Re: [Clamav-users] clamdscan not finding virus
Andrew Watkins wrote: > Rick, > > What O/S are you running, since there was a problem with Solaris x86 and > the libclamav, but that has been fixed in the latest Development release. > >>> >> Well thanks to how ever fixed the definitions so that clamdscan now >> detects the infected file! >> >> Was there a reason clamdscan did not detect it and clamscan did ? >> Just a standard CentOS 4 on Intel with all the latest yum updates. ClamAV installed from source. Regards, Rick ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan not finding virus
Rick, What O/S are you running, since there was a problem with Solaris x86 and the libclamav, but that has been fixed in the latest Development release. Andrew > Rick Macdougall wrote: > >> To follow up, I extracted the zip file from the mail message using >> ripmime. clamdscan does NOT detect the virus but clamscan does. >> >> Can anyone point to what I may be doing wrong ? >> >> Latest ClamAV 0.92, with a basic config file (the full config was >> contained in my last message). >> >> [EMAIL PROTECTED] tmp]# clamdscan -V >> ClamAV 0.92/5639/Fri Feb 1 09:42:34 2008 >> >> >> Output of both clamdscan and clamscan follows. >> >> [EMAIL PROTECTED] tmp]# clamdscan screensaver.zip >> /tmp/screensaver.zip: OK >> >> --- SCAN SUMMARY --- >> Infected files: 0 >> Time: 0.018 sec (0 m 0 s) >> >> >> >> [EMAIL PROTECTED] tmp]# clamscan screensaver.zip >> screensaver.zip: Worm.SomeFool.P FOUND >> >> --- SCAN SUMMARY --- >> Known viruses: 218384 >> Engine version: 0.92 >> Scanned directories: 0 >> Scanned files: 1 >> Infected files: 1 >> Data scanned: 0.03 MB >> Time: 2.106 sec (0 m 2 s) >> >> > > Well thanks to how ever fixed the definitions so that clamdscan now > detects the infected file! > > Was there a reason clamdscan did not detect it and clamscan did ? > > Regards, > > Rick > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Snedmail clamav timeout before data read, where=mail
We have a similar log entry and we are compiled on 0.92, system uname: 2.6.9-67.EL #1 Fri Nov 16 12:34:13 EST 2007 i686 athlon i386 GNU/Linux. I believe it is the clamav-milter interface we started up over the weekend. Log entry is as follows: /var/log/maillog-Feb 3 15:13:09 sm-msp-queue[4467]: starting daemon (8.13.1): [EMAIL PROTECTED]:00:00 /var/log/maillog-Feb 3 15:13:13 sendmail[4480]: m13KDDSw004480: Milter (clamav): local socket name /var/run/clamav/clmilter.sock unsafe /var/log/maillog:Feb 3 15:13:13 sendmail[4480]: m13KDDSw004480: Milter (clamav): to error state /var/log/maillog-Feb 3 15:13:13 sendmail[4480]: m13KDDSw004480: dslb-088-073-242-021.pools.arcor-ip.net [88.73.242.21] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA No idea why .sock is created "unsafe". Directory attributes are as follows: drwx-- 2 clamav root 4096 Feb 3 15:15 /var/run/clamav srwxrwxrwx 1 clamav clamav0 Feb 3 15:10 clamd.sock srwxr-xr-x 1 clamav clamav0 Feb 3 15:15 clmilter.sock Scott Beane Török Edwin wrote: > Pawel Rutkowski wrote: > >>> Version of Sendmail? Version of ClamAV? Operating System? Which >>> milter are you using? Are there any other log entries? >>> >>> >>> >> ClamAV 0.88.7/5698 >> >> > > That version is ancient, please upgrade. > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > > / / ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Snedmail clamav timeout before data read, where=mail
Pawel Rutkowski wrote: >> Version of Sendmail? Version of ClamAV? Operating System? Which >> milter are you using? Are there any other log entries? >> >> > > ClamAV 0.88.7/5698 > That version is ancient, please upgrade. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Snedmail clamav timeout before data read, where=mail
> > Version of Sendmail? Version of ClamAV? Operating System? Which > milter are you using? Are there any other log entries? > ClamAV 0.88.7/5698 Fedora Core release 6 (Zod) sendmail-8.14.1 clamav-milter-0.88.7-4.fc6 No, theres no any more logs:( Pawel R. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Snedmail clamav timeout before data read, where=mail
On Feb 5, 2008 5:43 PM, Pawel Rutkowski <[EMAIL PROTECTED]> wrote: > Hello, > > Sometimes i have problem to send email from my sendmail. Ehlo command > ok, mail from: command hangup. > When kill all sendmail process and start again daemon work propertly. It is > possible to clamav problem ? Errors from sendmail logs below: Version of Sendmail? Version of ClamAV? Operating System? Which milter are you using? Are there any other log entries? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan not finding virus
Rick Macdougall wrote: > To follow up, I extracted the zip file from the mail message using > ripmime. clamdscan does NOT detect the virus but clamscan does. > > Can anyone point to what I may be doing wrong ? > > Latest ClamAV 0.92, with a basic config file (the full config was > contained in my last message). > > [EMAIL PROTECTED] tmp]# clamdscan -V > ClamAV 0.92/5639/Fri Feb 1 09:42:34 2008 > > > Output of both clamdscan and clamscan follows. > > [EMAIL PROTECTED] tmp]# clamdscan screensaver.zip > /tmp/screensaver.zip: OK > > --- SCAN SUMMARY --- > Infected files: 0 > Time: 0.018 sec (0 m 0 s) > > > > [EMAIL PROTECTED] tmp]# clamscan screensaver.zip > screensaver.zip: Worm.SomeFool.P FOUND > > --- SCAN SUMMARY --- > Known viruses: 218384 > Engine version: 0.92 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.03 MB > Time: 2.106 sec (0 m 2 s) > Well thanks to how ever fixed the definitions so that clamdscan now detects the infected file! Was there a reason clamdscan did not detect it and clamscan did ? Regards, Rick ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Sendmail clamav timeout before data read, where=mail
Hello, Sometimes i have problem to send email from my sendmail. Ehlo command ok, mail from: command hangup. When kill all sendmail process and start again daemon work propertly. It is possible to clamav problem or sendmail problem? Errors from sendmail logs below: Feb 2 13:21:55 host1 sendmail[21146]: m12CHpQb021146: Milter (clamav): to error state Feb 2 13:21:55 host1 sendmail[21146]: m12CHpQb021146: Milter (clamav): timeout before data read, where=mail Thanks Pawel R. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Snedmail clamav timeout before data read, where=mail
Hello, Sometimes i have problem to send email from my sendmail. Ehlo command ok, mail from: command hangup. When kill all sendmail process and start again daemon work propertly. It is possible to clamav problem ? Errors from sendmail logs below: Feb 2 13:21:55 host1 sendmail[21146]: m12CHpQb021146: Milter (clamav): to error state Feb 2 13:21:55 host1 sendmail[21146]: m12CHpQb021146: Milter (clamav): timeout before data read, where=mail Thanks Pawel R. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Find why clamd doesn't create pid and socket file, no error output, still need advice
> Clamav version is 0.90.1. ... > So when I restart clamd, clamd scan > email first, it took more than 20 minutes before it recreated pid and > socket file. I had similar problem with clamav 0.90 (OS Etch stable), after upgrade to 0.91 problem disappeared. H. -- Jan Hrdonka ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Find why clamd doesn't create pid and socket file, no error output, still need advice
Hi, Sorry for not remind my system configure. My Linux mail server is one two P3 1.1G 2G memory Dell server. Linux kernel is 2.6.16-2-686-smp. Clamav version is 0.90.1. I use Amanda as backup software. It takes 8-10 hours to backup my Email. When it backups, it use almost 100% system processing ability. So it cause an clamav couldn't scan email in time. The strange thing is that it cause socket file disappear. So when I restart clamd, clamd scan email first, it took more than 20 minutes before it recreated pid and socket file. I thought the clamd created pid and socket file first. So it take me long time to find why pid and socket file not create, because everything seems OK. I know why, but still need some advice on how to avoid the socket file lost. Need adjusting kernel parameters? Thanks. Regards, David ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Vote for ClamAV as favorite security tool - Linux Journal
Hi Everyone, ClamAV has been nominated as best security tool in Linux Journal's 2008 Readers Choice Awards.You can vote for ClamAV here: http://www.linuxjournal.com/node/1006101 - Question #21. The nominees were selected by a panel of readers and voting is open until February 14. The form doesn't require registration, simply an email address. Regards, Mike __ Mike Guiterman Director, Open Source Products Sourcefire, Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html