[Clamav-users] [Problem updating to 0.87.1
Hi, I've tried updating to latest clamav version... With no success on the FC3 box i use,... I first tried : wget http://crash.fce.vutbr.cz/crash-hat/3/clamav/clamav-0.87.1-3.i386.rpm rpm -Uvh clamav-0.87.1-3.i386.rpm then service clamd start and get : clamd: unrecognized service I then followed whole process indicated here : http://www.clamav.net/binary.html#pagestart did following : wget http://crash.fce.vutbr.cz/Petr.Kristof-GPG-KEY rpm --import Petr.Kristof-GPG-KEY cp Petr.Kristof-GPG-KEY /etc/pki/rpm-gpg/. chown root:root /etc/pki/rpm-gpg/Petr.Kristof-GPG-KEY chmod 0644 /etc/pki/rpm-gpg/Petr.Kristof-GPG-KEY wget http://crash.fce.vutbr.cz/crash-hat.repo cp crash-hat.repo /etc/yum.repos.d/. chown root:root /etc/yum.repos.d/crash-hat.repo chmod 0644 /etc/yum.repos.d/crash-hat.repo yum install foopackage did following then : yum remove clamav (in order to uninstall previous bugging clamav yum install clamav tells me : yum install clamav Repository updates-released already added, not adding again Repository base already added, not adding again Setting up Install Process Setting up Repos crash-hat 100% |=| 951 B00:00 base 100% |=| 1.1 kB00:00 updates-released 100% |=| 951 B00:00 Reading repository metadata in from local files crash-hat : ## 85/85 base : ## 2622/2622 updates-re: ## 962/962 Resolving Dependencies -- Populating transaction set with selected packages. Please wait. --- Package clamav.i386 96:0.87.1-3 set to be updated -- Running transaction check Dependencies Resolved Transaction Listing: Install: clamav.i386 96:0.87.1-3 - crash-hat Total download size: 1.1 M Is this ok [y/N]: y Downloading Packages: Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: clamav 100 % done 1/1 Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Mon Dec 5 17:06:59 2005 Querying current.cvd.clamav.net TTL: 274 Software version from DNS: 0.87.1 Retrieving http://db.fr.clamav.net/main.cvd Downloading main.cvd [*] main.cvd updated (version: 34, sigs: 39625, f-level: 5, builder: tkojm) Retrieving http://db.fr.clamav.net/daily.cvd Downloading daily.cvd [*] daily.cvd updated (version: 1204, sigs: 1809, f-level: 6, builder: tomek) Database updated (41434 signatures) from db.fr.clamav.net (IP: 62.210.153.201) Freeing option list...done Installed: clamav.i386 96:0.87.1-3 Complete! i then do once more : service clamd start clamd: unrecognized service Hummm where is the problem ??? is it the rpm that is corrupted ??? Here is some additional info : # locate clamd /var/run/clamav/clamd.pid /var/log/clamav/clamd.log /var/log/clamav/clamd.log.2 /var/log/clamav/clamd.log.4 /var/log/clamav/clamd.log.1 /var/log/clamav/clamd.log.3 /var/lock/subsys/clamd /etc/clamd.conf /etc/logrotate.d/clamd /etc/rc.d/rc1.d/K39clamd /etc/rc.d/rc5.d/S61clamd /etc/rc.d/init.d/clamd /etc/rc.d/rc2.d/S61clamd /etc/rc.d/rc3.d/S61clamd /etc/rc.d/rc4.d/S61clamd /etc/rc.d/rc0.d/K39clamd /etc/rc.d/rc6.d/K39clamd /usr/share/doc/clamav-0.87/clamdoc.pdf /usr/share/doc/clamav-0.87/html/clamdoc.css /usr/share/doc/clamav-0.87/html/clamdoc.html /usr/share/man/man1/clamdscan.1.gz /usr/share/man/man5/clamd.conf.5.gz /usr/share/man/man8/clamd.8.gz /usr/sbin/clamd /usr/bin/clamdscan Thks a lot for your help, and sorry for my english ... Tdldp ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [Problem updating to 0.87.1
Selon Tugdual de Lassat [EMAIL PROTECTED]: Installed: clamav.i386 96:0.87.1-3 Complete! i then do once more : service clamd start clamd: unrecognized service Hummm where is the problem ??? is it the rpm that is corrupted ??? Did you test : /etc/rc.d/init.d/clamd start ? You may have to declare clamd by running something like chkconfig clamd on then service clamd start. Regards, Guillaume Arcas - [http://yom.retiaire.org] --- Je cherche un ailleurs, mais pas trop loin d'ici. (Sempé) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam daemon dying
On closer review, there are 4 more hosts with out of date cvd files but freshclam is still running (but braindead). 3 of the hosts had the exact same size/date output: -rw-r--r-- 1 clamav clamav 149286 2005-11-04 08:50 daily.cvd -rw-r--r-- 1 clamav clamav 2560365 2005-11-04 08:50 main.cvd the 4th host had this: -rw-r--r-- 1 clamav clamav 102909 2005-10-14 04:02 daily.cvd -rw-r--r-- 1 clamav clamav 2560365 2005-09-16 11:34 main.cvd This makes 5 of 8 systems where freshclam stopped being functional. 2 of the 4 above needed kill -9 to die, the other 2 died on a normal kill signal. Another system had a dead freshclam and no traces of how it died. This one happened running 0.87.1. I've had no hung ones since I first reported this, but I will try to strace/gdb one when it happens again. Dale ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] [Problem updating to 0.87.1
Thks for your quick response... On testing : /etc/rc.d/init.d/clamd start -bash: /etc/rc.d/init.d/clamd: Aucun fichier ou répertoire de ce type (in english : No files or directory of this type) On : chkconfig clamd on erreur lors de la lecture d'informations sur le service clamd : Aucun fichier ou répertoire de ce type (on reading information on service clamd : no files or directory of this type) Is there a problem on those rpm's ??? When updating from .05 to .86 and from .86 to .87, I remember having rpm's having following format : rpm -Uvh clamav-0.86-1.i386.rpm Now they are : rpm -Uvh clamav-0.87.1-3.i386.rpm This makes me suspect a problem in rpm though I'm too newbie to confirm ... Any help is welcome... Tdldp -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Guillaume Arcas Envoyé : lundi 5 décembre 2005 17:33 À : ClamAV users ML Objet : Re: [Clamav-users] [Problem updating to 0.87.1 Selon Tugdual de Lassat [EMAIL PROTECTED]: Installed: clamav.i386 96:0.87.1-3 Complete! i then do once more : service clamd start clamd: unrecognized service Hummm where is the problem ??? is it the rpm that is corrupted ??? Did you test : /etc/rc.d/init.d/clamd start ? You may have to declare clamd by running something like chkconfig clamd on then service clamd start. Regards, Guillaume Arcas - [http://yom.retiaire.org] --- Je cherche un ailleurs, mais pas trop loin d'ici. (Sempé) ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [Problem updating to 0.87.1
Tugdual de Lassat wrote: Hi, I've tried updating to latest clamav version... With no success on the FC3 box i use,... I first tried : wget http://crash.fce.vutbr.cz/crash-hat/3/clamav/clamav-0.87.1-3.i386.rpm rpm -Uvh clamav-0.87.1-3.i386.rpm then service clamd start and get : clamd: unrecognized service That is correct. You did updated clamav base package only (do not contains clamd). You need to install clamav-server package too. Petr ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] [Problem updating to 0.87.1
Selon Tugdual de Lassat [EMAIL PROTECTED]: Is there a problem on those rpm's ??? Maybe, i don't know. I usually get RedHat RPM from here : http://dag.wieers.com/packages/clamav/ Does clamav binaries work ? I mean : clamd, clamscan, freshclam ? Guillaume Arcas - [http://yom.retiaire.org] --- Je cherche un ailleurs, mais pas trop loin d'ici. (Sempé) ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Truncated or damaged zip files.
Hi all. I've recently installed ClamAV 0.87.1 and although it's picking up geniune virii successfully, we're getting a large number of mangled W32/Mytob-GH through. I say mangled because the ZIP file appears to be damaged or truncated. I've noticed that several people have tried submitting these broken zip files, and they've all been rejected. Fair enough, it's not really a virus. However it's also very definitely the kind of email that many users would want rejected. I've tried creating my own signatures but because the file is (or was) a zip and the contents of it were a polymorphic virus, I can't find a pattern which I can use to match it. In short I can find no way of blocking these emails - qnd I'm getting loads (95% from one large customer, so much as I'd love to I can't just block their server). If there's an option to do this that I've missed, fantastic. If there's not then may I float the suggestion here that there should be? An option to reject ZIP files that are corrupt, while certainly too draconian for some would be a very useful addition for me and probably the others that have submitted signatures. As a poor second alternative, is there a way to get clamd to pick up on MD5 signatures? I know about the .db files, but what I really want to do is something like sigtool --md5 brokenzips/* /var/lib/clamav/ badzips.hdb and have that file picked up by clamd for it's automatic scanning. Currently it seems that clamd looks for .db and .cvb files, but not .hdb files. Cheers... Mike ___ http://lurker.clamav.net/list/clamav-users.html
Re[2]: [Clamav-users] the birth year of ClamAV
Gentlemen hi,
Sorry for the late reply. Thanks you guys to let me know the
date. I really appreciated.
Regards,
Joe
#v+
cd ~/paki/tomek/clam/clamav-0.11
head -18 ChangeLog
Thu May 9 21:52:54 CEST 2002
-
* fixed problem with inaccessible directories in archives, which
* caused
clamscan hangs (Thanks to Troy Wollenslegel [EMAIL PROTECTED])
* fixed unwanted path completing when using compression and absolute
pathname as argument
* added support for lha
* documentation updated
V changed version to 0.11
Wed May 8 01:03:26 CEST 2002
-
* documentation, freshclam manual
* last corrections
V changed version to 0.10 - first public release
#v-
:)
main(int a[puts(Michaウ 'GiM' Spadliqski)]){}
--
152115 lcamtuf In years past, I knew of someone who used emacs as his
login shell, the only thing he found wanting in emacs was a good
text editor. So he ended up using vi.
___
http://lurker.clamav.net/list/clamav-users.html
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
山崎 浄( Joe Yamasaki) / イーセキュリティ・ジャパン株式会社
〒100-0006
東京都千代田区有楽町1-7-1有楽町電気ビル南館14階
PHS:070-5453-7462 / TEL:03-3284-7603 / FAX:03-3284-7604
URL:http://www.esecurity.co.jp
___
http://lurker.clamav.net/list/clamav-users.html
