Re: [Clamav-users] mod_clamav for apache broken?
Richard Feldmann wrote: Hi List, Been digging in this for a while and I can't get mod_clamav to work with apache. It looks like the cl_perror function which was removed from clamav in November 2005 is still used by mod_clamav (version 0.21 is the latest I found), and apache barfs on it when I try to use it. It errors with: Cannot load /usr/lib/apache/mod_clamav.so into server: /usr/lib/apache/mod_clamav.so: undefined symbol: cl_perror My question is, what replaced cl_perror so that I can modify mod_clamav to get it working. Or, is there a better http scanning option using clamav with apache? Or is http virus scanning a waste of time, etc? I guess that was three questions. :) Hi Richard, after updating to the newest 0.90 release of clamav I've got the same problem :-) My solution was to patch mod_clamav: --- snip --- --- mod_clamav.c.org2004-04-29 00:48:43.0 +0200 +++ mod_clamav.c2007-02-15 09:35:22.0 +0100 @@ -68,4 +68,21 @@ #define MOD_CLAMAV_FAILED_STATUS failed +const char *cl_perror(int clerror) /* deprecated */ +{ +return cl_strerror(clerror); +} + +void cl_freetrie(struct cl_node *root) /* for backward compatibility */ +{ +cl_free(root); +} + +int cl_buildtrie(struct cl_node *root) /* for backward compatibility */ +{ +return cl_build(root); +} + module AP_MODULE_DECLARE_DATA clamav_module; --- snip --- Seems to work so far... Hope this helps, Wolfgang -- Wolfgang Cernohorsky Email: [EMAIL PROTECTED] ZID, Abt. Kommunikation WWW: http://www.vu-wien.ac.at/ Vet.Med.Univ. WienPhone: +43-1-25077 /1602 Fax: /1690 Veterinaerplatz 1 A-1210 Vienna, Austria ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Problem running virus-scanner
Dear readers, I've used clamav for some time now, and I'm very hapy with it.Yesterday I tried to upgrade to 0.90, but after upgrading mimedefang starts complaining about Problem running virus-scanner, so I downgraded to 0.88.7 again (and everthing start working again). My setup: Sendmail Mimedefang spamassassin clamav (I'm _not_ running clamd). Anyone any idea? Thanks in advance. Peter Boosten -- http://www.boosten.org ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem running virus-scanner
On Thu, Feb 15, 2007 at 12:49:17PM +0100, Peter Boosten said: Dear readers, I've used clamav for some time now, and I'm very hapy with it.Yesterday I tried to upgrade to 0.90, but after upgrading mimedefang starts complaining about Problem running virus-scanner, so I downgraded to 0.88.7 again (and everthing start working again). Not without more information, sorry. -- -- | Stephen Gran | I feel ... JUGULAR ... | | [EMAIL PROTECTED] | | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem running virus-scanner
Stephen Gran wrote: On Thu, Feb 15, 2007 at 12:49:17PM +0100, Peter Boosten said: Dear readers, I've used clamav for some time now, and I'm very hapy with it.Yesterday I tried to upgrade to 0.90, but after upgrading mimedefang starts complaining about Problem running virus-scanner, so I downgraded to 0.88.7 again (and everthing start working again). Not without more information, sorry. Stephen, Thanks for your answer. What information do you require? Thanks in advance. Peter -- http://www.boosten.org ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav 0.90 -- Debian packages?
Really for the attention of Stephen Gran but I thought this might be useful for the archives ... Any plans to get 0.90 into volatile.debian.net for sarge and/or etch? Cheers, Stu. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter (0.90) failing to read data
robert delius royar wrote: System: FreeBSD 4.7-RELEASE-p28 i386 Sendmail: 8.13.8 Milters: spamassassin_milter (C based) smf-grey clamav-milter 0.90 With the latest version of clamav-milter, all incoming mail is failing with a temp fail 451 error. In the log files I see Milter (clmilter): timeout before data read Milter (clmilter): to error state for each message after about 4 minutes waiting, the timeout set in sendmail.mc: INPUT_MAIL_FILTER(`clmilter',`S=unix:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m') I start the milter with /usr/local/sbin/clamav-milter -lHq --dont-wait --max-children 12 -T 0 local:/var/run/clamav/clmilter.sock Version 0.88.7 of the milter works fine. I have tried various timeout settings, but I believe the problem is beyond my user-level ability to diagnose without suggestions. Any suggestions would be appreciated. Clamd takes longer to start in 0.90 than 0.88, you need to ensure that your startup script allows for this - see .../contrib/init/RedHat/clamav-milter, whilst that script is for Linux, the same change will be needed for all platforms. I forgot to update the startup scripts for the other O/S's, sorry, however on the other hand no-one noticed it during the RC stage and reported it. -- Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Tutor, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem running virus-scanner
On Thu, Feb 15, 2007 at 01:24:51PM +0100, Peter Boosten said: Stephen Gran wrote: On Thu, Feb 15, 2007 at 12:49:17PM +0100, Peter Boosten said: Dear readers, I've used clamav for some time now, and I'm very hapy with it.Yesterday I tried to upgrade to 0.90, but after upgrading mimedefang starts complaining about Problem running virus-scanner, so I downgraded to 0.88.7 again (and everthing start working again). Not without more information, sorry. Stephen, Thanks for your answer. What information do you require? Log messages would be a good start, although any other diagnostic information you can supply would also be helpful. I don't use mimedefang myself, but often you can cut and paste error messages in full into google and get a hit that's helpful. Or maybe someone else here will have their memory tickled and respond. -- -- | Stephen Gran | Restaurant package, not for resale. | | [EMAIL PROTECTED] | | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 0.90 -- Debian packages?
On Thu, Feb 15, 2007 at 12:39:30PM +, Stuart Rowan said: Really for the attention of Stephen Gran but I thought this might be useful for the archives ... Any plans to get 0.90 into volatile.debian.net for sarge and/or etch? Yes. I have to work out a way to do it in such a way that it is minimally disruptive, though. The library API and ABI has changed, and there are other packages in the archive using libclamav, so I have to tread carefully. -- -- | Stephen Gran | If I were a grave-digger or even a | | [EMAIL PROTECTED] | hangman, there are some people I could | | http://www.lobefin.net/~steve | work for with a great deal of | || enjoyment. -- Douglas Jerrold | -- signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter in .90 source
Why is the version of the milter this: #define CM_VERSION devel-120207 -- Ken Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem running virus-scanner
Stephen Gran wrote: Thanks for your answer. What information do you require? Log messages would be a good start, although any other diagnostic information you can supply would also be helpful. I don't use mimedefang myself, but often you can cut and paste error messages in full into google and get a hit that's helpful. Or maybe someone else here will have their memory tickled and respond. Found it already: mimedefang starts clamscan with an --mbox option (don't know why). The 0.88.7 version of clamscan didn't complain about this unknown option (at least: it's not in the manpage), but 0.90 stops. Hope this helps anyone else as well. Peter -- http://www.boosten.org ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem running virus-scanner
On Thu, Feb 15, 2007 at 12:49:17PM +0100, Peter Boosten wrote: Dear readers, I've used clamav for some time now, and I'm very hapy with it.Yesterday I tried to upgrade to 0.90, but after upgrading mimedefang starts complaining about Problem running virus-scanner, so I downgraded to 0.88.7 again (and everthing start working again). My setup: Sendmail Mimedefang spamassassin clamav (I'm _not_ running clamd). Anyone any idea? Yes, mimedefang is still using quite ancient commandline arguments to clamscan: clamscan --mbox --stdout --disable-summary --infected $FILE If you remove (in the mimedefang.pl source) all options except --stdout, it should work. -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] [mac os x] compilation failed 0.9 on mac os x 10.3.9 server
Hi all, I can't make clamav-0.9 to compile on my mac os x 10.3.9 server machine. Here is the error I get: /bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -o libclamav.la -rpath /usr/lib -version-info 1:40:0 -no-undefined matcher-ac.lo matcher-bm.lo matcher-ncore.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo rtf.lo blob.lo mbox.lo message.lo snprintf.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo wwunpack.lo suecrypt.lo unsp.lo packlibs.lo fsg.lo mew.lo upack.lo line.lo untar.lo unzip.lo special.lo binhex.lo is_tar.lo tnef.lo unrar15.lo unrarvm.lo unrar.lo unrarfilter.lo unrarppm.lo unrar20.lo unrarcmd.lo pdf.lo spin.lo yc.lo elf.lo sis.lo uuencode.lo phishcheck.lo phish_domaincheck_db.lo phish_whitelist.lo regex_list.lo sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo lockdb.lo -liconv -lz -lbz2 -lgmp -L/usr/lib -lcurl -arch i386 -arch ppc -lz -lssl -lcrypto -lz gcc -dynamiclib -o .libs/libclamav.1.0.40.dylib .libs/matcher- ac.o .libs/matcher-bm.o .libs/matcher-ncore.o .libs/matcher.o .libs/ md5.o .libs/others.o .libs/readdb.o .libs/cvd.o .libs/dsig.o .libs/ str.o .libs/scanners.o .libs/filetypes.o .libs/rtf.o .libs/ blob.o .libs/mbox.o .libs/message.o .libs/snprintf.o .libs/ table.o .libs/text.o .libs/ole2_extract.o .libs/vba_extract.o .libs/ msexpand.o .libs/pe.o .libs/upx.o .libs/htmlnorm.o .libs/ chmunpack.o .libs/rebuildpe.o .libs/petite.o .libs/wwunpack.o .libs/ suecrypt.o .libs/unsp.o .libs/packlibs.o .libs/fsg.o .libs/ mew.o .libs/upack.o .libs/line.o .libs/untar.o .libs/unzip.o .libs/ special.o .libs/binhex.o .libs/is_tar.o .libs/tnef.o .libs/ unrar15.o .libs/unrarvm.o .libs/unrar.o .libs/unrarfilter.o .libs/ unrarppm.o .libs/unrar20.o .libs/unrarcmd.o .libs/pdf.o .libs/ spin.o .libs/yc.o .libs/elf.o .libs/sis.o .libs/uuencode.o .libs/ phishcheck.o .libs/phish_domaincheck_db.o .libs/ phish_whitelist.o .libs/regex_list.o .libs/sha256.o .libs/ mspack.o .libs/cab.o .libs/entconv.o .libs/hashtab.o .libs/ dconf.o .libs/lockdb.o /usr/lib/libiconv.dylib -lbz2 /usr/lib/ libgmp.dylib -L/usr/lib -lcurl -lssl -lcrypto -lz -arch i386 -arch ppc -install_name /usr/lib/libclamav.1.dylib -Wl,- compatibility_version -Wl,2 -Wl,-current_version -Wl,2.40 /usr/bin/libtool: no library created (no object files in input files) make[2]: *** [libclamav.la] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 I didn't find any information on this list about a comparable issue (all versions from 0.80 to 0.88.7 compiled just fine). Can someone help me? Thanks, -l ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] pdf zip module failure
Bill Maidment wrote: I'm now getting errors as follows: /var/spool/MIMEDefang/mdefang-l1DD1Lfh016597/Work/msg-15039-625.pdf: Zip module failure ERROR We get the equivalent error (calling clamd from exim) just once at the same time every day. On investigation, it turned out to be a newsletter written in Russian, though I'm not sure whether it was a pdf or a Word doc, so we put the problem down to the character set. We're currently running rc3, although I think the error fired on 0.88.7 as well. Since the email is needed, we just decided to live with it. Hope this gives you a clue. Jon ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [mac os x] compilation failed 0.9 on mac os x 10.3.9 server
The compile works if you remove the -arch i386 flags from the Makefiles. I think it appears more than once: in the root Makefile and twice in the libclamav subdirectory, but I can't remember exactly. Mark On 15 Feb 2007, at 12:36pm, Léonard Bouchet wrote: Hi all, I can't make clamav-0.9 to compile on my mac os x 10.3.9 server machine. Here is the error I get: /bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -o libclamav.la -rpath /usr/lib -version-info 1:40:0 -no-undefined matcher-ac.lo matcher-bm.lo matcher-ncore.lo matcher.lo md5.lo others.lo readdb.lo cvd.lo dsig.lo str.lo scanners.lo filetypes.lo rtf.lo blob.lo mbox.lo message.lo snprintf.lo table.lo text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo upx.lo htmlnorm.lo chmunpack.lo rebuildpe.lo petite.lo wwunpack.lo suecrypt.lo unsp.lo packlibs.lo fsg.lo mew.lo upack.lo line.lo untar.lo unzip.lo special.lo binhex.lo is_tar.lo tnef.lo unrar15.lo unrarvm.lo unrar.lo unrarfilter.lo unrarppm.lo unrar20.lo unrarcmd.lo pdf.lo spin.lo yc.lo elf.lo sis.lo uuencode.lo phishcheck.lo phish_domaincheck_db.lo phish_whitelist.lo regex_list.lo sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo lockdb.lo -liconv - lz -lbz2 -lgmp -L/usr/lib -lcurl -arch i386 -arch ppc -lz -lssl - lcrypto -lz gcc -dynamiclib -o .libs/libclamav.1.0.40.dylib .libs/matcher- ac.o .libs/matcher-bm.o .libs/matcher-ncore.o .libs/matcher.o .libs/ md5.o .libs/others.o .libs/readdb.o .libs/cvd.o .libs/dsig.o .libs/ str.o .libs/scanners.o .libs/filetypes.o .libs/rtf.o .libs/ blob.o .libs/mbox.o .libs/message.o .libs/snprintf.o .libs/ table.o .libs/text.o .libs/ole2_extract.o .libs/vba_extract.o .libs/ msexpand.o .libs/pe.o .libs/upx.o .libs/htmlnorm.o .libs/ chmunpack.o .libs/rebuildpe.o .libs/petite.o .libs/wwunpack.o .libs/ suecrypt.o .libs/unsp.o .libs/packlibs.o .libs/fsg.o .libs/ mew.o .libs/upack.o .libs/line.o .libs/untar.o .libs/unzip.o .libs/ special.o .libs/binhex.o .libs/is_tar.o .libs/tnef.o .libs/ unrar15.o .libs/unrarvm.o .libs/unrar.o .libs/unrarfilter.o .libs/ unrarppm.o .libs/unrar20.o .libs/unrarcmd.o .libs/pdf.o .libs/ spin.o .libs/yc.o .libs/elf.o .libs/sis.o .libs/uuencode.o .libs/ phishcheck.o .libs/phish_domaincheck_db.o .libs/ phish_whitelist.o .libs/regex_list.o .libs/sha256.o .libs/ mspack.o .libs/cab.o .libs/entconv.o .libs/hashtab.o .libs/ dconf.o .libs/lockdb.o /usr/lib/libiconv.dylib -lbz2 /usr/lib/ libgmp.dylib -L/usr/lib -lcurl -lssl -lcrypto -lz -arch i386 -arch ppc -install_name /usr/lib/libclamav.1.dylib -Wl,- compatibility_version -Wl,2 -Wl,-current_version -Wl,2.40 /usr/bin/libtool: no library created (no object files in input files) make[2]: *** [libclamav.la] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 I didn't find any information on this list about a comparable issue (all versions from 0.80 to 0.88.7 compiled just fine). Can someone help me? Thanks, -l ___ Help us build a comprehensive ClamAV guide: visit http:// wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] load under 0.90
Trevor Dodds wrote: I had the same problem running on a Sun Fire X2200 - Solaris 10. 88.7 I have a load avg of around 0.70 with .90 this shot up to 6.0 Cpu usage also on 88.7 is around 20% during large amounts of email with .90 this shot up to 90%. I've gone back to 88.7 as I can't afford the performance hit. I compared my conf files to 88.7 and they are pretty similar. Trevor Similar problems here, on a v490 running Solaris 9. CPU usage for 0.88 is about 5%; with 0.90, load rises to ~60%. It then starts refusing connections: clamd[2]: [ID 702911 local6.error] ScanStream 6219: accept timeout. clamd[2]: [ID 702911 local6.error] accept() failed at this point, clamd can only be stopped by a SIGKILL. I've also reverted to 0.88.7. -- Adam Stephens Network Specialist - Email DNS [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] [mac os x] compilation failed 0.9 on mac os x 10.3.9 server
On 15 févr. 07, at 14:38, Mark Allan wrote: The compile works if you remove the -arch i386 flags from the Makefiles. I think it appears more than once: in the root Makefile and twice in the libclamav subdirectory, but I can't remember exactly. It worked like a charm, thanks! Best Regards, -l___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Directory not locked
Hello All. I have installed the latest version of clamav on my redhat server. I keep getting this error on my server. Can anyone help ERROR: chdir_inc: Can't create directory main.inc ERROR: getfile: Can't create new file ./clamav-d1baccbdbca7c6255cc93d7e80896256 in /usr/local/share/clamav ERROR: Can't download main.cvd from db.uk.clamav.net LibClamAV Error: Database Directory: /usr/local/share/clamav not locked and in my log files i have this i.e clamd.log LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058339, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058428, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058517, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058606, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter (0.90) failing to read data
Thu, 15 Feb 2007 (12:44 - UTC) Nigel Horne wrote: robert delius royar wrote: System: FreeBSD 4.7-RELEASE-p28 i386 Sendmail: 8.13.8 Milters: spamassassin_milter (C based) smf-grey clamav-milter 0.90 With the latest version of clamav-milter, all incoming mail is failing with a temp fail 451 error. In the log files I see Milter (clmilter): timeout before data read Milter (clmilter): to error state for each message after about 4 minutes waiting, the timeout set in sendmail.mc: INPUT_MAIL_FILTER(`clmilter',`S=unix:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m') I start the milter with /usr/local/sbin/clamav-milter -lHq --dont-wait --max-children 12 -T 0 local:/var/run/clamav/clmilter.sock Version 0.88.7 of the milter works fine. I have tried various timeout settings, but I believe the problem is beyond my user-level ability to diagnose without suggestions. Any suggestions would be appreciated. Clamd takes longer to start in 0.90 than 0.88, you need to ensure that your startup script allows for this - see .../contrib/init/RedHat/clamav-milter, whilst that script is for Linux, the same change will be needed for all platforms. I forgot to update the startup scripts for the other O/S's, sorry, however on the other hand no-one noticed it during the RC stage and reported it. I am not sure I understand the reference to clamd startup. I do not use the '-e' option to clamav-milter, so I am depending on the milter to work on its own. I understood from the former version and from reading the new man page (and looking through the CHANGELOG) that I could still let clamav-milter run alone and that it would query the database itself with clamd being resident. I have the timeout set at 4 minutes, unless the -T option does not work as described (or as it does in 0.88.7). The sendmail milter configuration for clmilter sets the timeout as 4 minutes. --timeout=n -T n Used in conjunction with max-children. If clamav-milter waits for more than n seconds (default 300) it proceeds with scanning. Setting n to zero will turn off the timeout and clamav-milter will wait indefinitely for the scanning to quit. In practice the timeout set by sendmail will then take over. I tried a few test messages and found that sendmail waited 4 minutes for each message. I do have one idea but do not want grasp at a straw. When I configured 0.88.7, all I needed was '--enable-milter'. With 0.90 I see a configure error that libmilter cannot be found. The config.log file shows this to be an incorrect error. The test program linking libmilter cannot be built because the directive -lpthread is added, and FreeBSD (at least this server) supplies liblthread.so. It supports -pthread. I did not see this error in previous builds. The earlier version did not require any thread-related parameters to configure. Perhaps this problem is a thread-related issue. Note that sendmail was compiled with threads enabled (nm shows calls to pthread_* in libmilter.so) [As an aside, when I did try 0.90 clamd, it quickly ran up to 80% of my CPU time (on a dual CPU system). The only way to kill it was a SIGKILL.] -- Dr. Robert Delius Royar [EMAIL PROTECTED] Associate Professor of English, Morehead State University ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter (0.90) failing to read data
robert delius royar wrote: The earlier version did not require any thread-related parameters to configure. Perhaps this problem is a thread-related issue. Note that sendmail was compiled with threads enabled (nm shows calls to pthread_* in libmilter.so) [As an aside, when I did try 0.90 clamd, it quickly ran up to 80% of my CPU time (on a dual CPU system). The only way to kill it was a SIGKILL.] This sounds like the threading problems mentioned previously with FreeBSD and 0.9rc clamd. We solved it by forcing clamd to use libthr rather than libpthread using /etc/libmap.conf, and the solution also appeared to work for another admin a few days ago (see the ScanStream: accept timeout, unkillable thread). However, we use FreeBSD 6, not 4, so I don't know if there's an equivalent or similar solution for you. We haven't tried 0.90 itself as it's not yet in the ports tree, but from the load under 0.90 thread detailing issues Solaris users are having with 0.90 and the similar or same symptoms, I'm thinking it might be that Clam's threading code had some tweaking done and the problem's there, rather than with the OSes themselves. However, I readily admit that I am not an expert and that this speculation is likely worth considerably less than 2 cents :-) Craig. -- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Upgrading to 0.90
Hello, I need to upgrade my CLAMAV to 0.90. I have a Mac Os X Server with freeSbd, what is the procedure to upgrade the old version 0.88.5 I downloaded the file clamav-0.90.tar.gz, I know how decompress but Im not sure how to install. I need stop the mail services or deinstall the old version. TXS for your help ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] compile: FreeBSD 4.11: 0.90 fails
Any recomendations for sucessfully compiling 0.90 using FreeBSD 4.11 with GCC 3.4.6? So far I tried the following: First Attempt $ make clean;./configure CC=gcc34 CFLAGS=-pthread -O3; make /usr/libexec/elf/ld: cannot find -lpthread collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/packages/clamav-0.90/libclamav. *** Error code 1 Stop in /usr/packages/clamav-0.90. *** Error code 1 Stop in /usr/packages/clamav-0.90. Second Attempt: $ make clean;./configure --disable-pthreads CC=gcc34 CFLAGS=-O3; make creating clamconf Making all in database Making all in docs Making all in etc Making all in clamav-milter However when I disable 'pthreads' it doesn't compile ClamD or Clamdscan only libclamav. [/usr/packages/clamav-0.90/clamd]$ ls .deps dazukoio_compat12.c server.h Makefiledazukoio_compat12.h session.c Makefile.am dazukoio_xp.h session.h Makefile.in localserver.c shared.h clamd.c localserver.h tcpserver.c clamuko.c others.ctcpserver.h clamuko.h others.hthrmgr.c dazuko_xp.h scanner.c thrmgr.h dazukoio.c scanner.h dazukoio.h server-th.c [/usr/packages/clamav-0.90/clamdscan]$ ls .deps Makefile.am clamdscan.c client.h MakefileMakefile.in client.cdefaults.h 0.88.7 compiled without any special flags. Thank You. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter (0.90) failing to read data
Thu, 15 Feb 2007 (11:41 -0500 UTC) Craig Green wrote: robert delius royar wrote: The earlier version did not require any thread-related parameters to configure. Perhaps this problem is a thread-related issue. Note that sendmail was compiled with threads enabled (nm shows calls to pthread_* in libmilter.so) [As an aside, when I did try 0.90 clamd, it quickly ran up to 80% of my CPU time (on a dual CPU system). The only way to kill it was a SIGKILL.] This sounds like the threading problems mentioned previously with FreeBSD and 0.9rc clamd. We solved it by forcing clamd to use libthr rather than libpthread using /etc/libmap.conf, and the solution also appeared to work for another admin a few days ago (see the ScanStream: accept timeout, unkillable thread). However, we use FreeBSD 6, not 4, so I don't know if there's an equivalent or similar solution for you. We haven't tried 0.90 itself as it's not yet in the ports tree, but from the load under 0.90 thread detailing issues Solaris users are having with 0.90 and the similar or same symptoms, I'm thinking it might be that Clam's threading code had some tweaking done and the problem's there, rather than with the OSes themselves. However, I readily admit that I am not an expert and that this speculation is likely worth considerably less than 2 cents :-) Thank You for your valuable 2 cents! I do not have a /etc/libmap.conf, and man libmap.conf does not exist, so I tried ln -s /usr/lib/libc_r.so /usr/local/lib/libpthread.so Then I reconfigured and rebuilt. clamav-milter 0.90 appears to be running, now. Mail shows the ClamAV header (version 0.90) and the scans are not timing out at all. Perhaps for FreeBSD prior to 5.x, the configure script should create a libtool that links with libc_r rather than with libpthread. I will watch the system for a few days specifically to see what clamav-milter is doing interms of system usage and open files. But I am hopeful. -- Dr. Robert Delius Royar [EMAIL PROTECTED] Associate Professor of English, Morehead State University ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] daily.inc
*bump* Dennis Peterson wrote: What is the current significance of the daily.inc directory? It is present in my rc3 environment but not in 0.90. I've not found anything in the docs about this, including in the mirrors how-to. I'd like to continue distributing cvd files internally from a single Internet connected source, but need to know how this structure fits into that local mirroring picture. I'm wondering if it's an artifact of an earlier broken process?? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] daily.inc
On 2/15/07, Dennis Peterson [EMAIL PROTECTED] wrote: *bump* Dennis Peterson wrote: What is the current significance of the daily.inc directory? After a scripted update (.cdiff), you will get a daily.inc instead of daily.cvd. It is present in my rc3 environment but not in 0.90. It should be present in 0.90 after the first scripted update. I've not found anything in the docs about this, including in the mirrors how-to. I'd like to continue distributing cvd files internally from a single Internet connected source, but need to know how this structure fits into that local mirroring picture. See TK's answer in this thread: http://lurker.clamav.net/message/20070214.10.ca604de3.en.html I'm wondering if it's an artifact of an earlier broken process?? No Best regards, Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
carren stuart wrote: A while back, I wrote: I'm running Clamav on DesktopBSD, with Klamav as the front end. Clamav is working fine and has detected the eicar test files as expected but I cannot get auto-scanning to work. Whenever I enable auto-scan I get the following error: The auto-scan process died unexpectedly I have dazuko installed and loaded, and as far as I know it's working OK. What causes this error and what should I do to fix it? Then I wrote again: But I haven't had any replies as yet. Can somebody please help me with this as I really want to get auto scanning working. Is there some reason why my posts aren't even being acknowledged? I can't believe that nobody knows the answer to my question. This IS the users list and I'm a user, so could somebody PLEASE help me with this. Thank you. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
carren stuart wrote: carren stuart wrote: A while back, I wrote: I'm running Clamav on DesktopBSD, with Klamav as the front end. Clamav is working fine and has detected the eicar test files as expected but I cannot get auto-scanning to work. Whenever I enable auto-scan I get the following error: The auto-scan process died unexpectedly I have dazuko installed and loaded, and as far as I know it's working OK. What causes this error and what should I do to fix it? Then I wrote again: But I haven't had any replies as yet. Can somebody please help me with this as I really want to get auto scanning working. Is there some reason why my posts aren't even being acknowledged? I can't believe that nobody knows the answer to my question. This IS the users list and I'm a user, so could somebody PLEASE help me with this. ack. Would you rather someone reply and say wow, that sucks, but i cant help you? How many people here are even using dazuko? or the KlamAV frontend for that matter. This is the ClamAV users list, if you have a problem running ClamAV, feel free to ASK your question here. Demanding help will get you nowhere. You provided no useful information either. Saying: Whenever I enable auto-scan I get the following error: The auto-scan process died unexpectedly is not helpful at all. I would imagine any number of things could cause that message to be displayed. Asking what causes that error is like asking what causes my car not to start when i turn the key? Also, you mention that as far as you know dazuko is working. You expect someone to take time to help you when you arent even sure if a base component in your setup is working properly? Why not actually verify that its working before even asking this question here? With that said, I have never used on access scanning myself so I can not offer any help in that area. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
carren stuart wrote: Is there some reason why my posts aren't even being acknowledged? I can't believe that nobody knows the answer to my question. This IS the users list and I'm a user, so could somebody PLEASE help me with this. Hi, Sorry I can't really help you... but I did find this, which may or may not help: http://forums.suselinuxsupport.de/lofiversion/index.php/t35798.html http://www.filewatcher.com/p/dazuko-source_1.2.2.orig.tar.gz.30126/dazuko-1.2.2/example.c.html But I did reply :) Cheers, Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Upgrade to .90?
So, its been a few days. How is everyone feeling about the new version? I've hesitated to upgrade just yet. I've seen alot of feedback indicating problems and very little about smooth and great upgrades. What's the general concensous - You can't upgrade fast enough or Stay where you are? = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca --- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.90 crashing?
Hi all, I could use some debug tips. I have clamav installed on CentOS 4.0 along side qmail, spamassassin, simscan and some other software. I've been running 0.88.7 since it's release with no problems. In fact, I've been running Clamav since pre 0.80 without any issues. I've compiled clamav with the same parameters as before, but adding in the experimental flag. I ran all three RC releases with no problems whatsoever, but the final release seems to be crashing. There are no messages in the log as to why this is occuring, and I've been able to find no correlation between the three machines it's running on. It runs for a while and then all of a sudden it stops for no apparent reason. Any tips on debugging this would be quite welcome. For the moment, I've resorted to re-installing 0.88.7 on the two machines that are mission critial. Thanks, -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90 crashing?
On 2/15/07, Jason Frisvold [EMAIL PROTECTED] wrote: Hi all, I could use some debug tips. I have clamav installed on CentOS 4.0 along side qmail, spamassassin, simscan and some other software. I've been running 0.88.7 since it's release with no problems. In fact, I've been running Clamav since pre 0.80 without any issues. I've compiled clamav with the same parameters as before, but adding in the experimental flag. I ran all three RC releases with no problems whatsoever, but the final release seems to be crashing. Follow the instructions here http://www.clamav.net/bugs/ on how to get a backtrace of clamd. You need to start clamd, then attach gdb to the running process, and wait for it to crash. Then open a bugreport, and attach all the info. Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
Kevin W. Gagel wrote: So, its been a few days. How is everyone feeling about the new version? I've hesitated to upgrade just yet. I've seen alot of feedback indicating problems and very little about smooth and great upgrades. What's the general concensous - You can't upgrade fast enough or Stay where you are? No problems at all here. Seems a little faster overall. Calling clamdscan via simscan, no milter involved. Regards, Rick ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] daily.inc
It should be present in 0.90 after the first scripted update. Ok -- I understand now what is happening there. I've not found anything in the docs about this, including in the mirrors how-to. I'd like to continue distributing cvd files internally from a single Internet connected source, but need to know how this structure fits into that local mirroring picture. See TK's answer in this thread: http://lurker.clamav.net/message/20070214.10.ca604de3.en.html Thanks, Edwin - that applies perfectly to my situation, too. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrading to 0.90
Mauricio Juarez wrote: I need to upgrade my CLAMAV to 0.90. I have a Mac Os X Server with freeSbd, what is the procedure to upgrade the old version 0.88.5 A very rough guide to getting started (I don't know anything about OSX, nor am I by any means an expert programmer): Ensure [gnu] make and gcc are in your PATH. $ gzip -d clamav-0.90.tar.gz | tar xf - $ cd clamav-0.90 (There are some files you should read here before continuing). $ ./configure --with-user=clamav --with-group=clamav Your user group may differ. If configure runs to completion, try $ make This will probably fail because of missing dependancies. You will either have to work out where the missing libraries are and why configure can't find them, or in the worst case, build or install them yourself. Also, this probably won't build clamav the way you actually want it. You will need to read through the install instructions. Once you have a build you are happy with: # make install. WARNING: If your current build is in /usr/local, you'd better have some way of recovering if 0.9 doesn't work, because this will overwrite it. Finally, I think there was a post earlier today about having to edit the Makefile on OS X. HTGYS :) Jon ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
So, its been a few days. How is everyone feeling about the new version? I've hesitated to upgrade just yet. I've seen alot of feedback indicating problems and very little about smooth and great upgrades. What's the general concensous - You can't upgrade fast enough or Stay where you are? I just had to back it out of production. It would not run more than a couple minutes under a normal load that 88.7 shrugs off. It dies without any error messages. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
There have been compatibility issues for the clamd.conf configuration file. My configuration files used for 0.8 weren't compatibility with .9 and via-a-versa. I had several boolean options with no arguments, which was accepted and implied as correct by previous .8 configuration file comments. However .9 requires an argument. The 0.9 man page implies that a value of Enabled would work, which did not work for me, so I took a guess of True and this seems to work fine, but is also not backward compatible to ver .8. The man page documentation needs to be made clear on the expected values. -- Ralf Durkee, CISSP, GSEC, GCIH, GSNA Principal Security Consultant Kevin W. Gagel wrote: So, its been a few days. How is everyone feeling about the new version? I've hesitated to upgrade just yet. I've seen alot of feedback indicating problems and very little about smooth and great upgrades. What's the general concensous - You can't upgrade fast enough or Stay where you are? = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca --- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Directory not locked
I had the same problem. Fixed it by starting clamd in single user mode. Ie sudo /path/to/bin/clamd HTH. James. On 16/02/2007, at 2:18 AM, Roger M wrote: Hello All. I have installed the latest version of clamav on my redhat server. I keep getting this error on my server. Can anyone help ERROR: chdir_inc: Can't create directory main.inc ERROR: getfile: Can't create new file ./clamav-d1baccbdbca7c6255cc93d7e80896256 in /usr/local/share/clamav ERROR: Can't download main.cvd from db.uk.clamav.net LibClamAV Error: Database Directory: /usr/local/share/clamav not locked and in my log files i have this i.e clamd.log LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058339, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058428, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058517, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). Log size = 1058606, maximal = 1048576 LOGGING DISABLED (Maximal log file size exceeded). ___ Help us build a comprehensive ClamAV guide: visit http:// wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamd 0.90 hanging
Hi, Yesterday I upgraded my mailserver to ClamAV 0.90 (compiled from source), but tonight the server gave some problems. In the syslog I found: Feb 15 22:35:29 njord X-Antivirus-FormMailer.Net-1.25-st-qms: [njord.formmailer.nl117157412980126604] Requeuing: Maximum time exceeded. Something cannot handle this message. at /var/qmail/bin/qmail-scanner-queue.pl line 685. Feb 15 22:35:49 njord X-Antivirus-FormMailer.Net-1.25-st-qms: [njord.formmailer.nl117157414880126625] Requeuing: Maximum time exceeded. Something cannot handle this message. at /var/qmail/bin/qmail-scanner-queue.pl line 685. Also the selfcheck stopped functioning for some reason: Thu Feb 15 17:10:13 2007 - SelfCheck: Database status OK. Thu Feb 15 17:13:45 2007 - /var/spool/qmailscan/tmp/njord.formmailer.nl117155602580111843/1171556025.11845-0.njord.formmaile r.nl: HTML.Phishing.Azon-19 FOUND Thu Feb 15 17:13:45 2007 - /var/spool/qmailscan/tmp/njord.formmailer.nl117155602580111843/orig-njord.formmailer.nl1171556025 80111843: Phishing.Email FOUND Thu Feb 15 17:20:32 2007 - /var/spool/qmailscan/tmp/njord.formmailer.nl117155643180112199/part2.zip: Worm.SomeFool.Gen-2 FOU ND Thu Feb 15 17:20:32 2007 - /var/spool/qmailscan/tmp/njord.formmailer.nl117155643180112199/orig-njord.formmailer.nl1171556431 80112199: Worm.SomeFool.Gen-2 FOUND Thu Feb 15 17:40:29 2007 - SelfCheck: Database status OK. Thu Feb 15 18:10:48 2007 - SelfCheck: Database modification detected. Forcing reload. Thu Feb 15 18:10:48 2007 - Reading databases from /var/lib/clamav Thu Feb 15 18:10:52 2007 - Database correctly reloaded (91793 signatures) Thu Feb 15 18:44:20 2007 - SelfCheck: Database modification detected. Forcing reload. Thu Feb 15 18:44:20 2007 - Reading databases from /var/lib/clamav Thu Feb 15 18:44:23 2007 - Database correctly reloaded (91794 signatures) Thu Feb 15 19:01:07 2007 - /var/spool/qmailscan/tmp/njord.formmailer.nl117156246780116320/1171562467.16322-0.njord.formmaile r.nl: HTML.Phishing.Azon-19 FOUND Thu Feb 15 19:01:07 2007 - /var/spool/qmailscan/tmp/njord.formmailer.nl117156246780116320/orig-njord.formmailer.nl1171562467 80116320: HTML.Phishing.Azon-19 FOUND Thu Feb 15 22:39:38 2007 - +++ Started at Thu Feb 15 22:39:38 2007 Thu Feb 15 22:39:38 2007 - clamd daemon 0.90 (OS: linux-gnu, ARCH: i386, CPU: i686) Thu Feb 15 22:39:39 2007 - Log file size limited to 1048576 bytes. Thu Feb 15 22:39:39 2007 - Reading databases from /var/lib/clamav Thu Feb 15 22:39:43 2007 - Loaded 91794 signatures. Thu Feb 15 22:39:43 2007 - WARNING: Socket file /tmp/clamd exists. Unclean shutdown? Removing... Thu Feb 15 22:39:43 2007 - Unix socket file /tmp/clamd Thu Feb 15 22:39:43 2007 - Setting connection queue length to 15 Thu Feb 15 22:39:43 2007 - Archive: Archived file size limit set to 10485760 bytes. Thu Feb 15 22:39:43 2007 - Archive: Recursion level limit set to 8. Thu Feb 15 22:39:43 2007 - Archive: Files limit set to 1000. Thu Feb 15 22:39:43 2007 - Archive: Compression ratio limit set to 250. Thu Feb 15 22:39:43 2007 - Archive support enabled. Thu Feb 15 22:39:43 2007 - Algorithmic detection enabled. Thu Feb 15 22:39:43 2007 - Portable Executable support enabled. Thu Feb 15 22:39:43 2007 - ELF support enabled. Thu Feb 15 22:39:43 2007 - Mail files support enabled. Thu Feb 15 22:39:43 2007 - Mail: Recursion level limit set to 64. Thu Feb 15 22:39:43 2007 - OLE2 support enabled. Thu Feb 15 22:39:43 2007 - HTML support enabled. Thu Feb 15 22:39:43 2007 - Self checking every 1800 seconds. At Thu Feb 15 22:39:38 2007 I restarted clamd, and this took a very long time. Does anyone have any idea what could be wrong here? Thanks in advance! -- Best regards, Jasper ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrading to 0.90
Did the upgrade on 10.4.8, Intel-based Mac Mini yesterday. There was a post on this mailing list today about a change you need to do to the Makefile if you are not running an Intel-based Mac. I used ./configure --enable-experimental then make then sudo make install Copy the clamd.conf and freshclam.conf files across, after making a note of what your current settings are. The format is slightly different, so watch out for that. Yes, I'd first uninstall the old version. Go to your old source code folder (ie Clam 0.88.5) and do: sudo make uninstall I'm not unix expert either, but I managed to get it working. James. On 16/02/2007, at 3:03 AM, Mauricio Juarez wrote: Hello, I need to upgrade my CLAMAV to 0.90. I have a Mac Os X Server with freeSbd, what is the procedure to upgrade the old version 0.88.5 I downloaded the file clamav-0.90.tar.gz, I know how decompress but Im not sure how to install. I need stop the mail services or deinstall the old version. TXS for your help ___ Help us build a comprehensive ClamAV guide: visit http:// wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On Thu, 15 Feb 2007 13:51:54 -0800 Bill Landry [EMAIL PROTECTED] wrote: I just had to back it out of production. It would not run more than a couple minutes under a normal load that 88.7 shrugs off. It dies without any error messages. dp Yep, I observed the same behavior on Fedora Core 3, where clamd 0.90 dies without any indication as to why in any log files. Not good... You didn't provide _any_ information that could be useful to us for debugging those issues. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Feb 15 23:58:36 CET 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On Thu, 15 Feb 2007 15:13:38 -0800 Bill Landry [EMAIL PROTECTED] wrote: Tomasz Kojm wrote the following on 2/15/2007 3:00 PM -0800: On Thu, 15 Feb 2007 13:51:54 -0800 Bill Landry [EMAIL PROTECTED] wrote: I just had to back it out of production. It would not run more than a couple minutes under a normal load that 88.7 shrugs off. It dies without any error messages. dp Yep, I observed the same behavior on Fedora Core 3, where clamd 0.90 dies without any indication as to why in any log files. Not good... You didn't provide _any_ information that could be useful to us for debugging those issues. What kind of info would you want me to provide when there were no indications anywhere as to why clamd dies? I have not reverted back At least some basic information, eg. how you compiled ClamAV, did you use --enable-experimental, platform details, etc. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Feb 16 00:17:32 CET 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On 2/15/07, Tomasz Kojm [EMAIL PROTECTED] wrote: At least some basic information, eg. how you compiled ClamAV, did you use --enable-experimental, platform details, etc. I have the same problem on my systems. Or, rather, I have the dying problem. It could be load related, but I'm not sure. 0.88.7 ran with no problems as did all three RC releases. Centos 4 (All of the latest updates) clamd is run at startup, clamdscan is called from simscan for scanning Platforms vary a little. One machine is a 2.4 Ghz Intel Celeron, the other two are 2.4 Ghz Intel Xeons. Each machine has a gig of RAM. I have an SRPM I use to build clam. The build section is as follows : %build %configure \ %if %{!?_without_experimental:1}%{?_without_experimental:0} --enable-experimental \ %endif --program-prefix=%{?_program_prefix} \ %{!?_without_milter:--enable-milter} \ --disable-clamav \ --enable-id-check \ --with-tcpwrappers \ --with-user=clamav \ --with-group=clamav \ --disable-zlib-vcheck \ --with-dbdir=%{_localstatedir}/lib/clamav %{__make} I don't use milter, so I don't bother compiling with it. Uhhh.. Not sure what else to add. Like Bill mentioned, there are no error messages in either the clamd or freshclam log files, nor are there any errors in the standard syslog files. Suggestions? oo. Tomasz Kojm [EMAIL PROTECTED] -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90 crashing?
On 2/15/07, Török Edvin [EMAIL PROTECTED] wrote: Follow the instructions here http://www.clamav.net/bugs/ on how to get a backtrace of clamd. You need to start clamd, then attach gdb to the running process, and wait for it to crash. Then open a bugreport, and attach all the info. Excellent, thanks for the info. I'll give this a shot and see what happens. Edwin -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] PING
Is clamd PING still a valid command? Man8 says the reply should be PONG. I get the reply:Running as user clamav (UID ###, GID ###). Which is the same response with no command. Dave. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
Tomasz Kojm wrote the following on 2/15/2007 3:19 PM -0800: On Thu, 15 Feb 2007 15:13:38 -0800 Bill Landry [EMAIL PROTECTED] wrote: Tomasz Kojm wrote the following on 2/15/2007 3:00 PM -0800: On Thu, 15 Feb 2007 13:51:54 -0800 Bill Landry [EMAIL PROTECTED] wrote: I just had to back it out of production. It would not run more than a couple minutes under a normal load that 88.7 shrugs off. It dies without any error messages. dp Yep, I observed the same behavior on Fedora Core 3, where clamd 0.90 dies without any indication as to why in any log files. Not good... You didn't provide _any_ information that could be useful to us for debugging those issues. What kind of info would you want me to provide when there were no indications anywhere as to why clamd dies? I have not reverted back At least some basic information, eg. how you compiled ClamAV, did you use --enable-experimental, platform details, etc. System: Fedora Core 3 uname -a Linux mail.inetmsg.com 2.6.12-1.1381_FC3 #1 Fri Oct 21 03:46:55 EDT 2005 i686 i686 i386 GNU/Linux gcc -v Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.4/specs Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux Thread model: posix gcc version 3.4.4 20050721 (Red Hat 3.4.4-2) Compile options: ./configure --enable-experimental When clamd dies, I start see this entry in my maillog: Feb 14 20:53:27 mail amavis[21536]: (21536-12) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x8c5cdf0) Too many retries to talk to /var/amavis/clamd.sock (Can't connect to UNIX socket /var/amavis/clamd.sock: Connection refused) at (eval 52) line 293. at (eval 52) line 491. Let me know if there is any other information I can provide that would be helpful or if there is any debugging you would like me to do... Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On Thu, 15 Feb 2007 16:00:49 -0800 Bill Landry [EMAIL PROTECTED] wrote: Compile options: ./configure --enable-experimental Please recompile without the experimental code and let us know if the problem still happens. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Feb 16 01:06:33 CET 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: PING
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David F. Colwell wrote: Is clamd PING still a valid command? Man8 says the reply should be PONG. I get the reply:Running as user clamav (UID ###, GID ###). Which is the same response with no command. No, it never has been a command, it is part of the protocol used to communicate with clamd through a socket. - -- René Berber -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF1PjjL3NNweKTRgwRAgwSAKCzbZ/dDnlqX2iOj3jvImhbq8QJqgCfbEGf X/MLD5ivZa+sv2s9Mk+N/t0= =EUcA -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
Tomasz Kojm wrote the following on 2/15/2007 4:07 PM -0800: On Thu, 15 Feb 2007 16:00:49 -0800 Bill Landry [EMAIL PROTECTED] wrote: Compile options: ./configure --enable-experimental Please recompile without the experimental code and let us know if the problem still happens. Okay, done. I also commented out the following entries in my clamd.conf: #PhishingScanURLs yes #PhishingRestrictedScan yes #PhishingAlwaysBlockSSLMismatch no #PhishingAlwaysBlockCloak no since they were noted as (available in experimental builds only). I'll let you know if I see any further issues... Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
Jim Maul wrote: ack. Would you rather someone reply and say wow, that sucks, but i cant help you? Actually, yes I would. At least that would be acknowledgment of my problem and request. You provided no useful information either. Saying: Whenever I enable auto-scan I get the following error: The auto-scan process died unexpectedly is not helpful at all. I would imagine any number of things could cause that message to be displayed. Asking what causes that error is like asking what causes my car not to start when i turn the key? That was all the information I had to give you. As far as I am aware the auto-scan feature is part of Clamav, so I would have thought that somebody having an auto-scan problem would have been quite justified in posting on this list. I didn't DEMAND a response. I posted my first post and waited patiently for a few days before posting my second one, both of which were polite requests for help. My last post was still not a demand for assistance but a last ditch request for some genuine help. Also, you mention that as far as you know dazuko is working. You expect someone to take time to help you when you arent even sure if a base component in your setup is working properly? Why not actually verify that its working before even asking this question here? I'll admit that was an oversight on my part. I forgot to repost with updated information that dazuko IS working. With that said, I have never used on access scanning myself so I can not offer any help in that area. Well then, that's all you really needed to say then. ~ C ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
Steve Basford wrote: carren stuart wrote: Is there some reason why my posts aren't even being acknowledged? I can't believe that nobody knows the answer to my question. This IS the users list and I'm a user, so could somebody PLEASE help me with this. Hi, Sorry I can't really help you... but I did find this, which may or may not help: http://forums.suselinuxsupport.de/lofiversion/index.php/t35798.html http://www.filewatcher.com/p/dazuko-source_1.2.2.orig.tar.gz.30126/dazuko-1.2.2/example.c.html Thank you for those links. I'll check them out. But I did reply :) Yes you did, and I thank you for that! ~ C ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
Tomasz Kojm wrote: On Thu, 15 Feb 2007 13:51:54 -0800 Bill Landry [EMAIL PROTECTED] wrote: I just had to back it out of production. It would not run more than a couple minutes under a normal load that 88.7 shrugs off. It dies without any error messages. dp Yep, I observed the same behavior on Fedora Core 3, where clamd 0.90 dies without any indication as to why in any log files. Not good... You didn't provide _any_ information that could be useful to us for debugging those issues. I realize that and I apologize, but I've got a lot going on just now. There's not a lot to say yet. Solaris 9 in a Sun E250 w/2g ram, 80,000 messages/day per instance, running with a milter (J-chkmail - beautiful milter, Jose!) in Sendmail 8.14.0. It all works perfectly with 0.88.7 and every previous version. The configs were carefully updated with the new conf file samples, all permissions/ownerships verified, a fresh install of bzip2 was built just for this and it works great, too. The clamd daemon starts up fine, a socket is created in /tmp, the milter finds it, it rejects viruses for a couple minutes, then it dies. Not a clue in any logs, no core file. Watching in top the size is expected, the cpu bumps around 33% for clamd - expected numbers given the size of our attachments. I need to rework my daemon watchdog because this version of clamd is more sensitive to stale socket files and I need to delete it before restarting - that's an aside, not part of the problem. Regretably I have to set this aside until all the 2007USADST patches are done, and getting downtime permission on systems is agonizing. It is running fine in two other systems that have far fewer connection/minute - like 2000 messages/day. No crashes on those systems yet, and no hint of memory leaks. Here is one thing I noted during testing - I ran clamdscan against the contents of my /tmp directory which in Solaris is a RAM disk much of the time. Maybe 30 files in there, nothing big, but also mostly text files. It was noticibly slow and I hit ctrl-C to stop the clamdscan processes, but it was a good 45 seconds before the cpu usage of clamd fell to idle levels from 45% cpu usage (again, dual proc Sun E250). That seemed like a long time to spin following a broken socket, but it may be that it finishes out the last scan before yielding back resources. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
Tomasz Kojm wrote: On Thu, 15 Feb 2007 15:13:38 -0800 Bill Landry [EMAIL PROTECTED] wrote: Tomasz Kojm wrote the following on 2/15/2007 3:00 PM -0800: On Thu, 15 Feb 2007 13:51:54 -0800 Bill Landry [EMAIL PROTECTED] wrote: I just had to back it out of production. It would not run more than a couple minutes under a normal load that 88.7 shrugs off. It dies without any error messages. dp Yep, I observed the same behavior on Fedora Core 3, where clamd 0.90 dies without any indication as to why in any log files. Not good... You didn't provide _any_ information that could be useful to us for debugging those issues. What kind of info would you want me to provide when there were no indications anywhere as to why clamd dies? I have not reverted back At least some basic information, eg. how you compiled ClamAV, did you use --enable-experimental, platform details, etc. In my case the only difference from every previous build was to enable experimental. I have just one build script I've used for years. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On Thu, 15 Feb 2007, Dennis Peterson wrote: In my case the only difference from every previous build was to enable experimental. I have just one build script I've used for years. Try without experimental. I have a similar set-up (Sun Sparc Ultra 2s, Solaris 8, gcc 4.1.1) I was running 0.90rc3 with --enable-experimental and things were running, but when I upgraded to 0.90 itself clamav-milter would die within seconds. I backed down to rc3 and didn't get to try anything again until tonight. I've now tried 0.90 without --enable-experimental and it seems to be running OK. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
Christopher X. Candreva wrote: On Thu, 15 Feb 2007, Dennis Peterson wrote: In my case the only difference from every previous build was to enable experimental. I have just one build script I've used for years. Try without experimental. I have a similar set-up (Sun Sparc Ultra 2s, Solaris 8, gcc 4.1.1) I was running 0.90rc3 with --enable-experimental and things were running, but when I upgraded to 0.90 itself clamav-milter would die within seconds. I backed down to rc3 and didn't get to try anything again until tonight. I've now tried 0.90 without --enable-experimental and it seems to be running OK. That's the next test. I am beginning to wish this was a clamd.conf option, though. It's a pretty big deal to rip out a healthy AV tool and iteratively recompile and install one that might be broken because of a compile time switch. Mebbe that would be a good option for rc4 :) dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
carren stuart wrote: Jim Maul wrote: ack. Would you rather someone reply and say wow, that sucks, but i cant help you? Actually, yes I would. At least that would be acknowledgment of my problem and request. Maybe people are looking at the post time of your messages and see you can't even manage your system clock so aren't surprised you're whining about configuring something as complex as a fully integrated anti-virus solution. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On Thu, 15 Feb 2007 19:26:34 -0800 Dennis Peterson [EMAIL PROTECTED] wrote: I realize that and I apologize, but I've got a lot going on just now. There's not a lot to say yet. Solaris 9 in a Sun E250 w/2g ram, 80,000 messages/day per instance, running with a milter (J-chkmail - beautiful milter, Jose!) in Sendmail 8.14.0. It all works perfectly with 0.88.7 and every previous version. The configs were carefully updated with the new conf file samples, all permissions/ownerships verified, a fresh install of bzip2 was built just for this and it works great, too. Have you patched 8.14.0. I had everything falling over until I did that... http://www.sendmail.org/patches/milter.rcpt.rej.p0 (clamav 0.90/clamav-milter/debian test 32 bit/dual xeon/4gb) Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
On Fri, 16 Feb 2007, Steve Holdoway wrote: Have you patched 8.14.0. I had everything falling over until I did that... FWIW the problems I had were with 8.13.8 == Chris Candreva -- [EMAIL PROTECTED] -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90?
Steve Holdoway wrote: On Thu, 15 Feb 2007 19:26:34 -0800 Dennis Peterson [EMAIL PROTECTED] wrote: I realize that and I apologize, but I've got a lot going on just now. There's not a lot to say yet. Solaris 9 in a Sun E250 w/2g ram, 80,000 messages/day per instance, running with a milter (J-chkmail - beautiful milter, Jose!) in Sendmail 8.14.0. It all works perfectly with 0.88.7 and every previous version. The configs were carefully updated with the new conf file samples, all permissions/ownerships verified, a fresh install of bzip2 was built just for this and it works great, too. Have you patched 8.14.0. I had everything falling over until I did that... http://www.sendmail.org/patches/milter.rcpt.rej.p0 (clamav 0.90/clamav-milter/debian test 32 bit/dual xeon/4gb) Trying it now on the stage system. Thanks - hadn't see the errata link. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
Dennis Peterson wrote: Maybe people are looking at the post time of your messages and see you can't even manage your system clock so aren't surprised you're whining about configuring something as complex as a fully integrated anti-virus solution. Um excuse me ... for your information, my system clock is set correctly. And before you ask - yes, I just double checked it (specially for you). So long ... and thanks for all the fish. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
carren stuart wrote: Dennis Peterson wrote: Maybe people are looking at the post time of your messages and see you can't even manage your system clock so aren't surprised you're whining about configuring something as complex as a fully integrated anti-virus solution. Um excuse me ... for your information, my system clock is set correctly. And before you ask - yes, I just double checked it (specially for you). So long ... and thanks for all the fish. So what the heck time zone are you whining from? It's really tomorrow where you are? You're welcome for the fish. Great with a bit of tarragon and a cedar plank. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Auto scan problems
Dennis Peterson wrote: Um excuse me ... for your information, my system clock is set correctly. And before you ask - yes, I just double checked it (specially for you). So long ... and thanks for all the fish. So what the heck time zone are you whining from? It's really tomorrow where you are? You're welcome for the fish. Great with a bit of tarragon and a cedar plank. Well, seeing you asked - yes, it really IS tomorrow where I live. Timezone - Pacific, Auckland (NZ) Current time - 7.48pm Date - Friday 16th February 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html