[Clamav-users] Clamav update problem
Hello, Which clamav file can change the below path ? ClamAV-autoupdate[27333]: ClamAV updater /usr/local/bin/freshclam cannot be run Thx ! - 無限電郵儲存量,你就無需再擔心收件箱儲存空間會否過量! 立即使用Yahoo! Mail ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Anyone solve the powerpoint issue yet?
kevin, that simply means, that the attachement, which you received with your server, had another encoding. ok, had you tried to reproduce this phenomena again, with the same attachement sent? it depends on the senders email-program, how those attached files get encoded for sending via internet. there're a dozen different encodings used over the net. mine liked to choke an octet-stream encoded attachements. can't say if base64 would cause trouble. i would like to test this, so if your file doesn't contain confidental data, please sent it to my email adress. i'll report back, if clamd goes to nirvana. oliver Am 30.07.2007 um 17:45 schrieb Kevin Windham: > > On Jul 30, 2007, at 10:24 AM, Oliver Schwarz wrote: > >> kevin, >> >> i ran into the same problem with clamd, but was able to dig a bit >> deeper and figuring out, that as soon as an attachement was encoded >> in octet-stream clamd would run nuts. the logs showed it crashed, but >> the process was still alive – just freaking out and using slowly all >> available cpu-cycles until nothing was left. the kernel process was >> getting a bit stressed and used around 30% (DC 1.66 here) and clamd >> the rest. >> >> please just look into your logs and report back, if these >> attachements were sent encoded in octet-stream. > > The attachments in the email were encoded in base64. I grep'd the > logs for amavis and didn't find anything that said octet, so I'm not > really sure if that answers the question or not. I also tried upping > the logging in clamd.conf, but the best I could get was pass/fail > messages. No additional details show up in the clam log. Maybe there > is some option I am missing. LogVerbose was set to yes. > > Kevin > ___ > Help us build a comprehensive ClamAV guide: visit http:// > wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Anyone solve the powerpoint issue yet?
On Jul 30, 2007, at 10:24 AM, Oliver Schwarz wrote: > kevin, > > i ran into the same problem with clamd, but was able to dig a bit > deeper and figuring out, that as soon as an attachement was encoded > in octet-stream clamd would run nuts. the logs showed it crashed, but > the process was still alive – just freaking out and using slowly all > available cpu-cycles until nothing was left. the kernel process was > getting a bit stressed and used around 30% (DC 1.66 here) and clamd > the rest. > > please just look into your logs and report back, if these > attachements were sent encoded in octet-stream. The attachments in the email were encoded in base64. I grep'd the logs for amavis and didn't find anything that said octet, so I'm not really sure if that answers the question or not. I also tried upping the logging in clamd.conf, but the best I could get was pass/fail messages. No additional details show up in the clam log. Maybe there is some option I am missing. LogVerbose was set to yes. Kevin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Anyone solve the powerpoint issue yet?
kevin, i ran into the same problem with clamd, but was able to dig a bit deeper and figuring out, that as soon as an attachement was encoded in octet-stream clamd would run nuts. the logs showed it crashed, but the process was still alive – just freaking out and using slowly all available cpu-cycles until nothing was left. the kernel process was getting a bit stressed and used around 30% (DC 1.66 here) and clamd the rest. please just look into your logs and report back, if these attachements were sent encoded in octet-stream. until then, greets, oliver Am 30.07.2007 um 17:04 schrieb Kevin Windham: > I was reading the archives and it seems that powerpoint files can > cause problems with clamd. I ended up disabling the OLE2 scanning due > to problems with powerpoint files, but has anyone looked into this > further and found a real solution? (I am using clamav 91.1 on an > intel Mac Mini.) > > I also notice that clamscan doesn't seem to have the same problem > clamd does, but I haven't looked into that further yet since I needed > to get my mail server up and running again. It may be a configuration > difference that I didn't notice. > > TIA, > Kevin > ___ > Help us build a comprehensive ClamAV guide: visit http:// > wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Anyone solve the powerpoint issue yet?
I was reading the archives and it seems that powerpoint files can cause problems with clamd. I ended up disabling the OLE2 scanning due to problems with powerpoint files, but has anyone looked into this further and found a real solution? (I am using clamav 91.1 on an intel Mac Mini.) I also notice that clamscan doesn't seem to have the same problem clamd does, but I haven't looked into that further yet since I needed to get my mail server up and running again. It may be a configuration difference that I didn't notice. TIA, Kevin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Error clamd
Hi Ronald, Really, the problem was wich SE policy.. On 7/27/07, Ronald Cole < [EMAIL PROTECTED]> wrote: > > Yup, there's a brain damaged SE policy for clamav in RHEL5, despite there > being no official clamav package in the distro. There also appears to be > some bugs in ClamAV as well, since running freshclam in daemon mode gets > SE > to complain about a daemon writing to it's controlling terminal (which a > daemon isn't supposed to do). I mentioned it here before during the -rc > releases of 0.91, but it didn't get fixed. > > Anyway, I'm working on a specfile that tries to adhere to what the SE > policy > expects, but there will have to be some localpolicy file to add to SE > until > I can browbeat the sepolicy package maintainer to fix their clamav policy. > > So, for now, I'd run CentOS in Permissive mode and if I were really > adventurous, I'd use one of the many methods described in various howto's > to > create your own localpolicy file to work around the SE problem. > > On 7/27/07, Daniel Bruno < [EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I am using clamd in CentOS 5, but now show this error message in the > > /var/log/messages: > > > > > > kernel: audit(1185543604.906 :8): avc: denied { search } for pid=2530 > > comm="clamd" name="kernel" dev=proc ino=-268435416 > > scontext=root:system_r:clamd_t:s0 > > tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir > > > > > > Thanks, > > Daniel Bruno > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > > http://lurker.clamav.net/list/clamav-users.html > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html