Re: [Clamav-users] Problem compiling clamav-0.80
Thomas Lamy wrote: Ajaya Sharma wrote: Hi, I'm running clamav .7.5.1 and want to update to latest verion. I was able to compile clamav-0.80rc3 without any problem but somehow I remained unsuccessful after clamav-0.80rc3. Below was the error received when attempted to compile clamav-0.80rc4 and clamav-080: fsg.lo line.lo untar.lo special.lo -lz -lpthread -lsocket -lnsl -lc Undefined first referenced symbol in file __eprintf strrcpy.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 make[2]: *** [libclamav.la] Error 1 From your ld path I guess it's some Slowlaris platform. SLOWlaris? LOL. I had no problems compiling on Solaris 9, it was all running out of the box. You may also want to try the 0.80 _release_ (not some release candidate). He did try 0.80 AND 0.80rc4, it didn't work :) My GUESS is it has something to do with your build environment (autoconf, automake, cc, ld, etc.). However I can confirm that 0.80 (and the later CVS snapshots) builds OK on Solaris 8. I had lots of gnu tools on it though, haven't test it on "vanilla" solaris. If you want, you can use my clamav solaris binaries from http://clamav.or.id/snapshot/ or http://clamav.or.id/stable/ Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: Re: [Clamav-users] Problem compiling clamav-0.80
Yes I'm running Solaris 2.6 and I tried with both gcc 3.3.2 and 3.4.2 with no success. I'm just wondering, why I'm not having problem compiling Clamav-0.8.0rc3 but with the same environment I'm getting errors for Clamav-0.8.0 and 0.8.0rc4? Is there any workaround for this? Regards, Ajaya Sharma ___ Ajaya R. Sharma Department of Information Technology Garvan Institute of Medical Research Tel: (02) 9295 8148 384 Victoria St.email: [EMAIL PROTECTED] Darlinghurst NSW 2010, Australia web: http://www.garvan.org.au ___ > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Thomas Lamy > Sent: Thursday, 28 October 2004 4:35 PM > To: ClamAV users ML > Subject: Re: [Clamav-users] Problem > compiling clamav-0.80 > > Ajaya Sharma wrote: > > Hi, > > > > I'm running clamav .7.5.1 and want to update to latest > verion. I was > > able to compile clamav-0.80rc3 without any problem but somehow I > > remained unsuccessful after clamav-0.80rc3. Below was the error > > received when attempted to compile clamav-0.80rc4 and clamav-080: > > > > # make > > ... > > make all-recursive > > make[1]: Entering directory `/Directory/clamav-0.80' > > Making all in libclamav > > make[2]: Entering directory `/Directory/clamav-0.80/libclamav' > > /usr/ccs/bin/ld -G -z defs -h libclamav.so.1 -o > > .libs/libclamav.so.1.0.4 matcher-ac.lo matcher-bm.lo > matcher.lo md5.lo > > others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo > > unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo > > zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo > message.lo > > snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo > vba_extract.lo > > msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo > system.lo upx.lo > > htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo > line.lo untar.lo special.lo -lz -lpthread -lsocket -lnsl -lc > > Undefined first referenced > > symbol in file > > __eprintf strrcpy.lo > > ld: fatal: Symbol referencing errors. No output written to > > .libs/libclamav.so.1.0.4 > > make[2]: *** [libclamav.la] Error 1 > > > > Any input is appreciated. > > > > Thanks in advance. > > > > Aj > > > From your ld path I guess it's some Slowlaris platform. I > had no problems compiling on Solaris 9, it was all running > out of the box. You may also want to try the 0.80 _release_ > (not some release candidate). > > Thomas > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problem compiling clamav-0.80
Ajaya Sharma wrote: Hi, I'm running clamav .7.5.1 and want to update to latest verion. I was able to compile clamav-0.80rc3 without any problem but somehow I remained unsuccessful after clamav-0.80rc3. Below was the error received when attempted to compile clamav-0.80rc4 and clamav-080: # make ... make all-recursive make[1]: Entering directory `/Directory/clamav-0.80' Making all in libclamav make[2]: Entering directory `/Directory/clamav-0.80/libclamav' /usr/ccs/bin/ld -G -z defs -h libclamav.so.1 -o .libs/libclamav.so.1.0.4 matcher-ac.lo matcher-bm.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo special.lo -lz -lpthread -lsocket -lnsl -lc Undefined first referenced symbol in file __eprintf strrcpy.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 make[2]: *** [libclamav.la] Error 1 Any input is appreciated. Thanks in advance. Aj From your ld path I guess it's some Slowlaris platform. I had no problems compiling on Solaris 9, it was all running out of the box. You may also want to try the 0.80 _release_ (not some release candidate). Thomas ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Problem compiling clamav-0.80
Hi, I'm running clamav .7.5.1 and want to update to latest verion. I was able to compile clamav-0.80rc3 without any problem but somehow I remained unsuccessful after clamav-0.80rc3. Below was the error received when attempted to compile clamav-0.80rc4 and clamav-080: # make ... make all-recursive make[1]: Entering directory `/Directory/clamav-0.80' Making all in libclamav make[2]: Entering directory `/Directory/clamav-0.80/libclamav' /bin/ksh ../libtool --mode=link gcc -g -O2 -lsocket -lnsl -o libclamav.la -rpath /usr/local/clamav/lib -thread-safe -version-info 1:4:0 -no-undefined matcher-ac.lo matcher-bm.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo special.lo -lz -lpthread -lsocket -lnsl rm -fr .libs/libclamav.la .libs/libclamav.* .libs/libclamav.* /usr/ccs/bin/ld -G -z defs -h libclamav.so.1 -o .libs/libclamav.so.1.0.4 matcher-ac.lo matcher-bm.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo special.lo -lz -lpthread -lsocket -lnsl -lc Undefined first referenced symbol in file __eprintf strrcpy.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 make[2]: *** [libclamav.la] Error 1 Any input is appreciated. Thanks in advance. Aj ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamdscan Runaway Number of Processes
* Todd Lyons <[EMAIL PROTECTED]> [20041027 22:50]: wrote: > Scott Ryan wanted us to know: > > >I am having a slight problem which appears to have stemmed from swapping from > >tcp sockets to unix sockets. Every now and again, and across 5 identical > >servers, i get a huge number of clamdscan processes, which prevents qmail > >accepting smtp connections. I made the total random assumption that clamav > >has a problem tearing down unix sockets under load. > >However, I would like to be able to prove this so I am looking for someone to > >give some pointer as to where to start looking. > >I would like to use unix sockets as I understand that there is not as much > >overhead compared to tcp sockets, but this issue is causing me a bit of > >problem. > > How many threads do you have set in clamd.conf? Hey Todd, How does one determine the correct number of threads to use in clamd.conf? Answering this question conclusively will help many folks. -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ There are very few personal problems that cannot be solved through a suitable application of high explosives. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
James Lick wrote: The ClamAV authors could put a stop to this by making clamdscan and clamscan the same program and then acting differently depending on which name is run. Why? It's not a problem with clamav but a problem with broken instructions. --- Lars Hansson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] default directories for ClamAV 0.80
Sorry, had it switched on for something else and forgot to turn it off. My apologies. Can anyone answer my question below? Dave > > -Original Message- > From: Tomasz Papszun [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 27, 2004 12:12 PM > To: Dave Filchak > Subject: Re: [Clamav-users] default directories for ClamAV 0.80 > > On Wed, 27 Oct 2004 at 12:09:52 -0400, Dave Filchak wrote: > > This is a multi-part message in MIME format. > > --===0920457405== > Content-Type: multipart/alternative; > boundary="=_NextPart_000_02FE_01C4BC1D.DD5C6570" > > This is a multi-part message in MIME format. > > --=_NextPart_000_02FE_01C4BC1D.DD5C6570 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > > Can someone clarify what the default directories are now for > ClamAV and Mail::ClamAV conf files? I know that there was > some discussion about this but I am not sure it was > definitively answered. My conf files used to reside in > /usr/local/etc/ but when I upgraded, the freshclam daemon > stopped working until I realized that it was now looking for > conf files under /etc and that I had to delete the "Example" > line. The same went for the clamd.conf file. > > I am about to update another server and would like a > definitive answer on the current default location for the files. > > Thanks in advance, > > Dave > > > David Filchak > President - Zuka Inc. > Toronto, On Canada M5V2J1 > www.zuka.net | www.screamingmedia.ca > > > > --=_NextPart_000_02FE_01C4BC1D.DD5C6570 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > > Please, switch OFF writing HTML-ised messages in your mail > program. It's against the netiquette! > > Your program may also have the setting to use the same format > in a answer that a format in a original message. This is bad! > If some clueless user sends email with HTML, you will answer > with HTML too, multiplying junk in the Internet, in hundreds > or thousands mailing list recipients' mailboxes, in archives > of the mailing list stored forever! > > http://www.geoapps.com/nomime.shtml > > -- > Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only > [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. > [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
[EMAIL PROTECTED] wrote: On Wed, 27 Oct 2004, Joe Maimon wrote: The ClamAV authors could put a stop to this by making clamdscan and clamscan the same program and then acting differently depending on which name is run. This is similiar to how gzip and gunzip are This has been brought up before and I am surfacing it again because there was some interest and it would add to the stability of ClamAV. Very simply, clamdscan needs to timeout the connection to clamd after some (sane) amount of time and run clamscan. An action could then be taken to alert someone if clamd died (|sendmail [EMAIL PROTECTED]). When clamd hangs on our system, mail is deferred until I realize mail has stopped and as you can imagine, that is a bad thing. Someday I'll write a mail-server watchdog w/ procmail and cron but I've not had time. Any thoughts on how this should be accomplished? In the clamav distribution contrib tree there is a clamwatch script (perl). It uses Unix or tcp sockets, your call. It returns 1 if clamd is running, 0 if anything bad happens. This is far better than checking only the process table (pgrep clamd or ps -ef |grep [c]lamd) as it actually tests for a known pattern, the Eicar test signature and of course exercises the entire tool. This can be run out of cron via a shell script wrapper, of course, and the return results used to run clamscan or restart clamd or let you know via email/pager that something is broken. Or all of this. Though I don't know how you might hand off the file handle without jiggering the milter or script. I use Sendmail and a third party milter (J-Chkmail) and just restart clamd if things are not right. It's not happened since 0.75.1 was released. My system is configured to tempfail the message if the milter/scanner fails and this gives me a second chance to look at the message when, hopefully, things are in better shape (hasn't happened yet) dp .. knock on wood ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
[EMAIL PROTECTED] wrote: > Oh, I completely agree, that's my job. But if clam has stability > issues, that needs to be addressed in clam. clamd->clamscan failover > code would be short and sweet and the addition to clamdscan would be > minimal compared to the cost of a complete code audit for clamd. The > mail watchdog would be specific to our server and I am not inferring > that any of you should write it. Either way, if clamd is buggy, it > should not be my duty to build a workaround but I will if clamd hasn't > stabilized. My turn to agree. Obviously, if there are stability issues, then the only place that can be addressed is within the software itself. Although, I will be honest, I have never had a single (crash|lockup|instability) with Clam. I still do believe, however, that any monitoring/fallback should be external to Clam. A shell, perl, python or whatever script is more customisable per system/platform. At the end of the day, if you have a failsafe built into software which is monitoring for it's own bugs or problems, what is to say the monitoring/fallback code may be not be susceptible to the problems it is guarding against? :) I personally have no type of monitoring running with Clam, for as I mentioned earlier, it has been rock solid for me. Matt ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
On Thu, 28 Oct 2004, Matt wrote: > There are ways to monitor clamd, and run clamscan if clamd is > unavailable, without expecting the software itself to do it. Clam is > fine as it is. The fault tolerance should be built around the software, > not into it. > > Not meaning to be too blunt about this, but if you have not had time to > create a watchdog for yourself, why should you expect someone else to do > the job for you? Oh, I completely agree, that's my job. But if clam has stability issues, that needs to be addressed in clam. clamd->clamscan failover code would be short and sweet and the addition to clamdscan would be minimal compared to the cost of a complete code audit for clamd. The mail watchdog would be specific to our server and I am not inferring that any of you should write it. Either way, if clamd is buggy, it should not be my duty to build a workaround but I will if clamd hasn't stabilized. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
[EMAIL PROTECTED] wrote: > On Wed, 27 Oct 2004, Joe Maimon wrote: > > > The ClamAV authors could put a stop to this by making clamdscan and > > > clamscan the same program and then acting differently depending on > > > which name is run. This is similiar to how gzip and gunzip are > > This has been brought up before and I am surfacing it again because > there was some interest and it would add to the stability of ClamAV. > Very simply, clamdscan needs to timeout the connection to clamd after > some(sane) amount of time and run clamscan. An action could then be > taken to alert someone if clamd died (|sendmail [EMAIL PROTECTED]). > When clamd hangs on our system, mail is deferred until I realize mail > has stopped and as you can imagine, that is a bad thing. Someday I'll > write a mail-server watchdog w/ procmail and cron but I've not had time. > > Any thoughts on how this should be accomplished? > There are ways to monitor clamd, and run clamscan if clamd is unavailable, without expecting the software itself to do it. Clam is fine as it is. The fault tolerance should be built around the software, not into it. Not meaning to be too blunt about this, but if you have not had time to create a watchdog for yourself, why should you expect someone else to do the job for you? Matt ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] cron that restarts clamd
On Wed, 27 Oct 2004, Joe Maimon wrote: > > The ClamAV authors could put a stop to this by making clamdscan and > > clamscan the same program and then acting differently depending on > > which name is run. This is similiar to how gzip and gunzip are >An action could then be taken to >alert someone if clamd died (|sendmail [EMAIL PROTECTED]). When clamd >hangs on our system, mail is deferred until I realize mail has stopped and as you can imagine, that is a bad thing. I run a cron once an hour that runs freshclam and does some clamd checks. If clamd is not running or errors, an email is sent, any clamd processes are killed and a new clamd is started. It has worked well for me. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV outdated
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES WARNING: Your ClamAV installation is OUTDATED - please update immediately ! I am a beginner and I use Mailscanner on a Red Hat box, what I should do to resolve this?! - I swear this is on the list about every 3 days. Install GMP devel for the digital signatures. It's mentioned in the docs. Update clam to one of the latest versions(.80). Even the lastest snapshots are quite stable. -Troy ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV outdated
On Thu, 28 Oct 2004, Alexandre Vidal Pinheiro wrote: > WARNING: Your ClamAV installation is OUTDATED - please update immediately ! > WARNING: Current functionality level = 2, required = 3 > > I am a beginner and I use Mailscanner on a Red Hat box, what I should do > to resolve this?! Install a newer version ? Perhaps the latest from the web site ? http://www.clamav.net == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] ClamAV outdated
Hi, I have been received this warning throught cronjob of ClamAV, in the last days: ClamAV update process started at Wed Oct 27 05:50:02 2004SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURESReading CVD header (main.cvd): OKmain.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)Reading CVD header (daily.cvd): OKdaily.cvd is up to date (version: 553, sigs: 1729, f-level: 3, builder: ccordes)WARNING: Your ClamAV installation is OUTDATED - please update immediately !WARNING: Current functionality level = 2, required = 3 I am a beginner and I use Mailscanner on a Red Hat box, what I should do to resolve this?! Regards, Alexandre ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
On Wed, 27 Oct 2004, Joe Maimon wrote: > > The ClamAV authors could put a stop to this by making clamdscan and > > clamscan the same program and then acting differently depending on > > which name is run. This is similiar to how gzip and gunzip are This has been brought up before and I am surfacing it again because there was some interest and it would add to the stability of ClamAV. Very simply, clamdscan needs to timeout the connection to clamd after some (sane) amount of time and run clamscan. An action could then be taken to alert someone if clamd died (|sendmail [EMAIL PROTECTED]). When clamd hangs on our system, mail is deferred until I realize mail has stopped and as you can imagine, that is a bad thing. Someday I'll write a mail-server watchdog w/ procmail and cron but I've not had time. Any thoughts on how this should be accomplished? -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamdscan Runaway Number of Processes
On Wednesday 27 October 2004 22:27, Todd Lyons shaped the electrons to say: > Scott Ryan wanted us to know: > >> How many threads do you have set in clamd.conf? > > > >Ah. This could very well be the issue. I have threads set to 200, but it > > could be possible that I have more concurrent local and remote smtp > > connections. I will try to increase the number o threads to see if this > > helps any. > > I have two pretty busy servers and my threads are set at 40. Unless > you're pushing more than 100K emails a day 1million+ Easily. > , I don't see the threads > being the problem. I'd suggest lowering the thread count first to see > if that makes a difference, either better or worse. That number "200" > always makes me think "max open file" limits. I will check that out, although im sure that the limits are set to 1024 (default i think with redhat) -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamdscan Runaway Number of Processes
Scott Ryan wanted us to know: >> How many threads do you have set in clamd.conf? >Ah. This could very well be the issue. I have threads set to 200, but it could >be possible that I have more concurrent local and remote smtp connections. >I will try to increase the number o threads to see if this helps any. I have two pretty busy servers and my threads are set at 40. Unless you're pushing more than 100K emails a day, I don't see the threads being the problem. I'd suggest lowering the thread count first to see if that makes a difference, either better or worse. That number "200" always makes me think "max open file" limits. -- Regards... Todd OS X: We've been fighting the "It's a mac" syndrome with upper management for years now. Lately we've taken to just referring to new mac installations as "Unix" installations when presenting proposals and updates. For some reason, they have no problem with that. -- /. Linux kernel 2.6.8.1-12mdkenterprise 4 users, load average: 0.11, 0.15, 0.16 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamdscan Runaway Number of Processes
On Wednesday 27 October 2004 21:48, Todd Lyons shaped the electrons to say: > Scott Ryan wanted us to know: > >I am having a slight problem which appears to have stemmed from swapping > > from tcp sockets to unix sockets. Every now and again, and across 5 > > identical servers, i get a huge number of clamdscan processes, which > > prevents qmail accepting smtp connections. I made the total random > > assumption that clamav has a problem tearing down unix sockets under > > load. > >However, I would like to be able to prove this so I am looking for someone > > to give some pointer as to where to start looking. > >I would like to use unix sockets as I understand that there is not as much > >overhead compared to tcp sockets, but this issue is causing me a bit of > >problem. > > How many threads do you have set in clamd.conf? Ah. This could very well be the issue. I have threads set to 200, but it could be possible that I have more concurrent local and remote smtp connections. I will try to increase the number o threads to see if this helps any. -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamdscan Runaway Number of Processes
Scott Ryan wanted us to know: >I am having a slight problem which appears to have stemmed from swapping from >tcp sockets to unix sockets. Every now and again, and across 5 identical >servers, i get a huge number of clamdscan processes, which prevents qmail >accepting smtp connections. I made the total random assumption that clamav >has a problem tearing down unix sockets under load. >However, I would like to be able to prove this so I am looking for someone to >give some pointer as to where to start looking. >I would like to use unix sockets as I understand that there is not as much >overhead compared to tcp sockets, but this issue is causing me a bit of >problem. How many threads do you have set in clamd.conf? -- Regards... Todd We should not be building surveillance technology into standards. Law enforcement was not supposed to be easy. Where it is easy, it's called a police state. -- Jeff Schiller on NANOG Linux kernel 2.6.8.1-12mdkenterprise 4 users, load average: 0.14, 0.16, 0.15 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Clamdscan Runaway Number of Processes
I am having a slight problem which appears to have stemmed from swapping from tcp sockets to unix sockets. Every now and again, and across 5 identical servers, i get a huge number of clamdscan processes, which prevents qmail accepting smtp connections. I made the total random assumption that clamav has a problem tearing down unix sockets under load. However, I would like to be able to prove this so I am looking for someone to give some pointer as to where to start looking. I would like to use unix sockets as I understand that there is not as much overhead compared to tcp sockets, but this issue is causing me a bit of problem. any help would be appreciated. -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Question about upgrading
I am currently running: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c Running freshclam gets me the following message: WARNING: Your ClamAV installation is OUTDATED - please update immediately !WARNING: Current functionality level = 2, required = 3 I compiled up 0.80 on a backup server. The program and milter are working fine. I don't want to have to also have to compile on the production server. As the backup and production have the same flavor and version of Linux, can I just copy over the binaries and configuration files, kill and restart the appropriate processes? Also, the email headers on the backup server show that I am still using the old clamav-milter - is this correct? Thanks Mark Penkower ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] SomeFool.P in .doc file?
We have one client, who was trying to send some MS Word (doc) file from Outlook Express. Message was rejected by Exiscan with ClamAV 0.80: Wed Oct 27 10:56:19 2004 -> /var/spool/exim/scan/1CMjao-0004ts-Qg/1CMjao-0004ts-Qg.eml: Worm.SomeFool.P FOUND Wed Oct 27 10:56:19 2004 -> /var/spool/exim/scan/1CMjao-0004ts-Qg/1CMjao-0004ts-Qg-0.doc: Worm.SomeFool.P FOUND I can't remember SomeFool virus infecting MS Word files. I thought actually it was some kind of worm, so I'm not sure if this file is not a false positive. Unfortunately I can't get this suspicious file from our client, so I only want to verify if it's possible to have MS Word file infected by SomeFool.P. -- Jacek Politowski [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] default directories for ClamAV 0.80
Can someone clarify what the default directories are now for ClamAV and Mail::ClamAV conf files? I know that there was some discussion about this but I am not sure it was definitively answered. My conf files used to reside in /usr/local/etc/ but when I upgraded, the freshclam daemon stopped working until I realized that it was now looking for conf files under /etc and that I had to delete the "Example" line. The same went for the clamd.conf file. I am about to update another server and would like a definitive answer on the current default location for the files. Thanks in advance, Dave David FilchakPresident - Zuka Inc.Toronto, On Canada M5V2J1www.zuka.net | www.screamingmedia.ca ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Lockups with Clamav-0.80 on NetBSD-i386
On Wed, 27 Oct 2004 07:54:38 -0700 (PDT) in [EMAIL PROTECTED] Len Burns <[EMAIL PROTECTED]> wrote: > would appreciate any hints One hint is not to reply to an existing mailing list thread without removing the In-Reply-To: and/or References: headers if you wish to start a new thread -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] [Clamav-virusdb] SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Oct 2004, Tomasz Papszun wrote: > On Wed, 27 Oct 2004 at 15:22:00 +0100, [EMAIL PROTECTED] wrote: > [...] > > Well at least I know this SPF thing really works. !!! It is almost as good > > as ClamAV. > > > > But it makes ".forward" hardly useful :-( . > > -- No got this working too. see http://www.libsrs.org Enjoy. Jim :-) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBf7lxRdAZy0oJ0LwRAjt3AJ46qovyIzTyf/CRLdYV+nw9HQOzAwCfZN0x r0iA4dBu7LNcqbGN1zn3zL8= =Uw3k -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] [Clamav-virusdb] SPF records
On Wed, 27 Oct 2004 at 15:22:00 +0100, [EMAIL PROTECTED] wrote: [...] > Well at least I know this SPF thing really works. !!! It is almost as good > as ClamAV. > But it makes ".forward" hardly useful :-( . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Lockups with Clamav-0.80 on NetBSD-i386
Good Morning, I am looking for some hints as to how to chase down a most annoying problem on NetBSD-i386. This has spanned several versions of clamav. At the moment I am running clamav-0.80 on NetBSD1.6.2_STABLE on an i386 machine. It is working well, but at what seem to be quite random intervals, clamd freezes up. I stop incoming mail, kill it off, restart it and all is well for any where from a couple of hours to several days, and then again it locks up. I am not quite sure how to approach chasing this down, and would appreciate any hints. TIA! -Len ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] [Clamav-virusdb] SPF records
Brian Morrison wrote: On Wed, 27 Oct 2004 15:22:00 +0100 (BST) in [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Well at least I know this SPF thing really works. For some value of works. Especially those defined by Spamassassin NOT ;-) -- _/_/_/_/ _/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/_/ _/ _/ _/ _/_/_/_/ _/ _/ _/ Bill Maidment Maidment Enterprises Pty Ltd Unless you are named "Alfred E. Newman", you may read only the "odd numbered words" (every other word beginning with the first) of the message above. If you have violated that, then you hereby owe the sender AU$10 for each even numbered word you have read. Adapted from "Stupid Email Disclaimers" (see http://www.goldmark.org/jeff/stupid-disclaimers/) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] [Clamav-virusdb] SPF records
On Wed, 27 Oct 2004 15:22:00 +0100 (BST) in [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > Well at least I know this SPF thing really works. For some value of works. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] [Clamav-virusdb] SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Oct 2004, James Lick wrote: > [EMAIL PROTECTED] wrote: > > > > >Received-SPF: fail (batman.heartsine.com: domain of > >[EMAIL PROTECTED] does not designate 12.152.184.25 > >as permitted sender) > >receiver=batman.heartsine.com; client_ip=12.152.184.25; > >[EMAIL PROTECTED]; > > > > > > Jim, > > I'm getting my list mail directly from aj.catt.com which is > authorized by the lists.clamav.net spf record. Perhaps you should try > subscribing to the list through lists.clamav.net instead of > sourceforge.net and see if that helps. > EXCELLENT. You were right. It was so long ago that I subscribed I forgot I used an alias routed through my sourceforge account. That explains why I weas receiving them via sourceforge. Unsubscribed as that and re-subscribed as me directly and hey presto. Thanks, that one had me going for a mo. I couldn't understand why I got the clamav-users via aj.catt.com and the clamav-virusdb via sourceforge. Now it all makes perfect sense. Well at least I know this SPF thing really works. !!! It is almost as good as ClamAV. Cheers, Jim :-) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBf68MRdAZy0oJ0LwRAvp6AJ0e1sO17y/a/fGK3y1wm3bIWbUcYACdHcX9 p0XA/tt6V2h8ebxBHWz1YY4= =/eHr -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] [Clamav-virusdb] SPF records
[EMAIL PROTECTED] wrote: Received-SPF: fail (batman.heartsine.com: domain of [EMAIL PROTECTED] does not designate 12.152.184.25 as permitted sender) receiver=batman.heartsine.com; client_ip=12.152.184.25; [EMAIL PROTECTED]; Jim, I'm getting my list mail directly from aj.catt.com which is authorized by the lists.clamav.net spf record. Perhaps you should try subscribing to the list through lists.clamav.net instead of sourceforge.net and see if that helps. -- James Lick -- éåæ -- [EMAIL PROTECTED] -- http://jameslick.com/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] [Clamav-virusdb] SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Oct 2004, Christoph Cordes wrote: > ClamAV database updated (2004.10.27 10:58 GMT): daily.cvd > Version: 556 > > Submission: 6424-web, 6425-web > Sender: Gabor Funk, Andrey Melnikov > Submitted virus name: Bagz[.gen], I-Worm.Bagz.f > Added: Worm.Bagz.E > > > -- > Best regards, > Christoph mailto:[EMAIL PROTECTED] > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb > Dear Christoph and clamav team, we about to activate failure based upon SPF records. For four days now we have had it running on our MTA, but before we start rejecting we decided to watch the Received-SPF headers for any signs of unwanted failures. Of all the failures only one is a problem for us. Namely the clamav list emails. See headers as follows :- Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from alfred.belfast.heartsine.net (Alfred.belfast.heartsine.net [192.168.1.34]) by jim.belfast.heartsine.net (Postfix) with ESMTP id D6D5A1017F for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 12:24:55 +0100 (BST) Received: from batman.heartsine.com (batman.heartsine.com [192.168.1.2]) by alfred.belfast.heartsine.net (8.12.10/8.12.10) with ESMTP id i9RBOtxq013365 for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 12:24:55 +0100 Received-SPF: fail (batman.heartsine.com: domain of [EMAIL PROTECTED] does not designate 12.152.184.25 as permitted sender) receiver=batman.heartsine.com; client_ip=12.152.184.25; [EMAIL PROTECTED]; Received: from externalmx-1.sourceforge.net (externalmx-1.sourceforge.net [12.152.184.25]) by batman.heartsine.com (8.13.1/8.13.1) with ESMTP id i9RBOscI000499 for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 12:24:54 +0100 Received: from aj.catt.com ([64.18.103.6] ident=postfix) by externalmx-1.sourceforge.net with esmtp (Exim 4.41) id 1CMlv3-0004aG-4T; Wed, 27 Oct 2004 04:24:47 -0700 Received: from aj.catt.com (localhost [127.0.0.1]) by aj.catt.com (Postfix) with ESMTP id CE2371561BB; Wed, 27 Oct 2004 07:24:10 -0400 (EDT) Received: from precompiled.de (precompiled.de [217.160.131.71]) by aj.catt.com (Postfix) with SMTP id E017010B8C2 for <[EMAIL PROTECTED]>; Wed, 27 Oct 2004 07:24:05 -0400 (EDT) Received: (qmail 17031 invoked by uid 0); 27 Oct 2004 11:24:05 - Received: from [EMAIL PROTECTED] by nmi by uid 524 with qmail-scanner-1.20 Processed in 0.032446 secs; 27 Oct 2004 11:24:05 - Received: from i528c2311.versanet.de (HELO ?127.0.0.1?) (82.140.35.17) by 0 with SMTP; 27 Oct 2004 11:24:04 - X-AntiVirus: Checked by Dr.Web [version: 4.32a, engine: 4.32a, virus records: 58178, updated: 27.10.2004] Message-ID: <[EMAIL PROTECTED]> Date: Wed, 27 Oct 2004 13:30:11 +0200 From: Christoph Cordes <[EMAIL PROTECTED]> As you can see had we started rejecting, then this message [Clamav-virusdb] Update (daily: 556) would have been rejected. I have manually checked the SPF records and while clamav.net doesn't list any spf permissions the Return-path : <[EMAIL PROTECTED]> domain lists.clamav.net lists :- lists.clamav.net. 300 IN TXT "v=spf1 mx -all" the mx as permitted, namely :- lists.clamav.net. 1200IN MX 20 mail.oltrelinux.com. lists.clamav.net. 1200IN MX 10 aj.catt.com. mail.oltrelinux.com.3600IN A 194.242.226.43 aj.catt.com.2277IN A 64.18.103.6 I not an expert on SPF (yet) and I appologies if I have done something wrong on my end but as I understand it according to the SPF authorities for the return paths quoted in this email the server :- externalmx-1.sourceforge.net : 12.152.184.25 is not permitted to send emails for this domain. Am I correct and do you need to fix your SPF records ? Jim :-) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBf6NtRdAZy0oJ0LwRArb7AJ9B8IHStw+V+OimNqW8its9DO1xsACeIr+7 IJ5sjqOPuekj35W9tpBDIng= =bQ16 -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
On Wed, 27 Oct 2004 20:07:20 +0800 James Lick <[EMAIL PROTECTED]> wrote: > It wouldn't be necessary to make clamscan and clamdscan the same > program > in this case. One could have clamscan check to see if it was invoked > as > clamdscan and if so refuse to run. Yes, it should be up to the end > user > to not screw up his own system, but this one issue has caused enough > grief here that such screw ups deserve a bit more direct effect. I > think it is entirely reasonable to have clamscan not work if it is > called clamdscan. I disagree. The source of the confusion must be fixed and not the victim. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Oct 27 14:21:06 CEST 2004 pgpfjFhw9DIkI.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
It wouldn't be necessary to make clamscan and clamdscan the same program in this case. One could have clamscan check to see if it was invoked as clamdscan and if so refuse to run. Yes, it should be up to the end user to not screw up his own system, but this one issue has caused enough grief here that such screw ups deserve a bit more direct effect. I think it is entirely reasonable to have clamscan not work if it is called clamdscan. -- James Lick -- éåæ -- [EMAIL PROTECTED] -- http://jameslick.com/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
James Lick wrote: Jason Haar wrote: I am now going to figure out a way that the installation of Qmail-Scanner will *ignore* the presense of clamdscan if its actually clamscan - that is really too gross to allow to continue. The ClamAV authors could put a stop to this by making clamdscan and clamscan the same program and then acting differently depending on which name is run. This is similiar to how gzip and gunzip are actually the same program but when called as gzip it compresses and as gunzip it uncompresses. The way I understand it most people recommend that the argv[0] mechanism be only used a) each of the programs functionality would duplicate significant portions of functionality/code b) there be a command-line switch that overrides any meaning argv[0] may have c) there should be an intelligent default Its not done nearly as often as it is _possible_ to be done, for the above reasons. Gzip and sendmail are some well known programs who do this. However, most people do not agree that sendmail is a textbook example of fine design. I believe GNU coding conventions recommends against the practice as well. Often one accomplishes the goal of (a) above by linking in some of the object files of one program to another. Or a librarywait...clamav does this already. As far as I am aware sym/hard links are currently only commonplace on unix-like systems. This would be an unneccessary hardship to the windows porters. As for the stated goal, my personal feelings is that just as users should not be trying to thwart developers, neither should developers try to thwart users. And since large portions of clamscan arguments do not apply for clamdscan, we would be provoking more confusion in that regard as well. I also suspect that there is far less similarity in the code for clamscan and clamdscan than one would expectbut I havent looked recently. As for the packager, his instructions do clearly note that it is his personal workaround preference. People who ignore that disclaimer are IMO doing so at their own risk. So are people who install complext software without reading *any* of the vendor(clamav) supplied doc. My alma mater, School Of Hard Knocks advises me that they deserve what they get. However, this list does not deserve the repeated annoyance of answering the same question. Most intelligent humans seem to feel that answering the same question repeatedly is a unique 21st century form of torture. Were I the packager, my personal workaround preference would be to configure qscan to call clamscan, instead of mucking with the clamav install. Furthermore, the documentation appears to have been updated for the .80 series -- notice the use of clamd.conf (Perhaps the workaround is meant to be overriden by newer installs of clamav?) Excuse the above rants... Joe ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
On Oct 26, 2004, at 4:45 AM, Eric Worthy wrote: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1290 qscand 15 0 57368 56m 696 R 50.8 5.6 172:29.51 clamdscan 25135 qscand 14 0 57368 56m 696 R 50.2 5.6 187:57.60 clamdscan 4980 qscand 15 0 57368 46m 696 R 50.2 4.6 167:42.45 clamdscan 30917 qscand 14 0 57368 56m 696 R 49.8 5.6 177:53.10 clamdscan 8861 qscand 15 0 57368 776 696 R 49.5 0.1 163:36.55 clamdscan 28183 qscand 14 0 57368 56m 696 R 49.2 5.6 182:21.71 clamdscan Is your softlimit set to about 60MB? If so I have seen a similar problem. You will need to set a limit to the size of the mails you accept. In my box I have a softlimit of 150MB and a mail size limit of 30MB. Problem surfaced with 0.75-1. Prior to that the system did not hit the softlimit and get stuck there, irrespective of mail size. Abdul Anyone have any advice on what I could be doing wrong or how to improve the performance of the scanning? Thanks, Eric *update* - 8:00pm Monday night - I rebooted and it's all back to normal for now. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users East Coast Access Tel: 031-566-8080 Fax: 031-566-8010 Web: http://www.eastcoast.co.za ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Performance Help - 100% cpu usage
On Tuesday 26 October 2004 18:47, Jim Maul shaped the electrons to say: > Scott Ryan wrote: > > > > > What are we arguing about here? I just know in my experience that you are > > seriously shooting yourself in the foot by using clamscan to scan all > > mails. Trog's suggestion of modifying qmail-scanner (if you really want > > to create the link) sounds like the sensible solution to those who use > > QMR. > > Im simply arguing the fact that someone has spent a lot of their time to > help out the community by creating the QMR setup instructions I dont think that anyone doubts that. As has been mentioned in the thread, documentation is the hardest part of any installation / build process. > and > because of some points made in that install this person is being accused > of being ignorant, stupid and breaking code. Again, I dont think that anyone thinks that the Author is 'stupid', just that the benefits of using clamdscan over clamscan is in orders of magnitude more beneficial. By suggesting to users to replace it is not wise, thats all. If you are in contact with the author maybe it is worth suggesting to him to make the change. > > Thats just flat out wrong. > > -Jim > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- +--+ (0> Scott Ryan //\ Senior Unix/Linux Engineer V_/_Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
