[Clamav-users] New RPM package(clamav, postfix, spamass, mailscanner) icome across
Hi guys, I'm new to this ml. Just came across this RPM package that seems useful while surfing. So posted it here: http://metawire.org/~pscm/index.html cheers! Olivia _ Get your own free web email address ---> http://www.mailchoose.com ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] How good are clamav's spyware signatures ?
No one has answered this Q so far. Just I am posting it again. I am using an improved version of SCAVR (Squid ClamAV Redirector) that will scan each and every url. However, I dont see any spywares getting caught. I did check that the SCAVR is working properly by attempting to download a virus webmail and the webmail was blocked. So my question is how good is ClamAV's spyware/adware signatures ? John __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Performance problem with 0.87
Hi I had that problem with all clamd > 0.85. I found the solution to use static linked clamd. (add -static at the gcc line) Its a very weird error... On Mon, 2005-10-24 at 16:01 +0200, Balzi Andrea wrote: > Hi All > > On our system based on debian we use clamd with exim-4.44. > Clamd loads the CPU that it did not succeed with version 0.86. > Some one have the same problem? Ho w can solve it? > > Andrea > ___ > http://lurker.clamav.net/list/clamav-users.html -- ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: clamav-milter error in logs: no: command notfound
> > And you have a quick fix, add -q to the init script. This > way it will not try > to send notifications to postmaster every time it finds a virus. > Rene, That fixed it! Thanks a lot! -John ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Trojan.Startpage-149 in swap file
Hello, Le lundi 24 Octobre 2005 20:36, Jim a écrit : > I'm running Linspire 5 which uses a swap file rather than a swap > partition. When I ran the latest version of clamav, it showed a trojan > in the swap file. It didn't show up in any regular disk file, though. > So, how did it get into virtual memory, and, should I be concerned about > it? > > Here's the clamav output: > > /home/jim/My Computer/Storage Device (hda5)/boot/linux-swap.swp: > Trojan.Startpage-149 FOUND Swap file (linux or windows) should never be scanned. -- Cordialement, Arnaud Jacques Consultant Sécurité Téléphone / Fax : +33-(0)3.44.39.76.46 Portable : +33-(0)6.24.40.95.03 E-mail : [EMAIL PROTECTED] Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois ___ ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: clamav-milter error in logs: no: command notfound
John Belamaric wrote: >>Yes, look into milter.conf it probably has the VirusEvent setting. > > Hi Rene, thanks. The commented-out VirusEvent entry from my previous post > was from the milter.conf. Maybe I'll just have to re-install from the > source? I just searched in the clamav-milter.c code and there is no use of the VirusEvent ... so I sent you on a wild goose chase, sorry. The only thing I see executed from the milter is sendmail, which is defined either at compile time or as "/usr/lib/sendmail". That leads me to believe that this rpm is really bad, SENDMAIL_BIN was probably defined as "no" and that blows when the milter tries to send a notification. You can see exactly what the milter is trying to do if you enable debugging in the .conf file (it should be commented now). And you have a quick fix, add -q to the init script. This way it will not try to send notifications to postmaster every time it finds a virus. HTH -- René Berber ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Trojan.Startpage-149 in swap file
I'm running Linspire 5 which uses a swap file rather than a swap partition. When I ran the latest version of clamav, it showed a trojan in the swap file. It didn't show up in any regular disk file, though. So, how did it get into virtual memory, and, should I be concerned about it? Here's the clamav output: /home/jim/My Computer/Storage Device (hda5)/boot/linux-swap.swp: Trojan.Startpage-149 FOUND ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: clamav-milter error in logs: no: command notfound
> > Yes, look into milter.conf it probably has the VirusEvent setting. > Hi Rene, thanks. The commented-out VirusEvent entry from my previous post was from the milter.conf. Maybe I'll just have to re-install from the source? -John ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: clamav-milter error in logs: no:commandnotfound
> > Matthew.van.Eerde wrote: > > Or is it possible that your clamilt user has a shell of "no"? > Ok, I checked the init script; it just passes what's in the sysconfig file. In there I found: ## The '-blo' options might be usefully here -- especially for testing; see ## "man 8 clamav-milter" for further options CLAMAV_FLAGS='--max-children=2 -c /etc/clamd.d/milter.conf local:/var/run/clamav-milter/clamav.sock' CLAMAV_USER='clamilt' The clamilt user has the shell /sbin/nologin, which shouldn't cause the error I'm seeing. The problem occurs when a virus is found, not when the milter is started. Here's my sendmail.mc entry, if it's relevant: INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav.sock, F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clamav') I also grepped through the clmilter_watch script, and found no relevant "no" in there. Thanks again for your help. I did see one other mail post on a redhat mailing list archive related to this, but he never got a reply. -John ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: clamav-milter error in logs: no: command not found
John Belamaric wrote: [snip] > [EMAIL PROTECTED] clamd.d]# grep VirusEvent * > #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" > [EMAIL PROTECTED] clamd.d]# > > I don't have a clamd.conf, just a "milter.conf" in the clamd.d > directory. This is provided by the milter rpm. No config file > was provided by the clamav rpm: [snip] > Any other thoughts? Yes, look into milter.conf it probably has the VirusEvent setting. Your installation is not standard, the rpms separate the server from the applications and from the milter, whoever did that probably came with the idea of using milter.conf which is not included in the source distribution. My guess is that they are copying clamd.conf into that file and then calling the milter with the option to use that configuration. [Rant] That rpm distribution is pretty bad, they install clamdscan without clamd which is useless, they come with the milter.conf idea and probably don't document it. HTH -- René Berber [That's a René in html or Rene' in pure ascii] ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: clamav-milter error in logs: no:commandnotfound
Matthew.van.Eerde wrote: > John Belamaric wrote: >>> Try grepping for "no" and see what options you get. >>> >> >> Hi Matthew, >> >> Unfortunately that didn't do it: > > Maybe it's not in the .conf file, but is instead being passed as a > command-line argument. > > Check these files: > > /etc/rc.d/init.d/clamav-milter > /etc/sysconfig/clamav-milter Or is it possible that your clamilt user has a shell of "no"? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: clamav-milter error in logs: no:commandnotfound
John Belamaric wrote: >> Try grepping for "no" and see what options you get. >> > > Hi Matthew, > > Unfortunately that didn't do it: Maybe it's not in the .conf file, but is instead being passed as a command-line argument. Check these files: /etc/rc.d/init.d/clamav-milter /etc/sysconfig/clamav-milter -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: clamav-milter error in logs: no: commandnotfound
> > Try grepping for "no" and see what options you get. > Hi Matthew, Unfortunately that didn't do it: [EMAIL PROTECTED] clamd.d]$ grep no milter.conf # running clamd multiple times (if want to run another clamd, please # By default we bind to INADDR_ANY, probably not wise. # Do not remove temporary files (for debug purposes). # DO NOT TOUCH IT unless you know what you are doing. # Perform HTML normalisation and decryption of MS Script Encoder code. # Due to license issues libclamav does not support RAR 3.0 archives (only the [EMAIL PROTECTED] clamd.d]$ In fact, the only enabled options (not commented out) are: LogFile /var/log/clamd.milter PidFile /var/run/clamd.milter/clamd.pid FixStaleSocket User clamilt ScanMail Everything else in the file is commented out... Thanks, John ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: clamav-milter error in logs: no: command notfound
John Belamaric wrote: > Any other thoughts? The "no" leads me to believe that there's some option specified as Foo no under the assumption that "Foo" is a yes/no setting, when in fact Foo is a command setting. So bash is trying to run the command "no" which does not exist. Try grepping for "no" and see what options you get. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Performance problem with 0.87
Hi All On our system based on debian we use clamd with exim-4.44. Clamd loads the CPU that it did not succeed with version 0.86. Some one have the same problem? Ho w can solve it? Andrea ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: clamav-milter error in logs: no: command not found
Reni Berber wrote: > > Look into your /etc/clamd.conf, there probably is something > in option VirusEvent > that you did not put, perhaps somobody uncommented the sample: > Thank, Reni, but I checked and the VirusEvent is commented out: [EMAIL PROTECTED] clamd.d]# grep VirusEvent * #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" [EMAIL PROTECTED] clamd.d]# I don't have a clamd.conf, just a "milter.conf" in the clamd.d directory. This is provided by the milter rpm. No config file was provided by the clamav rpm: [EMAIL PROTECTED] etc]# rpm -q --list clamav /usr/bin/clamdscan /usr/bin/clamscan /usr/bin/sigtool /usr/share/doc/clamav-0.87 /usr/share/doc/clamav-0.87/AUTHORS /usr/share/doc/clamav-0.87/BUGS /usr/share/doc/clamav-0.87/COPYING /usr/share/doc/clamav-0.87/ChangeLog /usr/share/doc/clamav-0.87/FAQ /usr/share/doc/clamav-0.87/NEWS /usr/share/doc/clamav-0.87/TODO /usr/share/doc/clamav-0.87/clamav-mirror-howto.pdf /usr/share/doc/clamav-0.87/clamdoc.pdf /usr/share/doc/clamav-0.87/signatures.pdf /usr/share/man/man1/clamdscan.1.gz /usr/share/man/man1/clamscan.1.gz /usr/share/man/man1/sigtool.1.gz /usr/share/man/man5/clamd.conf.5.gz /usr/share/man/man5/freshclam.conf.5.gz [EMAIL PROTECTED] etc]# rpm -q --list clamav-milter /etc/clamd.d/milter.conf /etc/rc.d/init.d/clamav-milter /etc/sysconfig/clamav-milter /usr/sbin/clamav-milter /usr/share/doc/clamav-milter-0.87 /usr/share/doc/clamav-milter-0.87/INSTALL /usr/share/man/man8/clamav-milter.8.gz /var/run/clamav-milter [EMAIL PROTECTED] etc]# Any other thoughts? Thanks, John ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] performance is too bad
I had the same problem, not with qmail, but it makes no difference. Clamscan vs. cmald (you also have clamdscan there, which can be used nearly the same way) performance comparison states that clamd is a better choice. Now I have nearly 0 load because of scanning emails. > On Mon, Oct 24, 2005 at 05:26:17PM +0800, aeonsun said: >> Hello all.I'm a newbie of clamav,I setup the clamav according to the >> article(http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php#clamav). >> >> The result by the 'top' command. >> >> 16:41:56 up 57 min, 1 user, load average: 11.43, 11.84, 10.75 >> 103 processes: 90 sleeping, 13 running, 0 zombie, 0 stopped >> CPU states: cpuusernice systemirq softirq iowaitidle >> total 99.6%0.0%0.3% 0.0% 0.0%0.0%0.0% >> Mem: 510420k av, 411704k used, 98716k free, 0k shrd,3712k >> buff >>313248k actv, 60628k in_d, 10204k in_c >> Swap: 522104k av, 225248k used, 296856k free 62096k >> cached >> >> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND >> 3659 qscand25 0 29600 17M24 R 9.9 3.5 8:37 0 >> clamscan >> 3751 qscand25 0 30188 22M24 R 9.9 4.5 4:53 0 >> clamscan >> 3771 qscand25 0 29940 28M24 R 9.9 5.7 4:02 0 >> clamscan >> 3786 qscand25 0 30188 28M24 R 9.9 5.6 3:45 0 >> clamscan >> 3837 qscand25 0 30024 27M24 R 9.9 5.5 2:07 0 >> clamscan >> 3797 qscand25 0 29836 27M24 R 9.5 5.4 3:19 0 >> clamscan >> 3809 qscand25 0 30140 27M24 R 8.1 5.5 2:41 0 >> clamscan >> 3648 qscand25 0 29640 16M24 R 7.9 3.3 11:41 0 >> clamscan >> 3670 qscand25 0 29860 18M24 R 7.9 3.7 7:04 0 >> clamscan >> 3821 qscand25 0 30188 28M24 R 7.9 5.6 2:34 0 >> clamscan >> 3849 qscand25 0 29868 26M24 R 7.9 5.4 1:47 0 >> clamscan >>6 root 15 0 00 0 SW0.1 0.0 0:00 0 kscand >> 3983 root 15 0 1180 1180 908 R 0.1 0.2 0:00 0 top >>1 root 15 0 116 8456 S 0.0 0.0 0:04 0 init >>2 root 15 0 00 0 SW0.0 0.0 0:00 0 keventd >>3 root 15 0 00 0 SW0.0 0.0 0:00 0 kapmd >>4 root 34 19 00 0 SWN 0.0 0.0 0:00 0 >> ksoftirqd/0 >>7 root 25 0 00 0 SW0.0 0.0 0:00 0 bdflush >>5 root 15 0 00 0 SW0.0 0.0 0:00 0 kswapd >>8 root 15 0 00 0 SW0.0 0.0 0:00 0 >> kupdated >> >> Can someone help me?thanks. > > Use clam_d_scan instead of clamscan. Also make sure you have patched > qmail with all the usual patches so you're not accepting messages for > invalid local parts and so forth, wasting every one else's bandwidth and > your CPU. > -- > -- > | Stephen Gran | Consultant, n.: Someone who'd rather > | > | [EMAIL PROTECTED] | climb a tree and tell a lie than stand > | > | http://www.lobefin.net/~steve | on the ground and tell the truth. > | > -- > ___ > http://lurker.clamav.net/list/clamav-users.html > ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] performance is too bad
On Mon, Oct 24, 2005 at 05:26:17PM +0800, aeonsun said: > Hello all.I'm a newbie of clamav,I setup the clamav according to the > article(http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php#clamav). > > The result by the 'top' command. > > 16:41:56 up 57 min, 1 user, load average: 11.43, 11.84, 10.75 > 103 processes: 90 sleeping, 13 running, 0 zombie, 0 stopped > CPU states: cpuusernice systemirq softirq iowaitidle > total 99.6%0.0%0.3% 0.0% 0.0%0.0%0.0% > Mem: 510420k av, 411704k used, 98716k free, 0k shrd,3712k buff >313248k actv, 60628k in_d, 10204k in_c > Swap: 522104k av, 225248k used, 296856k free 62096k > cached > > PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND > 3659 qscand25 0 29600 17M24 R 9.9 3.5 8:37 0 clamscan > 3751 qscand25 0 30188 22M24 R 9.9 4.5 4:53 0 clamscan > 3771 qscand25 0 29940 28M24 R 9.9 5.7 4:02 0 clamscan > 3786 qscand25 0 30188 28M24 R 9.9 5.6 3:45 0 clamscan > 3837 qscand25 0 30024 27M24 R 9.9 5.5 2:07 0 clamscan > 3797 qscand25 0 29836 27M24 R 9.5 5.4 3:19 0 clamscan > 3809 qscand25 0 30140 27M24 R 8.1 5.5 2:41 0 clamscan > 3648 qscand25 0 29640 16M24 R 7.9 3.3 11:41 0 clamscan > 3670 qscand25 0 29860 18M24 R 7.9 3.7 7:04 0 clamscan > 3821 qscand25 0 30188 28M24 R 7.9 5.6 2:34 0 clamscan > 3849 qscand25 0 29868 26M24 R 7.9 5.4 1:47 0 clamscan >6 root 15 0 00 0 SW0.1 0.0 0:00 0 kscand > 3983 root 15 0 1180 1180 908 R 0.1 0.2 0:00 0 top >1 root 15 0 116 8456 S 0.0 0.0 0:04 0 init >2 root 15 0 00 0 SW0.0 0.0 0:00 0 keventd >3 root 15 0 00 0 SW0.0 0.0 0:00 0 kapmd >4 root 34 19 00 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0 >7 root 25 0 00 0 SW0.0 0.0 0:00 0 bdflush >5 root 15 0 00 0 SW0.0 0.0 0:00 0 kswapd >8 root 15 0 00 0 SW0.0 0.0 0:00 0 kupdated > > Can someone help me?thanks. Use clam_d_scan instead of clamscan. Also make sure you have patched qmail with all the usual patches so you're not accepting messages for invalid local parts and so forth, wasting every one else's bandwidth and your CPU. -- -- | Stephen Gran | Consultant, n.: Someone who'd rather | | [EMAIL PROTECTED] | climb a tree and tell a lie than stand | | http://www.lobefin.net/~steve | on the ground and tell the truth. | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] performance is too bad
On 24/10/05, aeonsun <[EMAIL PROTECTED]> wrote: > Hello all.I'm a newbie of clamav,I setup the clamav according to the > article(http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php#clamav). > > The result by the 'top' command. <---SNIP---> > Can someone help me?thanks. Exactly what is your problem? It looks like you've got lots of active scanning going on, so the CPU is going to be busy. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] performance is too bad
Hello all.I'm a newbie of clamav,I setup the clamav according to the article(http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php#clamav). The result by the 'top' command. 16:41:56 up 57 min, 1 user, load average: 11.43, 11.84, 10.75 103 processes: 90 sleeping, 13 running, 0 zombie, 0 stopped CPU states: cpuusernice systemirq softirq iowaitidle total 99.6%0.0%0.3% 0.0% 0.0%0.0%0.0% Mem: 510420k av, 411704k used, 98716k free, 0k shrd,3712k buff 313248k actv, 60628k in_d, 10204k in_c Swap: 522104k av, 225248k used, 296856k free 62096k cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 3659 qscand25 0 29600 17M24 R 9.9 3.5 8:37 0 clamscan 3751 qscand25 0 30188 22M24 R 9.9 4.5 4:53 0 clamscan 3771 qscand25 0 29940 28M24 R 9.9 5.7 4:02 0 clamscan 3786 qscand25 0 30188 28M24 R 9.9 5.6 3:45 0 clamscan 3837 qscand25 0 30024 27M24 R 9.9 5.5 2:07 0 clamscan 3797 qscand25 0 29836 27M24 R 9.5 5.4 3:19 0 clamscan 3809 qscand25 0 30140 27M24 R 8.1 5.5 2:41 0 clamscan 3648 qscand25 0 29640 16M24 R 7.9 3.3 11:41 0 clamscan 3670 qscand25 0 29860 18M24 R 7.9 3.7 7:04 0 clamscan 3821 qscand25 0 30188 28M24 R 7.9 5.6 2:34 0 clamscan 3849 qscand25 0 29868 26M24 R 7.9 5.4 1:47 0 clamscan 6 root 15 0 00 0 SW0.1 0.0 0:00 0 kscand 3983 root 15 0 1180 1180 908 R 0.1 0.2 0:00 0 top 1 root 15 0 116 8456 S 0.0 0.0 0:04 0 init 2 root 15 0 00 0 SW0.0 0.0 0:00 0 keventd 3 root 15 0 00 0 SW0.0 0.0 0:00 0 kapmd 4 root 34 19 00 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0 7 root 25 0 00 0 SW0.0 0.0 0:00 0 bdflush 5 root 15 0 00 0 SW0.0 0.0 0:00 0 kswapd 8 root 15 0 00 0 SW0.0 0.0 0:00 0 kupdated Can someone help me?thanks.___ http://lurker.clamav.net/list/clamav-users.html