[Clamav-users] ClamAV 0.90.1 and amavis 0.3.13pre2 Error Code:44
Hi list, after updating my installation of clamav 0.88 to 0.90.1 the clamscan failed with the following error: Virus scanner failure: /usr/local/bin/clamscan (error code: 40) A test with clamd works, but as posted in threat Clamd does not block virusmails, the virusmails will not be blocked by amavis/clamd. I found no solution via google to fix my problem. I'm running Exim 4.x with amavis 0.3.13pre2 but do not have any chance to upgrade to amavid-new, because there are round about 120 installations of those servers. Is there any solution to make it work ? Thanx for any reply. __ Raiffeisen Waren-Zentrale Rhein-Main eG 50668 Koeln, Altenberger Str. 1a Tel: 0221/1638-0 Fax: 0221/1638-254 Sitz: Koeln Amtsgericht Koeln, GnR 728 Vorstand: Hans-Josef Hilgers (Sprecher) Markus Stuettgen Dr. Karl-Heinrich Suemmermann Friedhelm Decker (Vorsitzender) Ingo Steitz Vorsitzender des Aufsichtsrates: Peter Bleser (MdB) St.Nr.: 215/5938/0152 Bankverbindung: WGZ Bank AG, Duesseldorf (BLZ 300 600 10) Konto-Nr.: 300 011 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90? - Update
On Mon, 12 Mar 2007 22:00:54 GMT Mark [EMAIL PROTECTED] wrote: In earnest, can't say as I'm very inspired to upgrade (from 0.88.7) yet. Ranging from various serious pthread problems to excessive CPU usage, to unlinking of pid files, to clamd dying, none of this makes me feel inclined much to do the upgrade; 0.90 may well be the buggiest public release ever. Then there's this: WARNING: Local version: 0.88.7 Recommended version: 0.90.1 So, I upgraded to 0.90_2 (FreeBSD, on a Vmware test machine), and freshcam still says: WARNING: Current functionality level = 13, recommended = 14 Probably because the clamav distro (http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/clamav/) is 11 days old. That's not clamav's fault, of course, but leaves FreeBSD users exactly nowhere at the moment. I am running version: ClamAV devel-20070228/2830/Tue Mar 13 01:12:22 2007 from port: /usr/ports/security/clamav-devel I don't have any problems. This is on a FreeBSD-6.2 system. Perhaps you might want to consider going that route and see what happens. -- Gerard ... But we've only fondled the surface of that subject. Virginia Masters signature.asc Description: PGP signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Don't know what to do with infected files
On Tue, 2007-03-13 at 00:09 +0100, Pascal Duchatelle wrote: Thomas Sprinkmeier a écrit : Is deleting it enough? My advice is to nuke infected systems. Even benign programs rarely uninstall cleanly; malware is nasty and designed not to go quietly. To nuke you mean just reformatting the space and to a re-install ? Yes. Remember to install all patches, virus checkers, signature updates etc. etc. from behind a nice, safe firewall (see https://isc2.sans.org/survivaltime.html and http://www.sans.org/rr/papers/index.php?id=1298) Your system is dual-boot? Re-installing windows will nuke your bootloader (probably grub or lilo). You'll have to reinstall it afterwards. Of course, to reinstall it you gotta boot linux first (chicken and egg :-) Make a linux boot disk and/or have a live CD (http://www.knoppix.org/) handy before you start. I naively did this unzipping already when I wanted to upgrade the YEPP studio... The sum of the folders + files sizes looks about the same as the size of the zip archive. Could it be a false positive ? sounds like it. Consider submitting the file to clamav, they're likely to be interested. Thank you again Pascal glad to help. Thomas ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade to .90? - Update
On Mon, 2007-03-12 at 09:55 -0700, Kevin W. Gagel wrote: - Original Message - So, its been a few days. How is everyone feeling about the new version? I've hesitated to upgrade just yet. I've seen alot of feedback indicating problems and very little about smooth and great upgrades. What's the general concensous - You can't upgrade fast enough or Stay where you are? Well, It's been a week or two since I upgraded to .9.0.1 and I have not seen any of the problems that were reported in the .9.0 version. Ditto. I've been running 0.90.1 for 7 days on Mandriva Corporate Server Linux, have scanned about 200,000 emails in that time, and only consumed about 1 and a half hours of CPU. clamav4005 1 0 Mar06 ?01:29:23 clamd -c /etc/clamd.conf Aside from the zip error that Nigel claims to have fixed in SVN, this has been a near flawless upgrade. Thank you to all who answered my original email and to the ClamAV crew for the hard work you put into this effort. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav-milter
Hi, I'm using clamav 0.9 and for integrate with sendmail i use clamav-milter. Now I want that when a virus is detected in a mail, in automatic form send mail of notification to the address destination of the mail. Thank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] again SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
Hi to all! Help me, please. After installing clamav-0.90 I see into freshclam.log a warning SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES ! GMP and zlib libraryes is installed and a previous clamav-0.87 worked without this warning. I tried compiling with prefix and path to these libraryes , but result is same I don't understand where is a problem on my FreeBSB-5.4(6.1)? Thanks, Flanker ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] again SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
On 3/13/07, Sergey Shilov [EMAIL PROTECTED] wrote: After installing clamav-0.90 I see into freshclam.log a warning SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES ! GMP and zlib libraryes is installed and a previous clamav-0.87 worked without this warning. I tried compiling with prefix and path to these libraryes , but result is same I don't understand where is a problem on my FreeBSB-5.4(6.1)? Have you tried using the ports to install clamav? That will almost certainly resolve your problem. Just remember to update your ports tree first: http://www.freebsd.org/doc/ru/books/handbook/portsnap.html -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.90.1 freshclam error
I have upgraded from 0.88.7 to 0.90.1 with rpms from DAG. This morning I got this notification from Cron Daemon. /etc/cron.daily/freshclam: connect(): Permission denied What did I miss out? Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Don't know what to do with infected files
sorry to bother you but I am new to ClamAV (on fedora core 6). I ran clamscan on my laptop and got a message telling me that I have 3 files infected. You might have some malware, but I doubt your system is infected. One is in my mail . I browed the FAQ and find a way supposed (by using ... Yes, everyone gets junk in their e-mail. Your system might not even be vulnerable to it, and it doesn't mean that the stuff has actually infected your system. But finding the specific message is a bit hard with ClamAV The second file infected is in my windows partition under the root directory (I got this result :media/hda2/pagefile.sys: Exploit.HTML.MHTRedir-8 FOUND). hda2 is my windows partition. Thisfile is 1.3G large (from what nautilus sees/says). Again is simply deleting enough ? I s it usually a windows file ? This is the Windows swap file. So you probably visited a site with an exploit, and some of your RAM holding that, happened to get swapped to disk. Or it could be a false-positive. Your Windows swap file is just temp storage while Windows is running, so anything in it junk. There is no need to disinfect it, as Windows will re-init it when it boots aqain. The third one is more confusing to me since it is a zipped file that I donwloaded from the US Samsung site when I tried to upgrade my Yepp 920 studio and firmware (mp3 player interface). The scan tells me that it is an oversized archive. Is there a way for clamAV to be sure of that (I The ZIP file may be corrupted. The exact ClamAV message would be helpful, but ClamAV has protection against ZIP bombs, which contain files with unrealistic compression ratios. ZIP bombs can take a really long time to scan, as the AV engine will decompress the file(s), which can decompress to 100x the original size (or more). So scanning a 50MB ZIP bomb, could involve scanning 5GB of data. There are settings in Clam to configure the unrealistic compression ratio setting. Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV on an local network without internet connection
Hi the list, I'm running ClamAV on many clients and I want to have a server for updating client database. My server isn't connected to internet. So no updating is possible. How can i setup my server for delivering the two files (daily.cvd and main.cvd) ? The server database will be updated manually. Thanks in advance for your responses and for your ideas ! Friendly Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: 0.90.1 freshclam error
Robert Isaac schrieb: /etc/cron.daily/freshclam: connect(): Permission denied What did I miss out? Seems as if you have notify-clamd enabled and maybe you have set wrong permissions/rights on the socket-file. Sven ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
Robert Isaac schrieb: /etc/cron.daily/freshclam: connect(): Permission denied What did I miss out? Seems as if you have notify-clamd enabled and maybe you have set wrong permissions/rights on the socket-file. Sven clamd.conf is shown 644 root:root, should it be 644 clamav:clamav? Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
On Tue, 2007-03-13 at 17:55 +, Robert Isaac wrote: Robert Isaac schrieb: /etc/cron.daily/freshclam: connect(): Permission denied What did I miss out? Seems as if you have notify-clamd enabled and maybe you have set wrong permissions/rights on the socket-file. Sven clamd.conf is shown 644 root:root, should it be 644 clamav:clamav? That's not the problem. /var/lib/clamav/clamd.socket, or wherever you have put it, is the likely issue. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
Robert Isaac schrieb: /etc/cron.daily/freshclam: connect(): Permission denied What did I miss out? Seems as if you have notify-clamd enabled and maybe you have set wrong permissions/rights on the socket-file. Sven clamd.conf is shown 644 root:root, should it be 644 clamav:clamav? That's not the problem. /var/lib/clamav/clamd.socket, or wherever you have put it, is the likely issue. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX I don't have clamd.socket Bob ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: 0.90.1 freshclam error
At 03:29 PM 3/13/2007, Robert Isaac wrote: Robert Isaac schrieb: /etc/cron.daily/freshclam: connect(): Permission denied What did I miss out? Seems as if you have notify-clamd enabled and maybe you have set wrong permissions/rights on the socket-file. Sven clamd.conf is shown 644 root:root, should it be 644 clamav:clamav? That's not the problem. /var/lib/clamav/clamd.socket, or wherever you have put it, is the likely issue. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX I don't have clamd.socket That was an example. To find the path to the socket you are using, try # grep LocalSocket clamd.conf -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Freshclam can't parse INTERMITTENT error?
Why do I get this every-other error behavior? It can't find or parse the config file once, then the next time it can? And it's a pattern, not just this one occurrence. freshclam.conf below -- Received signal: wake up ClamAV update process started at Tue Mar 13 08:09:35 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) Downloading daily-2831.cdiff [100%] daily.inc updated (version: 2831, sigs: 15175, f-level: 14, builder: sven) Database updated (99126 signatures) from db.local.clamav.net (IP: 129.64.99.170) WARNING: Clamd was NOT notified: Can't find or parse configuration file true -- Received signal: wake up ClamAV update process started at Tue Mar 13 08:10:04 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) daily.inc is up to date (version: 2831, sigs: 15175, f-level: 14, builder: sven) -- Received signal: wake up ClamAV update process started at Tue Mar 13 08:31:51 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) Downloading daily-2832.cdiff [100%] daily.inc updated (version: 2832, sigs: 15184, f-level: 14, builder: ccordes) Database updated (99135 signatures) from db.local.clamav.net (IP: 209.8.40.140) Clamd successfully notified about the update. -- Here's freshclam.conf (Debian stable with 0.90.1 clamav/freshclam updates via volatile): # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav/ DNSDatabaseInfo current.cvd.clamav.net AllowSupplementaryGroups false PidFile /var/run/clamav/freshclam.pid ConnectTimeout 30 ReceiveTimeout 30 ScriptedUpdates yes #NotifyClamd true changed with 0.9 See line below NotifyClamd /etc/clamav/clamd.conf # Check for new database 24 times a day Checks 24 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net OnUpdateExecute /usr/local/sbin/freshclamwarn -clean OnErrorExecute /usr/local/sbin/freshclamwarn -updatefail ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Where to submit a supposed false positive ?
Hello, I don't mean to bother but I've been exchanging messages on this list because I ran clamscan and got messages for infected files. One of them seems OK to me, so Thomas Sprinkmeier suggested to me to pass this file to the clamav team but I am not sure (as asked in the FAQ) that it is trully a false positive and I don't know where to submit it. Is it in the same page as the virus sample submission form ? As a hint : it is a zipped file with a size that is about the sum of its unzipped content. Maybe not that much interesting. Thank you for the help and the time Pascal ___ Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire. http://fr.mail.yahoo.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: Where to submit a supposed false positive ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pascal Duchatelle wrote: [snip] Is it in the same page as the virus sample submission form ? Yes. - -- René Berber \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF9yOfL3NNweKTRgwRCOsrAJ4+7rgAJ1WCm46iI2nFP4ZhepwWZgCgzKhA boI6V+TRM+bEVexe0Fca6/0= =eAWc -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Freshclam can't parse INTERMITTENT error?
Why do I get this every-other error behavior? It can't find or parse the config file once, then the next time it can? And it's a pattern, not just this one occurrence. freshclam.conf below -- Received signal: wake up ClamAV update process started at Tue Mar 13 08:09:35 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) Downloading daily-2831.cdiff [100%] daily.inc updated (version: 2831, sigs: 15175, f-level: 14, builder: sven) Database updated (99126 signatures) from db.local.clamav.net (IP: 129.64.99.170) WARNING: Clamd was NOT notified: Can't find or parse configuration file true -- Received signal: wake up ClamAV update process started at Tue Mar 13 08:10:04 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) daily.inc is up to date (version: 2831, sigs: 15175, f-level: 14, builder: sven) -- Received signal: wake up ClamAV update process started at Tue Mar 13 08:31:51 2007 main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) Downloading daily-2832.cdiff [100%] daily.inc updated (version: 2832, sigs: 15184, f-level: 14, builder: ccordes) Database updated (99135 signatures) from db.local.clamav.net (IP: 209.8.40.140) Clamd successfully notified about the update. -- Here's freshclam.conf (Debian stable with 0.90.1 clamav/freshclam updates via volatile): # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav/ DNSDatabaseInfo current.cvd.clamav.net AllowSupplementaryGroups false PidFile /var/run/clamav/freshclam.pid ConnectTimeout 30 ReceiveTimeout 30 ScriptedUpdates yes #NotifyClamd true changed with 0.9 See line below NotifyClamd /etc/clamav/clamd.conf # Check for new database 24 times a day Checks 24 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net OnUpdateExecute /usr/local/sbin/freshclamwarn -clean OnErrorExecute /usr/local/sbin/freshclamwarn -updatefail Have you checked if you have more than one daemon running? BTW, I noticed that installing clamav and clamav-daemon from Volatile did not automatically install a new clamav-freshclam, I had to include it in the list or risk ending up with mixed versions. Gary V _ Mortgage rates as low as 4.625% - Refinance $150,000 loan for $579 a month. Intro*Terms https://www2.nextag.com/goto.jsp?product=10035url=%2fst.jsptm=ysearch=mortgage_text_links_88_h27f6disc=yvers=743s=4056p=5117 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem installing ClamAV 0.90.1 via NetBSD pkgsrc
On 3/13/07 4:10 AM, Nigel Horne [EMAIL PROTECTED] wrote: On Tue, Mar 13, 2007 at 12:10:46AM -0400, Frank DeChellis wrote: Hi there, In case there is a NetBSD user out there... We are using NetBSD 1.6.2 and I¹m having trouble installing clamAV 0.90.1 All has worked fine until now. I have the latest pkg_install installed. Running ³make update² it does it¹s thing then ends with Unfortunately I don't have a machine running NetBSD1.6.2 in my compile farm; the closest I have is one running NetBSD2.0/x86, the latest SVN version of ClamAV builds fine there. Rather than using pkg_install, please download the source code from www.clamav.net, and try building that. Should that version also fail to build, please raise a bug report. Finally, you don't state which CPU you're running NetBSD on. Because of the highly portable nature of NetBSD, it is important to include that information. As an aside, please let me take this opportunity to remind users that before you consider emptying your old computer equipment into the local landfill, please contact me, there's a good chance I can make use of it within the ClamAV project. -Nigel I am using NetBSD on x86 . If NetBSD version was a problem I would think that this would have bitten me in the rear versions ago. I'll try to load it from the site. Thanks Frank DeChellis President, Internet Access Worldwide Welland, Ontario, Canada www.iaw.com Please consider supporting my walk in the Weekend to End Breast Cancer http://www.endcancer.ca/site/TR?pg=personalfr_id=1202px=1812643 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virustotal Clamav Engine Problem!!!
mr.dan.watson wrote: Hello There seems to be a problem with virustotal.com clamav scan engine. Did you send them an email registering your bewilderment? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Virustotal Clamav Engine Problem!!!
mr.dan.watson wrote: Hello There seems to be a problem with virustotal.com clamav scan engine. The engine we're using now is very old. The versions that theoretically could fix that problem doesn't fit well in the VirusTotal framework (for instance, it needs .NET for working). If we don't find something suitable in the next weeks, we'll disable that engine of the service. -- Regards, Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf: +34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID: EF618D2B | [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
