Re: [Clamav-users] No supported Database
On Wed, 16 Apr 2008 08:30:11 +0200 (CEST) [EMAIL PROTECTED] (Lanfranco Fabriani) wrote: > Is this necessary? In the years I never run freshclam before > restarting clamd and the software always ran very well. The server > of mine is a little mail server, so usually I try to switch off mimedefang > and sendmail less time as possible. Your virus database directory probably only includes main.inc and daily.inc and they're no longer supported. Please run freshclam (0.93) and remove all .inc directories. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Apr 16 09:56:50 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
On Wed, 16 Apr 2008 08:30:11 +0200 (CEST) [EMAIL PROTECTED] (Lanfranco Fabriani) wrote: > Mogens Kjaer wrote: > > > > Lanfranco Fabriani wrote: > > ... > > > clamd stop > > > make uninstall 0.92.1 > > > make install 0.93 > > > ldconfig > > > clamd restart > > > > I would run freshclam before starting clamd. > > > Is this necessary? In the years I never run freshclam before > restarting clamd and the software always ran very well. The server > of mine is a little mail server, so usually I try to switch off mimedefang > and sendmail less time as possible. The main.inc and daily.inc directories are no longer used, and the databases have changed format. That's the reason for this advice as if you run clamd without having updated you will get complaints from clamd as it can't use the old databases. > > And today I found some upgrade notes that yesterday in the morning, when I > download the package, there was not there. The upgrade notes were there on Monday on Sourceforge, well before the Clamav home pages were updated. -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam / sigtool problems
Hello *, my "freshclam.conf" contains OnUpdateExecute /usr/ClamAV/bin/freshclam.mail and the refenced "/usr/ClamAV/bin/freshclam.mail" reads | #!/bin/sh | | cd /usr/ClamAV/data | DIFF="/tmp/clamav-signatures.$$" ; /bin/rm -f $DIFF | | MAIL="[EMAIL PROTECTED]" | | /bin/mv signatures signatures.old | /usr/bin/host -t txt current.cvd.clamav.net > signatures | /usr/ClamAV/bin/sigtool --list-sigs | sort >> signatures | | /usr/bin/diff signatures.old signatures > $DIFF | | if [ -s "$DIFF" ] | then | /usr/bin/Mail -s "ClamAV signatures updated" $MAIL < $DIFF | fi | | /bin/rm -f $DIFF | | exit This gave me a list of added signatures in the past. After switching to clamav-0.93 the output only shows | 1c1 | < current.cvd.clamav.net descriptive text "0.93:46:6792:1208312590:1" | --- | > current.cvd.clamav.net descriptive text "0.93:46:6793:1208318674:1" Why this? Is sigtool broken? Is my procedure broken in respect to version 0.93? >From the log freshclam obviously does the job, but ... --Frank Elsner ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam / sigtool problems
Frank Elsner wrote: > Why this? Is sigtool broken? Is my procedure broken in respect to version > 0.93? > From the log freshclam obviously does the job, but ... > Please try the patch from here: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=938 Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] [EMAIL PROTECTED]: Cron <[EMAIL PROTECTED]> /usr/contrib/bin/freshclam]
- Forwarded message from Cron Daemon <[EMAIL PROTECTED]> - X-NetKnow-InComing-4694-2-MailScanner-Watermark: [EMAIL PROTECTED] X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org Date: Tue, 15 Apr 2008 16:48:03 -0600 (MDT) From: Cron Daemon <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-NetKnow-InComing-4694-2-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m3FMm9on019871 X-NetKnow-InComing-4694-2-MailScanner: Found to be clean X-NetKnow-InComing-4694-2-MailScanner-From: [EMAIL PROTECTED] Subject: Cron <[EMAIL PROTECTED]> /usr/contrib/bin/freshclam X-Spam-Status: No ClamAV update process started at Tue Apr 15 16:48:02 2008 main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven) LibClamAV debug: in cli_untgz() LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/COPYING LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.cfg LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.ftm LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.info LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.db LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.hdb LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.hdu LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.mdb LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.mdu LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.ndb LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.ndu LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.zmd LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.fp LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.pdb LibClamAV debug: cli_untgz: Unpacking ./clamav-368a681974f155386d17fe602ea96166/daily.wdb WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 24.215.0.24) WARNING: getpatch: Can't download daily-6689.cdiff from db.ca.clamav.net WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 24.215.0.24) WARNING: getpatch: Can't download daily-6689.cdiff from db.ca.clamav.net WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 24.215.0.24) WARNING: getpatch: Can't download daily-6689.cdiff from db.ca.clamav.net WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 24.215.0.24) WARNING: getpatch: Can't download daily-6689.cdiff from db.ca.clamav.net WARNING: getfile: daily-6689.cdiff not found on remote server (IP: 24.215.0.24) WARNING: getpatch: Can't download daily-6689.cdiff from db.ca.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Illegal instruction -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - End forwarded message - Right was this to be expected? Also clamav-milter runs around 90-% CPU when a top is used to verify operations. What is going on? Please fix. Using BSD/OS 4.3.1 . -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Tomasz Kojm wrote: > On Wed, 16 Apr 2008 08:30:11 +0200 (CEST) > [EMAIL PROTECTED] (Lanfranco Fabriani) wrote: > >> Is this necessary? In the years I never run freshclam before >> restarting clamd and the software always ran very well. The server >> of mine is a little mail server, so usually I try to switch off mimedefang >> and sendmail less time as possible. > > Your virus database directory probably only includes main.inc and daily.inc > and they're no longer supported. Please run freshclam (0.93) and remove > all .inc directories. > So I currently have a main.cvd and a daily.cld, both files. Is this what 0.93 uses or will main.cvd be swapped out with a cld container at some point? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-0.93 error
George R. Kasica wrote: >> George R. Kasica wrote: >> We have the same issue. I'd take a guess that it's because we're running zlib-1.2.1.2-1.2 which is the latest offered by RHEL 4. >>> Ditto error here with zlib 1.2.3 and I've made sure there are no >>> duplicate zlibs out here: >>> >>> the only one out here is /usr/local/lib/libz.a >>> >>> >>> >> Read my next e-mail. We also had v1.2.3 version of /usr/local/lib/libz.a >> and got the same error. In /usr/lib we have the old rhel 4 version (I >> don't think that matters for this issue). I added the shared version of >> v1.2.3 (run configure -s if you have zlib source) to /usr/local/lib and >> all now works fine. >> > Tried that here with no success :( > Did you run "make clean" followed by "./configure" and then running make? -- Roberto Ullfig - [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam / sigtool problems
On Wed, 16 Apr 2008 15:08:41 +0300 Török Edwin wrote: > Frank Elsner wrote: > > Why this? Is sigtool broken? Is my procedure broken in respect to version > > 0.93? > > From the log freshclam obviously does the job, but ... > > > > Please try the patch from here: > https://wwws.clamav.net/bugzilla/show_bug.cgi?id=938 Thanks, this patch fixed my problem. --Frank Elsner ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dennis Peterson wrote: | So I currently have a main.cvd and a daily.cld, both files. Is this what | 0.93 uses or will main.cvd be swapped out with a cld container at some | point? | | dp Yes, when there is finally an update to main.cvd... I believe there is also a way to force the update with freshclam. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgGArwACgkQkNLDmnu1kSlGdwCeOeQQiZuu47pDxmRm5spsIb6+ BvsAn2NELkwdlxOF6MaWS35Y28PnNhAY =LdDX -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Dennis Peterson wrote: > So I currently have a main.cvd and a daily.cld, both files. Is this what > 0.93 uses or will main.cvd be swapped out with a cld container at some > point? And might someone explain what this change is about, how it improves performance or whatever? I had assumed that the change to using .inc directories allowed various different signatures to be held in separate files, so how does the .cld format differ from that? Is it purely a container format with a wrapper around the different signature databases that indexes them? I'm just interested in the reasons for this and have not been following the devel list or process. -- Brian ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
On Wed, 16 Apr 2008 14:49:59 +0100 Brian Morrison <[EMAIL PROTECTED]> wrote: > And might someone explain what this change is about, how it improves > performance or whatever? I had assumed that the change to using .inc > directories allowed various different signatures to be held in separate > files, This was already allowed with .cvd files. The .inc directories were introduced to handle incremental/scripted updates but we decided to drop them due to various issues with advisory locks (eg. possible clamd terminations in case freshclam got locked up and failed to update the database and release the db lock). The .cld files have a very same structure as .cvd however they're not digitally signed (they're created by freshclam using digitally signed .cdiff files) and can be stored uncompressed (this a default behaviour) to make their loading faster. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Apr 16 16:08:30 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Brian Morrison wrote: > Dennis Peterson wrote: > >> So I currently have a main.cvd and a daily.cld, both files. Is this what >> 0.93 uses or will main.cvd be swapped out with a cld container at some >> point? > > And might someone explain what this change is about, how it improves > performance or whatever? I had assumed that the change to using .inc > directories allowed various different signatures to be held in separate > files, so how does the .cld format differ from that? Is it purely a > container format with a wrapper around the different signature databases > that indexes them? > > I'm just interested in the reasons for this and have not been following > the devel list or process. > The cld file is a container format (like but not tar or rar). That would imply it is possible for freshclam to dl any of the parts of it on a signature update without having to dl the entire file. It's an evolution of the .inc directory. In the case of my systems, one has a main.cvd and the other has a main.cld file. Both systems started off with empty datbase directories following the new install. I'm curious why they're different. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Tomasz Kojm wrote: > On Wed, 16 Apr 2008 14:49:59 +0100 > Brian Morrison <[EMAIL PROTECTED]> wrote: > >> And might someone explain what this change is about, how it improves >> performance or whatever? I had assumed that the change to using .inc >> directories allowed various different signatures to be held in separate >> files, > > This was already allowed with .cvd files. The .inc directories were introduced > to handle incremental/scripted updates but we decided to drop them due to > various issues with advisory locks (eg. possible clamd terminations in case > freshclam got locked up and failed to update the database and release the db > lock). The .cld files have a very same structure as .cvd however they're not > digitally signed (they're created by freshclam using digitally signed .cdiff > files) > and can be stored uncompressed (this a default behaviour) to make their > loading faster. > OK, thanks for that. Does the unsigned .cld file mean that an attack vector could be to edit the .cld file and thus corrupt it? I can see that the cdiff signing protects the path between the database servers and freshclam, but that protection is not available once on an end-user system. -- Brian ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
On Wed, 16 Apr 2008 16:38:05 +0100 Brian Morrison <[EMAIL PROTECTED]> wrote: > Does the unsigned .cld file mean that an attack vector could be to edit > the .cld file and thus corrupt it? I can see that the cdiff signing > protects the path between the database servers and freshclam, but that > protection is not available once on an end-user system. freshclam makes sure that everything it downloads and installs comes from trusted sources. But if someone takes control over your database directory, then he do any kind of harm (remove or replace the entire database, add new signatures, etc.) -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Apr 16 18:13:22 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Can clamav-milter quarantine ALL messages?
I need to temporarily quarantine all messages from a particular IP address. I have written a custom virus signature before but it will not trap what I need. I am getting messages looping that have no From address (they show up in maillog as: <"">... User address required I am working with the developers of the sending application to correct this but I want to give them all the info I can. Can I either(thru sendmail, clamav, or clamav-milter): Quarantine all messages from a particular IP ? Have a milter wait for that line in the maillog (<"">... User address required) and trap it based on that. Or quarantine on no From Field? I am hoping I can do this with what I currently have (i.e.. Modify an exisitng config file or such) I don't want to install additional software, milters etc.. Since this is only temporary and I have a solid working build right now. Thanks in advance Rich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Tomasz Kojm wrote: > On Wed, 16 Apr 2008 16:38:05 +0100 > Brian Morrison <[EMAIL PROTECTED]> wrote: > >> Does the unsigned .cld file mean that an attack vector could be to edit >> the .cld file and thus corrupt it? I can see that the cdiff signing >> protects the path between the database servers and freshclam, but that >> protection is not available once on an end-user system. > > freshclam makes sure that everything it downloads and installs comes from > trusted sources. But if someone takes control over your database directory, > then he do any kind of harm (remove or replace the entire database, add new > signatures, etc.) > Yes, I realise that. I run clamd under user clamav, hence it's probably easier to access /var/lib/clamav/* than it would be if owned by root. Is the overhead of expanding a compressed signed database really that high? I imagine that most of the signatures are held in memory and you only need to read from disk at startup and when freshclam notifies clamd of updated signatures. On a very busy server I can see it might cause a problem, but on less loaded systems it could be acceptable. -- Brian ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Brian Morrison wrote: > Tomasz Kojm wrote: >> On Wed, 16 Apr 2008 16:38:05 +0100 >> Brian Morrison <[EMAIL PROTECTED]> wrote: >> >>> Does the unsigned .cld file mean that an attack vector could be to edit >>> the .cld file and thus corrupt it? I can see that the cdiff signing >>> protects the path between the database servers and freshclam, but that >>> protection is not available once on an end-user system. >> freshclam makes sure that everything it downloads and installs comes from >> trusted sources. But if someone takes control over your database directory, >> then he do any kind of harm (remove or replace the entire database, add new >> signatures, etc.) >> > > Yes, I realise that. I run clamd under user clamav, hence it's probably > easier to access /var/lib/clamav/* than it would be if owned by root. Why would that be? It is no more work to crack the root account than any other account. Nor any less. Hopefully too your clamav account has no shell defined. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Can clamav-milter quarantine ALL messages?
I need to temporarily quarantine all messages from a particular IP address. I have written a custom virus signature before but it will not trap what I need. I am getting messages looping that have no From address (they show up in maillog as: <"">... User address required I am working with the developers of the sending application to correct this but I want to give them all the info I can. Can I either(thru sendmail, clamav, or clamav-milter): Quarantine all messages from a particular IP ? Have a milter wait for that line in the maillog (<"">... User address required) and trap it based on that. Or quarantine on no From Field? I am hoping I can do this with what I currently have (i.e.. Modify an existing config file or such) I don't want to install additional software, milters etc.. Since this is only temporary and I have a solid working build right now. Thanks in advance Rich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Dennis Peterson wrote: >> Yes, I realise that. I run clamd under user clamav, hence it's probably >> easier to access /var/lib/clamav/* than it would be if owned by root. > > Why would that be? It is no more work to crack the root account than any > other account. Nor any less. Hopefully too your clamav account has no > shell defined. Indeed not. A local exploit is one thing, a local root exploit quite another. Now of course it's more dangerous to run clamav as root, but for limiting write access to the databases it would be better to have ownership as root. Might not be worth it on balance, but I'm merely asking to see what the developers' thought processes were rather than saying for sure what would be better path to follow. -- Brian ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
On Wed, 16 Apr 2008 17:28:58 +0100 Brian Morrison <[EMAIL PROTECTED]> wrote: > Yes, I realise that. I run clamd under user clamav, hence it's probably > easier to access /var/lib/clamav/* than it would be if owned by root. Only freshclam needs a write access to the database directory so you can setup a separate group for freshclam and only grant read permissions for clamd and clamscan. > Is the overhead of expanding a compressed signed database really that > high? I imagine that most of the signatures are held in memory and you > only need to read from disk at startup and when freshclam notifies clamd > of updated signatures. On a very busy server I can see it might cause a > problem, but on less loaded systems it could be acceptable. In practice it only makes a difference to clamscan and not clamd. If you're only using clamd or just want to save some disk space then just switch on "CompressLocalDatabase" in freshclam.conf. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Apr 16 18:44:13 CEST 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Brian Morrison wrote: > Dennis Peterson wrote: > >>> Yes, I realise that. I run clamd under user clamav, hence it's probably >>> easier to access /var/lib/clamav/* than it would be if owned by root. >> Why would that be? It is no more work to crack the root account than any >> other account. Nor any less. Hopefully too your clamav account has no >> shell defined. > > Indeed not. > > A local exploit is one thing, a local root exploit quite another. Now of > course it's more dangerous to run clamav as root, but for limiting write > access to the databases it would be better to have ownership as root. > Might not be worth it on balance, but I'm merely asking to see what the > developers' thought processes were rather than saying for sure what > would be better path to follow. > There is no reason you can't set the working db file permissions as root:clamav 755. If you don't have freshclam drop the signatures into the same directory that clamd/clamscan expect to find them you can do anything you like with them after they're downloded. It just requires a simple external process to put the properly permissioned working copies where they need to be. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Upgrade ClamAV
So it appears my installed version is too old to update the database and I need to upgrade from 0.90.3 to the latest version. I don't know who or how this version of clamav was installed on this rhel4.6 es server but I downloaded the tarball since clamav is not a supported rpm available from Redhat. Now my question is what should I do to get this version upgraded? Do I need to completely remove the old version and install the 0.93 version from scratch (which I assume would break mail delivery since clamav is tied into amavisd-new) or is there something I am not seeing here? If you guys have any suggestions for me that would help me get the latest version of clamav on this system w/o breaking it, I would be most grateful! [EMAIL PROTECTED] /]# locate clamav /var/clamav /var/clamav/clamav-17269258ecc6fd84 /var/clamav/daily.cvd.rpmnew /var/clamav/daily.cvd /var/clamav/daily.inc /var/clamav/daily.inc/daily.ndu /var/clamav/daily.inc/daily.hdb /var/clamav/daily.inc/daily.wdb /var/clamav/daily.inc/daily.hdu /var/clamav/daily.inc/daily.mdb /var/clamav/daily.inc/daily.mdu /var/clamav/daily.inc/daily.pdb /var/clamav/daily.inc/daily.db /var/clamav/daily.inc/daily.fp /var/clamav/daily.inc/daily.ndb /var/clamav/daily.inc/daily.ftm /var/clamav/daily.inc/daily.cfg /var/clamav/daily.inc/daily.zmd /var/clamav/daily.inc/COPYING /var/clamav/daily.inc/daily.info /var/clamav/clamav-6b05cd80e2c97719 /var/clamav/main.inc /var/clamav/main.inc/main.hdb /var/clamav/main.inc/main.db /var/clamav/main.inc/main.mdb /var/clamav/main.inc/main.zmd /var/clamav/main.inc/main.ndb /var/clamav/main.inc/main.fp /var/clamav/main.inc/main.info /var/clamav/main.inc/COPYING /var/clamav/main.cvd.rpmnew /var/clamav/mirrors.dat /var/clamav/main.cvd.rpmsave /var/log/clamav /var/log/clamav/freshclam.log.2 /var/log/clamav/clamd.log.1.gz /var/log/clamav/clamd.log.3 /var/log/clamav/freshclam.log.3.gz /var/log/clamav/freshclam.log.2.gz /var/log/clamav/clamd.log.3.gz /var/log/clamav/freshclam.log.3 /var/log/clamav/freshclam.log /var/log/clamav/clamd.log.2 /var/log/clamav/clamd.log.4.gz /var/log/clamav/clamd.log /var/log/clamav/freshclam.log.4.gz /var/log/clamav/freshclam.log.1.gz /var/log/clamav/clamd.log.2.gz /var/cache/yum/rpmforge/headers/clamav-0.88.7-1.el4.rf.i386.hdr /var/cache/yum/rpmforge/headers/clamav-db-0.88.7-1.el4.rf.i386.hdr /var/cache/yum/rpmforge/headers/clamav-0.90.3-1.el4.rf.i386.hdr /var/cache/yum/rpmforge/headers/clamav-db-0.90.3-1.el4.rf.i386.hdr /var/cache/yum/rpmforge/packages/clamav-db-0.88.7-1.el4.rf.i386.rpm /var/cache/yum/rpmforge/packages/clamav-db-0.90.3-1.el4.rf.i386.rpm /var/cache/yum/rpmforge/packages/clamav-0.88.7-1.el4.rf.i386.rpm /var/cache/yum/rpmforge/packages/clamav-0.90.3-1.el4.rf.i386.rpm /var/run/clamav /var/run/clamav/clamd.sock /var/run/clamav/clamd.pid /var/spool/up2date/clamav-0.88.7-1.el4.rf.i386.hdr /var/spool/up2date/clamav-db-0.88.7-1.el4.rf.i386.hdr /var/spool/up2date/clamav-milter-0.88.7-1.el4.rf.i386.hdr /var/spool/up2date/clamav-devel-0.88.7-1.el4.rf.i386.hdr /usr/lib/libclamav.so.2.0.3 /usr/lib/libclamav.so.2 /usr/share/doc/clamav-0.90.3 /usr/share/doc/clamav-0.90.3/clamdoc.pdf /usr/share/doc/clamav-0.90.3/FAQ /usr/share/doc/clamav-0.90.3/AUTHORS /usr/share/doc/clamav-0.90.3/test /usr/share/doc/clamav-0.90.3/test/clam.zip /usr/share/doc/clamav-0.90.3/test/clam.exe.bz2 /usr/share/doc/clamav-0.90.3/test/clam-v3.rar /usr/share/doc/clamav-0.90.3/test/libclamav /usr/share/doc/clamav-0.90.3/test/libclamav/libclamav.c /usr/share/doc/clamav-0.90.3/test/clam.exe /usr/share/doc/clamav-0.90.3/test/mbox /usr/share/doc/clamav-0.90.3/test/mbox/debugm.c /usr/share/doc/clamav-0.90.3/test/clam-v2.rar /usr/share/doc/clamav-0.90.3/test/clam.cab /usr/share/doc/clamav-0.90.3/test/README /usr/share/doc/clamav-0.90.3/COPYING /usr/share/doc/clamav-0.90.3/ChangeLog /usr/share/doc/clamav-0.90.3/freshclam.conf /usr/share/doc/clamav-0.90.3/clamav-mirror-howto.pdf /usr/share/doc/clamav-0.90.3/NEWS /usr/share/doc/clamav-0.90.3/BUGS /usr/share/doc/clamav-0.90.3/signatures.pdf /usr/share/doc/clamav-0.90.3/README /usr/share/doc/clamav-0.90.3/INSTALL /etc/log.d/conf/services/clamav-milter.conf /etc/log.d/conf/services/clamav.conf /etc/log.d/scripts/services/clamav /etc/log.d/scripts/services/clamav-milter /etc/logrotate.d/clamav ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] FreeBSD 4.11 and ports
People who may have problems compiling ClamAV 0.93 with the FreeBSD
ports on 4.11 may need to patch the port Makefile as I had to. I am
not sure if it affects other FreeBSD versions or not, I didn't try it.
--- Makefile.orig Wed Apr 16 10:59:51 2008
+++ MakefileWed Apr 16 11:37:41 2008
@@ -108,7 +108,7 @@
.if ${OSVERSION} >= 601000
PTHREAD_LIBS= -lthr
.else
-PTHREAD_LIBS= -lpthread
+PTHREAD_LIBS= -pthread
.endif
.if defined(WITH_ARC)
Steven
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
Carlos Williams wrote: > So it appears my installed version is too old to update the database and > I need to upgrade from 0.90.3 to the latest version. I don't know who or > how this version of clamav was installed on this rhel4.6 es server but I > downloaded the tarball since clamav is not a supported rpm available > from Redhat. Now my question is what should I do to get this version > upgraded? Do I need to completely remove the old version and install the > 0.93 version from scratch (which I assume would break mail delivery > since clamav is tied into amavisd-new) or is there something I am not > seeing here? > > If you guys have any suggestions for me that would help me get the > latest version of clamav on this system w/o breaking it, I would be most > grateful! It looks like earlier versions were installed as RPM packages from rpmforge using yum, not the RH repository. Have you tried using yum to see if the current version is availble? A couple things to run before too long: rpm -qa |grep clam clamconf Capture the outputs to files because you'll probably need them. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
Dennis Peterson wrote: > It looks like earlier versions were installed as RPM packages from > rpmforge using yum, not the RH repository. Have you tried using yum to > see if the current version is availble? > I had no idea YUM was even installed on this server. I thought YUM was only available on RHEL5 but I guess I could have looked at the content I added in my initial request for help. > A couple things to run before too long: > > rpm -qa |grep clam > > clamconf > > Capture the outputs to files because you'll probably need them. > Doing this now before I run yum update. > dp > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
Carlos Williams wrote: > Dennis Peterson wrote: > > It looks like earlier versions were installed as RPM packages from >> rpmforge using yum, not the RH repository. Have you tried using yum to >> see if the current version is availble? >> > I had no idea YUM was even installed on this server. I thought YUM was > only available on RHEL5 It's the way RH4 ships but someone has added yum later. That's probably a good thing. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
Dennis Peterson wrote: > It looks like earlier versions were installed as RPM packages from > rpmforge using yum, not the RH repository. Have you tried using yum to > see if the current version is availble? I am getting the following error when running "yum update" --> Processing Dependency: libclamunrar_iface.so.3 for package: clamav --> Finished Dependency Resolution Error: Missing Dependency: libclamunrar_iface.so.3 is needed by package clamav Any way to resolve this? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
Carlos Williams wrote: > Dennis Peterson wrote: >> It looks like earlier versions were installed as RPM packages from >> rpmforge using yum, not the RH repository. Have you tried using yum to >> see if the current version is availble? > I am getting the following error when running "yum update" > > --> Processing Dependency: libclamunrar_iface.so.3 for package: clamav > --> Finished Dependency Resolution > Error: Missing Dependency: libclamunrar_iface.so.3 is needed by package > clamav > > Any way to resolve this? This was discussed on the list the last couple of day - check the archives to see what is suggested. Google this: libclamunrar_iface.so.3 site:clamav.net dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
Dennis Peterson wrote: > This was discussed on the list the last couple of day - check the > archives to see what is suggested. Google this: > > libclamunrar_iface.so.3 site:clamav.net > I searched Google and could not find anything that was obvious to resolving this dep. issue. When I go to search the archives manually, I went to http://lurker.clamav.net/list/clamav-users.html and I get a blank page for some reason. I am not trying to seem lazy but I am having trouble looking for this previous conversation and just joined the list so my apologies... ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd seg faulting (ver 0.93)
Lyle Giese wrote: > Looks like we are having an intermitant problem with 0.93 > > I built it from source on a SuSE 10.2(64bit), 2.6.18.2-34-default #1 SMP > kernel on an AMD Athlon 64 processor. I compiled with no configure options. > > About 3 or 4 times since I updated on the 14th, I am getting where > clamdmon.sh is finding clamd gone. Clamd appears to reload just fine. > Syslog is showing: > > 10:39:55 mail3b kernet: clamd[27252]: segfault at 53a053595 rip > 2ade949bbee5 rsp 42803fe0 error 4 > > However I run freshclam from cron at 10:38. I need to watch this a bit > for a while, but is it possible that freshclam is changing out the > clamav database at the same time clamd is trying to reload it and > causing clamd to crash? > > I will monitor this closely and see if there is a correlation between > the two events going forward and report back on same. Please try to capture a backtrace, follow the instructions from here on how to do that with gdb (but apply it on clamd instead of clamscan): http://www.clamav.org/bugs/ Please use the bugzilla for reporting the bug. Thanks, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FreeBSD 4.11 and ports
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| People who may have problems compiling ClamAV 0.93 with the FreeBSD
| ports on 4.11 may need to patch the port Makefile as I had to. I am
| not sure if it affects other FreeBSD versions or not, I didn't try it.
|
| --- Makefile.orig Wed Apr 16 10:59:51 2008
| +++ MakefileWed Apr 16 11:37:41 2008
| @@ -108,7 +108,7 @@
| .if ${OSVERSION} >= 601000
| PTHREAD_LIBS= -lthr
| .else
| -PTHREAD_LIBS= -lpthread
| +PTHREAD_LIBS= -pthread
| .endif
|
| .if defined(WITH_ARC)
|
| Steven
Steven,
The -pthread should only be needed on IBM RS/6000 and PowerPC platforms.
SPARC has their own option and everyone else should follow into the -l
category.
Directly from the gcc man page...
~ -l library
~ Search the library named library when linking. (The second
alter-
~ native with the library as a separate argument is only for POSIX
~ compliance and is not recommended.)
~ It makes a difference where in the command you write this
option;
~ the linker searches and processes libraries and object files
in the
~ order they are specified. Thus, foo.o -lz bar.o searches
library z
~ after file foo.o but before bar.o. If bar.o refers to
functions in
~ z, those functions may not be loaded.
~ The linker searches a standard list of directories for the
library,
~ which is actually a file named liblibrary.a. The linker
then uses
~ this file as if it had been specified precisely by name.
~ The directories searched include several standard system
directo-
~ ries plus any that you specify with -L.
~ Normally the files found this way are library
files---archive files
~ whose members are object files. The linker handles an
archive file
~ by scanning through it for members which define symbols that
have
~ so far been referenced but not defined. But if the file that is
~ found is an ordinary object file, it is linked in the usual
fash-
~ ion. The only difference between using an -l option and
specifying
~ a file name is that -l surrounds library with lib and .a and
~ searches several directories.
~ SPARC Options
~-
~ -pthreads
~ Add support for multithreading using the POSIX threads library.
~ This option sets flags for both the preprocessor and
linker. This
~ option does not affect the thread safety of object code produced
~ by the compiler or that of libraries supplied with it.
~ IBM RS/6000 and PowerPC Options
~-
~ -pthread
~ Adds support for multithreading with the pthreads library. This
~ option sets flags for both the preprocessor and linker.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgGRcEACgkQkNLDmnu1kSn98gCeJdfvKcH3HtWsxj7vinM/RKkY
8/gAnjGwXMm0XO6fgcch/kiuY1UGNaJF
=vVyt
-END PGP SIGNATURE-
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] WARNING: Suspicious recipient address blocked
Quoting John Rudd <[EMAIL PROTECTED]>: > Tilman Schmidt wrote: > >> So why am I dissecting that list like this? Just to show that blocking >> or not blocking certain unusal characters in mail addresses is indeed a >> policy decision which should not be forced by a piece of software, but at >> most offered as a configurable option. > > Absolutely agree. I disagree in this case (read on). > It is not ClamAV's place to make policy decisions for > me. And ClamAV does not. The milter is. And the milter is designed to work with sendmail. And if leaving this enabled by default produces an exploitable sendmail, then it is wrong. I'm not saying it can't be configurable, but whether it is or not, it must be disabled by default, IIF it is known to make sendmail or the milter itself exploitable. > It is ClamAV's place to match email messages to signatures. Yes, but this is _not_ the function of the milter, it is the function of ClamAV, and ClamAV is not the thing causing the issue, the milter is. > It is > up to me what to do with messages that match signatures. Correct, and not of any concern to the actual discussion, despite the fact that some people believe it is. > At most, it > should offer me policy options, but only _options_. You would rather it allows you to become exploitable? I wouldn't... IMHO, the proper thing to do is to document this in the milter docs. Whether it becomes a configurable option or not, it should certainly be documented that the default is to block such addresses. BUT, the point of my email is ClamAV is an anti-virus program, its jobs is to match patterns and report the match. clamav-milter is a separate program, a milter for sendmail. A milter is by definition a filter. It's job IS to filter (see: https://www.sendmail.org/milter/), even though many people use them in a non-filtering way... Don't confuse the two programs, or their functions. It would be irresponsible for a milter to knowingly allow a security hole by default. Protecting against such a hole is the only reasonable thing to do. How to best protect that hole is still a subject of debate. -- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carlos Williams wrote: | I searched Google and could not find anything that was obvious to | resolving this dep. issue. | | When I go to search the archives manually, I went to | http://lurker.clamav.net/list/clamav-users.html and I get a blank page | for some reason. I am not trying to seem lazy but I am having trouble | looking for this previous conversation and just joined the list so my | apologies... Carlos, Report the problem to the package maintainer. If you built the package yourself, then uninstall the previous version BEFORE you rebuild the packages. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgGRwEACgkQkNLDmnu1kSlCmQCfQRCf0r2CObeQ0SYgXiYEKBH1 PKUAn1CUQQ8RaTcj8U+347NKJEai2Qw6 =jTK+ -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd seg faulting (ver 0.93)
Looks like we are having an intermitant problem with 0.93 I built it from source on a SuSE 10.2(64bit), 2.6.18.2-34-default #1 SMP kernel on an AMD Athlon 64 processor. I compiled with no configure options. About 3 or 4 times since I updated on the 14th, I am getting where clamdmon.sh is finding clamd gone. Clamd appears to reload just fine. Syslog is showing: 10:39:55 mail3b kernet: clamd[27252]: segfault at 53a053595 rip 2ade949bbee5 rsp 42803fe0 error 4 However I run freshclam from cron at 10:38. I need to watch this a bit for a while, but is it possible that freshclam is changing out the clamav database at the same time clamd is trying to reload it and causing clamd to crash? I will monitor this closely and see if there is a correlation between the two events going forward and report back on same. Thanks, Lyle Giese LCR Computer Services, Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FreeBSD 4.11 and ports
James Kosin wrote: > ~ SPARC Options > ~- > ~ -pthreads > ~ Add support for multithreading using the POSIX threads library. > ~ This option sets flags for both the preprocessor and > linker. This > ~ option does not affect the thread safety of object code produced > ~ by the compiler or that of libraries supplied with it. > > ~ IBM RS/6000 and PowerPC Options > ~- > ~ -pthread > ~ Adds support for multithreading with the pthreads library. This > ~ option sets flags for both the preprocessor and linker. > If I leave it lpthread here is what I get: configure: error: C compiler cannot create executables See `config.log' for more details. ===> Script "configure" failed unexpectedly. Please report the problem to [EMAIL PROTECTED] [maintainer] and attach the "/usr/ports/security/clamav/work/clamav-0.93/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system (e.g. an `ls In the config.log: configure:3491: gcc34 -O -pipe -I/usr/local/include-L/usr/local/lib -lpthread conftest.c >&5 /usr/libexec/elf/ld: cannot find -lpthread collect2: ld returned 1 exit status I found that either using pthread or removing the .else PTHREAD_LIBS check in the Makefile made things work. If the check for PTHREAD_LIBS is removed it uses pthread by default. Steven ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
On Wed, 16 Apr 2008 14:21:17 -0400, Carlos Williams <[EMAIL PROTECTED]> wrote: > >Dennis Peterson wrote: > >> This was discussed on the list the last couple of day - check the >> archives to see what is suggested. Google this: >> >> libclamunrar_iface.so.3 site:clamav.net >> > >I searched Google and could not find anything that was obvious to >resolving this dep. issue. > Similar problems here on CentOS 4.6/64 bit. I did find some info on Google suggesting moving the libclamunrar stuff and then running yum. Tried that on a spare box with no improvement, still failed the deps. http://www.gossamer-threads.com/lists/clamav/users/37775?page=last There's a few similar links but none of the suggested solutions worked. I'll probably give it a couple of days and if it doesn't resolve I'll do a manual build. Nigel ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FreeBSD 4.11 and ports
James Kosin wrote: > > The -pthread should only be needed on IBM RS/6000 and PowerPC platforms. > SPARC has their own option and everyone else should follow into the -l > category. > I suppose I should clarify the architecture. This was done on an x86. Steven ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FreeBSD 4.11 and ports
[EMAIL PROTECTED] wrote: > James Kosin wrote: > > >> The -pthread should only be needed on IBM RS/6000 and PowerPC platforms. >> SPARC has their own option and everyone else should follow into the -l >> category. >> >> > > I suppose I should clarify the architecture. This was done on an x86. > Manpages indicate to use -pthread to link. Linux: man pthreads Compiling on Linux On Linux, programs that use the Pthreads API should be compiled using cc -pthread FreeBSD: http://www.freebsd.org/cgi/man.cgi?query=pthread&apropos=0&sektion=0&manpath=FreeBSD+4.11-RELEASE&format=html A FreeBSD specific option has been added to gcc to make linking threaded processes simple. gcc -pthread links a threaded process against libc_r INSTEAD OF libc. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FreeBSD 4.11 and ports
On Apr 16, 2008, at 12:31 PM, Török Edwin wrote: > Manpages indicate to use -pthread to link. > Linux: man pthreads > Compiling on Linux > On Linux, programs that use the Pthreads API should be compiled > using cc -pthread > > FreeBSD: > http://www.freebsd.org/cgi/man.cgi?query=pthread&apropos=0&sektion=0&manpath=FreeBSD+4.11-RELEASE&format=html > > A FreeBSD specific option has been added to gcc to make linking > threaded > processes simple. gcc -pthread links a threaded process against > libc_r > INSTEAD OF libc. Historically, enabling POSIX threads required more than just linking to a libpthread.a/.so library. It could need a preprocessor macro defined to change the includes from the system headers, for example, and the linking stage might need to pull in a different [g]crt0.o/[g]crt1.o prologue, or a different (re- entrant) std C library as mentioned above, etc. So, the notion of "cc -pthread" was developed to roll all of the various changes that the compiler toolchain would need into a single flag... Regards, -- -Chuck ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
> > > Dennis Peterson wrote: > > > This was discussed on the list the last couple of day - check the > > archives to see what is suggested. Google this: > > > > libclamunrar_iface.so.3 site:clamav.net > > > > I searched Google and could not find anything that was obvious to > resolving this dep. issue. > > When I go to search the archives manually, I went to > http://lurker.clamav.net/list/clamav-users.html and I get a blank page > for some reason. I am not trying to seem lazy but I am having trouble > looking for this previous conversation and just joined the list so my > apologies... > I have a lab system that runs RH4 ES and has yum installed. I tried to locate an rpm for clamav-0.93 but didn't find one so I built it from source and installed it. It took maybe 10 minutes to get a working system. That might be a good way to go until the rpm builders get caught up. There is a patch for sigtool.c that includes the new .cld extension for sig files - it was mentioned yesterday or today, can't recall. If you build it you should probably patch the sigtool.c file. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
Brian Morrison wrote: > Dennis Peterson wrote: > >>> Yes, I realise that. I run clamd under user clamav, hence it's probably >>> easier to access /var/lib/clamav/* than it would be if owned by root. >>> >> Why would that be? It is no more work to crack the root account than any >> other account. Nor any less. Hopefully too your clamav account has no >> shell defined. >> > > Indeed not. > > A local exploit is one thing, a local root exploit quite another. Now of > course it's more dangerous to run clamav as root, but for limiting write > access to the databases it would be better to have ownership as root. > Might not be worth it on balance, but I'm merely asking to see what the > developers' thought processes were rather than saying for sure what > would be better path to follow. > We're talking about accesing to a different account. That being the root one or a daemon one shouldn't make a difference. Perhaps you will trick user bin into visiting a malicious website? The only scenario i can think it makes a difference would be if you had that part of the directory tree exported on nfs. You could have similar problems with other remote access tools which by default block root access, but most won't allow you without a shell. And you shouldn't rely on the defaults without at least studying the config anyway. However, if you know where it makes a difference, please share. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] compiling on AIX 5.2 and location of libgmp.
I've been trying to compile clamav (0.93) on AIX 5.2, and I keep getting the checking for libgmp... no configure: WARNING: ** GNU MP 2 or newer NOT FOUND - digital signature support will be disabled ! conflig.log shows the following: configure:15256: checking for libgmp configure:15286: cc -qlanglvl=extc89 -o conftest -g -I/usr/local/include conftest.c -lgmp >&5 ld: 0706-006 Cannot find or open library file: -l gmp ld:open(): No such file or directory configure:15292: $? = 255 I have compiled and installed GMP, and the libraries are in fact located in /usr/local/include: gmp.h libgmp.a libgmp.la Is it possible one is missing? or is there some other thing I need to do to make the clamav configure see that it is, in fact installed, IN the location where it's looking. At the end of the GMP install, it did say: Libraries have been installed in: /usr/local/include So I'm not sure where the disconnect is happening between the two programs; if anyone has any ideas, I'd be very glad to hear them! Naomi Hospodarsky Naomi Hospodarsky Systems Administrator University of Iowa ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] compiling on AIX 5.2 and location of libgmp.
Naomi Hospodarsky wrote: > So I'm not sure where the disconnect is happening between the two > programs; if anyone has any ideas, I'd be very glad to hear them! I am not up to speed on AIX so I may have some wrong presumptions but shouldn't your header files by in /usr/local/include and your libraries be in /usr/local/lib? It looks like ClamAV can't find the libraries. What happens if you put the libraries in /usr/local/lib? Or modify your library path. Steven ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] compiling on AIX 5.2 and location of libgmp.
In the output of the config.log I posted, you'll see that clamav is looking for the libs in /usr/local/include (where GMP installed its files), but for some reason doesn't see them. So it's not that clamav is looking in the wrong location, exactly, but that it is, for some reason, not seeing what's there. On Wed, Apr 16, 2008 at 4:53 PM, <[EMAIL PROTECTED]> wrote: > Naomi Hospodarsky wrote: > > So I'm not sure where the disconnect is happening between the two > > programs; if anyone has any ideas, I'd be very glad to hear them! > > I am not up to speed on AIX so I may have some wrong presumptions > but shouldn't your header files by in /usr/local/include and your > libraries be in /usr/local/lib? It looks like ClamAV can't find > the libraries. What happens if you put the libraries in /usr/local/lib? > Or modify your library path. > > Steven > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] compiling on AIX 5.2 and location of libgmp.
Naomi Hospodarsky wrote: > In the output of the config.log I posted, you'll see that clamav is > looking for the libs in /usr/local/include (where GMP installed its > files), but for some reason doesn't see them. So it's not that clamav > is looking in the wrong location, exactly, but that it is, for some > reason, not seeing what's there. > No - it's looking only for the header files in the include directory (.h files). The linker will look in the library path or the system default library search path and that certainly will not include your path. So to hasten this along, try putting the gmp.h file in /usr/local/include and the .a files in /usr/local/lib and try again. It can't hurt. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] compiling on AIX 5.2 and location of libgmp.
Okay, that makes sense. I tried copying the lib files over to /usr/local/lib as you suggested, and am now getting this error in config.log configure:15256: checking for libgmp configure:15286: cc -qlanglvl=extc89 -o conftest -g -I/usr/local/include conftest.c /usr/local/lib/libgmp.a >&5 ld: 0711-317 ERROR: Undefined symbol: .__gmpz_init ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. configure:15292: $? = 8 d'you happen to know if I need to do something to tell AIX that I moved the lib files? I'm fairly new-ish to compiling software on AIX. On Wed, Apr 16, 2008 at 5:12 PM, Dennis Peterson <[EMAIL PROTECTED]> wrote: > Naomi Hospodarsky wrote: > > In the output of the config.log I posted, you'll see that clamav is > > looking for the libs in /usr/local/include (where GMP installed its > > files), but for some reason doesn't see them. So it's not that clamav > > is looking in the wrong location, exactly, but that it is, for some > > reason, not seeing what's there. > > > > No - it's looking only for the header files in the include directory (.h > files). The linker will look in the library path or the system default > library search path and that certainly will not include your path. > > So to hasten this along, try putting the gmp.h file in > /usr/local/include and the .a files in /usr/local/lib and try again. It > can't hurt. > > dp > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] compiling on AIX 5.2 and location of libgmp.
Naomi Hospodarsky wrote: > Okay, that makes sense. I tried copying the lib files over to > /usr/local/lib as you suggested, and am now getting this error in > config.log > > configure:15256: checking for libgmp > configure:15286: cc -qlanglvl=extc89 -o conftest -g > -I/usr/local/include conftest.c /usr/local/lib/libgmp.a >&5 > ld: 0711-317 ERROR: Undefined symbol: .__gmpz_init > ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. > configure:15292: $? = 8 > What version of gmp are you using? It looks like your gmp is missing some functions that ClamAV wants. Steven ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] compiling on AIX 5.2 and location of libgmp.
Naomi Hospodarsky wrote: > Okay, that makes sense. I tried copying the lib files over to > /usr/local/lib as you suggested, and am now getting this error in > config.log > > configure:15256: checking for libgmp > configure:15286: cc -qlanglvl=extc89 -o conftest -g > -I/usr/local/include conftest.c /usr/local/lib/libgmp.a >&5 > ld: 0711-317 ERROR: Undefined symbol: .__gmpz_init > ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information. > configure:15292: $? = 8 > > d'you happen to know if I need to do something to tell AIX that I > moved the lib files? > I'm fairly new-ish to compiling software on AIX. > It is not happy with that it found. If you have the nm utility try running: nm /usr/local/lib/libgmp.a |grep __gmpz_init and see if it finds the __gmpz_init function. It's also possible that it didn't look in /usr/local/lib in which case you may need to set LDFLAGS as in this example: LDFLAGS="-R/usr/local/lib -L/usr/local/lib -L/usr/lib -L/usr/local/ssl" dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] US-CERT alert regarding ClamAV
On 16/04/2008, at 4:33 AM, fchan wrote: This part of clamav-0.92 and new fix of a bug. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613 And in short we need to get gcc4.1.1 or newer to get this work on Macintosh 10.4.11 and xcode 2.5 which only has an gcc 4.0.1. However Apple hasn't released gcc 4.1.1 or newer for the Mac 10.4.11 so we are left to use this an workaround for this an Japanese clamav user found this and here is the workaround: export CFLAGS='-g' "-g" means debug mode building. Then configure and make as you have done before. I hope this helps. Frank John Rudd wrote: Oh, and, while we're on the subject, what about 0.88.6? is that version vulnerable? (don't tell me to upgrade -- I haven't been able to get newer versions to compile on Mac OS X 10.4.x) Frank & John, I've used ./configure --enable-experimental CFLAGS="-O0" to get ClamAV (including 0.93 yesterday) to compile on Intel Macs (as have others). James. smime.p7s Description: S/MIME cryptographic signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Can clamav-milter quarantine ALL messages?
> Can I either(thru sendmail, clamav, or clamav-milter): > Quarantine all messages from a particular IP ? You can (thru sendmail). Append 'access' file from sendmail as follow: Connect:aaa.bbb.ccc.dddQUARANTINE Michael ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] US-CERT alert regarding ClamAV
James Brown wrote: > >> >>> John Rudd wrote: Oh, and, while we're on the subject, what about 0.88.6? is that version vulnerable? (don't tell me to upgrade -- I haven't been able to get newer versions to compile on Mac OS X 10.4.x) > > Frank & John, I've used ./configure --enable-experimental CFLAGS="-O0" > to get ClamAV (including 0.93 yesterday) to compile on Intel Macs (as > have others). I just built it here on my MacBook Pro using the same parameters. It built faster than on my Sun server. Works fine, too. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] US-CERT alert regarding ClamAV
Dennis Peterson wrote: > James Brown wrote: > John Rudd wrote: > Oh, and, while we're on the subject, what about 0.88.6? is that > version > vulnerable? (don't tell me to upgrade -- I haven't been able to get > newer versions to compile on Mac OS X 10.4.x) >> Frank & John, I've used ./configure --enable-experimental CFLAGS="-O0" >> to get ClamAV (including 0.93 yesterday) to compile on Intel Macs (as >> have others). > > I just built it here on my MacBook Pro using the same parameters. It > built faster than on my Sun server. Works fine, too. > > dp Except I remember now that I didn't put the gmp libs on the system after installing Leopard :) dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] US-CERT alert regarding ClamAV
Dennis Peterson wrote: > Dennis Peterson wrote: >> James Brown wrote: >> > John Rudd wrote: >> Oh, and, while we're on the subject, what about 0.88.6? is that >> version >> vulnerable? (don't tell me to upgrade -- I haven't been able to get >> newer versions to compile on Mac OS X 10.4.x) >>> Frank & John, I've used ./configure --enable-experimental CFLAGS="-O0" >>> to get ClamAV (including 0.93 yesterday) to compile on Intel Macs (as >>> have others). >> I just built it here on my MacBook Pro using the same parameters. It >> built faster than on my Sun server. Works fine, too. >> >> dp > > Except I remember now that I didn't put the gmp libs on the system after > installing Leopard :) > > dp Last time - really. Built libgmp 4.2.2 and rebuilt clamav 0.93 on the Mac (10.5.2) with gcc 4.0.1 and all is well. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
