Re: [Clamav-users] Freshclam
On Sat, December 31, 2005 12:48 am, Richard Wallman said:
>
> For anyone else who has the ClamAV support in Exim enabled, and wants to
> get some stats about the viruses it stops:
>
> cat /var/log/exim4/rejectlog.1 | awk -F 'malware ' '/malware/
> {gsub(/[(|)]/,"",$2);count[$2]+=1; total+=1} END {for (virus in count)
> print(virus","count[virus]);print("Total,"total)}' | sort -t, -rnk2
>
> Reports back:
>
> Total,476
> Worm.Mytob.KG,187
> ...
Great script. Thanks.
--
Good day, eh.
Chris
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Too many Clamscan processes
On Thu, Dec 29, 2005 at 12:55:14AM -0500, PBR wrote: >Every couple of weeks my server slows down from too many clamscan >processes running. They seem to be running on the bounced mail account as >a result of spammers. >I changed /etc/clamav.conf to MaxThreads 5 but I still get dozens of >clamscan threads running. clamscan? or clamdscan? or clamd? clamscan doesn't read the (old) /etc/clamav.conf nor the (current) /etc/clamd.conf. >Any way to keep the number of clamscan processes down? Use clamdscan, make sure clamd is running as the correct user to read the files written by your mail processor. Then you will have something that is reading the config file and you can see if your symptoms change. -- Regards... Todd when you shoot yourself in the foot, just because you are so neurally broken that the signal takes years to register in your brain, it does not mean that your foot does not have a hole in it. --Randy Bush Linux kernel 2.6.12-12mdksmp 4 users, load average: 1.18, 1.21, 1.16 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Virus Alias Database
Anyone happen to know what happened to http://www.rainingfrogs.co.uk ? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam
Thanks a lot.. for you comments..
i installed ClamAV from volatile Project.. and works great!
Michael.-
El vie, 30-12-2005 a las 16:48 +, Richard Wallman escribió:
> Michael Fernández M. wrote:
> > ok. i get it.., i will upgrade tha package from Debian volatile project.
> >
> > Some one use it? is stable?
>
> I use it at work. 20 to 25 thousand incoming emails per day, ClamAV
> installed from volatile and added straight to the Exim config (in the
> last 2+ years, I don't think I've found a single false positive, and I
> was getting tired of all the virus reports!)
>
> The last time I had to look at it was going from Woody->Sarge - since
> then it I've left it and It Just Works. I (personally) consider it to be
> stable. :)
>
>
>
> For anyone else who has the ClamAV support in Exim enabled, and wants to
> get some stats about the viruses it stops:
>
> cat /var/log/exim4/rejectlog.1 | awk -F 'malware ' '/malware/
> {gsub(/[(|)]/,"",$2);count[$2]+=1; total+=1} END {for (virus in count)
> print(virus","count[virus]);print("Total,"total)}' | sort -t, -rnk2
>
> Reports back:
>
> Total,476
> Worm.Mytob.KG,187
> Worm.Sober.U-3,136
> Worm.Mytob.GH,81
> Worm.Mytob.CL,21
> HTML.Phishing.Bank-1,10
> Worm.Mydoom.M,8
> Exploit.HTML.IFrame,8
> Worm.SomeFool.P,5
> Worm.Mytob.IQ,5
> Worm.Mytob.CJ,5
> Worm.Mytob.V,3
> Worm.Sober.U-2,2
> Worm.Mytob.S,2
> Worm.SomeFool.Z,1
> Worm.Mytob.BP,1
> HTML.Phishing.Auction-28,1
>
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam
Michael Fernández M. wrote:
> ok. i get it.., i will upgrade tha package from Debian volatile project.
>
> Some one use it? is stable?
I use it at work. 20 to 25 thousand incoming emails per day, ClamAV
installed from volatile and added straight to the Exim config (in the
last 2+ years, I don't think I've found a single false positive, and I
was getting tired of all the virus reports!)
The last time I had to look at it was going from Woody->Sarge - since
then it I've left it and It Just Works. I (personally) consider it to be
stable. :)
For anyone else who has the ClamAV support in Exim enabled, and wants to
get some stats about the viruses it stops:
cat /var/log/exim4/rejectlog.1 | awk -F 'malware ' '/malware/
{gsub(/[(|)]/,"",$2);count[$2]+=1; total+=1} END {for (virus in count)
print(virus","count[virus]);print("Total,"total)}' | sort -t, -rnk2
Reports back:
Total,476
Worm.Mytob.KG,187
Worm.Sober.U-3,136
Worm.Mytob.GH,81
Worm.Mytob.CL,21
HTML.Phishing.Bank-1,10
Worm.Mydoom.M,8
Exploit.HTML.IFrame,8
Worm.SomeFool.P,5
Worm.Mytob.IQ,5
Worm.Mytob.CJ,5
Worm.Mytob.V,3
Worm.Sober.U-2,2
Worm.Mytob.S,2
Worm.SomeFool.Z,1
Worm.Mytob.BP,1
HTML.Phishing.Auction-28,1
--
Richard Wallman
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam
but i installed the package from the source of debian (stable) Package: clamav (0.84-2.sarge.6) [security] ok. i get it.., i will upgrade tha package from Debian volatile project. Some one use it? is stable? Thanks for the time.- El vie, 30-12-2005 a las 07:56 -0700, Steven Spence escribió: > Michael Fernández M. wrote: > > Hi... > > > > I just installed ClamAV , and in my freshclam i have: > > > > # Automatically created by the clamav-freshclam postinst > > # Comments will get lost when you reconfigure the clamav-freshclam > > package > > > > DatabaseOwner clamav > > UpdateLogFile /var/log/clamav/freshclam.log > > LogFileMaxSize 0 > > MaxAttempts 5 > > # Check for new database 24 times a day > > Checks 24 > > DatabaseMirror db.cl.clamav.net > > DatabaseMirror database.clamav.net > > DatabaseMirror db.local.clamav.net > > DatabaseDirectory /var/lib/clamav/ > > NotifyClamd > > DNSDatabaseInfo current.cvd.clamav.net > > > > > > > > but when i run freshclam i got the follow > > > > > > mail:~# freshclam -v > > Current working dir is /var/lib/clamav/ > > Max retries == 5 > > ClamAV update process started at Fri Dec 30 11:36:22 2005 > > Querying current.cvd.clamav.net > > TTL: 84 > > Software version from DNS: 0.87.1 > > WARNING: Your ClamAV installation is OUTDATED! > > WARNING: Local version: 0.84 Recommended version: 0.87.1 > > DON'T PANIC! Read http://www.clamav.net/faq.html > > main.cvd version from DNS: 34 > > main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: > > tkojm) > > WARNING: Your ClamAV installation is OUTDATED! > > WARNING: Current functionality level = 4, recommended = 5 > > DON'T PANIC! Read http://www.clamav.net/faq.html > > daily.cvd version from DNS: 1219 > > daily.cvd is up to date (version: 1219, sigs: 2417, f-level: 6, builder: > > diego) > > WARNING: Your ClamAV installation is OUTDATED! > > WARNING: Current functionality level = 4, recommended = 6 > > DON'T PANIC! Read http://www.clamav.net/faq.html > > Freeing option list...done > > > > > > Anybody can help me? > > > > Thanks in advance > > > > Michael.- > > > > > > ___ > > http://lurker.clamav.net/list/clamav-users.html > > > > > > I see it screaming at you three times about what the problem is. > > Notice these lines: > > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.84 Recommended version: 0.87.1 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Current functionality level = 4, recommended = 5 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Current functionality level = 4, recommended = 6 > > Update your clam install. > ___ > http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam
Michael Fernández M. wrote: Hi... I just installed ClamAV , and in my freshclam i have: # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogFileMaxSize 0 MaxAttempts 5 # Check for new database 24 times a day Checks 24 DatabaseMirror db.cl.clamav.net DatabaseMirror database.clamav.net DatabaseMirror db.local.clamav.net DatabaseDirectory /var/lib/clamav/ NotifyClamd DNSDatabaseInfo current.cvd.clamav.net but when i run freshclam i got the follow mail:~# freshclam -v Current working dir is /var/lib/clamav/ Max retries == 5 ClamAV update process started at Fri Dec 30 11:36:22 2005 Querying current.cvd.clamav.net TTL: 84 Software version from DNS: 0.87.1 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.84 Recommended version: 0.87.1 DON'T PANIC! Read http://www.clamav.net/faq.html main.cvd version from DNS: 34 main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 4, recommended = 5 DON'T PANIC! Read http://www.clamav.net/faq.html daily.cvd version from DNS: 1219 daily.cvd is up to date (version: 1219, sigs: 2417, f-level: 6, builder: diego) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 4, recommended = 6 DON'T PANIC! Read http://www.clamav.net/faq.html Freeing option list...done Anybody can help me? Thanks in advance Michael.- ___ http://lurker.clamav.net/list/clamav-users.html I see it screaming at you three times about what the problem is. Notice these lines: WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.84 Recommended version: 0.87.1 WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 4, recommended = 5 WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 4, recommended = 6 Update your clam install. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam
On Fri, 2005-12-30 at 11:46 -0300, Michael Fernández M. wrote: > DON'T PANIC! Read http://www.clamav.net/faq.html There you will read: * What does Your ClamAV installation is OUTDATED mean? You'll get this message whenever a new version of ClamAV is released. In order to detect all the latest viruses, it's not enough to keep your database up to date. You also need to run the latest version of the scanner. You can download the sources of the latest release from our website. Upgrade instructions are on the WikiWiki. If you are afraid to break something while upgrading, use the precompiled packages for your operating system/distribution. Remember: running the latest stable release also improves stability. * I upgraded to the latest stable version but I still get the message Your ClamAV installation is OUTDATED, why? Make sure there is really only one version of ClamAV installed on your system: $ whereis freshclam $ whereis clamscan Also make sure that you haven't got old libraries (libclamav.so*) lying around your filesystem. You can verify it using: $ ldd `which freshclam` -- Daniel J McDonald, CCIE # 2495, CNX, CISSP # 78281 Austin Energy [EMAIL PROTECTED] gpg Key: http://austinnetworkdesign.com/pgp.key Key fingerprint = B527 F53D 0C8C D38B DCC7 901D 2F19 A13A 22E8 A76A ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Freshclam
Hi... I just installed ClamAV , and in my freshclam i have: # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogFileMaxSize 0 MaxAttempts 5 # Check for new database 24 times a day Checks 24 DatabaseMirror db.cl.clamav.net DatabaseMirror database.clamav.net DatabaseMirror db.local.clamav.net DatabaseDirectory /var/lib/clamav/ NotifyClamd DNSDatabaseInfo current.cvd.clamav.net but when i run freshclam i got the follow mail:~# freshclam -v Current working dir is /var/lib/clamav/ Max retries == 5 ClamAV update process started at Fri Dec 30 11:36:22 2005 Querying current.cvd.clamav.net TTL: 84 Software version from DNS: 0.87.1 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.84 Recommended version: 0.87.1 DON'T PANIC! Read http://www.clamav.net/faq.html main.cvd version from DNS: 34 main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 4, recommended = 5 DON'T PANIC! Read http://www.clamav.net/faq.html daily.cvd version from DNS: 1219 daily.cvd is up to date (version: 1219, sigs: 2417, f-level: 6, builder: diego) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 4, recommended = 6 DON'T PANIC! Read http://www.clamav.net/faq.html Freeing option list...done Anybody can help me? Thanks in advance Michael.- ___ http://lurker.clamav.net/list/clamav-users.html
