RE: [Clamav-users] Re: sol8 compile problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dennis Peterson Sent: Sonntag, 22. Mai 2005 06:58 To: ClamAV users ML Subject: RE: [Clamav-users] Re: sol8 compile problem Cocoon said: Hi Dennis,... Great it works fine! Greez Which steps did you complete? Biz2 was installed, so I use: Step1 ./configure --disable-bzip2 --prefix=/var/amavis/clamd Step2 make Step3 I going to do tonight, if you want I can give you a feedback. Off the topic and just a bit humorous, I suppose, but the urban definition of Greez is less than flattering :-) 1. greez The act of deficating; often used in conjunction with doog Don't go to the bafroom - I just greezed a big ol' doog Amazing what happens to words when they hit the street, isn't it? dp ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter received header in notification message
Joe Maimon wrote: snip I can probably send a patch if you would like. Joe ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users This patch still works...can someone tell me whether this is up for consideration? #! /bin/sh /usr/share/dpatch/dpatch-run ## 100_clamav-milter.smrcv.patch.dpatch by [EMAIL PROTECTED] ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: No description. @DPATCH@ diff -urNad clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c /tmp/dpep.qdUNc5/clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c --- clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c2005-05-12 17:10:27.0 -0400 +++ /tmp/dpep.qdUNc5/clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c 2005-05-20 10:50:03.670473065 -0400 @@ -2267,8 +2267,44 @@ privdata-from = strdup(mailaddr); - if(hflag) + if(hflag) { + /* craft a sendmail like header for notifications */ + char *macro_b, *macro_s, *macro_j, *macro__; + char *p; + int plen = 0; + char *fmt = from %s (%s) by %s; + + privdata-headers = header_list_new(); + macro_s = smfi_getsymval(ctx, s); + macro_j = smfi_getsymval(ctx, j); + macro__ = smfi_getsymval(ctx, _); + + plen += (macro_s) ? strlen(macro_s) : sizeof(unknown); + plen += (macro_j) ? strlen(macro_j) : sizeof(localhost); + plen += (macro__) ? strlen(macro__) : 0; + plen += strlen(fmt); + + p = cli_malloc(plen); + if(p) { + sprintf(p, fmt, + (macro_s) ? macro_s : unknown, + (macro__) ? macro__ : , + (macro_j) ? macro_j : localhost + ); +#ifdef CL_DEBUG + if(debug_level 5) { + char *msg_p = clamfi_header: created Recieved header alloclen=%d, len=%d,\%s\\n; + if(use_syslog) + syslog(LOG_NOTICE, msg_p, plen, strlen(p), p); + cli_dbgmsg(msg_p,plen, strlen(p), p); + } +#endif + + header_list_add(privdata-headers, Received, p); + free(p); + } + } if(smfi_setpriv(ctx, privdata) == MI_SUCCESS) return SMFIS_CONTINUE; ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Trivial patch for syslogging when running multiple instances of clamav-milter
I have two clamav-milters running on a system. The sendmail on this system can choose which email gets scanned by which milter. One is set to send notifications, to be used for automatically blacklisting virus sending sources. The other does not notify because it is used by sendmail to scan email to all those who have elected to not participate in the systems anti-abuse mechanisms, which include blocklists. Due to network security needs, virus scanning is still mandatory, but the notifications are worthless, as invariably they would all have been blocked by a blocklist. So I run two instances. I do this by copying /etc/init.d/clamav-milter to /etc/init.d/clamav-milter2 and making obvious edits to /etc/init.d/clamav-milter2 (debian update-rc.d redhat chkconfig and friends) I do the same for /etc/default/clamav-milter2 I then symlink /usr/sbin/clamav-milter2 to /usr/sbin/clamav-milter This works fine. Only problem is that syslog logging both say clamav-milter. So here is a trivial patch that solves it for meeven though a more proper approach should probably rely on a command line argument. ( Thanks steven for your excellent debs and one quick trivial request.. apt-get source clamav vi debian/rules Add dpatch include and targets!! Thanks! ) Joe #! /bin/sh /usr/share/dpatch/dpatch-run ## 110-clamav_milter.syslog-name.patch.dpatch by [EMAIL PROTECTED] ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: No description. @DPATCH@ diff -urNad clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c /tmp/dpep.zyzqDz/clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c --- clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c2005-05-20 14:10:38.522543627 -0400 +++ /tmp/dpep.zyzqDz/clamav-0.85.1-0-JM/clamav-milter/clamav-milter.c 2005-05-20 14:16:59.576682600 -0400 @@ -1038,6 +1038,7 @@ if(cfgopt(copt, LogSyslog)) { int fac = LOG_LOCAL6; + char * progname = NULL; if(cfgopt(copt, LogVerbose)) { logVerbose = 1; @@ -1054,7 +1055,10 @@ argv[0], cpt-strarg); return EX_CONFIG; } - openlog(clamav-milter, LOG_CONS|LOG_PID, fac); + if(!(progname = basename(argv[0]))) + progname = clamav-milter; + + openlog(progname, LOG_CONS|LOG_PID, fac); } else { if(qflag) fprintf(stderr, _(%s: (-q !LogSyslog): warning - all interception message methods are off\n), ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Bug
Looks like since Clamav 0.84, clamav-milter is crashing every time fleshclam get new definitions. I am running clamav on BSD/OS 4.3.1 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Bug
Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem said: Looks like since Clamav 0.84, clamav-milter is crashing every time fleshclam get new definitions. I am running clamav on BSD/OS 4.3.1 It's probably trying to tell you your From: address is too long, eh. dp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav hung taking up 100% of CPU
bash-3.00# uname -a NetBSD 2.0.2 NetBSD 2.0.2 (GENERIC) #0: Thu Mar 24 02:28:37 MST 2005 root@:/usr/obj/sys/arch/amd64/compile/GENERIC amd64 bash-3.00# clamscan -V ClamAV 0.84/889/Sun May 22 04:18:49 2005 I've been noticing several clamscan processes running, taking up 100% of the CPU. Some have been running for over 300 minutes. They usually last only less than half a second. This is critical, since I'm running a very high load email server for thousands of users. I cannot tell what the clamscan process is freezing up on, I am currently developing a project that will allow me to look into other processes' memory so that I can view the email (and/or it's attachments) being scanned. I would appreciate that this problem be addressed immediately and fixed quickly, as every few hours the server (3.2Ghz!) slows to a halt. Your help is very much appreciated and I love the product you guys have spent time making. Thank you, Shawn Webb -- lattera http://lattera.antitech.org/ http://lattera.retoros.org/ http://retoros.org/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav hung taking up 100% of CPU
On Sun, 22 May 2005 18:48:53 + lattera [EMAIL PROTECTED] wrote: bash-3.00# clamscan -V ClamAV 0.84/889/Sun May 22 04:18:49 2005 [...] and I love the product you guys have spent time making. I don't think so. Actually you have no respect to our work and time. The problem described by you has been fixed in 0.85 (released on May 11). Thank you, Shawn Webb -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun May 22 21:07:59 CEST 2005 pgpMaJxQugPsW.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: clamav-milter quits (Doug Hardie)
On May 20, 2005, at 19:02, Stephen Gran wrote: On Fri, May 20, 2005 at 08:49:32PM -0500, Damian Menscher said: On Fri, 20 May 2005, Doug Hardie wrote: On May 20, 2005, at 02:32, Trog wrote: The accept call is done within Sendmail, I believe. That would make sense except that the error message clams to be from clamav-milter and the PID matches that of clamav-milter. Actually Trog was right: the error message is generated by mi_listener() in sendmail's .../libmilter/listener.c. It's rather silly of sendmail to log as if it's the milter, but there you have it. Well, actually that would make it make it clamav-milter - it links libmilter, and so uses all that code, right? I mean, it is sendmail code, but it's the binary clamav-milter that makes the error, if you see what I mean. Its definitely clamav-milter which calls libmilter which does the mi_listener right up front. Unfortunately there is no indication of which argument to accept is causing the problem. Looking around the info on the web indicates the most common usage of ERANGE is when a buffer is too small which would indicate a problem with the sockaddr. I believe now that this problem is occuring within about 10 minutes after a database reload. However, I am not seeing the same log messages that have been previously reported with this situation and on a test server that handles about 3 email daily there is no problem. So, I am guessing that this problem only occurs if there is some current activity at the time a database update occurs. ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav-milter dies after working ok for some hours
Hi We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ accounts. Since last week we are experimenting several errors with this combination. Tried to upgrade to latest version, with same results, so now we downgraded to our last stable situation, running clamav and milter version 0.83, and sendmail 8.12.8. Basically what happens is that clamav-milter dies, and then sendmail starts to refuse commands. I believe it is a 3 face thing. First it is common to see logs like this one, but mail still works: May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): read returned -1: Connection reset by remote.host.com May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): init failed to open May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter: initialization failed, rejecting commands Some minutes laters, we start to see: May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): to error state May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter: initialization failed, rejecting commands May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): to error state When it finally dies, we see: May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): write(D) returned -1, expected 5: Broken pipe May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter: [EMAIL PROTECTED], reject=550 5.7.1 Command rejected May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): local socket name /var/clamav/clmilter.socket unsafe May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter: initialization failed, rejecting commands At this point, clamav-milter is gone, and the sockets is non existant. Sendmail accepts connections, but refuses to receive any command. If we restart clamav-milter, it works again smoothly for about 3-6 hours. Any clue? Please let us know what other information might me useful to debug this. The relevant configuration parts are: clamd.conf: PidFile /var/run/clamav/clamd.pid LocalSocket /var/run/clamav/clamd.sock /etc/sysconfig/clamav-milter: CLAMAV_FLAGS= --config-file=/etc/clamd.conf --max-children=240 --force-scan --quiet --dont-log-clean --noreject --dont-scan-on-error -ol local:/var/clamav/clmilter.socket /etc/mail/sendmail.cf: Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m Thanks. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav hung taking up 100% of CPU
why would you say that I have no respect? The only reason why I'm using an old version is because that's what's in NetBSD's pkgsrc tree. I'm sorry if I bothered any of you with my email. Thanks for responding. Shawn Webb On 5/22/05, Tomasz Kojm [EMAIL PROTECTED] wrote: On Sun, 22 May 2005 18:48:53 + lattera [EMAIL PROTECTED] wrote: bash-3.00# clamscan -V ClamAV 0.84/889/Sun May 22 04:18:49 2005 [...] and I love the product you guys have spent time making. I don't think so. Actually you have no respect to our work and time. The problem described by you has been fixed in 0.85 (released on May 11). Thank you, Shawn Webb -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun May 22 21:07:59 CEST 2005 ___ http://lurker.clamav.net/list/clamav-users.html -- lattera http://lattera.antitech.org/ http://lattera.retoros.org/ http://retoros.org/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav hung taking up 100% of CPU
scratch that, it's been updated in the tree since my last cvs up, which was around two weeks ago. Shawn Webb On 5/23/05, lattera [EMAIL PROTECTED] wrote: why would you say that I have no respect? The only reason why I'm using an old version is because that's what's in NetBSD's pkgsrc tree. I'm sorry if I bothered any of you with my email. Thanks for responding. Shawn Webb On 5/22/05, Tomasz Kojm [EMAIL PROTECTED] wrote: On Sun, 22 May 2005 18:48:53 + lattera [EMAIL PROTECTED] wrote: bash-3.00# clamscan -V ClamAV 0.84/889/Sun May 22 04:18:49 2005 [...] and I love the product you guys have spent time making. I don't think so. Actually you have no respect to our work and time. The problem described by you has been fixed in 0.85 (released on May 11). Thank you, Shawn Webb -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun May 22 21:07:59 CEST 2005 ___ http://lurker.clamav.net/list/clamav-users.html -- lattera http://lattera.antitech.org/ http://lattera.retoros.org/ http://retoros.org/ -- lattera http://lattera.antitech.org/ http://lattera.retoros.org/ http://retoros.org/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav hung taking up 100% of CPU
pkgsrc tree is up to 0.85, not 0.85.1. After upgrading, within ten minutes I've got two processes taking up 100% of the CPU. So unless it's been fixed in 0.85.1, I'm still having the problem. Shawn Webb On 5/23/05, lattera [EMAIL PROTECTED] wrote: scratch that, it's been updated in the tree since my last cvs up, which was around two weeks ago. Shawn Webb On 5/23/05, lattera [EMAIL PROTECTED] wrote: why would you say that I have no respect? The only reason why I'm using an old version is because that's what's in NetBSD's pkgsrc tree. I'm sorry if I bothered any of you with my email. Thanks for responding. Shawn Webb On 5/22/05, Tomasz Kojm [EMAIL PROTECTED] wrote: On Sun, 22 May 2005 18:48:53 + lattera [EMAIL PROTECTED] wrote: bash-3.00# clamscan -V ClamAV 0.84/889/Sun May 22 04:18:49 2005 [...] and I love the product you guys have spent time making. I don't think so. Actually you have no respect to our work and time. The problem described by you has been fixed in 0.85 (released on May 11). Thank you, Shawn Webb -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sun May 22 21:07:59 CEST 2005 ___ http://lurker.clamav.net/list/clamav-users.html -- lattera http://lattera.antitech.org/ http://lattera.retoros.org/ http://retoros.org/ -- lattera http://lattera.antitech.org/ http://lattera.retoros.org/ http://retoros.org/ -- lattera http://lattera.antitech.org/ http://lattera.retoros.org/ http://retoros.org/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter dies after working ok for some hours
[EMAIL PROTECTED] wrote: Hi We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ accounts. Since last week we are experimenting several errors with this combination. Tried to upgrade to latest version, with same results, so now we downgraded to our last stable situation, running clamav and milter version 0.83, and sendmail 8.12.8. Basically what happens is that clamav-milter dies, and then sendmail starts to refuse commands. I believe it is a 3 face thing. First it is common to see logs like this one, but mail still works: May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): read returned -1: Connection reset by remote.host.com May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): init failed to open May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter: initialization failed, rejecting commands Some minutes laters, we start to see: May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): to error state May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter: initialization failed, rejecting commands May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): to error state When it finally dies, we see: May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): write(D) returned -1, expected 5: Broken pipe May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter: [EMAIL PROTECTED], reject=550 5.7.1 Command rejected May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): local socket name /var/clamav/clmilter.socket unsafe May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter: initialization failed, rejecting commands At this point, clamav-milter is gone, and the sockets is non existant. Sendmail accepts connections, but refuses to receive any command. If we restart clamav-milter, it works again smoothly for about 3-6 hours. Any clue? Please let us know what other information might me useful to debug this. The relevant configuration parts are: clamd.conf: PidFile /var/run/clamav/clamd.pid LocalSocket /var/run/clamav/clamd.sock /etc/sysconfig/clamav-milter: CLAMAV_FLAGS= --config-file=/etc/clamd.conf --max-children=240 --force-scan --quiet --dont-log-clean --noreject --dont-scan-on-error -ol local:/var/clamav/clmilter.socket /etc/mail/sendmail.cf: Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m Thanks. ___ http://lurker.clamav.net/list/clamav-users.html try --external Best Regards, -- George Chelidze ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter dies after working ok for some hours
On Sun, 22 May 2005, [EMAIL PROTECTED] wrote: We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ accounts. What OS (be specific) and hardware? Do the failures have a strong time correlation with database updates? Damian Menscher -- -=#| Physics Grad Student SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| [EMAIL PROTECTED] www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html