Re: [Clamav-users] Compile woes.
alan premselaar wrote: jay wrote: Hi, all: I'm pretty new to all of this compile stuff. I've gotten this far, with a lot of trial and error. My system: Sun Solaris 9 X86 on a random old PC, AMD chip, 1 gig ram. Mail Server: Sun Java Enterprise System Messaging Server 6.1 (installed, and working) SpamAssassin 3.01 (took me a week of messing with it to get it to compile) I'd truly like to get Clam AV working. configure runs without error. Make offers this, after many screenfulls: /usr/ccs/bin/ld -G -z defs -h libclamav.so.1 -o .libs/libclamav.so.1.0.4 matcher-ac.lo matcher-bm.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo special.lo -lz -lbz2 -lpthread -lsocket -lnsl -lc (cd .libs && rm -f libclamav.so.1 && ln -s libclamav.so.1.0.4 libclamav.so.1) (cd .libs && rm -f libclamav.so && ln -s libclamav.so.1.0.4 libclamav.so) ar cru .libs/libclamav.a matcher-ac.o matcher-bm.o matcher.o md5.o others.o readdb.o cvd.o dsig.o str.o scanners.o filetypes.o unrarlib.o zzip-dir.o zzip-err.o zzip-file.o zzip-info.o zzip-io.o zzip-stat.o zzip-zip.o strc.o blob.o mbox.o message.o snprintf.o strrcpy.o table.o text.o ole2_extract.o vba_extract.o msexpand.o pe.o cabd.o lzxd.o mszipd.o qtmd.o system.o upx.o htmlnorm.o chmunpack.o rebuildpe.o petite.o fsg.o line.o untar.o special.o ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 It looks to me like it's not finding the binary, "ar", though it's in the normal place. any ideas? Jay, not sure what's causing the problem, but some troubleshooting tips might be to run ar from the shell and see if it responds as expected (i.e. gives you the usage display and not some error) .. to confirm that ar isn't corrupted or something. Nope. just fine. also, you may want to edit the file 'libtool' in the clamav distribution (normally I wouldn't suggest doing this, but it might shed some light on the problem) and change the line that reads AR="ar" to AR="/full/path/to/ar" (with the correct path to ar of course) and see if that makes a difference. Compiled to completion. No problem. . . . This is enough for me. THANK YOU! if that makes a difference, then there is likely a problem with the PATH for the shell in which you're running the compile under. anyways, some things to try. hope it helps alan ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
jay wrote: Hi, all: I'm pretty new to all of this compile stuff. I've gotten this far, with a lot of trial and error. My system: Sun Solaris 9 X86 on a random old PC, AMD chip, 1 gig ram. Mail Server: Sun Java Enterprise System Messaging Server 6.1 (installed, and working) SpamAssassin 3.01 (took me a week of messing with it to get it to compile) I'd truly like to get Clam AV working. configure runs without error. Make offers this, after many screenfulls: /usr/ccs/bin/ld -G -z defs -h libclamav.so.1 -o .libs/libclamav.so.1.0.4 matcher-ac.lo matcher-bm.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo special.lo -lz -lbz2 -lpthread -lsocket -lnsl -lc (cd .libs && rm -f libclamav.so.1 && ln -s libclamav.so.1.0.4 libclamav.so.1) (cd .libs && rm -f libclamav.so && ln -s libclamav.so.1.0.4 libclamav.so) ar cru .libs/libclamav.a matcher-ac.o matcher-bm.o matcher.o md5.o others.o readdb.o cvd.o dsig.o str.o scanners.o filetypes.o unrarlib.o zzip-dir.o zzip-err.o zzip-file.o zzip-info.o zzip-io.o zzip-stat.o zzip-zip.o strc.o blob.o mbox.o message.o snprintf.o strrcpy.o table.o text.o ole2_extract.o vba_extract.o msexpand.o pe.o cabd.o lzxd.o mszipd.o qtmd.o system.o upx.o htmlnorm.o chmunpack.o rebuildpe.o petite.o fsg.o line.o untar.o special.o ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 It looks to me like it's not finding the binary, "ar", though it's in the normal place. any ideas? Jay, not sure what's causing the problem, but some troubleshooting tips might be to run ar from the shell and see if it responds as expected (i.e. gives you the usage display and not some error) .. to confirm that ar isn't corrupted or something. also, you may want to edit the file 'libtool' in the clamav distribution (normally I wouldn't suggest doing this, but it might shed some light on the problem) and change the line that reads AR="ar" to AR="/full/path/to/ar" (with the correct path to ar of course) and see if that makes a difference. if that makes a difference, then there is likely a problem with the PATH for the shell in which you're running the compile under. anyways, some things to try. hope it helps alan ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
C. Bensend wrote: # ls -l /usr/ccs/bin/ar -r-xr-xr-x 1 root bin30140 May 10 2004 /usr/ccs/bin/ar OK. # echo $PATH /usr/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/bin:/usr/ucb:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin OK again. What does 'which ar' say? # which ar /usr/ccs/bin/ar Thank you for taking part. jay ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
> # ls -l /usr/ccs/bin/ar > -r-xr-xr-x 1 root bin30140 May 10 2004 /usr/ccs/bin/ar OK. > # echo $PATH > /usr/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/bin:/usr/ucb:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin OK again. What does 'which ar' say? -- "Fry cracked corn, and I don't care, Leela cracked corn, and still don't care, Bender cracked corn, and he is great! Take THAT you stupid corn!" -- Bender, Futurama ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
Fajar A. Nugraha wrote: jay wrote: Dennis Peterson wrote: jay wrote: ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 It looks to me like it's not finding the binary, "ar", though it's in the normal place. any ideas? Is /usr/ccs/bin in your path ($ echo $PATH)? You need it only for the compilation. Dennis, thank you for your suggestion, but it's made no difference. At all. . Which suggestions did you try exactly? Dennis made a lot :) All of'em . .. Just to clarify, do you have ar as /usr/ccs/bin/ar ? # ls -l /usr/ccs/bin/ar -r-xr-xr-x 1 root bin30140 May 10 2004 /usr/ccs/bin/ar If not, install the package from installation cd or get GNU binutils from sunfreeware.com. Is /usr/ccs/bin (or /usr/local/bin if you use GNU binutils) somewhere in your PATH? If not, try # echo $PATH /usr/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/bin:/usr/ucb:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin PATH=$PATH:/usr/ccs/bin:/usr/local/bin export PATH before compiling Yep, did that. . . . Thank you for trying. Apreciated. Other than this, the combination of Messaging Server and SpamAssassin is working very well. Better than on Redhat. Still looking. . . jay Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
jay wrote: Dennis Peterson wrote: jay wrote: ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 It looks to me like it's not finding the binary, "ar", though it's in the normal place. any ideas? Is /usr/ccs/bin in your path ($ echo $PATH)? You need it only for the compilation. Dennis, thank you for your suggestion, but it's made no difference. At all. . Which suggestions did you try exactly? Dennis made a lot :) Just to clarify, do you have ar as /usr/ccs/bin/ar ? If not, install the package from installation cd or get GNU binutils from sunfreeware.com. Is /usr/ccs/bin (or /usr/local/bin if you use GNU binutils) somewhere in your PATH? If not, try PATH=$PATH:/usr/ccs/bin:/usr/local/bin export PATH before compiling Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
Dennis Peterson wrote: jay wrote: Hi, all: I'm pretty new to all of this compile stuff. I've gotten this far, with a lot of trial and error. My system: Sun Solaris 9 X86 on a random old PC, AMD chip, 1 gig ram. Mail Server: Sun Java Enterprise System Messaging Server 6.1 (installed, and working) SpamAssassin 3.01 (took me a week of messing with it to get it to compile) I'd truly like to get Clam AV working. configure runs without error. Make offers this, after many screenfulls: [snippage happened] ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 It looks to me like it's not finding the binary, "ar", though it's in the normal place. any ideas? Is /usr/ccs/bin in your path ($ echo $PATH)? You need it only for the compilation. I like to use a wrapper script around the build process so I can repeat it often. It's a good place to add a temporary path as well as any ./configure options. Another good idea is to use crle to fill out your library search path so you don't need to mess with LD_LIBRARY_PATH hacks. For example (linux people: you look the other way for a moment): $ crle -c /var/ld/ld.config \ -l /usr/lib:/usr/local/lib:/usr/local/ssl/lib:/usr/local/BerkeleyDB.4.1/lib You absolutely must include the /usr/lib directory or the system will crash. Add the rest as needed. You cannot edit ld.config directly though it is tempting to do so. dp ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Dennis, thank you for your suggestion, but it's made no difference. At all. . Exact same error message, in exactly the same place. I even tried the most current snapshot, to see if it's something that's been fixed. No difference there, either. . . jay ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
jay wrote: Hi, all: I'm pretty new to all of this compile stuff. I've gotten this far, with a lot of trial and error. My system: Sun Solaris 9 X86 on a random old PC, AMD chip, 1 gig ram. Mail Server: Sun Java Enterprise System Messaging Server 6.1 (installed, and working) SpamAssassin 3.01 (took me a week of messing with it to get it to compile) I'd truly like to get Clam AV working. configure runs without error. Make offers this, after many screenfulls: [snippage happened] ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 It looks to me like it's not finding the binary, "ar", though it's in the normal place. any ideas? Is /usr/ccs/bin in your path ($ echo $PATH)? You need it only for the compilation. I like to use a wrapper script around the build process so I can repeat it often. It's a good place to add a temporary path as well as any ./configure options. Another good idea is to use crle to fill out your library search path so you don't need to mess with LD_LIBRARY_PATH hacks. For example (linux people: you look the other way for a moment): $ crle -c /var/ld/ld.config \ -l /usr/lib:/usr/local/lib:/usr/local/ssl/lib:/usr/local/BerkeleyDB.4.1/lib You absolutely must include the /usr/lib directory or the system will crash. Add the rest as needed. You cannot edit ld.config directly though it is tempting to do so. dp ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Compile woes.
Hi, all: I'm pretty new to all of this compile stuff. I've gotten this far, with a lot of trial and error. My system: Sun Solaris 9 X86 on a random old PC, AMD chip, 1 gig ram. Mail Server: Sun Java Enterprise System Messaging Server 6.1 (installed, and working) SpamAssassin 3.01 (took me a week of messing with it to get it to compile) I'd truly like to get Clam AV working. configure runs without error. Make offers this, after many screenfulls: /usr/ccs/bin/ld -G -z defs -h libclamav.so.1 -o .libs/libclamav.so.1.0.4 matcher-ac.lo matcher-bm.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo special.lo -lz -lbz2 -lpthread -lsocket -lnsl -lc (cd .libs && rm -f libclamav.so.1 && ln -s libclamav.so.1.0.4 libclamav.so.1) (cd .libs && rm -f libclamav.so && ln -s libclamav.so.1.0.4 libclamav.so) ar cru .libs/libclamav.a matcher-ac.o matcher-bm.o matcher.o md5.o others.o readdb.o cvd.o dsig.o str.o scanners.o filetypes.o unrarlib.o zzip-dir.o zzip-err.o zzip-file.o zzip-info.o zzip-io.o zzip-stat.o zzip-zip.o strc.o blob.o mbox.o message.o snprintf.o strrcpy.o table.o text.o ole2_extract.o vba_extract.o msexpand.o pe.o cabd.o lzxd.o mszipd.o qtmd.o system.o upx.o htmlnorm.o chmunpack.o rebuildpe.o petite.o fsg.o line.o untar.o special.o ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 It looks to me like it's not finding the binary, "ar", though it's in the normal place. any ideas? Thank you, all! jay ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
On Mon, 2004-11-29 at 21:24, Chris Jones wrote: > /etc/clamav.conf shows the following for LocalSocket > | LocalSocket /tmp/clamd/clamd.sock > > Should these both be the same? You should only have one .conf file. Remove clamAV, download the official distribution from www.clamav.net and install from there. -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] uninstalling issues
David Green wanted us to know: >Subject: Cron <[EMAIL PROTECTED]> /usr/local/bin/freshclam --quiet Maybe it's setup in a user crontab: su - pop3 crontab -l -- Regards... Todd We should not be building surveillance technology into standards. Law enforcement was not supposed to be easy. Where it is easy, it's called a police state. -- Jeff Schiller on NANOG Linux kernel 2.6.8.1-12mdkenterprise 2 users, load average: 0.24, 0.22, 0.17 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
On Mon, 2004-11-29 at 21:26, Chris Jones wrote: > drwxr-xr-x 2 clamav clamav 1024 Nov 29 21:22 . > drwxrwxrwt 27 root root 18432 Nov 29 21:24 .. > -rwxrwxrwx 1 clamav clamav 0 Nov 29 21:22 clamd.sock > > I saw somewhere that the permissions on clamd.sock should be srwxrwxrwx. > How is that first bit set? remove the clamd.sock file and try again. .sock files are created by clamAV, you don't create them. -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
Chris Jones wrote: Brian Morrison wrote: On Mon, 29 Nov 2004 18:45:46 + in [EMAIL PROTECTED] Chris Jones <[EMAIL PROTECTED]> wrote: Whenever I re-boot, clamd starts, but clamav-milter refuses. The error I get is:- | clamav-milter failed. The error was: Starting Clamav Milter Daemon: /tmp/clamd/clamd.sock: Connection refused | Can't talk to clamd server via /tmp/clamd/clamd.sock | Check your entry for LocalSocket in /etc/clamav.conf | [FAILED] I am running Fedora Core 2 with clamav 0.80-1.1 And have you checked clamd.conf to see what the LocalSocket is configured to be? If it isn't set to /tmp/clamd/clamd.sock then clamav-milter is going to have a hard time talking to clamd that way. If it is, have you checked the permissions on /tmp/clamd? /etc/clamd.conf shows the following for LocalSocket | LocalSocket /var/run/clamav/clamd.sock /etc/clamav.conf shows the following for LocalSocket | LocalSocket /tmp/clamd/clamd.sock Should these both be the same? No. You shouldnt even have a clamav.conf anymore actually. Starting with clamav 0.80 clamav.conf has been replaced by clamd.conf. -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] uninstalling issues
On Mon, 2004-11-29 at 15:19 -0600, David Green wrote: > Subject: Cron <[EMAIL PROTECTED]> /usr/local/bin/freshclam --quiet > --daemon-notify -l /var/log/clam-update.log > shell-init: could not get current directory: getcwd: cannot access > parent directories: Permission denied > /bin/sh: line 1: /usr/local/bin/freshclam: No such file or directory > > But there is nothing in the crontab file related to this. Any ideas? /etc/cron.hourly/freshclam ? -- Daniel J McDonald, CCIE # 2495, CNX Austin Energy [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
Nigel Horne wrote: On Mon, 2004-11-29 at 18:45, Chris Jones wrote: Whenever I re-boot, clamd starts, but clamav-milter refuses. The error I get is:- | clamav-milter failed. The error was: Starting Clamav Milter Daemon: /tmp/clamd/clamd.sock: Connection refused | Can't talk to clamd server via /tmp/clamd/clamd.sock | Check your entry for LocalSocket in /etc/clamav.conf | [FAILED] What is the mode of the directory "/tmp/clamd"? Post the output of this command "ls -la /tmp/clamd" -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users . drwxr-xr-x 2 clamav clamav 1024 Nov 29 21:22 . drwxrwxrwt 27 root root 18432 Nov 29 21:24 .. -rwxrwxrwx 1 clamav clamav 0 Nov 29 21:22 clamd.sock I saw somewhere that the permissions on clamd.sock should be srwxrwxrwx. How is that first bit set? -- Chris Jones mailto:[EMAIL PROTECTED] SAS gives the power to know your data... ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
Brian Morrison wrote: On Mon, 29 Nov 2004 18:45:46 + in [EMAIL PROTECTED] Chris Jones <[EMAIL PROTECTED]> wrote: Whenever I re-boot, clamd starts, but clamav-milter refuses. The error I get is:- | clamav-milter failed. The error was: Starting Clamav Milter Daemon: /tmp/clamd/clamd.sock: Connection refused | Can't talk to clamd server via /tmp/clamd/clamd.sock | Check your entry for LocalSocket in /etc/clamav.conf | [FAILED] I am running Fedora Core 2 with clamav 0.80-1.1 And have you checked clamd.conf to see what the LocalSocket is configured to be? If it isn't set to /tmp/clamd/clamd.sock then clamav-milter is going to have a hard time talking to clamd that way. If it is, have you checked the permissions on /tmp/clamd? /etc/clamd.conf shows the following for LocalSocket | LocalSocket /var/run/clamav/clamd.sock /etc/clamav.conf shows the following for LocalSocket | LocalSocket /tmp/clamd/clamd.sock Should these both be the same? -- Chris Jones mailto:[EMAIL PROTECTED] SAS gives the power to know your data... ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] uninstalling issues
Hi all, I was uninstalling clamav so I could put a newer version on the server. I removed all of the files, but the freshclam updater is still running. I get this email every hour: Subject: Cron <[EMAIL PROTECTED]> /usr/local/bin/freshclam --quiet --daemon-notify -l /var/log/clam-update.log shell-init: could not get current directory: getcwd: cannot access parent directories: Permission denied /bin/sh: line 1: /usr/local/bin/freshclam: No such file or directory But there is nothing in the crontab file related to this. Any ideas? Thanks, David Green Systems Analyst Magna-Tel, Inc. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV should not try to detect phishing and other social engineering attacks
Give the --postmaster-only option to clamav-milter. -Nigel On Mon, 2004-11-29 at 18:50, Mark Penkower wrote: > How do I get clamav to not cc the intended user with the virus notification > message? > > Thanks > > > Mark Penkower > > > At 01:51 PM 11/15/2004, you wrote: > >Brian Morrison [EMAIL PROTECTED] wrote: > > > 2) It takes extra work for someone to make the decision, create the > > > separate databases etc. > > > >Diego d'Ambra [EMAIL PROTECTED] wrote: > > > Julian Mehnle wrote: > > > > The definition of what _I_ would like ClamAV to detect is: anything > > > > that poses a technical thread, no matter whether it also poses a > > > > social/fraud threat or not. That's a clear enough criterion, isn't > > > > it? > > > > > > Creating such a system has a dramatic impact on the work needed to > > > classify a suspicious sample. These samples often contains weird Jave, > > > HTML etc. that must be decoded and tested with different software > > > versions to ensure no exploit is being triggered and/or harmful content > > > installed. > > > >I can't see why discriminating technical attacks from social engineering > >attacks would be extra work. After all, when drafting a signature for a > >new attack, a name for the attack has to be chosen. If you know you're > >going to file it as "HTML.Phishing.Bank-12", you have already > >distinguished between a technical attack and a social engineering one. > > > >If your point is that classifying new attacks can be a difficult task, > >well, though luck, that's how it is. In order to find a good name for the > >attack, you have to do the classifying properly anyway. > > > >So where's the extra work? > > > >And don't tell me creating the database files from the signatures isn't > >already a largely automated process. ;-) > > > >___ > >http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > NOTICE TO RECIPIENT: This e-mail is meant only for the intended recipient(s) > of the transmission, and contains confidential information which is > proprietary to Royce & Associates, LLC. Any unauthorized use, copying, > distribution, or dissemination is strictly prohibited. All rights to this > information are reserved by Royce & Associates, LLC. If you are not the > intended recipient, please contact the sender by reply e-mail and please > delete this e-mail from your system and destroy any copies. > > __ > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
On Mon, 2004-11-29 at 18:45, Chris Jones wrote: > Whenever I re-boot, clamd starts, but clamav-milter refuses. The error I > get is:- > > | clamav-milter failed. The error was: Starting Clamav Milter Daemon: > /tmp/clamd/clamd.sock: Connection refused > | Can't talk to clamd server via /tmp/clamd/clamd.sock > | Check your entry for LocalSocket in /etc/clamav.conf > | [FAILED] What is the mode of the directory "/tmp/clamd"? Post the output of this command "ls -la /tmp/clamd" -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV should not try to detect phishing and other social engineering attacks
On Mon, 29 Nov 2004 13:50:40 -0500 in [EMAIL PROTECTED] Mark Penkower <[EMAIL PROTECTED]> wrote: > How do I get clamav to not cc the intended user with the virus > notification message? ClamAV doesn't do that, it is your MTA that does it. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
On Mon, 29 Nov 2004 18:45:46 + in [EMAIL PROTECTED] Chris Jones <[EMAIL PROTECTED]> wrote: > Whenever I re-boot, clamd starts, but clamav-milter refuses. The error > I get is:- > > | clamav-milter failed. The error was: Starting Clamav Milter Daemon: > /tmp/clamd/clamd.sock: Connection refused > | Can't talk to clamd server via /tmp/clamd/clamd.sock > | Check your entry for LocalSocket in /etc/clamav.conf > | [FAILED] > > I am running Fedora Core 2 with clamav 0.80-1.1 > And have you checked clamd.conf to see what the LocalSocket is configured to be? If it isn't set to /tmp/clamd/clamd.sock then clamav-milter is going to have a hard time talking to clamd that way. If it is, have you checked the permissions on /tmp/clamd? -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV should not try to detect phishing and other social engineering attacks
How do I get clamav to not cc the intended user with the virus notification message? Thanks Mark Penkower At 01:51 PM 11/15/2004, you wrote: Brian Morrison [EMAIL PROTECTED] wrote: > 2) It takes extra work for someone to make the decision, create the > separate databases etc. Diego d'Ambra [EMAIL PROTECTED] wrote: > Julian Mehnle wrote: > > The definition of what _I_ would like ClamAV to detect is: anything > > that poses a technical thread, no matter whether it also poses a > > social/fraud threat or not. That's a clear enough criterion, isn't > > it? > > Creating such a system has a dramatic impact on the work needed to > classify a suspicious sample. These samples often contains weird Jave, > HTML etc. that must be decoded and tested with different software > versions to ensure no exploit is being triggered and/or harmful content > installed. I can't see why discriminating technical attacks from social engineering attacks would be extra work. After all, when drafting a signature for a new attack, a name for the attack has to be chosen. If you know you're going to file it as "HTML.Phishing.Bank-12", you have already distinguished between a technical attack and a social engineering one. If your point is that classifying new attacks can be a difficult task, well, though luck, that's how it is. In order to find a good name for the attack, you have to do the classifying properly anyway. So where's the extra work? And don't tell me creating the database files from the signatures isn't already a largely automated process. ;-) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users NOTICE TO RECIPIENT: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to Royce & Associates, LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information are reserved by Royce & Associates, LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Clamav-milter does not start
Whenever I re-boot, clamd starts, but clamav-milter refuses. The error I get is:- | clamav-milter failed. The error was: Starting Clamav Milter Daemon: /tmp/clamd/clamd.sock: Connection refused | Can't talk to clamd server via /tmp/clamd/clamd.sock | Check your entry for LocalSocket in /etc/clamav.conf | [FAILED] I am running Fedora Core 2 with clamav 0.80-1.1 -- Chris Jones mailto:[EMAIL PROTECTED] SAS gives the power to know your data... ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Zip module failure
Nigel, Sure enough the newer CVS and the installation of zlib 1.2.2 solved the issue. Haven't seen a zip module error since then. - Chris --- Try the CVS version. If it still fails then contact me directly by e-mail and I'll try to help. -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Virus Tests from www.testvirus.org
On Thu, 2004-11-25 at 13:00, Gareth Blades wrote: > I am running Suse Openexchange -> Amavis (clamd) -> Postfix. > > Mine lets through 24, 25, 27. > Number 8 was blocked by file type but not detected by a virus. > For 24 & 25 as they are not a virus I need to look at the amavis > configuration I guess. > > But why is 27 getting through? I got the following announcement from Suse. After installing the upgrade test 27 is now blocked. Release: 20041109 Obsoletes: none Indications Everyone using amavis for virus scanning should update. Problem description Mail virus scanners like amavis use perl-Archive-Zip to scan ZIP archives. A bug in the handling of files with manipulated size entires has been fixed that could leave malicious code in such files undetected. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Virus Tests from www.testvirus.org
Upgrading to latest version of Mimedefang helped me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Meni Shapiro Sent: Thursday, November 25, 2004 6:36 AM To: ClamAV users ML Subject: Re: [Clamav-users] Virus Tests from www.testvirus.org Philip Ershler wrote: > I am running the .80 release. Tonight I ran the current set of tests > from www.testvirus.org. > Tests 4,5,7,8,17, and 19 got through. Any idea what's going on. The last I'm running v 0.80 and made the test which let through: 5,8,22,23,25 did i miss any thing? my server is: rh->sendmail->mimedefang->clamd Sincerely, Meni Shapiro > time I ran this suite of > tests on the .75 release, I seem to recall it did much better. > > Thanks for any thoughts, > > Phil > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamav-milter received header in notification message
Seems like it would be usefull for clamav-milter to craft a sendmail like header in the notification it sends (with --headers arg). amavis-milter does this. Currently only headers sendmail receives are sent to clamav-milter which inserts them into the notification message. Otherwise you tend to be missing the only believable header information. Usefull information would be sending helo name, sender hostname, sender ip address, queueid, rfc time. And, if by some chance we can tell if the virus was submitted by an authenticated user, that should be noteworthy as well. As an example, I would use this to semi-automaticaly blacklist hosts that send viruses by feeding the email into a script to extract the sender ip address. http://spamikaze.nl.linux.org/ I can probably send a patch if you would like. Joe ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-0.80
On Thu, 25 Nov 2004 at 15:56:41 -0500, paddy wrote: > I have installed clamav-0.80 according to the instructions contained in > the "FairlySecureAnitVirusWiki" on a brand new box with OpenBSD 3.6. > > Everything went well till I got the part where I Update the virus > database. Upon issuing the command from the howto i.e.; > > chroot -u amavisd /var/amavisd /usr/bin/freshclam --log-verbose > > the program complained it could not load, one by one the library files > contained in /var/amavisd/usr/lib. I then located each of these > librarys, copied them to /var/amavisd/user/lib and received no more > complaints for the time being.. > > The next segment of this saga was to run the chroot command again as > above and this time the program informed me that it "Can't change dir to > /var/clamav. > > Does anyone have an idea of how to fix/hack this so I can get on and use > the server I'm putting together? > Seems it's an OpenBSD issue. You may want to ask OpenBSD folks. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] db.sg.clamav.net
On Mon, 29 Nov 2004 11:28:00 +0800 "List" <[EMAIL PROTECTED]> wrote: > Hi, > > Does anyone know what happened to the Singapore mirror? I have the > following error. > > -- > ClamAV update process started at Mon Nov 29 07:00:00 2004 > main.cvd is up to date (version: 28, sigs: 26630, f-level: 3, builder: > > tomek) > ERROR: Can't connect to port 80 of host db.sg.clamav.net > (203.81.40.167) ERROR: No servers could be reached. Giving up > ERROR: Connection with 203.81.40.167 failed. > -- There's a bug (already fixed in CVS) in freshclam 0.80 that prevents from switching to reserve mirrors in some cases. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Nov 29 09:56:22 CET 2004 pgp7ESwEZQeoH.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Scan incomming only
On Sun, 2004-11-28 at 18:46 -0500, Ralph Robinson wrote: > I know this is not quite the correct place to ask this question but here > goes. > I am on a VPS and want to scan incoming only as the outgoing goes out > through a different server. > I got clamav-0.80 and amavis-0.3.13pre2 installed. Instead of amavis use clamav-milter and then don't give the -l and -o options. Then only incoming messages will be scanned. -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
