[Clamav-users] display return codes only
Hi! Maybe I looked over something, but is there any way to display clamscan's return codes only after a one file scan? I mean the number of the error (0, 1, 40, 50, 52, etc. according to man clamscan). Thanks in advance. Balazs Hegedus ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] off topic: virus of the day
- Original Message - From: Troy Ayers [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Monday, March 07, 2005 11:38 PM Subject: [Clamav-users] off topic: virus of the day Anybody aware of a new mass mailing worm, possibly released in the last 24 hours? This one seems to infect winXP machines, and it relays messages their local email server, so we're catching them quick because many(most?) of them seem to be double-bouncing. One customer in particular has symantec signatures dated today, but it (norton's AV) doesnt' detect the virus on his machine. Very likely the virus has diabled his antivirus, I think. --Troy ___ http://lurker.clamav.net/list/clamav-users.html the new viruse file can be found on this link http://home.earthlink.net/~gallery10/omg.pif Regards -- This message has been scanned for viruses and dangerous content by MEC E-Mail Scanner, and is believed to be clean. -- www.mec.com.jo ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav update
Hai I just updated clamav 0.81 to 0.83 (fedora 1) i updated with yum after updating i run the freshclam but it is still saying WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Local version: 0.81 Recommended version: 0.83 how can I solve this prblm pls help thnks john ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] off topic: virus of the day
On Tue, 8 Mar 2005 10:10:36 +0200 Rushan Sobar [EMAIL PROTECTED] wrote: the new viruse file can be found on this link http://home.earthlink.net/~gallery10/omg.pif This is not a VX list. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 8 09:45:24 CET 2005 pgpFGIcIrFowv.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav update
it is updated to 0.83 it saying in rpm -q clamav is 0.83 i don't want to uninstall the exsiting one it is intergrated with my mail server so i want to update it to 0.83 i updated it i want to configure the updated version 0.81 to 0.83 On Tue, 8 Mar 2005 08:39:30 +, Rob MacGregor [EMAIL PROTECTED] wrote: On Tue, 8 Mar 2005 11:25:48 +0300, Jijos [EMAIL PROTECTED] wrote: Hai I just updated clamav 0.81 to 0.83 (fedora 1) i updated with yum after updating i run the freshclam but it is still saying WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Local version: 0.81 Recommended version: 0.83 how can I solve this prblm As you'd have known if you'd put any effort into looking at the list archive, that means you've got an old version still installed. Remove the old version (try such things as which freshclam to identify the prefix clamav was installed with) and reinstall the new one. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html -- Jijo's ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav update
On Tue, 2005-03-08 at 11:50 +0300, Jijos wrote: it is updated to 0.83 it saying in rpm -q clamav is 0.83 i don't want to uninstall the exsiting one it is intergrated with my mail server so i want to update it to 0.83 i updated it i want to configure the updated version 0.81 to 0.83 You have some old libraries from 0.81 on your system still. Find and delete them. -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav update
On Tue, 8 Mar 2005 11:50:01 +0300, Jijos [EMAIL PROTECTED] wrote: it is updated to 0.83 it saying in rpm -q clamav is 0.83 i don't want to uninstall the exsiting one it is intergrated with my mail server so i want to update it to 0.83 i updated it i want to configure the updated version 0.81 to 0.83 That's all very nice to say, but while you may have updated the RPM, you've still got binaries (maybe from a source install) on the system. So, as I said before, remove the old binaries (and libraries) from your system then reinstall. I'd also suggest reading the list archive where you'll get more information. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd on Solaris ceases functioning after a while
On Tue, 2005-03-08 at 08:48 +0100, Thomas Lamy wrote: David Blank-Edelman schrieb: Today I managed to catch clamd in a hung state and so I poked and prodded at it with gdb. Btw, by hung I mean that attempts to contact clamd on the local socket failed with connection refused from clamdmon. I'm not quite sure how to interpret this information. Does this mean the main thread was parked waiting for the second to complete what it was doing? Something else entirely going on? Thanks again for any help you can offer. This definitely looks like a mail scan with 17 attachments (or level of attachments?), and a threadmanager after a database update, waiting for the mail scan to finish. Tomasz? Trog? That looks about correct. This should all be fixed in CVS. Please try the CVS version, or the nightly tarball from today. -trog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd on Solaris ceases functioning after a while
On Tue, 08 Mar 2005 08:48:41 +0100 Thomas Lamy [EMAIL PROTECTED] wrote: This definitely looks like a mail scan with 17 attachments (or level of attachments?), and a threadmanager after a database update, waiting for the mail scan to finish. Tomasz? Trog? Does the current CVS version fix the problem? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 8 10:02:22 CET 2005 pgpPkBQJdL4zW.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav update
On Tue, 8 Mar 2005 11:25:48 +0300, Jijos [EMAIL PROTECTED] wrote: Hai I just updated clamav 0.81 to 0.83 (fedora 1) i updated with yum after updating i run the freshclam but it is still saying WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Local version: 0.81 Recommended version: 0.83 how can I solve this prblm As you'd have known if you'd put any effort into looking at the list archive, that means you've got an old version still installed. Remove the old version (try such things as which freshclam to identify the prefix clamav was installed with) and reinstall the new one. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav update
how to find the old libaries?? of 0.81 On Tue, 08 Mar 2005 08:53:23 +, Trog [EMAIL PROTECTED] wrote: On Tue, 2005-03-08 at 11:50 +0300, Jijos wrote: it is updated to 0.83 it saying in rpm -q clamav is 0.83 i don't want to uninstall the exsiting one it is intergrated with my mail server so i want to update it to 0.83 i updated it i want to configure the updated version 0.81 to 0.83 You have some old libraries from 0.81 on your system still. Find and delete them. -trog ___ http://lurker.clamav.net/list/clamav-users.html -- Jijo's ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav update
On Tue, 2005-03-08 at 12:15 +0300, Jijos wrote: how to find the old libaries?? of 0.81 Go and look in your lib directories. run ldd on your freshclam binary. -tog signature.asc Description: This is a digitally signed message part ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] ClamAV 0.83 - Stream scanning timeout
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Blayzor Sent: maandag 7 maart 2005 15:39 To: ClamAV users ML Subject: Re: [Clamav-users] ClamAV 0.83 - Stream scanning timeout I'll give it a whirl, and yes, I seem to have it trapping error conditions. (unless something changed, this always worked) eval { local $SIG{ALRM} = sub { die Stream timeout; }; alarm $sc{TIME_OUT}; while($csock) { if (/(\S+)\ FOUND$/) { $vs = $1 unless ($vs); $vf++; } $err = $1 if ($r =~ /^ERROR\:(.*)/); } alarm 0; }; $err = $@ if($@); Perl signals are not always as local as they may seem. :) You really might want to reset the alarm after the eval {} loop as well (in case you break out uncleanly from it). Consider the following: --- #!/usr/local/bin/perl sub clam_test { eval { local $SIG{ALRM} = sub { die Timeout\n }; alarm 2; }; } clam_test (); print Back!\n; sleep 4; print Made it past the signal!\n; exit 0; --- You'll never get past the signal here (Perl 5.8.6). Nor here: --- #!/usr/local/bin/perl sub clam_test { eval { local $SIG{ALRM} = sub { die Timeout\n }; alarm 2; die Oops!\n; }; } clam_test (); print Back!\n; sleep 4; print Made it past the signal!\n; exit 0; --- - Mark ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] interception logs
On Tue, 8 Mar 2005, Thomas Lamy wrote: Damian Menscher schrieb: I'm seeing logs like: Intercepted virus from [EMAIL PROTECTED] to [EMAIL PROTECTED] [EMAIL PROTECTED] Seems strange to me that the invalid users would have made it past sendmail's RCPT TO and into the AV engine. I'm guessing it's a bug. Sometimes the invalid user is first, sometimes not. What's your setup (MTA, Filter)? Sendmail calling clamav-milter (in --internal mode, not --external). Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] ClamAV 0.83 - Stream scanning timeout
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Lyons Sent: dinsdag 8 maart 2005 0:23 To: 'ClamAV users ML' Subject: Re: [Clamav-users] ClamAV 0.83 - Stream scanning timeout Mark wanted us to know: Yesterday, I subjected ClamAV to a very rigorous, final stress test. I let it scan roughly 20,000 news spool files, and opened an individual connection for each file (not very efficient, of course, but good to get massive concurrency; especially since I ran 5 simultaneous instances of the test-script). Needless to say, ClamAV was quite busy. :) But passed the test What did you use to do this test? Homegrown scripts? Yes. Nothing fancy, though; just a 'quick-and-dirty' Perl job. Did you have a local news spool? Yes. Testing this over NFS, or something, would serve no purpose. Can you offer up some info and possibly code? I'd love such a beast for testing on our systems here. Well, I attached the test script. Like I said, I ran 5 concurrent instances of this script, just to see how ClamAV would handle threads (or whether it would buckle, even). This test was typical for my machine, where there may be a sudden spike in connections (from the news queue-runner, for instance, or SMTP). - Mark clamavtest.pl Description: Binary data ___ http://lurker.clamav.net/list/clamav-users.html
Re: [inbox] Re: [Clamav-users] off topic: virus of the day
Rushan Sobar wrote: - Original Message - From: Troy Ayers [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Monday, March 07, 2005 11:38 PM Subject: [Clamav-users] off topic: virus of the day Anybody aware of a new mass mailing worm, possibly released in the last 24 hours? This one seems to infect winXP machines, and it relays messages their local email server, so we're catching them quick because many(most?) of them seem to be double-bouncing. One customer in particular has symantec signatures dated today, but it (norton's AV) doesnt' detect the virus on his machine. Very likely the virus has diabled his antivirus, I think. --Troy ___ http://lurker.clamav.net/list/clamav-users.html the new viruse file can be found on this link http://home.earthlink.net/~gallery10/omg.pif Regards Hi The above link failed Regards ___ http://lurker.clamav.net/list/clamav-users.html