[Clamav-users] can eamils from local network be excluded from scanning at MTA
Hello, The subject says it all - I wonder if it is possible to exclude certain local IPs from being scanned by clamd when they connect to my MTA? Many thanks for hints, advice! Warm regards, -- Zbigniew Szalbot ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] can eamils from local network be excluded from scanning at MTA
Zbigniew Szalbot escreveu: Hello, The subject says it all - I wonder if it is possible to exclude certain local IPs from being scanned by clamd when they connect to my MTA? Of course ... but this is certainly not a clamav configuration thing. Certainly you do have some piece of software to make your MTA interacts with clamav. Whitelisting your local emails should be done on this program not clamav. If you're running postfix/amavisd, whitelisting should be done in amavisd. If your running other MTA/antivirus integration software, whitelisting should be done on the antivirus integration software. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email [EMAIL PROTECTED] My SPAMTRAP, do not email it ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] can eamils from local network be excluded from scanning at MTA
Hello, > Of course ... but this is certainly not a clamav configuration > thing. Certainly you do have some piece of software to make your MTA > interacts with clamav. Whitelisting your local emails should be done on > this program not clamav. > > If you're running postfix/amavisd, whitelisting should be done in > amavisd. If your running other MTA/antivirus integration software, > whitelisting should be done on the antivirus integration software. Thanks - I am not too technical. If anyone could share how to do this in exim (4.66), I'd appreciate! Thank you very much for your answer, though! -- Zbigniew Szalbot ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] can eamils from local network be excluded from scanning at MTA
Hi there, Zbigniew Szalbot wrote: > Thanks - I am not too technical. If anyone could share how to do this in > exim (4.66), I'd appreciate! Thank you very much for your answer, though! To my surprise I got it working :) So no need to reply. Thanks! -- Zbigniew Szalbot ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav vs norton
I trusted clamav for a long time but ran across an interesting problem today. I received an e-mail from a friend that included a powerpoint. I opened the powerpoint in linux and wine flagged it as a virus (not sure how wine knew there was a virus...can anyone enlighten me on that?). I scanned it with clamav and it said the file was ok. I scanned it with norton and it came up as being infected. I updated clamAV and tried again, same results..the file was ok. I was just curious if anyone else has ran into this type of problem? I dont want to ditch clamAV but i have to do whats best for the business. -Sean- _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: I trusted clamav for a long time but ran across an interesting problem today. I received an e-mail from a friend that included a powerpoint. I opened the powerpoint in linux and wine flagged it as a virus (not sure how wine knew there was a virus...can anyone enlighten me on that?). I scanned it with clamav and it said the file was ok. I scanned it with norton and it came up as being infected. I updated clamAV and tried again, same results..the file was ok. I was just curious if anyone else has ran into this type of problem? I dont want to ditch clamAV but i have to do whats best for the business. -Sean- Things like this occur frequently, and not just with clamav. If you have a file that is not detected, you should submit it so that a signature can be included in future updates. Also, whats best for the business is to run multiple virus scanners and not rely on a single one. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
On Fri, March 2, 2007 11:25 am, Sean Pinegar said: > > I trusted clamav for a long time but ran across an interesting problem > today. I received an e-mail from a friend that included a powerpoint. I > opened the powerpoint in linux and wine flagged it as a virus (not sure > how wine knew there was a virus...can anyone enlighten me on that?). I > scanned it with clamav and it said the file was ok. I scanned it with > norton and it came up as being infected. I updated clamAV and tried > again, same results..the file was ok. I was just curious if anyone else > has ran into this type of problem? I dont want to ditch clamAV but i have > to do whats best for the business. No virus checker can find all viruses, all the time, and any may have false positives from time to time. If you believe there really is a virus in that file, I would suggest you submit it to the ClamAV team so they can add it to their database. There will be times ClamAV finds a virus Norton cannot, and vice-versa. On the average, ClamAV seems to be the finder more often than not. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
thanks for the replies. I know that sometimes one scanner will find a file that the other wont i was just curious if clamAV tends to not find viruses that norton finds. Thanks again for your reply Daniel...a couple other people tried to make me sound like i had no clue how a virus scanner worked. > Date: Fri, 2 Mar 2007 11:43:03 -0500 > Subject: Re: [Clamav-users] clamav vs norton > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > > > On Fri, March 2, 2007 11:25 am, Sean Pinegar said: > > > > I trusted clamav for a long time but ran across an interesting problem > > today. I received an e-mail from a friend that included a powerpoint. I > > opened the powerpoint in linux and wine flagged it as a virus (not sure > > how wine knew there was a virus...can anyone enlighten me on that?). I > > scanned it with clamav and it said the file was ok. I scanned it with > > norton and it came up as being infected. I updated clamAV and tried > > again, same results..the file was ok. I was just curious if anyone else > > has ran into this type of problem? I dont want to ditch clamAV but i have > > to do whats best for the business. > > No virus checker can find all viruses, all the time, and any may have > false positives from time to time. > > If you believe there really is a virus in that file, I would suggest you > submit it to the ClamAV team so they can add it to their database. > > There will be times ClamAV finds a virus Norton cannot, and vice-versa. > On the average, ClamAV seems to be the finder more often than not. > > Daniel T. Staal > > --- > This email copyright the author. Unless otherwise noted, you > are expressly allowed to retransmit, quote, or otherwise use > the contents for non-commercial purposes. This copyright will > expire 5 years after the author's death, or in 30 years, > whichever is longer, unless such a period is in excess of > local copyright law. > --- > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: thanks for the replies. I know that sometimes one scanner will find a file that the other wont i was just curious if clamAV tends to not find viruses that norton finds. Thanks again for your reply Daniel...a couple other people tried to make me sound like i had no clue how a virus scanner worked. I think you just sounded like you were prepared to make draconian decisions based on a sample of one. All the advice given is valid regardless of the AV vendor. You don't yet know if you have a false positive with Norton or a missed virus with ClamAV, so you really have no basis to make any decision. I'd suggest submitting your file to several AV vendors and see what happens. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
The file has been submitted. Thank you. > Date: Fri, 2 Mar 2007 08:55:35 -0800 > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] clamav vs norton > > Sean Pinegar wrote: > > thanks for the replies. I know that sometimes one scanner will find a > > file that the other wont i was just curious if clamAV tends to not > > find viruses that norton finds. Thanks again for your reply > > Daniel...a couple other people tried to make me sound like i had no > > clue how a virus scanner worked. > > I think you just sounded like you were prepared to make draconian > decisions based on a sample of one. All the advice given is valid > regardless of the AV vendor. You don't yet know if you have a false > positive with Norton or a missed virus with ClamAV, so you really have > no basis to make any decision. I'd suggest submitting your file to > several AV vendors and see what happens. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
In this case, was the file really infected or did Norton throw a false positive? At this point, we really don't know which product is producing an error. How about downloading AVG and scanning this file again?( they have free and trial versions) Lyle Jim Maul wrote: Sean Pinegar wrote: I trusted clamav for a long time but ran across an interesting problem today. I received an e-mail from a friend that included a powerpoint. I opened the powerpoint in linux and wine flagged it as a virus (not sure how wine knew there was a virus...can anyone enlighten me on that?). I scanned it with clamav and it said the file was ok. I scanned it with norton and it came up as being infected. I updated clamAV and tried again, same results..the file was ok. I was just curious if anyone else has ran into this type of problem? I dont want to ditch clamAV but i have to do whats best for the business. -Sean- Things like this occur frequently, and not just with clamav. If you have a file that is not detected, you should submit it so that a signature can be included in future updates. Also, whats best for the business is to run multiple virus scanners and not rely on a single one. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Lyle Giese wrote: In this case, was the file really infected or did Norton throw a false positive? At this point, we really don't know which product is producing an error. How about downloading AVG and scanning this file again?( they have free and trial versions) Lyle There are also vendor services that will test a file in real time via a web page. It produces quicker results and doesn't clutter your hard drive with demo products. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Scan the file online with virusscan.jotti.org or www.virustotal.com At 10:45 AM 3/2/2007, Lyle Giese wrote: In this case, was the file really infected or did Norton throw a false positive? At this point, we really don't know which product is producing an error. How about downloading AVG and scanning this file again?( they have free and trial versions) Lyle Jim Maul wrote: Sean Pinegar wrote: I trusted clamav for a long time but ran across an interesting problem today. I received an e-mail from a friend that included a powerpoint. I opened the powerpoint in linux and wine flagged it as a virus (not sure how wine knew there was a virus...can anyone enlighten me on that?). I scanned it with clamav and it said the file was ok. I scanned it with norton and it came up as being infected. I updated clamAV and tried again, same results..the file was ok. I was just curious if anyone else has ran into this type of problem? I dont want to ditch clamAV but i have to do whats best for the business. -Sean- Things like this occur frequently, and not just with clamav. If you have a file that is not detected, you should submit it so that a signature can be included in future updates. Also, whats best for the business is to run multiple virus scanners and not rely on a single one. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: The file has been submitted. Thank you. Something else to consider is that your mail system has a max size for files it will submit for scanning, and that this file was larger than that max size. Just something to look for in trying to debug the failure. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: > I trusted clamav for a long time but ran across an interesting problem today. > I received an e-mail from a friend that included a powerpoint. I opened the > powerpoint in linux and wine flagged it as a virus (not sure how wine knew > there was a virus...can anyone enlighten me on that?). I scanned it with > clamav and it said the file was ok. I scanned it with norton and it came up > as being infected. Bit late joining this... but submit the file to one of these sites... and you'll hopefully get a clearer picture... maybe ;) http://www.virustotal.com/ http://virusscan.jotti.org/ http://scanner.virus.org/ They scan a single file with various anti-virus software and give you a result. As no single virus scanner gives you 100% protection on every malware type, right from 0 hour... the above services can be useful. Cheers, Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
Im confused by this e-mail. Can you explain further? > Date: Fri, 2 Mar 2007 09:08:19 -0800 > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] clamav vs norton > > Sean Pinegar wrote: > > The file has been submitted. Thank you. > > > > Something else to consider is that your mail system has a max size for > files it will submit for scanning, and that this file was larger than > that max size. Just something to look for in trying to debug the failure. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
Thank you, i will bookmark these now. The virus did turn up on 2 different virus scanners so i submitted it to ClamAV. > Date: Fri, 2 Mar 2007 17:28:30 + > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] clamav vs norton > > > > Sean Pinegar wrote: > > I trusted clamav for a long time but ran across an interesting problem > > today. I received an e-mail from a friend that included a powerpoint. I > > opened the powerpoint in linux and wine flagged it as a virus (not sure how > > wine knew there was a virus...can anyone enlighten me on that?). I scanned > > it with clamav and it said the file was ok. I scanned it with norton and it > > came up as being infected. > Bit late joining this... but submit the file to one of these sites... > and you'll hopefully get a clearer picture... maybe ;) > > http://www.virustotal.com/ > http://virusscan.jotti.org/ > http://scanner.virus.org/ > > They scan a single file with various anti-virus software and give you a > result. As no single virus scanner gives you 100% protection on every > malware type, right from 0 hour... the above services can be useful. > > Cheers, > > Steve > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can't open directory /var/db/clamav/daily.inc
On 3/1/07 10:55 AM, "Gerard Seibert" <[EMAIL PROTECTED]> wrote: > On Thursday March 01, 2007 at 12:45:20 (PM) John W. Baxter wrote: > >> The way our system operates, we learned of the problem well after the 700 >> permissions were set up, when I restarted our mail processing system for >> another reason. (We run two processing systems per machine--handling >> submitted mail and handling incoming-from-the-world mail, each under its own >> user, so 700 is "difficult" for us.) > > You might be able to script something to check the permissions and > change them if they are not what you expected. Probably running it via > CRON would take care of the problem. I will if it happens again. But it's been quite a while now without problems, and (for us) the trigger was clear: the switch of methods by freshclam. That says that one possible future trigger might be a mirror not offering the new method, which--speculatively--might cause Freshclam to toss out daily.inc and download daily.cvd, then later switch back to the new method again. --John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] can eamils from local network be excluded from scanning at MTA
On 3/2/07 4:00 AM, "Zbigniew Szalbot" <[EMAIL PROTECTED]> wrote: > Hello, > >> Of course ... but this is certainly not a clamav configuration >> thing. Certainly you do have some piece of software to make your MTA >> interacts with clamav. Whitelisting your local emails should be done on >> this program not clamav. >> >> If you're running postfix/amavisd, whitelisting should be done in >> amavisd. If your running other MTA/antivirus integration software, >> whitelisting should be done on the antivirus integration software. > > Thanks - I am not too technical. If anyone could share how to do this in > exim (4.66), I'd appreciate! Thank you very much for your answer, though! Well, we give our users server names whose IP addresses differ from the published MX, so right away we can distinguish submissions from mail incoming from the world. And for convenience, we process the two streams through different instances of Exim, although it can be done in one instance with some complexification of the configuration. --John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] can eamils from local network be excluded from scanning at MTA
On 3/2/07 12:57 AM, "Zbigniew Szalbot" <[EMAIL PROTECTED]> wrote: > The subject says it all - I wonder if it is possible to exclude certain > local IPs from being scanned by clamd when they connect to my MTA? As you now know, it's possible, since you've done it. Whether it's a good idea is another matter. (One reason would be that you have trusted security researchers sending mail through your system.) --John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can't open directory /var/db/clamav/daily.inc
At 11:35 AM 3/2/2007, John W. Baxter wrote: On 3/1/07 10:55 AM, "Gerard Seibert" <[EMAIL PROTECTED]> wrote: > On Thursday March 01, 2007 at 12:45:20 (PM) John W. Baxter wrote: > >> The way our system operates, we learned of the problem well after the 700 >> permissions were set up, when I restarted our mail processing system for >> another reason. (We run two processing systems per machine--handling >> submitted mail and handling incoming-from-the-world mail, each under its own >> user, so 700 is "difficult" for us.) > > You might be able to script something to check the permissions and > change them if they are not what you expected. Probably running it via > CRON would take care of the problem. I will if it happens again. But it's been quite a while now without problems, and (for us) the trigger was clear: the switch of methods by freshclam. That says that one possible future trigger might be a mirror not offering the new method, which--speculatively--might cause Freshclam to toss out daily.inc and download daily.cvd, then later switch back to the new method again. --John Upgrade to the just-released clamav-0.90.1 which fixes this and a few other problems. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
On 3/2/07 8:25 AM, "Sean Pinegar" <[EMAIL PROTECTED]> wrote: > I trusted clamav for a long time but ran across an interesting problem today. > I received an e-mail from a friend that included a powerpoint. I opened the > powerpoint in linux and wine flagged it as a virus (not sure how wine knew > there was a virus...can anyone enlighten me on that?). I scanned it with > clamav and it said the file was ok. I scanned it with norton and it came up as > being infected. I updated clamAV and tried again, same results..the file was > ok. I was just curious if anyone else has ran into this type of problem? I > dont want to ditch clamAV but i have to do whats best for the business. Depending on what your user population is, it is quite possible that a large fraction of them run Norton on their machines. So their overall protection is better if you *don't* run Norton, but something else. (Adjust for what your user population actually does.) --John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can't open directory /var/db/clamav/daily.inc
On 3/2/07 9:48 AM, "Noel Jones" <[EMAIL PROTECTED]> wrote: > Upgrade to the just-released clamav-0.90.1 which fixes this and a few > other problems. Thanks. When dag updates (or this weekend, whichever happens second) I'll do so. --John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: Im confused by this e-mail. Can you explain further? When email arrives on your system a process accepts it from the mail server and submits it to clamav for scanning. Those interfaces are configurable, and one of the options is to not scan files that exceed a certain length. The reason for doing so is to prevent your AV scanner from being bogged down by huge files along with the fact that most viruses are rather small. It is not without risk, but many sites are not prepared to scan thousands of 20 mb files all day long. If your system has such a configuration and it is set too low then ClamAV will not have scanned your file at all. It is all supposition that would require validation of your configuration, of course, but is something to consider. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can't open directory /var/db/clamav/daily.inc
> On 3/2/07 9:48 AM, "Noel Jones" <[EMAIL PROTECTED]> wrote: > >> Upgrade to the just-released clamav-0.90.1 which fixes this and a few >> other problems. > > Thanks. When dag updates (or this weekend, whichever happens second) I'll > do so. rpmforge already has it updated :) -- Zivago Lee [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean wrote I trusted clamav for a long time but ran across an interesting problem today. You aren't looking at the other side of that coin. You can bet (I see it rather frequently) that there are times that clamav catches a virus that norton does not! Don't throw the baby out with the bathwater It is for this very reason that inbound mail in setups that I design passes through two different AV packages. I used to think this was rather silly, until a situation arose where I had to have inbound mail go through two different AV packages (my proposed front-end and the customers existing backend). After watching the logs on both packages, I noticed that it was actually pretty frequent/routine that clamav would catch something the other package didn't AND VICE-VERSA. Now I always design in two AV packages - I have learned it is not silly at all. Jay West ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can't open directory /var/db/clamav/daily.inc
On 3/2/07 10:10 AM, "Zivago Lee" <[EMAIL PROTECTED]> wrote: > >> On 3/2/07 9:48 AM, "Noel Jones" <[EMAIL PROTECTED]> wrote: >> >>> Upgrade to the just-released clamav-0.90.1 which fixes this and a few >>> other problems. >> >> Thanks. When dag updates (or this weekend, whichever happens second) I'll >> do so. > > rpmforge already has it updated :) Thanks, we'd have to vette them and add them to our accepted yum repositories to make (automated) use of that. --John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd is not closing sockets conne ctions ¡¡¡
Hi, I have a Intel Server Pentium 4 3.2 GHz with 1 GB of RAM, the Operating System is FreeBSD 6.2 STABLE, the server is running Exim 4.62 with content scanning using clamav. We have made upgrade of clamav 0.88.7 to clamav 0.90_2. When we were working with the versions of clamav 0,88 we did not have no problem, but after upgrade we cannot use the antivirus because the connections towards socket of clamav are not closed and they do not stop to increase. If we executed the commando netstat - n we see: Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c8f183d4 stream 0 00 c4c94af000 /var/run/clamav/clamd c4c94af0 stream 0 00 c8f183d400 c86c3578 stream 0 00 c8f1871c00 /var/run/clamav/clamd c8f1871c stream 0 00 c86c357800 c52aca64 stream 0 00 ca596af000 /var/run/clamav/clamd ca596af0 stream 0 00 c52aca6400 c68587a8 stream 0 00 c8ccdc0800 /var/run/clamav/clamd c8ccdc08 stream 0 00 c68587a800 c8cf0578 stream 0 00 c685834800 /var/run/clamav/clamd c6858348 stream 0 00 c8cf057800 c868dd20 stream 0 00 c6c3c60400 /var/run/clamav/clamd c6c3c604 stream 0 00 c868dd2000 c56afa64 stream 0 00 c869057800 /var/run/clamav/clamd . . . . . . . until but of 500 lines and they continue increasing Next this the file clamd.conf that is used for clamav 0,90 (is he himself that I am used for clamav 0.88). I have omitted the commented options LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 LogTime yes LogVerbose yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/db/clamav LocalSocket /var/run/clamav/clamd FixStaleSocket yes MaxConnectionQueueLength 200 StreamMaxLength 5M MaxThreads 200 User clamav AllowSupplementaryGroups yes ScanMail yes ArchiveMaxFileSize 2M In the clamd.log file it does not appear no message of error Somebody has solved a similar problem? Thanks in advanced Regards Jose _ Consigue aquí las mejores y mas recientes ofertas de trabajo en América Latina y USA: http://latam.msn.com/empleos/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] can eamils from local network be excluded from scanning at MTA
* On 02/03/07 13:00 +0100, Zbigniew Szalbot wrote: | Hello, | | > Of course ... but this is certainly not a clamav configuration | > thing. Certainly you do have some piece of software to make your MTA | > interacts with clamav. Whitelisting your local emails should be done on | > this program not clamav. | > | > If you're running postfix/amavisd, whitelisting should be done in | > amavisd. If your running other MTA/antivirus integration software, | > whitelisting should be done on the antivirus integration software. | | Thanks - I am not too technical. If anyone could share how to do this in | exim (4.66), I'd appreciate! Thank you very much for your answer, though! accept hosts = your_IPs_OR_subnet_here You put that rule above all rules where you do the scanning ;) It's not a good idea though, unless you can bet your life on the fact that none of those hosts will ever get infected! -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ If money can't buy happiness, I guess you'll just have to rent it. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: ClamAV 0.90.0 Problem
On Tue, 2007-02-27 at 11:21 +, Ian Abbott wrote: > On 26/02/2007 13:12, Frank Tanner III wrote: > > On Mon, 2007-02-26 at 11:45 +0100, Luca Gibelli wrote: > >> Hello Frank, > >> > >>> The line FixStaleSocket isn't commented out by default. It just says > >> This is not true. Just check it: http://www.clamav.net/download/sources > >> > > > > I don't care what that shows. I know how it shows after a fresh install > > of ClamAV on my system. It was installed from FRESH source from the > > ClamAV web site. I didn't use any wierdo configure statements. I am > > running CentOS Linux 4.4 which is virtually identical to Red Hat > > Enterprise Linux Update 4. If you can explain why the following > > configure line left that blank in my conf file I would like to hear it: > > > > ./configure --sysconfdir=/etc --disable-zlib-vcheck -enable-experimental > > Note that 'make install' will not overwrite your existing installed > config files. Are you sure you're not just looking at some old ones? > What about the sample config files in your clamav-0.90/etc directory? > FYI: 0.90.1 seems to have resolved all of my issues. -- --- Frank Tanner III ([EMAIL PROTECTED]) ICQ: 1730844 AIM: KalokSundancer MSN: [EMAIL PROTECTED] YIM: fbtanner ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Viruses caught
This is an interesting list for what it shows. It is a list from the last 10,000 "viruses" caught here where there were 10 or more of a particular virus caught. Clearly most of them are not viruses at all but image spam and penny stock scams. Might be time to re-word the way the information is reported back to the milter. The message says it's all viruses. It also shows that Steve's lists from Sane Security are continuing to kick some serious butt. Thanks again, Steve! count pattern 1233 Email.Img.Gen021.Sanesecurity.06126001 1182 Email.Img.Gen018.Sanesecurity.06122000 1053 Email.Img.Gen016.Sanesecurity.06121201 812 Email.Hdr.Sanesecurity.07012400 659 Email.Img.Gen001.Sanesecurity.0601 283 Html.Img.Gen013.Sanesecurity.06112900 197 Email.Stk.Gen298.Sanesecurity.07021504 196 Email.Stk.Gen294.Sanesecurity.07021500 191 Email.Stk.Gen299.Sanesecurity.07021505 180 Email.Stk.Gen297.Sanesecurity.07021503 175 Email.Stk.Gen295.Sanesecurity.07021501 173 Email.Stk.Gen300.Sanesecurity.07021506 169 Email.Stk.Gen296.Sanesecurity.07021502 140 Email.Spam.Gen253.Sanesecurity.07022303 139 Email.Img.Gen040.Sanesecurity.07010600 120 Email.Img.Gen064.Sanesecurity.07022301 116 Email.Spam.Gen103.Sanesecurity.07011703 89 Email.Img.Gen031.Sanesecurity.07010100 51 Email.Stk.Gen301.Sanesecurity.07021507 45 Html.Dipl.Gen003.Sanesecurity.07010300 39 Worm.Stration.pac 36 MSRBL-Images/0-IYC 35 MSRBL-Images/0-OUI 35 MSRBL-Images/0-Iwd 33 MSRBL-Images/0-O3Y 33 Html.Img.Gen037.Sanesecurity.07010501 29 Html.Phishing.RockGen11.Sanesecurity.07021701 26 Html.Phishing.Rock.Sanesecurity.06080102 24 Email.Stk.Gen205.Sanesecurity.07012204 24 Email.ImgO.Gen010.Sanesecurity.07022100 22 MSRBL-SPAM.BounceBack.2504 22 Html.Phishing.Bank.Gen818u.Sanesecurity.06062707 18 MSRBL-Images/0-OwI 18 Email.Stk.Gen193.Sanesecurity.07011706 17 MSRBL-Images/0-OO1 16 MSRBL-SPAM.Meds.2660 16 Html.Phishing.Pay.Gen017.Sanesecurity.06022800 15 MSRBL-Images/0-OR9 15 MSRBL-Images/0-IYu 15 Email.Hdr.Sanesecurity.07022100 14 MSRBL-SPAM.SpamBlowBack.1150 14 MSRBL-SPAM.Bounce.URL.914 14 Html.Phishing.Pay.Gen001.Sanesecurity.06012700 14 Html.Phishing.Azon.Gen034.Sanesecurity.06112900 13 MSRBL-Images/0-OSE 12 Worm.Somefool.AR 12 HTML.Phishing.Bank-362 12 ClamAV-Test-File 11 Html.Phishing.RockGen6.Sanesecurity.06122300 11 Html.Phishing.Rock.Sanesecurity.06050500 10 MSRBL-Images/0-Ihq 10 Html.Img.Gen034.Sanesecurity.07010302 dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Viruses caught
> This is an interesting list for what it shows. It is a list > from the last 10,000 "viruses" caught here where there were > 10 or more of a particular virus caught. Clearly most of them > are not viruses at all but image spam and penny stock scams. > Might be time to re-word the way the information is reported > back to the milter. The message says it's all viruses. > > It also shows that Steve's lists from Sane Security are > continuing to kick some serious butt. Thanks again, Steve! > > > count pattern > 1233 Email.Img.Gen021.Sanesecurity.06126001 > 1182 Email.Img.Gen018.Sanesecurity.06122000 > 1053 Email.Img.Gen016.Sanesecurity.06121201 > 812 Email.Hdr.Sanesecurity.07012400 > 659 Email.Img.Gen001.Sanesecurity.0601 > 283 Html.Img.Gen013.Sanesecurity.06112900 > 197 Email.Stk.Gen298.Sanesecurity.07021504 > 196 Email.Stk.Gen294.Sanesecurity.07021500 > 191 Email.Stk.Gen299.Sanesecurity.07021505 > 180 Email.Stk.Gen297.Sanesecurity.07021503 > 175 Email.Stk.Gen295.Sanesecurity.07021501 > 173 Email.Stk.Gen300.Sanesecurity.07021506 > 169 Email.Stk.Gen296.Sanesecurity.07021502 > 140 Email.Spam.Gen253.Sanesecurity.07022303 > 139 Email.Img.Gen040.Sanesecurity.07010600 > 120 Email.Img.Gen064.Sanesecurity.07022301 > 116 Email.Spam.Gen103.Sanesecurity.07011703 >89 Email.Img.Gen031.Sanesecurity.07010100 On 2/24, I posted similar findings on the amavisd-new list. When I updated my amavis logwatch filter/reporter, I added a Malware by Scanner section and was pleased to see how Steve's lists have been very, very helpful. An upcoming amavisd-new release provides the ability to consider Phishing scams, etc. as spam rather than viruses. MrC ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] upgrade to 0.90.1 and it will log in clamd.log
i checked the 0.90.1 and the issue with the log .. for those like me who had problems .. is corected now it logs like before in clamd.log thanks -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
