[Clamav-users] zlib false configure iussue on FreeBSD 5.3
As we have discussed in another thread, clamav "configure" makes false assumption about a security bug in the zlib (1.2.1) installed in FreeBSD 5.3. This is the error: configure: error: Installed zlib version contains a security bug. Please install version 1.2.2 or later. ** Error ! configure failed But as we saw last time with Thomas it is not true, as stated in the zlib home page and in the bug description page: http://www.kb.cert.org/vuls/id/238678 and http://www.kb.cert.org/vuls/id/JGEI-64EQPH The configure now check only if the version is "1.2.1" but not checks against a a list of "vendors" that has fixed the iussue without bumping the revision. I think it is a configure iussue, so it should be fixed by clamav devels in configure itself, because it is not acceptable to think to edit manually the zlib.h to 1.2.2 in every FreeBSD 5.3 systems. If none of developers would care about make such patch we (generally speaking for FreeBSD people) can provide a configure patch if then it will be committed :-) Thanks for attention. P.s. Is there in the clamav team someone that develops on FreeBSD as main platform, so we can address to him the iussues ? :-) Thanks again. Best Regards, Gianmarco Giovannelli , "Unix expert since yesterday" http://utenti.gufi.org/~gmarco/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Virus Tests from www.testvirus.org
At 16.22 29/11/2004, you wrote: >On Thu, 2004-11-25 at 13:00, Gareth Blades wrote: >> I am running Suse Openexchange -> Amavis (clamd) -> Postfix. >> >> Mine lets through 24, 25, 27. In my configuration: FreeBSD, sendmail-milter, noattach, clamav-milter 0.80j I got no virus at all... Clamav got and detected as virus : 7,11,14,16 and from 19 to 27. 24 and 25 passed but it seems correct. The others one where stomped by noattach (configured on some common virus attach type). And now a wish: Is possible to implement in clamav-milter or clamd itself the possibility to define a list of suffix I'd like to consider as: UNAUTHORIZED ATTACH TYPE Thanks. Best Regards, Gianmarco Giovannelli , "Unix expert since yesterday" http://utenti.gufi.org/~gmarco/ ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
V tor, 30.11.2004 ob 16:32 je Trog napisal(a): > On Tue, 2004-11-30 at 15:24, Sasa Stupar wrote: > > V tor, 30.11.2004 ob 16:20 je Trog napisal(a): > > > On Tue, 2004-11-30 at 15:13, Sasa Stupar wrote: > > > > > > > -- > > > > From the log I can see that Clamd has a self check every 1800 sec and > > > > when it find updated database it reloads it but actually it doesn't. > > > > > > What do you base that on? That clamav-milter is reporting the old > > > version? Perhaps it's clamav-milter that is reporting wrongly, and the > > > database has been reloaded. > > > > > > -trog > > > > When I restart Clamd and clamav-milter then it shows the correct > > version. > > Perhaps because that forces clamav-milter to re-establish a connection, > as which time it updates it's version information. > > -trog > You are wright trog. Clamd was reloading correctly but clamav-milter not. Is this a bug or do I need to setup something so clamav-milter is restarted after database update? Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?= ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] osf-static build
Bugs wrote: How come the DEC osf-static build has not been updated since Oct 1??? Because my OSF machines are now dead :( It should (until Oct 1st anyway) compile cleanly on OSF 5.1 with gcc. Regards, Fajar ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam Question
On Tue, 30 Nov 2004 08:25:43 -0800 in [EMAIL PROTECTED] Jeff Grossman <[EMAIL PROTECTED]> wrote: > I am running clamd and freshclam as a daemon. When freshclam updates > the virus database, does it restart clamd so it see the new database, > or do I have to manually do that? Clamd is notified by freshclam of the update to the database, it reloads it when it is next asked to scan something. I have a fairly lightly loaded mail server here, it is not unusual to see several minutes or even longer elapse between the freshclam database updated message and the clamd database reloaded message. It was either Trog or Tomasz who pointed this out when I asked a few months ago, I had wondered what was happening too until it was explained to me. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav-milter does not start
Nigel Horne wrote: On Mon, 2004-11-29 at 18:45, Chris Jones wrote: Whenever I re-boot, clamd starts, but clamav-milter refuses. The error I get is:- | clamav-milter failed. The error was: Starting Clamav Milter Daemon: /tmp/clamd/clamd.sock: Connection refused | Can't talk to clamd server via /tmp/clamd/clamd.sock | Check your entry for LocalSocket in /etc/clamav.conf | [FAILED] What is the mode of the directory "/tmp/clamd"? Post the output of this command "ls -la /tmp/clamd" -Nigel Found the answer - /var/tmp was symlinked to /home/tmp which happened to be owned by user other than root. When changed to clamav, both clamd and clamav-milter start without any trouble. -- Chris Jones mailto:[EMAIL PROTECTED] SAS gives the power to know your data... ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Can clamdscan/clamscan *not* follow mount points?
Hi there We're running clamscan on a server that mounts other servers (via NFS and smbfs). All of them are responsible for running their own virus scanners - but it appears clamscan (clamdscan) cannot be told to *not* follow mount points. The mount points are all over the place (not my server :-) - so it's not a simple issue of ignoring "/net" or anything. Can this be done without resorting to some "find" pre-processor? (i.e. use find -nofollow to get a list of local dirs to scan). Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam Question
On Tue, 30 Nov 2004 at 8:25:43 -0800, Jeff Grossman wrote: > I am running clamd and freshclam as a daemon. When freshclam updates > the virus database, does it restart clamd so it see the new database, No and yes. > or do I have to manually do that? No. man freshclam ; man freshclam.conf -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam Question
On Tuesday 30 November 2004 10:25 am, Jeff Grossman wrote: > I am running clamd and freshclam as a daemon. When freshclam updates > the virus database, does it restart clamd so it see the new database, or > do I have to manually do that? freshclam.conf: # Send the RELOAD command to clamd. # Default: disabled NotifyClamd # By default it uses the hardcoded configuration file but you can force an # another one. #NotifyClamd /config/file/path It also check periodically for new versions. Jeff pgplN9WdXUW16.pgp Description: PGP signature ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Freshclam Question
I am running clamd and freshclam as a daemon. When freshclam updates the virus database, does it restart clamd so it see the new database, or do I have to manually do that? Thanks, Jeff ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
V tor, 30.11.2004 ob 18:00 je Daniel J McDonald napisal(a): > On Tue, 2004-11-30 at 09:13 -0600, Sasa Stupar wrote: > # Send the RELOAD command to clamd. > # Default: disabled > NotifyClamd > # By default it uses the hardcoded configuration file but you can force > an > # another one. > #NotifyClamd /config/file/path > > Try setting your config file path manually, e.g: > > NotifyClamd /etc/clamd.conf I'll try that option. Will see on the next update. Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?= ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
On Tue, 2004-11-30 at 09:13 -0600, Sasa Stupar wrote: # Send the RELOAD command to clamd. # Default: disabled NotifyClamd # By default it uses the hardcoded configuration file but you can force an # another one. #NotifyClamd /config/file/path Try setting your config file path manually, e.g: NotifyClamd /etc/clamd.conf -- Daniel J McDonald, CCIE # 2495, CNX Austin Energy [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] osf-static build
How come the DEC osf-static build has not been updated since Oct 1??? Bugs Bugs Brouillard Unix system administrator Humboldt State Univ.Information Technology Services Arcata, Calif. email [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
On Tue, 2004-11-30 at 15:24, Sasa Stupar wrote: > V tor, 30.11.2004 ob 16:20 je Trog napisal(a): > > On Tue, 2004-11-30 at 15:13, Sasa Stupar wrote: > > > > > -- > > > From the log I can see that Clamd has a self check every 1800 sec and > > > when it find updated database it reloads it but actually it doesn't. > > > > What do you base that on? That clamav-milter is reporting the old > > version? Perhaps it's clamav-milter that is reporting wrongly, and the > > database has been reloaded. > > > > -trog > > When I restart Clamd and clamav-milter then it shows the correct > version. Perhaps because that forces clamav-milter to re-establish a connection, as which time it updates it's version information. -trog signature.asc Description: This is a digitally signed message part ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
V tor, 30.11.2004 ob 16:20 je Trog napisal(a): > On Tue, 2004-11-30 at 15:13, Sasa Stupar wrote: > > > -- > > From the log I can see that Clamd has a self check every 1800 sec and > > when it find updated database it reloads it but actually it doesn't. > > What do you base that on? That clamav-milter is reporting the old > version? Perhaps it's clamav-milter that is reporting wrongly, and the > database has been reloaded. > > -trog When I restart Clamd and clamav-milter then it shows the correct version. Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?= ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
On Tue, 2004-11-30 at 15:13, Sasa Stupar wrote: > -- > From the log I can see that Clamd has a self check every 1800 sec and > when it find updated database it reloads it but actually it doesn't. What do you base that on? That clamav-milter is reporting the old version? Perhaps it's clamav-milter that is reporting wrongly, and the database has been reloaded. -trog signature.asc Description: This is a digitally signed message part ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
On Tuesday 30 Nov 2004 15:12, Brian Morrison wrote: > On Tue, 30 Nov 2004 14:55:25 + in > [EMAIL PROTECTED] Nigel Horne <[EMAIL PROTECTED]> > wrote: > > > This has been fixed in CVS. > > Any ideas on roughly when 0.81 will appear Nigel? Soon, I hope, but there is no official date yet or even a rough date. -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
V tor, 30.11.2004 ob 15:53 je Brian Morrison napisal(a): > On Tue, 30 Nov 2004 15:29:20 +0100 in > [EMAIL PROTECTED] Sasa Stupar > <[EMAIL PROTECTED]> wrote: > > > What am I doing wrong here? > > The most likely thing is that freshclam.conf does not have the correct > NotifyClamd entry in it. > > Can you post your .conf files (or parts of them) so we can see what > you've done please. Here it is: # cat /usr/local/etc/freshclam.conf ## ## Example config file for freshclam ## Please read the freshclam.conf(5) manual before editing this file. ## This file may be optionally merged with clamd.conf. ## # Comment or remove the line below. #Example # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) # Default: disabled UpdateLogFile /var/log/clamav/freshclam.log # Enable verbose logging. # Default: disabled #LogVerbose # Use system logger (can work together with UpdateLogFile). # Default: disabled LogSyslog # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # This option allows you to save the process identifier of the daemon # Default: disabled #PidFile /var/run/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. # Default: clamav (may depend on installation options) DatabaseOwner clamav # Use DNS to verify virus database version. Freshclam uses DNS TXT records # to verify database and software versions. We highly recommend enabling # this option. # Default: disabled DNSDatabaseInfo current.cvd.clamav.net # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. # Default: There is no default, which results in an error when running freshclam #DatabaseMirror db.XY.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror database.clamav.net # How many attempts to make before giving up. # Default: 3 (per mirror) MaxAttempts 5 # Number of database checks per day. # Default: 12 (every two hours) Checks 24 # Proxy settings # Default: disabled #HTTPProxyServer myproxy.com #HTTPProxyPort 1234 #HTTPProxyUsername myusername #HTTPProxyPassword mypass # Send the RELOAD command to clamd. # Default: disabled NotifyClamd # By default it uses the hardcoded configuration file but you can force an # another one. #NotifyClamd /config/file/path # Run command after successful database update. # Default: disabled #OnUpdateExecute command # Run command when database update process fails. # Default: disabled #OnErrorExecute command -- From the log I can see that Clamd has a self check every 1800 sec and when it find updated database it reloads it but actually it doesn't. So know I do manual restart of Clamd by cron every day. Regards, Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?= ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
On Tue, 30 Nov 2004 14:55:25 + in [EMAIL PROTECTED] Nigel Horne <[EMAIL PROTECTED]> wrote: > This has been fixed in CVS. Any ideas on roughly when 0.81 will appear Nigel? -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
On Tuesday 30 Nov 2004 14:29, Sasa Stupar wrote: > Hi! > I have Clamav 0.80 on FC3 installed and clamav-milter for sendmail. I > have also scheduled clamav update via cron and setup freshclam.conf file > to reload Clamd after update. However when database update is done Clamd > is not reloaded. I have noticed that in mail messages where it says > "X-Virus-Scanned: ClamAV 0.80/xxx ..." and xxx is not the number > suppose to be. I have checked and freshclam works via cron normally and > updates are done also. > > What am I doing wrong here? This has been fixed in CVS. > > Regards, > Sasa > -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] NotifyClamd command doesn't work
On Tue, 30 Nov 2004 15:29:20 +0100 in [EMAIL PROTECTED] Sasa Stupar <[EMAIL PROTECTED]> wrote: > What am I doing wrong here? The most likely thing is that freshclam.conf does not have the correct NotifyClamd entry in it. Can you post your .conf files (or parts of them) so we can see what you've done please. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] NotifyClamd command doesn't work
Hi! I have Clamav 0.80 on FC3 installed and clamav-milter for sendmail. I have also scheduled clamav update via cron and setup freshclam.conf file to reload Clamd after update. However when database update is done Clamd is not reloaded. I have noticed that in mail messages where it says "X-Virus-Scanned: ClamAV 0.80/xxx ..." and xxx is not the number suppose to be. I have checked and freshclam works via cron normally and updates are done also. What am I doing wrong here? Regards, Sasa signature.asc Description: To je digitalno podpisani del =?iso-8859-2?Q?sporo=E8ila?= ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam + My Problem
Hello xterm1, > Is there any way to tell freshclam what ip to use > to get it's updates. We have a problem with our main ip > being locked out due to an attack. Now there is no way to do that, afaik. As a temp. fix, add a static route for some mirrors and specify them in freshclam.conf using the hostnames available at http://www.clamav.net/mirrors.html Good luck with the DoS ... Best regards -- Luca Gibelli ([EMAIL PROTECTED]) - http://www.ClamAV.net - A GPL virus scanner PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 PGP Key Available on: Key Servers || http://www.clamav.net/gpg/nervoso.gpg ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamdscan processes running away
On Tue, 2004-11-30 at 13:35, Scott Ryan wrote: > On Tuesday 30 November 2004 14:14, Trog wrote: > > On Tue, 2004-11-30 at 12:04, Scott Ryan wrote: > > > I am using clamdscan (clamav 0.80 - RHEL3) on 5 very intensively used > > > mail servers and generally, I have no issues and it works wonderfully. > > > But however, every now and again, to which there is no random pattern, > > > and across all 5 servers, clamdscan processes go through the roof. All > > > logging stops. Here is current status of one of the machines as it has > > > happened: > > > > What version of zlib are you using? > > [EMAIL PROTECTED] root]# rpm -qa|grep zlib > zlib-1.1.4-8.1 Should be ok, but you never know what patching RH has done to it. There's basically two things you can do: 1. Attach gdb to clamd to see if it is crashing, and then do a backtrace. 2. When this happens, have a look in /proc//fd and see what files clamd is currently processing, these should be short lived (if you actually see any that are not pipes, sockets, or clamd's own files), but if not, you can recover the files by simply copying the relevant entries from here to somewhere else. For example: # ps auxw | grep clamd alias 4093 2.0 1.7 44936 15712 ? S13:47 0:04 [clamd] # ls -l /proc/4093/fd total 0 lr-x--1 root root 64 Nov 30 13:51 0 -> /dev/null l-wx--1 root root 64 Nov 30 13:51 1 -> pipe:[5167] l-wx--1 root root 64 Nov 30 13:51 2 -> pipe:[5167] l-wx--1 root root 64 Nov 30 13:51 3 -> /var/log/clamd.log lrwx--1 root root 64 Nov 30 13:51 4 -> socket:[181294352] lrwx--1 root root 64 Nov 30 13:51 5 -> socket:[187606583] lr-x--1 root root 64 Nov 30 13:51 6 -> pipe:[181294361] l-wx--1 root root 64 Nov 30 13:51 7 -> pipe:[181294361] lr-x--1 root root 64 Nov 30 13:51 8 -> /tmp/scan-8937/message.txt ...then I can: # cp /proc/4093/fd/8 /tmp/file.msg to get a copy of the file, even if it's been deleted. NOTE: don't muck about with the pipes or sockets! Hopefully, the issue is then repeatable by scanning the files you have copied. -trog signature.asc Description: This is a digitally signed message part ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamdscan processes running away
On Tuesday 30 November 2004 14:14, Trog wrote: > On Tue, 2004-11-30 at 12:04, Scott Ryan wrote: > > I am using clamdscan (clamav 0.80 - RHEL3) on 5 very intensively used > > mail servers and generally, I have no issues and it works wonderfully. > > But however, every now and again, to which there is no random pattern, > > and across all 5 servers, clamdscan processes go through the roof. All > > logging stops. Here is current status of one of the machines as it has > > happened: > > What version of zlib are you using? [EMAIL PROTECTED] root]# rpm -qa|grep zlib zlib-1.1.4-8.1 > > -trog -- Scott Ryan Telkom Internet ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam + My Problem
On Tue, 30 Nov 2004 at 8:00:00 -0500, xterm1 wrote: > > What we have is several ip's on one Interface 00.00.00.173<-->178 > > Freshclam is trying to use 00.00.00.173 but that IP will not allow > incoming > traffic at the moment due to a provider block on that ip from a SYN attack. > > So when Freshclam runs the traffic goes out but it cannot come back in! > on > that same IP. As I say it is our problem that the original configuration > "which works great" won't work for now. Now I understand. You may set up and use a proxy server (HTTPProxyServer) so that it downloads databases on behalf of that blocked IP address. Or do some redirecting of packets by means of the firewall or the firewall code in the host itself. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Freshclam + My Problem
What we have is several ip's on one Interface 00.00.00.173<-->178 Freshclam is trying to use 00.00.00.173 but that IP will not allow incoming traffic at the moment due to a provider block on that ip from a SYN attack. So when Freshclam runs the traffic goes out but it cannot come back in! on that same IP. As I say it is our problem that the original configuration "which works great" won't work for now. Hope that helps! ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Freshclam + My Problem
On Tue, 30 Nov 2004 at 7:26:49 -0500, xterm1 wrote: > > Is there any way to tell freshclam what ip to use > to get it's updates. Doesn't DatabaseMirror entry in freshclam.conf work for you? > We have a problem with our main ip > being locked out due to an attack. ?? > RH 7.3 > clamav: 0.80-1 -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Freshclam + My Problem
Sorry about the previous blank post. List, Is there any way to tell freshclam what ip to use to get it's updates. We have a problem with our main ip being locked out due to an attack. Thanks RH 7.3 clamav: 0.80-1 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamdscan processes running away
On Tue, 2004-11-30 at 12:04, Scott Ryan wrote: > I am using clamdscan (clamav 0.80 - RHEL3) on 5 very intensively used mail > servers and generally, I have no issues and it works wonderfully. But > however, every now and again, to which there is no random pattern, and across > all 5 servers, clamdscan processes go through the roof. All logging stops. > Here is current status of one of the machines as it has happened: > What version of zlib are you using? -trog signature.asc Description: This is a digitally signed message part ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Freshclam Problem
smime.p7m Description: S/MIME encrypted message ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamdscan processes running away
I am using clamdscan (clamav 0.80 - RHEL3) on 5 very intensively used mail servers and generally, I have no issues and it works wonderfully. But however, every now and again, to which there is no random pattern, and across all 5 servers, clamdscan processes go through the roof. All logging stops. Here is current status of one of the machines as it has happened: [EMAIL PROTECTED] clamd]# ps -ef | grep clam| more root 3906 3902 0 Nov01 ? 00:00:00 supervise clamd root 14674 3906 9 Nov18 ? 1-02:54:35 /usr/sbin/clamd ## then I have lots of qmaild 14794 1 0 Nov29 ? 00:00:00 /usr/bin/clamdscan -r --disable-summary --max-recursion=10 --max-space=10 /var/spool/qmailscan/tmp/ophelia.telkomsa.net110173309447914648 114 of them to be precise. If i look at the timestamps of the logs: [EMAIL PROTECTED] clamd]# pwd /var/log/clamd [EMAIL PROTECTED] clamd]# ls -al total 29180 -rwxr--r-- 1 clamav clamav 571978 Nov 29 17:00 current [EMAIL PROTECTED] clamd]# date Tue Nov 30 07:41:35 SAST 2004 You can see that there has been nothing in the logs since 5pm yesterday, I would like to be able to supply more information, but I dont seem to have any. Is it worth enabling debug mode (bearing in mind that we are scanning HUGE volumes of mail) ? Also if I run clamdscan manually on the command line, it hangs; but clamscan works fine. [EMAIL PROTECTED] clamd]# clamdscan\ [EMAIL PROTECTED] clamd]# clamscan /var/log/clamd/freshclam.log: OK /var/log/clamd/lock: Empty file. /var/log/clamd/state: Empty file. /var/log/clamd/current: OK /var/log/clamd/clamav.log: OK --- SCAN SUMMARY --- Known viruses: 27913 Scanned directories: 1 Scanned files: 32 Infected files: 0 Data scanned: 74.89 MB I/O buffer size: 131072 bytes Time: 26.343 sec (0 m 26 s) It would appear that somthing happens to clamd and I would appreciate any pointers or advise for further information if required. Many Thanks -- Scott Ryan Telkom Internet ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter received header in notification message
Joe Maimon wrote:
I can probably send a patch if you would like.
Here is a rough version that I am testing that seems to work for me.
Joe
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
--- clamav-devel/clamav-milter/clamav-milter.c 2004-11-20 18:02:23.0
-0500
+++ clamav-devel.smrecv/clamav-milter/clamav-milter.c 2004-11-29
22:41:58.0 -0500
@@ -2272,8 +2272,44 @@
privdata->from = strdup(argv[0]);
- if(hflag)
+ if(hflag) {
+ /* craft a sendmail like header for notifications */
+ char *macro_b, *macro_s, *macro_j, *macro__;
+ char *p;
+ int plen = 0;
+ char *fmt = "from %s (%s) by %s\n";
+
+
privdata->headers = header_list_new();
+ macro_s = smfi_getsymval(ctx, "s");
+ macro_j = smfi_getsymval(ctx, "j");
+ macro__ = smfi_getsymval(ctx, "_");
+
+ plen += (macro_s) ? strlen(macro_s) : sizeof("unknown");
+ plen += (macro_j) ? strlen(macro_j) : sizeof("localhost");
+ plen += (macro__) ? strlen(macro__) : 0;
+ plen += strlen(fmt);
+
+ p = cli_malloc(plen);
+ if(p) {
+ sprintf(p, fmt,
+ (macro_s) ? macro_s : "unknown",
+ (macro__) ? macro__ : "",
+ (macro_j) ? macro_j : "localhost"
+ );
+#ifdef CL_DEBUG
+ if(debug_level > 5) {
+ char *msg_p = "clamfi_header: created Recieved
header alloclen=%d, len=%d,\"%s\"\n";
+ if(use_syslog)
+ syslog(LOG_NOTICE, _(msg_p), plen,
strlen(p), p);
+ cli_dbgmsg(_(msg_p),plen, strlen(p), p);
+ }
+#endif
+
+ header_list_add(privdata->headers, "Received", p);
+ free(p);
+ }
+ }
if(smfi_setpriv(ctx, privdata) == MI_SUCCESS)
return SMFIS_CONTINUE;
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Compile woes.
jay wrote: Sun Solaris 9 X86 on a random old PC, AMD chip, 1 gig ram. /usr/ccs/bin/ld -G -z defs -h libclamav.so.1 -o .libs/libclamav.so.1.0.4 matcher-ac.lo matcher-bm.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo unrarlib.lo zzip-dir.lo zzip-err.lo zzip-file.lo zzip-info.lo zzip-io.lo zzip-stat.lo zzip-zip.lo strc.lo blob.lo mbox.lo message.lo snprintf.lo strrcpy.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo special.lo -lz -lbz2 -lpthread -lsocket -lnsl -lc (cd .libs && rm -f libclamav.so.1 && ln -s libclamav.so.1.0.4 libclamav.so.1) (cd .libs && rm -f libclamav.so && ln -s libclamav.so.1.0.4 libclamav.so) ar cru .libs/libclamav.a matcher-ac.o matcher-bm.o matcher.o md5.o others.o readdb.o cvd.o dsig.o str.o scanners.o filetypes.o unrarlib.o zzip-dir.o zzip-err.o zzip-file.o zzip-info.o zzip-io.o zzip-stat.o zzip-zip.o strc.o blob.o mbox.o message.o snprintf.o strrcpy.o table.o text.o ole2_extract.o vba_extract.o msexpand.o pe.o cabd.o lzxd.o mszipd.o qtmd.o system.o upx.o htmlnorm.o chmunpack.o rebuildpe.o petite.o fsg.o line.o untar.o special.o ../libtool: ar: command not found make[1]: *** [libclamav.la] Error 127 make[1]: Leaving directory `/export/home/clamav-0.80/libclamav' make: *** [all-recursive] Error 1 Do you have "/usr/ccs/bin" in your PATH environment variable? jay -Nigel ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
