > security. > > -- >oo. Tomasz Kojm > <[EMAIL PROTECTED]> > (\/)\. > http://www.ClamAV.net/gpg/tkojm.gpg > \..._ > 0DCA5A08407D5288279DB43454822DC8985A444B >//\ /\ Tue Oct 19 17:53:58 > CEST 2004 > > ATTACHMENT part 1.2 application/pgp-signature > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed (Bad file descriptor)
On Tue, 19 Oct 2004 17:17:11 +0100 (BST) in [EMAIL PROTECTED] "Graeme" <[EMAIL PROTECTED]> wrote: > malware acl condition: clamd: connection to, 127.0.0.1, port 3310 > failed(Bad file descriptor) Can you post the av_scanner entry in your exim.conf file and the socket entries from clamd.conf. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed (Bad file descriptor)
Just upgraded my FreeBSD 4.10 to exim 4.43 exiscan patch 28 and clamav 0.80 using ports. I mow get the error malware acl condition: clamd: connection to, 127.0.0.1, port 3310 failed (Bad file descriptor) Any help would be appreciated Thanks Graeme ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.80 and leave-temps
On Tue, 19 Oct 2004 08:26:36 -0700 (PDT) Pete D <[EMAIL PROTECTED]> wrote: > Hello all. > > I just upgraded to the new ClamAV 0.80. I use the > clamscan command along with the --leave-temps flag to > generate the main.db and daily.db files. I am using a > SMTP proxy spam program called ASSP that uses these db > files for preliminary virus detection. The > --leave-temps flag, which worked just fine in 0.75.1 > is not working at all in 0.80. When specified, no http://assp.sourceforge.net/: 8. Basic anti-virus filtering using the ClamAV virus databases. They should use libclamav. Currently that software will miss most of the new malware. If you are with contact with them please ask them to remove the above point from their main site as this is a false sense of security. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 17:53:58 CEST 2004 pgpoGc4uZ1Orw.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.80 and leave-temps
Thanks for the great tip! The sigtool command works beautifully. However, it does make me wonder if there is a bug with the leave-temps flag. Thanks again. --- aCaB <[EMAIL PROTECTED]> wrote: > On 10/19/04 17:26, Pete D wrote: > > Hello all. > > > > I just upgraded to the new ClamAV 0.80. I use the > > clamscan command along with the --leave-temps flag > to > > generate the main.db and daily.db files. I am > using a > > SMTP proxy spam program called ASSP that uses > these db > > files for preliminary virus detection. The > > --leave-temps flag, which worked just fine in > 0.75.1 > > is not working at all in 0.80. When specified, no > > temporary clamav-xxx directories are to be > found. > > I am running on Redhat 9 and tested on SuSE 9.0 > and a > > Redhat 7.3 all with the same result. Is anyone > else > > experiencing this problem? Any help would be > greatly > > appreciated. > > > > Thanks. > > > > > > "sigtool --unpack" is your friend (man sigtool) > "--leave-temps" is a debugging feature not meant to > do what your trying to > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.JPEG.Comment.1
On Tuesday 19 October 2004 16:38, Tomasz Kojm shaped the electrons to say: > On Tue, 19 Oct 2004 16:09:54 +0200 > > Scott Ryan <[EMAIL PROTECTED]> wrote: > > ClamAV databases updated (2004.10.19 12:59 +): daily.cvd > > version: 540 > > > > Submission: n/a > > Sender: Trog > > Updated: Exploit.JPEG.Comment.1 > > > > I dont know about anyone else, but this caused me huge issues... > > Flagged every jpeg attachment as a virus on 0.80rc3. > > > > Upgraded to 0.80rc4 and problem went away. > > To 0.80rc4?! I will now install 0.80 -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] What Just Happened??
On Tuesday 19 October 2004 16:34, Trog shaped the electrons to say: > On Tue, 2004-10-19 at 15:07, Scott Ryan wrote: > > I saw on my monitoring application just now that clamav was outdated and > > that i must update immediately. I was running 0.80rc3, and the moment I > > got this message i was inundated with users complaining that any jpeg > > attachment is flagged as a virus / comment 1. > > I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the > > warning telling me to upgrade... > > > > is there a release i am missing ?? > > Yes, 0.80 > > You should leave your cave more often :-) Or take the bucket of my head ;) > > -trog -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV 0.80 and leave-temps
On 10/19/04 17:26, Pete D wrote: Hello all. I just upgraded to the new ClamAV 0.80. I use the clamscan command along with the --leave-temps flag to generate the main.db and daily.db files. I am using a SMTP proxy spam program called ASSP that uses these db files for preliminary virus detection. The --leave-temps flag, which worked just fine in 0.75.1 is not working at all in 0.80. When specified, no temporary clamav-xxx directories are to be found. I am running on Redhat 9 and tested on SuSE 9.0 and a Redhat 7.3 all with the same result. Is anyone else experiencing this problem? Any help would be greatly appreciated. Thanks. "sigtool --unpack" is your friend (man sigtool) "--leave-temps" is a debugging feature not meant to do what your trying to ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamdscan / results in "ACCESS DENIED"
I recently switched from Fedora Core 1 to Fedora Core 2. At the same time I upgraded to clamav 0.80. I have been using 'clamscan /' to scan my system in cron.daily. I am now running the clamd daemon and have changed from to 'clamscan /' to 'clamdscan /'. I am getting "access denied" messages from clamdsan. I guess this is not surprising since I have not changed the user=clamav in clamd.conf. If I change the user=root then the scan completes as expected. I had the same problem with clamav 0.75 on Fedora Core 2 but clamdscan 0.75 works without a "user=" line in clamav.conf under Fedora Core 1. My questions are: 1) is it necessary to set user=root in clamd.conf to scan / and, if not, please describe any better alternatives 2) can clamdscan damage my system if I run clamd as root (assuming that clamdscan and clamd have not been tampered with) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] ClamAV 0.80 and leave-temps
Hello all. I just upgraded to the new ClamAV 0.80. I use the clamscan command along with the --leave-temps flag to generate the main.db and daily.db files. I am using a SMTP proxy spam program called ASSP that uses these db files for preliminary virus detection. The --leave-temps flag, which worked just fine in 0.75.1 is not working at all in 0.80. When specified, no temporary clamav-xxx directories are to be found. I am running on Redhat 9 and tested on SuSE 9.0 and a Redhat 7.3 all with the same result. Is anyone else experiencing this problem? Any help would be greatly appreciated. Thanks. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] What Just Happened??
On Tue, 2004-10-19 at 15:49, Christopher X. Candreva wrote: > On Tue, 19 Oct 2004, Trog wrote: > > > You should leave your cave more often :-) > . . This from someone calling himself trog ? :-) > Ohh, the irony :-) -trog signature.asc Description: This is a digitally signed message part ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] What Just Happened??
On Tue, 19 Oct 2004, Trog wrote: > You should leave your cave more often :-) > > -trog . . This from someone calling himself trog ? :-) -Chris == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Exploit.JPEG.Comment.1
On Tue, 19 Oct 2004 16:09:54 +0200 Scott Ryan <[EMAIL PROTECTED]> wrote: > ClamAV databases updated (2004.10.19 12:59 +): daily.cvd > version: 540 > > Submission: n/a > Sender: Trog > Updated: Exploit.JPEG.Comment.1 > > I dont know about anyone else, but this caused me huge issues... > Flagged every jpeg attachment as a virus on 0.80rc3. > > Upgraded to 0.80rc4 and problem went away. To 0.80rc4?! -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 16:37:48 CEST 2004 pgpUgGtURyUSc.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] What Just Happened??
> I saw on my monitoring application just now that clamav was outdated and > that > i must update immediately. I was running 0.80rc3, and the moment I got > this > message i was inundated with users complaining that any jpeg attachment is > flagged as a virus / comment 1. > I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the > warning telling me to upgrade... > > is there a release i am missing ?? Yes, .80 has been released yesterday > > -- > > +--+ > (0> Scott Ryan > //\ Senior Unix/Linux Engineer > V_/_ Telkom Internet - South Africa > +--+ > He who controls the past, controls the future, > He who controls the present, controls the past. > - George Orwell, 1984 > > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Exploit.JPEG.Comment.1
ClamAV databases updated (2004.10.19 12:59 +): daily.cvd version: 540 Submission: n/a Sender: Trog Updated: Exploit.JPEG.Comment.1 I dont know about anyone else, but this caused me huge issues... Flagged every jpeg attachment as a virus on 0.80rc3. Upgraded to 0.80rc4 and problem went away. -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] What Just Happened??
On Tue, 2004-10-19 at 15:07, Scott Ryan wrote: > I saw on my monitoring application just now that clamav was outdated and that > i must update immediately. I was running 0.80rc3, and the moment I got this > message i was inundated with users complaining that any jpeg attachment is > flagged as a virus / comment 1. > I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the > warning telling me to upgrade... > > is there a release i am missing ?? Yes, 0.80 You should leave your cave more often :-) -trog signature.asc Description: This is a digitally signed message part ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] What Just Happened??
I saw on my monitoring application just now that clamav was outdated and that i must update immediately. I was running 0.80rc3, and the moment I got this message i was inundated with users complaining that any jpeg attachment is flagged as a virus / comment 1. I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the warning telling me to upgrade... is there a release i am missing ?? -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] milter version
On Tuesday 19 Oct 2004 08:32, christian laubscher wrote: > > when i enter 'clamd -V' i get a version line reflecting the i get a > version line indicating the current database version, eg .../535/..., > currently. > > the clamav-milter X-Virus-Scanned lines, however, seem to reflect the > version feedback of clamd when the milter was started, not the current > one. > > since the pingServer function seems to be only called at initialization > time, i presume this is a feature, not a bug - although it would be > much more informative to have the X-Virus-Scanned line reflect the > clamd version info valid at scanning time, not the historic one, imho? I'll file it as an issue to be investigated. > btw: thank you for an *excellent* piece of software! Thank you! > christian -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
Alex Pleiner wrote: * Kareem Mahgoub <[EMAIL PROTECTED]> [2004-10-19 10:32]: Hello list, I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2. after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav. I have recompiles qmail-scanner, ran qmail-scanner.pl -z and qmail-scanner.pl -g , with the same result. Any clue?? Besides this is the wrong list, Q-S does work with clamav 0.80. There are just some minor annoyances - you detected one. 1. version information has changed, so Q-S version detection fails (it still detects and call s clamav but fails to print the version information). You might edit qmail-scanner-queue.pl and search for: if (/ersion ([0-9\.\-a-z]+)/i) { $SCANINFO .="clamscan: $1. "; replace with if (/lamav ([0-9\.\-a-z]+)/i) { $SCANINFO .="clamscan: $1. "; 2. clamdscan is called with obsolete args. This doesn't hurt, but fills your log. I didn't check whether clamscan is affected. Replace my $clamdscan_options="-r --disable-summary --max-recursion=10 --max-space=10"; with my $clamdscan_options="--disable-summary"; Its actually "--no-summary" although "--disable-summary" may still work. -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 14:32:08 +0200 in [EMAIL PROTECTED] "Graham Dodd" <[EMAIL PROTECTED]> wrote: > > Won't standard exim work with LDAP, assuming you set correct > > If only I had a standard Exim, or the source and patches. > > > parameter during compile? I compiled one successfully, but I'd suggest a look at the Exim mailing lists to see if someone knows how to sort this out for you. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] non detection problem
On Tuesday 19 October 2004 08:49 am, Tomasz Kojm wrote: > Jeff Smelser <[EMAIL PROTECTED]> wrote: > > > I KNOW thatand i still work clamAV...I'm not looking for > > > guarantees, just striving for perfection > > > All I ment to say is that I learned of a problem (through the > > > mailing list!!) and is it going to be fixed?? > > > Which i did not get an answer 'till now (cause i missed one email!) > > > > It will be fixed ASAP. Grow some patience.. > > It has been already fixed :-) lol, opps.. ;) What Tomasz said! Jeff pgplvrBgiiLyo.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] non detection problem
On Tue, 19 Oct 2004 08:46:21 -0500 Jeff Smelser <[EMAIL PROTECTED]> wrote: > > I KNOW thatand i still work clamAV...I'm not looking for > > guarantees, just striving for perfection > > All I ment to say is that I learned of a problem (through the > > mailing list!!) and is it going to be fixed?? > > Which i did not get an answer 'till now (cause i missed one email!) > > It will be fixed ASAP. Grow some patience.. It has been already fixed :-) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 15:49:32 CEST 2004 pgpJr7m8GAndl.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] non detection problem
On Tuesday 19 October 2004 01:34 am, Meni Shapiro wrote: > > Two or more scanners from different vendors are recommended in these > > days... > > OK, but the more is NOT the marrierthe more you got the more > problems you have with interacting with the sendmail. Either find a better mailer, or figure another way to run them if this is a problem. There are a few different ways to run a scanner.. Using the mailer itself, or even using procmail. > >>(i don't want to - but can i trust ClamAV??) > > > > We don't guarantee you anything. See COPYING. > > I KNOW thatand i still work clamAV...I'm not looking for guarantees, > just striving for perfection > All I ment to say is that I learned of a problem (through the mailing > list!!) and is it going to be fixed?? > Which i did not get an answer 'till now (cause i missed one email!) It will be fixed ASAP. Grow some patience.. Jeff pgpZSKsAaLGv1.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Upgrade from 0.6 to 0.8 ? - clamd doesn't see viruses
Dear Sirs , I've seen quite strange behavior of new clamd: I try to send a message with virus: If old clamd 0.6 used: >clamd.log > Tue Oct 19 07:25:47 2004 -> +++ Started at Tue Oct 19 07:25:47 2004 > Tue Oct 19 07:25:47 2004 -> Log file size limited to 1048576 bytes. > Tue Oct 19 07:25:47 2004 -> Setting /tmp as global temporary directory > Tue Oct 19 07:25:47 2004 -> Reading databases from /bases/clamav > Tue Oct 19 07:25:47 2004 -> Protecting against 25254 viruses. > Tue Oct 19 07:25:47 2004 -> Unix socket file /run/clamd.sock > Tue Oct 19 07:25:47 2004 -> Setting connection queue length to 30 > Tue Oct 19 07:25:47 2004 -> Archive: Archived file size limit set to 10485760 bytes. > Tue Oct 19 07:25:47 2004 -> Archive: Recursion level limit set to 5. > Tue Oct 19 07:25:47 2004 -> Archive: Files limit set to 1000. > Tue Oct 19 07:25:47 2004 -> Archive: Compression ratio limit set to 200. > Tue Oct 19 07:25:47 2004 -> Archive support enabled. > Tue Oct 19 07:25:47 2004 -> RAR support enabled. > Tue Oct 19 07:25:47 2004 -> Mail files support enabled. > Tue Oct 19 07:25:47 2004 -> OLE2 support enabled. > Tue Oct 19 07:25:47 2004 -> Self checking every 3600 seconds. > Tue Oct 19 07:26:34 2004 -> /tst//16986.tmp: Worm.SCO.A FOUND If clamd 0.8 used: >clamd.log > clamd daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686) > Log file size limited to 2097152 bytes. > Reading databases from /bases/clamav > Protecting against 25254 viruses. > Unix socket file /run/clamd.sock > Setting connection queue length to 15 > Archive: Archived file size limit set to 10485760 bytes. > Archive: Recursion level limit set to 5. > Archive: Files limit set to 1000. > Archive: Compression ratio limit set to 250. > Archive support enabled. > Archive: RAR support disabled. > Portable Executable support enabled. > Mail files support enabled. > OLE2 support enabled. > HTML support enabled. > Self checking every 1800 seconds. > /tst//16697.tmp: OK 8-\ The message is identical for both cases. I check clamd 0.6 with clamdscan > athlon:/clamdscan --config-file=/etc/clamd.conf /tst/message.zip > /tst/message.zip: Worm.SCO.A FOUND > > --- SCAN SUMMARY --- > Infected files: 1 > Time: 0.002 sec (0 m 0 s) It's work correct. The same file with 0.8 > athlon:/clamdscan --config-file=/etc/clamd.conf /tst/message.zip > /tst/message.zip: OK > > --- SCAN SUMMARY --- > Infected files: 0 > Time: 0.001 sec (0 m 0 s) That is the possible reason? -- Best regards, Serge Leschinsky mailto:[EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] can't compile clamav 0.80
> Hi > > I'v got next errors and warnings whe try configure clamav 0.80: > > configure: WARNING: resolv.h: present but cannot be compiled > configure: WARNING: resolv.h: check for missing prerequisite headers? > configure: WARNING: resolv.h: see the Autoconf documentation > configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" > configure: WARNING: resolv.h: proceeding with the preprocessor's result > configure: WARNING: resolv.h: in the future, the compiler will take > precedence > configure: WARNING: ## -- ## > configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## > configure: WARNING: ## -- ## > checking for resolv.h... yes These are warnings that resolv.h can't be compiled by autoconf. They may still work when compiled in with the software. You should be able to ignore these. > checking whether setpgrp takes no argument... no > checking for __gmpz_init in -lgmp... yes > checking for curl >= 7.10.0... FAILED Looks like you don't have curl installed It's available here: http://curl.haxx.se/ > configure: WARNING: curl-config was not found > checking for mi_stop in -lmilter... no > checking for library containing strlcpy... no > checking for mi_stop in -lmilter... no > configure: error: Cannot find libmilter libmilter is part of the sendmail source, but is not installed by default. In the source tree for sendmail change directory into libmilter and do a make install. This sould install the necessary files. > > OS: FreeBSD 5.2.1-RELEASE-p1 > Sendmail 8.13.1 > clamav 0.80 > 'configure' options: --disable-clamuko --enable-milter --disable-pthreads > --sysconfdir=/usr/local/etc --with-dbdir=/var/clamav/db > > How can I solve this problems? > > -- > Korchmenuk Nickolay > 19 Oct 2004 10:06:33 > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Problems after upgrading to 0.80
[EMAIL PROTECTED] <> wrote: > Graham Dodd wrote: > >> I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the >> system and it has custom patches to work with LDAP. >> >> >> > Won't standard exim work with LDAP, assuming you set correct If only I had a standard Exim, or the source and patches. > parameter during compile? I compiled one successfully, but I never > did use the LDAP lookups for production use. I prefer using DNSDB I was thinking of MySQL as I'm familiar with it, what's DNSDB Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] 80 question: clamav.conf
On Tue, 19 Oct 2004 08:12:31 EDT [EMAIL PROTECTED] wrote: > Trying to upgrade to .80 on SuSE Linux PPC distro, from 0.75. > > It looks like /etc/clamav.conf in the .75 release, has been replaced by > /etc/clamd.conf in the 80 release. Can anyone confirm, because this will > effect my upgrade procedures. Confirmed. --Frank Elsner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] 80 question: clamav.conf
On Tue, 19 Oct 2004 08:12:31 -0400 [EMAIL PROTECTED] wrote: > > > > > Trying to upgrade to .80 on SuSE Linux PPC distro, from 0.75. > > It looks like /etc/clamav.conf in the .75 release, has been replaced > by/etc/clamd.conf in the 80 release. Can anyone confirm, Confirmed. But next time please read the release notes. >because this will effect my upgrade procedures. Oh, sounds serious :-) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 14:19:22 CEST 2004 pgpGAS4cO9ATf.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] 80 question: clamav.conf
Trying to upgrade to .80 on SuSE Linux PPC distro, from 0.75. It looks like /etc/clamav.conf in the .75 release, has been replaced by /etc/clamd.conf in the 80 release. Can anyone confirm, because this will effect my upgrade procedures. Alex Laslavic Havertys Tech Services ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
Graham Dodd wrote: I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the system and it has custom patches to work with LDAP. Won't standard exim work with LDAP, assuming you set correct parameter during compile? I compiled one successfully, but I never did use the LDAP lookups for production use. I prefer using DNSDB instead. Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 14:06:44 +0200 "Graham Dodd" <[EMAIL PROTECTED]> wrote: > Let's see. > > Exim 4.24 exiscan-acl patch rev. 12 ClamAV 0.75.1 - works > Exim 4.24 exiscan-acl patch rev. 12 ClamAV 0.80 - doesn't work > > What changed ? Session handling has been improved in ClamAV and the old version of exiscan was making some nasty things on the socket the new ClamAV doesn't like. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 14:12:12 CEST 2004 pgpuEg6A85d8F.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 14:01:13 +0200 "Graham Dodd" <[EMAIL PROTECTED]> wrote: > Yep, and now that I've switched back to 0.75.1 it's running fine. > > I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the > system and it has custom patches to work with LDAP. Sounds like a laziness. Remember 0.75.1 is _very_ obsolete and installing it you're just saying "Hello malware, you're welcome!" -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 14:10:47 CEST 2004 pgpUUjMYeDbm6.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Problems after upgrading to 0.80
[EMAIL PROTECTED] <> wrote: > On Tue, 19 Oct 2004 13:54:14 +0200 > "Graham Dodd" <[EMAIL PROTECTED]> wrote: > >> Well some people would say bug . :-) >> >> What happened to backward compatibility ? > > What do you call a backward incompatibility? The bug in exiscan? ;-) I wonder what Tom would say :-) Let's see. Exim 4.24 exiscan-acl patch rev. 12 ClamAV 0.75.1 - works Exim 4.24 exiscan-acl patch rev. 12 ClamAV 0.80 - doesn't work What changed ? Quickly switching the subject before the flames get too hot Would it make any difference if I used the socket to connect to ClamAV Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Problems after upgrading to 0.80
[EMAIL PROTECTED] <> wrote: > On Tue, 19 Oct 2004 13:23:21 +0200 "Graham Dodd" wrote: > > [ ... ] > >> av_scanner = clamd:127.0.0.1 3310 > > That means your clamd listems for TCP connections on port 3310 > >> And in check_data have the following: >> >> # Check for Virus/virii exiscan >> deny message = This message contains malware ($malware_name) >> demime = * malware = * >> delay = 10s >> >> >> Until 0.80 this worked > > Your "clamd.conf" should contain > > #LocalSocket /tmp/clamd > TCPSocket 3310 > Yep, and now that I've switched back to 0.75.1 it's running fine. I have no way to upgrade Exim from 4.24 to 4.43 as I inherited the system and it has custom patches to work with LDAP. I'm going to switch to Vexim once I get time to setup a test server Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 13:54:14 +0200 "Graham Dodd" <[EMAIL PROTECTED]> wrote: > Well some people would say bug . :-) > > What happened to backward compatibility ? What do you call a backward incompatibility? The bug in exiscan? ;-) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 13:55:57 CEST 2004 pgppLGYSCWo1T.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Problems after upgrading to 0.80
[EMAIL PROTECTED] <> wrote: > On Tue, 19 Oct 2004 13:23:21 +0200 > "Graham Dodd" <[EMAIL PROTECTED]> wrote: > >> Until 0.80 this worked > > Oh, I remember that issue. But this is due to an improvement > in ClamAV and not a bug! Well some people would say bug . :-) What happened to backward compatibility ? Please don't take my replies too seriously I really appreciate all the work the ClamAv team does Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New version Clamd with Daemontools
> I use daemontools to run clamd. > I didn't change a thing when upgrading from 0.75.1 > to 0.80rc-series, and 0.80 final. > > My run script and clamd.conf attached. > > Regards, > Niek > -- Hello Niek, I used your script and clamd.conf. The readproctitle said error in Library..bla.. bla... Then I renamed my clamav.conf to clamd.conf, below my readproctitle said: root 590 0.0 0.0 1332 232 ?S19:39 0:00 readproctitle service errors: ...en file or directory?Warning: bad sy root 591 0.0 0.1 1340 268 ?S19:39 0:00 supervise clamd root 592 0.0 0.1 1340 268 ?S19:39 0:00 supervise log root 593 0.0 0.1 1340 268 ?S19:39 0:00 supervise qmail-smtpd root 594 0.0 0.1 1340 268 ?S19:39 0:00 supervise log root 595 0.0 0.1 1340 268 ?S19:39 0:00 supervise qmail-send root 596 0.0 0.1 1340 268 ?S19:39 0:00 supervise log root 597 0.0 0.1 1340 268 ?S19:39 0:00 supervise dnscache root 598 0.0 0.1 1340 268 ?S19:39 0:00 supervise log qscand 600 0.0 0.1 1352 268 ?S19:39 0:00 /usr/local/bin/multilog t s100 n20 /var/log/clamd qmaild 601 0.0 0.1 1412 448 ?S19:39 0:00 /usr/local/bin/tcpserver -v -R -H -l 0 -x /etc/tcp.smtp.cdb -c 20 -u qmails 602 0.0 0.1 1392 352 ?S19:39 0:00 qmail-send qmaill 603 0.0 0.1 1352 268 ?S19:39 0:00 /usr/local/bin/multilog t /var/log/qmail/smtpd qmaill 604 0.0 0.1 1352 268 ?S19:39 0:00 /usr/local/bin/multilog t /var/log/qmail dnscache 605 0.0 11.5 30968 29660 ? S19:39 0:00 /usr/local/bin/dnscache dnslog 606 0.0 0.1 1352 268 ?S19:39 0:00 multilog t ./main root 616 0.0 0.1 1352 292 ?S19:39 0:00 qmail-lspawn ./Mailbox qmailr 617 0.0 0.1 1348 292 ?S19:39 0:00 qmail-rspawn qmailq 618 0.0 0.1 1344 300 ?S19:39 0:00 qmail-clean root 1951 0.0 0.0 00 ?Z19:46 0:00 [run] I followed all of Jesse's script (I attached it) that be included in old version of ClamAV. Does clamd.conf have different parameter from clamav.conf? Thx & Rgds, Awie ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam DNS Warnings
On Tue, 19 Oct 2004 14:42:48 +1000 Bill Maidment <[EMAIL PROTECTED]> wrote: > One of my servers is giving these warnings. What causes this and is it > > anything to worry about? > > > freshclam daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686) > ClamAV update process started at Tue Oct 19 14:39:06 2004 > WARNING: DNS record is older than 3 hours. > WARNING: Invalid DNS reply. > main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: > > tomek) > WARNING: DNS record is older than 3 hours. > WARNING: Invalid DNS reply. > daily.cvd is up to date (version: 535, sigs: 1272, f-level: 3, > builder: trog) freshclam attempts to detect potential problems with DNS caches and switches to the old mode if something looks suspicious -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 13:32:42 CEST 2004 pgpoXWWMZ2Zfl.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 13:23:21 +0200 "Graham Dodd" wrote: [ ... ] > av_scanner = clamd:127.0.0.1 3310 That means your clamd listems for TCP connections on port 3310 > And in check_data have the following: > > # Check for Virus/virii exiscan > deny message = This message contains malware ($malware_name) > demime = * > malware = * > delay = 10s > > > Until 0.80 this worked Your "clamd.conf" should contain #LocalSocket /tmp/clamd TCPSocket 3310 This works perfect with exim-4.43 including exiscan-acl-4.43-28 --Frank Elsner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 13:23:21 +0200 "Graham Dodd" <[EMAIL PROTECTED]> wrote: > Until 0.80 this worked Oh, I remember that issue. But this is due to an improvement in ClamAV and not a bug! -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 13:26:50 CEST 2004 pgp1rDPcdOeMB.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Problems after upgrading to 0.80
[EMAIL PROTECTED] <> wrote: > On Tue, 19 Oct 2004 13:00:03 +0200 > "Graham Dodd" <[EMAIL PROTECTED]> wrote: > >> [EMAIL PROTECTED] <> wrote: >>> On Tue, 19 Oct 2004 09:42:23 +0200 >>> "Graham Dodd" <[EMAIL PROTECTED]> wrote: >>> So I made the leap from 0.75.1 to 0.80 and get the following error in exim log 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: unable to read from socket (No such file or directory) >>> >>> It's trying to use the local socket, isn't it? (and you're using >>> TCPSocket) >> >> That would be my guess too, but why when LocalSocket is commented >> out. >> >> I only have TCPSocket and TCPAddr defined > > And what do you have enabled in the config file of exiscan? Errhh, there is no .conf that I know of. I'm calling clamav using the following: av_scanner = clamd:127.0.0.1 3310 And in check_data have the following: # Check for Virus/virii exiscan deny message = This message contains malware ($malware_name) demime = * malware = * delay = 10s Until 0.80 this worked Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New version Clamd with Daemontools
On 10/19/2004 10:54 AM +0200, Awie wrote: All, I stuck to use clamd of version 0.80 with daemontools (I used this scheme very nicely for older version). Does anyone know how to do it? Thx & Rgds, Awie I use daemontools to run clamd. I didn't change a thing when upgrading from 0.75.1 to 0.80rc-series, and 0.80 final. My run script and clamd.conf attached. Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers #!/bin/sh exec 2>&1 CLAMD_FILE=/tmp/clamd SCAN_FILE=$0 # Check for a leftover socket. if [ -e $CLAMD_FILE ] then echo "run: WARNING: file $CLAMD_FILE exists" if clamdscan $SCAN_FILE then echo "run: FATAL: Clamd is already running. Trying to start anyway..." else echo "run: INFO: Clamd is not running. Deleting $CLAMD_FILE" rm -f $CLAMD_FILE fi fi # Run the scanner daemon. exec /usr/sbin/clamd ## ## Example config file for the Clam AV daemon ## Please read the clamd.conf(5) manual before editing this file. ## LogFile /dev/stderr DatabaseDirectory /usr/share/clamav LocalSocket /tmp/clamd FixStaleSocket Foreground MaxThreads 30 MaxDirectoryRecursion 20 # Scan options, turn off everything, then enable a couple DisableDefaultScanOptions ScanPE ScanOLE2 ScanHTML ScanArchive ArchiveMaxFileSize 15M ArchiveMaxRecursion 8 ArchiveMaxFiles 1500 ArchiveMaxCompressionRatio 300 #LogFileUnlock #LogFileMaxSize 2M #LogTime #LogClean #LogSyslog #LogFacility LOG_MAIL #LogVerbose #PidFile /var/run/clamd.pid #TemporaryDirectory /var/tmp #TCPSocket 3310 #TCPAddr 127.0.0.1 #MaxConnectionQueueLength 30 #StreamMaxLength 20M #MaxThreads 20 #ReadTimeout 300 #IdleTimeout 60 #MaxDirectoryRecursion 20 #FollowDirectorySymlinks #FollowFileSymlinks #SelfCheck 600 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" #User clamav #AllowSupplementaryGroups #Debug #ScanMail #MailFollowURLs #ScanRAR #ArchiveLimitMemoryUsage #ArchiveBlockEncrypted #ArchiveBlockMax ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 13:00:03 +0200 "Graham Dodd" <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] <> wrote: > > On Tue, 19 Oct 2004 09:42:23 +0200 > > "Graham Dodd" <[EMAIL PROTECTED]> wrote: > > > >> So I made the leap from 0.75.1 to 0.80 and get the following error > >> in exim log > >> > >> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: > >> unable to read from socket (No such file or directory) > > > > It's trying to use the local socket, isn't it? (and you're using > > TCPSocket) > > That would be my guess too, but why when LocalSocket is commented out. > > I only have TCPSocket and TCPAddr defined And what do you have enabled in the config file of exiscan? -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 13:07:48 CEST 2004 pgpdSWfmlL4vU.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Problems after upgrading to 0.80
[EMAIL PROTECTED] <> wrote: > On Tue, 19 Oct 2004 09:42:23 +0200 > "Graham Dodd" <[EMAIL PROTECTED]> wrote: > >> So I made the leap from 0.75.1 to 0.80 and get the following error >> in exim log >> >> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: >> unable to read from socket (No such file or directory) > > It's trying to use the local socket, isn't it? (and you're using > TCPSocket) That would be my guess too, but why when LocalSocket is commented out. I only have TCPSocket and TCPAddr defined Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
On Tue, 19 Oct 2004 12:39:44 +0200 "Kareem Mahgoub" <[EMAIL PROTECTED]> wrote: > Thanks for the quick help. > I thought it is something in clamav not QS ( on a second thought, it > should really go to QS mailing list ) my apology. > For hitting reply on a previous thread, > I thought it won't harm anybody, but it seems to be something bad. It > will be my last time. And please don't top-post. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 12:39:22 CEST 2004 pgpZCvSi9qFaZ.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
Thanks for the quick help. I thought it is something in clamav not QS ( on a second thought, it should really go to QS mailing list ) my apology. For hitting reply on a previous thread, I thought it won't harm anybody, but it seems to be something bad. It will be my last time. Best Regards, Kareem Mahgoub - Original Message - From: "Niek" <[EMAIL PROTECTED]> To: "ClamAV users ML" <[EMAIL PROTECTED]> Sent: Tuesday, October 19, 2004 12:09 PM Subject: Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80 > On 10/19/2004 10:32 AM +0200, Kareem Mahgoub wrote: > > Hello list, > > I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2. > > after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav. > > I have recompiles qmail-scanner, ran qmail-scanner.pl -z and > > qmail-scanner.pl -g , with the same result. > > Any clue?? > > > > Best Regards, > > Kareem Mahgoub > > Hi, > Like Alex stated, wrong list. > Oh, and don't start a new conversation by replying to an old > message you received from this list. > It messes things up for the threaded readers. > > Regards, > Niek > -- > ___ > Read about mime:http://www.geoapps.com/nomime.shtml > Read about quoting: http://www.netmeister.org/news/learn2quote.html > Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 09:42:23 +0200 "Graham Dodd" <[EMAIL PROTECTED]> wrote: > So I made the leap from 0.75.1 to 0.80 and get the following error in > exim log > > 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: > unable to read from socket (No such file or directory) It's trying to use the local socket, isn't it? (and you're using TCPSocket) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Oct 19 12:34:29 CEST 2004 pgpaT4zWHFTf5.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
On 10/19/2004 10:32 AM +0200, Kareem Mahgoub wrote: Hello list, I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2. after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav. I have recompiles qmail-scanner, ran qmail-scanner.pl -z and qmail-scanner.pl -g , with the same result. Any clue?? Best Regards, Kareem Mahgoub Hi, Like Alex stated, wrong list. Oh, and don't start a new conversation by replying to an old message you received from this list. It messes things up for the threaded readers. Regards, Niek -- ___ Read about mime:http://www.geoapps.com/nomime.shtml Read about quoting: http://www.netmeister.org/news/learn2quote.html Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner-1.23 and clamav 0.80
* Kareem Mahgoub <[EMAIL PROTECTED]> [2004-10-19 10:32]: > Hello list, > I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2. > after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav. > I have recompiles qmail-scanner, ran qmail-scanner.pl -z and > qmail-scanner.pl -g , with the same result. > Any clue?? Besides this is the wrong list, Q-S does work with clamav 0.80. There are just some minor annoyances - you detected one. 1. version information has changed, so Q-S version detection fails (it still detects and call s clamav but fails to print the version information). You might edit qmail-scanner-queue.pl and search for: if (/ersion ([0-9\.\-a-z]+)/i) { $SCANINFO .="clamscan: $1. "; replace with if (/lamav ([0-9\.\-a-z]+)/i) { $SCANINFO .="clamscan: $1. "; 2. clamdscan is called with obsolete args. This doesn't hurt, but fills your log. I didn't check whether clamscan is affected. Replace my $clamdscan_options="-r --disable-summary --max-recursion=10 --max-space=10"; with my $clamdscan_options="--disable-summary"; HTH. BTW, the next version of Q-S will fix this. Alex -- Alex Pleinerzeitform Internet Dienste mailto:[EMAIL PROTECTED] Fraunhoferstraße 5 PGP S/MIME: http://key.zeitform.de/ap 64283 Darmstadt, Germany Tel./Fax: +49 (0) 6151 155-635 / -634 http://www.zeitform.de ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] can't compile clamav 0.80
On Tue, 19 Oct 2004 10:24:07 +0300, Korchmenuk Nickolay <[EMAIL PROTECTED]> wrote: > On Tue, 19 Oct 2004 03:16:53 -0400 > Dale Walsh <[EMAIL PROTECTED]> wrote: > > > > OS: FreeBSD 5.2.1-RELEASE-p1 Update your ports and install from there. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] New version Clamd with Daemontools
All, I stuck to use clamd of version 0.80 with daemontools (I used this scheme very nicely for older version). Does anyone know how to do it? Thx & Rgds, Awie ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Re: clamav-users Digest, Vol 2, Issue 57
PERFECT! > -- > > Message: 12 > Date: Tue, 19 Oct 2004 01:23:37 -0700 > From: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Your ClamAV installation is OUTDATED ? > To: ClamAV users ML <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Quoting Michael Hübler <[EMAIL PROTECTED]>: > > > I couldnt find something about it on the net. So i ask you: What is this? > > Are my hourly updates not enough? How can i solve this problem? > > I have the Clamwin 0.35.2 running. IT IS the latest release. What is > > "Outdated" then? > > As people have already said, ClamWin is using the old ClamAV engine. While > you'll have to wait for a new version of ClamWin to come out, you *may* be > able to update the engine yourself: > > 1) Download the following file and install (it's the win32 port of ClamAV: > http://www.sosdg.org/clamav-win32/clamav-devel.exe > > 2) Copy the contents of c:\clamav-devel\bin and overwrite to c:\Program > Files\ClamWin\bin (this will update the ClamWin engine) > > Now try and update ClamWin and do testing, to make sure it still works. > > Note/Disclaimer thingy: This has worked for me, use above at own risk, etc. > etc. if anyone things this is wrong... yell ;) > > If you're at all worried, just wait for the new version... > > Good luck... > > Steve STEVE ! THIS WORKS ;) Thank you bye Michael ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] freshclam: Chunked Transfer Coding
Hi, First let me apologize if this is way off the mark, but it has aroused my curiosity. When you say "freshclam fails", do you get a return value of 1? I only ask because we have two Web Proxies in the office, one is a Novell box and the other is Squid/Debian. I built the Squid/Debian box as freshclam would not work through the Novell box and for various reasons too boring to go into here, it was just easier to re-route all non vpn traffic via a new proxy than get RSSI of the forehead negotiating with the IT dept - they control the Novell box. As I say, just curious. Regards, Jo. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] qmail-scanner-1.23 and clamav 0.80
Hello list, I have upgraded from clamav 075.1 to clamav-80 using the rpm for FC2. after the upgrade, qmail-scanner ( 1.23 ) is not detecting clamav. I have recompiles qmail-scanner, ran qmail-scanner.pl -z and qmail-scanner.pl -g , with the same result. Any clue?? Best Regards, Kareem Mahgoub ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 10:23:04 +0200 in [EMAIL PROTECTED] "Graham Dodd" <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] <> wrote: > > On Tue, 19 Oct 2004 15:03:13 +0700 "Fajar A. Nugraha" wrote: > > > > [ ... ] > > > >> exim 4.24 (the exiscan patch of it, to be exact) seems to have that > >> problem. Use exim 4.41 instead. > > > > Or use the newest exim-4.43/exiscan-acl-4.43-28 combination. Works > > great with ClamAV 0.80. > > > > --Frank Elsner > > > > Upgrading Exim is not an option at the moment so I guess I'll switch > back to 0.75.1 I think the patch needed is as shown below, from a previous posting to the list: I've just compared the clamd code between exiscan-acl-4.33-20 and exiscan-acl-4.33-28 and found the following (which looks like it could be the cause of the problem): --- exiclam.old 2004-10-13 21:04:43.036454125 +0100 +++ exiclam.new 2004-10-13 21:04:08.433816809 +0100 @@ -87,8 +87,14 @@ +return DEFER; + } + -+ /* we're done sending, close socket for writing */ -+ shutdown(sock, SHUT_WR); ++ /* ++We're done sending, close socket for writing. ++ ++One user reported that clamd 0.70 does not like this any more ... ++ ++ */ ++ ++ /* shutdown(sock, SHUT_WR); */ + + /* Read the result */ + memset(av_buffer, 0, sizeof(av_buffer)); It may be possible to patch your existing Exim with this simple change. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Your ClamAV installation is OUTDATED ?
Quoting Michael Hübler <[EMAIL PROTECTED]>: > I couldnt find something about it on the net. So i ask you: What is this? > Are my hourly updates not enough? How can i solve this problem? > I have the Clamwin 0.35.2 running. IT IS the latest release. What is > "Outdated" then? As people have already said, ClamWin is using the old ClamAV engine. While you'll have to wait for a new version of ClamWin to come out, you *may* be able to update the engine yourself: 1) Download the following file and install (it's the win32 port of ClamAV: http://www.sosdg.org/clamav-win32/clamav-devel.exe 2) Copy the contents of c:\clamav-devel\bin and overwrite to c:\Program Files\ClamWin\bin (this will update the ClamWin engine) Now try and update ClamWin and do testing, to make sure it still works. Note/Disclaimer thingy: This has worked for me, use above at own risk, etc. etc. if anyone things this is wrong... yell ;) If you're at all worried, just wait for the new version... Good luck... Steve ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Problems after upgrading to 0.80
[EMAIL PROTECTED] <> wrote: > On Tue, 19 Oct 2004 15:03:13 +0700 "Fajar A. Nugraha" wrote: > > [ ... ] > >> exim 4.24 (the exiscan patch of it, to be exact) seems to have that >> problem. Use exim 4.41 instead. > > Or use the newest exim-4.43/exiscan-acl-4.43-28 combination. Works > great with ClamAV 0.80. > > --Frank Elsner > Upgrading Exim is not an option at the moment so I guess I'll switch back to 0.75.1 thanks to both Frank and Fajar for the help Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 15:03:13 +0700 "Fajar A. Nugraha" wrote: [ ... ] > exim 4.24 (the exiscan patch of it, to be exact) seems to have that > problem. Use exim 4.41 instead. Or use the newest exim-4.43/exiscan-acl-4.43-28 combination. Works great with ClamAV 0.80. --Frank Elsner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
AW: [Clamav-users] Problems after upgrading to 0.80
--> So I made the leap from 0.75.1 to 0.80 and get the following --> error in exim --> log --> --> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: --> clamd: unable to --> read from socket (No such file or directory) --> 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 H=floyd.blarg.net (mail.blarg.net) --> [206.124.128.8]:56990 F=<[EMAIL PROTECTED]> --> temporarily rejected after DATA --> --> I enabled debugging, restarted clamd and can see no errors had the same problem using exim 4.24 + clamav 0.8 upgraded to exim 4.43/exiscan 28 and the problem was gone ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 15:03:13 +0700 in [EMAIL PROTECTED] "Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote: > exim 4.24 (the exiscan patch of it, to be exact) seems to have that > problem. Use exim 4.41 instead. Or even 4.43 with exiscan-acl-28. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Your ClamAV installation is OUTDATED ?
Michael Hübler wrote: I have an scheudled update every hour. but now i always got this warnings here: --- WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 2, required = 3 --- I couldnt find something about it on the net. So i ask you: What is this? Are my hourly updates not enough? How can i solve this problem? I have the Clamwin 0.35.2 running. IT IS the latest release. Latest ClamWin, but NOT latest clamav :) What is "Outdated" then? Basicly it means there are some functionality in the current db version that will not work unless you use the latest clamav version. Until the new clamwin comes out, your only choice is to ignore this warning. Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Your ClamAV installation is OUTDATED ?
On Tue, 19 Oct 2004 10:00:41 +0200 in [EMAIL PROTECTED] Michael Hübler <[EMAIL PROTECTED]> wrote: > I couldnt find something about it on the net. So i ask you: What is > this? Are my hourly updates not enough? How can i solve this problem? > I have the Clamwin 0.35.2 running. IT IS the latest release. What is > "Outdated" then? Clamwin 0.35.2 uses clamav 0.75.1 as its base. Since yesterday, clamav 0.80 is released, so you need to check for a later version of Clamwin although I expect it will take a little while for this to appear. In the meantime, Clamwin will not use the signatures that require 0.80 so you can keep on using what you have for now. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
Graham Dodd wrote: So I made the leap from 0.75.1 to 0.80 and get the following error in exim log 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: unable to read from socket (No such file or directory) 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 H=floyd.blarg.net (mail.blarg.net) [206.124.128.8]:56990 F=<[EMAIL PROTECTED]> temporarily rejected after DATA exim 4.24 (the exiscan patch of it, to be exact) seems to have that problem. Use exim 4.41 instead. Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems after upgrading to 0.80
On Tue, 19 Oct 2004 09:42:23 +0200 in [EMAIL PROTECTED] "Graham Dodd" <[EMAIL PROTECTED]> wrote: > I'm still searching the archives, but if anyone can point me in the > right direction it would help Have a look at the thread about Exim entitled "Upgrading to 0.80rc3 breaks Exim malware acl". The problem is the version of the exiscan patch you have, you need later than -21. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Your ClamAV installation is OUTDATED ?
Hello together Iam a new ClamAV user. I have installed it a few days ago on my win2k windows PC. I have an scheudled update every hour. but now i always got this warnings here: --- WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 2, required = 3 --- I couldnt find something about it on the net. So i ask you: What is this? Are my hourly updates not enough? How can i solve this problem? I have the Clamwin 0.35.2 running. IT IS the latest release. What is "Outdated" then? Please help me out. How can i fix it. bye Michael ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Problems after upgrading to 0.80
So I made the leap from 0.75.1 to 0.80 and get the following error in exim log 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 malware acl condition: clamd: unable to read from socket (No such file or directory) 2004-10-19 09:20:52 1CJoIe-0002Ut-E3 H=floyd.blarg.net (mail.blarg.net) [206.124.128.8]:56990 F=<[EMAIL PROTECTED]> temporarily rejected after DATA I enabled debugging, restarted clamd and can see no errors Tue Oct 19 09:14:45 2004 -> +++ Started at Tue Oct 19 09:14:45 2004 Tue Oct 19 09:14:45 2004 -> clamd daemon 0.80 (OS: linux-gnu, ARCH: i386, CPU: i686) Tue Oct 19 09:14:45 2004 -> Log file size limited to 1048576 bytes. Tue Oct 19 09:14:45 2004 -> Verbose logging activated. Tue Oct 19 09:14:45 2004 -> Running as user root (UID 0, GID 0) Tue Oct 19 09:14:45 2004 -> Reading databases from /usr/local/share/clamav Tue Oct 19 09:14:47 2004 -> Protecting against 25254 viruses. Tue Oct 19 09:14:47 2004 -> Bound to address 127.0.0.1 on port 3310 Tue Oct 19 09:14:47 2004 -> Setting connection queue length to 15 Tue Oct 19 09:14:47 2004 -> Listening daemon: PID: 9460 Tue Oct 19 09:14:47 2004 -> Archive: Archived file size limit set to 10485760 bytes. Tue Oct 19 09:14:47 2004 -> Archive: Recursion level limit set to 5. Tue Oct 19 09:14:47 2004 -> Archive: Files limit set to 1000. Tue Oct 19 09:14:47 2004 -> Archive: Compression ratio limit set to 200. Tue Oct 19 09:14:47 2004 -> Archive support enabled. Tue Oct 19 09:14:47 2004 -> Archive: RAR support enabled. Tue Oct 19 09:14:47 2004 -> Portable Executable support enabled. Tue Oct 19 09:14:47 2004 -> Mail files support enabled. Tue Oct 19 09:14:47 2004 -> OLE2 support enabled. Tue Oct 19 09:14:47 2004 -> HTML support enabled. Tue Oct 19 09:14:47 2004 -> Self checking every 1800 seconds. Output from ps ax 9460 ?S 0:00 /usr/local/sbin/clamd --config-file /etc/clamav.conf I saved my running config and call it direct from clamd start Here is the appropriate part from the .conf #LocalSocket /tmp/clamd # Remove stale socket after unclean shutdown. FixStaleSocket # TCP port address. TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. TCPAddr 127.0.0.1 I'm still searching the archives, but if anyone can point me in the right direction it would help Thanks, Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0 --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] milter version
when i enter 'clamd -V' i get a version line reflecting the i get a version line indicating the current database version, eg .../535/..., currently. the clamav-milter X-Virus-Scanned lines, however, seem to reflect the version feedback of clamd when the milter was started, not the current one. since the pingServer function seems to be only called at initialization time, i presume this is a feature, not a bug - although it would be much more informative to have the X-Virus-Scanned line reflect the clamd version info valid at scanning time, not the historic one, imho? btw: thank you for an *excellent* piece of software! christian -- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] can't compile clamav 0.80
On Tue, 19 Oct 2004 03:16:53 -0400 Dale Walsh <[EMAIL PROTECTED]> wrote: > > OS: FreeBSD 5.2.1-RELEASE-p1 -- Korchmenuk Nickolay 19 Oct 2004 10:23:50 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] can't compile clamav 0.80
On Oct 19, 2004, at 03:10, Korchmenuk Nickolay wrote: Hi I'v got next errors and warnings whe try configure clamav 0.80: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## checking for resolv.h... yes checking whether setpgrp takes no argument... no checking for __gmpz_init in -lgmp... yes checking for curl >= 7.10.0... FAILED configure: WARNING: curl-config was not found checking for mi_stop in -lmilter... no checking for library containing strlcpy... no checking for mi_stop in -lmilter... no configure: error: Cannot find libmilter OS: FreeBSD 5.2.1-RELEASE-p1 Sendmail 8.13.1 clamav 0.80 'configure' options: --disable-clamuko --enable-milter --disable-pthreads --sysconfdir=/usr/local/etc --with-dbdir=/var/clamav/db How can I solve this problems? -- Korchmenuk Nickolay What OS are you using? (Mac OSX???) -- Dale ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] can't compile clamav 0.80
Hi I'v got next errors and warnings whe try configure clamav 0.80: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## checking for resolv.h... yes checking whether setpgrp takes no argument... no checking for __gmpz_init in -lgmp... yes checking for curl >= 7.10.0... FAILED configure: WARNING: curl-config was not found checking for mi_stop in -lmilter... no checking for library containing strlcpy... no checking for mi_stop in -lmilter... no configure: error: Cannot find libmilter OS: FreeBSD 5.2.1-RELEASE-p1 Sendmail 8.13.1 clamav 0.80 'configure' options: --disable-clamuko --enable-milter --disable-pthreads --sysconfdir=/usr/local/etc --with-dbdir=/var/clamav/db How can I solve this problems? -- Korchmenuk Nickolay 19 Oct 2004 10:06:33 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users