[Clamav-users] disable scanning for particular extension
hi list, is there any way where i can exclude perticulat file extension from being sent. i have daily attachment goring to the clients (file extension .FTIL ) clam is detecting this as Suspect.Zip kindly suggest way to exclude this particular extension. this is not a virus as we have been sending this attachment since 3 years. all of sudden this morning this perticlulat extension is getting marked as virus. computer system sending this mail has no virus. regards dhaval ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Help
Dear Richard,
Yes your right, i did not find BZ2_bzDecompress* in my solaris 8 box, So is
there any way we can install missing decompressors to resolve this problem,
pleas your help is highly appreciated.
Thanks in advance
Following is output
bash-2.03# nm /usr/lib/libbz2.so | grep -i bzdecompress
[160] | 36724| 464|FUNC |GLOB |0|9 |bzDecompress
[173] | 37188| 172|FUNC |GLOB |0|9 |bzDecompressEnd
[158] | 32656| 232|FUNC |GLOB |0|9 |bzDecompressInit
Ejaz
bash-2.03#
- Original Message -
From: Richard.Hall [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Sunday, April 27, 2008 6:40 PM
Subject: Re: [Clamav-users] Help
Mohammed,
Having just been trying to build 0.93 on Solaris 8 myself, I can perhaps
shed a bit more light on this.
There appear to be (at least) four distinct issues here
1) libbz2.so exists on native Solaris since Solaris 8 (maybe 7?). The
version on Sol8 is old:-
$ bzip2 -V
bzip2, a block-sorting file compressor. Version 0.9.0c, 18-Oct-98.
and does not include the BZ2_ interfaces that you are seeking:-
$ nm /usr/lib/libbz2.so | grep -i bzdecompress
[160] | 36724| 464|FUNC |GLOB |0|9 |bzDecompress
[173] | 37188| 172|FUNC |GLOB |0|9 |bzDecompressEnd
[158] | 32656| 232|FUNC |GLOB |0|9 |bzDecompressInit
Contrast this with Solaris 9 and 10:-
$ bzip2 -V
bzip2, a block-sorting file compressor. Version 1.0.2, 30-Dec-2001.
$ /usr/ccs/bin/nm /usr/lib/libbz2.so | grep -i bzdecompress
[133] | 46756| 520|FUNC |GLOB |0|9 |BZ2_bzDecompress
[174] | 47276| 180|FUNC |GLOB |0|9 |BZ2_bzDecompressEnd
[181] | 42760| 276|FUNC |GLOB |0|9 |BZ2_bzDecompressInit
[158] | 52400| 12|FUNC |GLOB |0|9 |bzDecompress
[161] | 52412| 12|FUNC |GLOB |0|9 |bzDecompressEnd
[199] | 52388| 12|FUNC |GLOB |0|9 |bzDecompressInit
where the interfaces are defined both with and without a BZ2_ prefix
2) There is code in the 'configure' script which decides whether to define
NOBZ2PREFIX in clamav-config.h. This decision is based on the existence on
the interface bzReadOpen() [in the library libz2.so]. For Sol 8/9/10 it is
going to set
#define NOBZ2PREFIX 1
To my mind it ought instead to base the decision, at least in part, on the
NON-existence of the interface BZ2_bzReadOpen. This would give different
answers for 8 vs 9/10 (where nm gives results analogous to those for
bzcompress above). (Caveat: that would work for Solaris; I can't speak
for any other OS). However, fixing this would not help you, since it is
already making the correct decision for Sol 8.
3) Based on some comparable code that I found in libclamav/scanners.c, I
have applied the following patch to libclamav/unzip.c:-
$ diff -c libclamav/unzip.c.orig libclamav/unzip.c
*** libclamav/unzip.c.orig Wed Apr 2 21:17:27 2008
--- libclamav/unzip.c Sun Apr 27 15:28:33 2008
***
*** 177,182
--- 177,189
#if HAVE_BZLIB_H
+
+ #ifdef NOBZ2PREFIX
+ #define BZ2_bzDecompressInit bzDecompressInit
+ #define BZ2_bzDecompressEnd bzDecompressEnd
+ #define BZ2_bzDecompress bzDecompress
+ #endif
+
case ALG_BZIP2: {
bz_stream strm;
memset(strm, 0, sizeof(strm));
... and 'make' now runs to completion. (Caveat: I haven't run 'make
install' yet, for unrelated reasons, so cannot say for certain that this
fixes anything)
4) What I do not understand at all is the relationship, if any, between
all of the above and the code in libclamav/nsis/, which appears to include
source code for bzip2/libbz2 (version 1.0.4). If the latter is supposed to
be used, why is 'configure' even looking at system versions? And it always
bothers me when code is potentially included from two different locations.
(It may be perfectly ok; I don't know enough to know one way or the other)
HTH,
Richard
On Sun, 27 Apr 2008, Mohammed Ejaz wrote:
Many thanks for the reply
As per the instruction I found libbz2 in a /usr/lib, then I set the path
as follows. after that also the same message which i have mentioned in my
previous Email,
bash-2.03# echo $PATH
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/export/home/mg1:/usr/ccs/bin:/usr/lib:/usr/local/lib
bash-2.03# echo $LD_LIBRARY_PATH
/usr/lib:/usr/local/lib
Regards
Ejaz
bash-2.03#
- Original Message -
From: Oscar Usifer [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Saturday, April 26, 2008 11:20 PM
Subject: Re: [Clamav-users] Help
looks like -lbz2 is looking in -L/usr/local/lib to resolve
find libbz2.[soa], use nm to validate undefined symbols are defined there,
add that to the compile line and see if everything is good.
i would guess your ./configure step could not find this lib
Re: [Clamav-users] Help
Ejaz, On Mon, 28 Apr 2008, Ejaz wrote: Dear Richard, Yes your right, i did not find BZ2_bzDecompress* in my solaris 8 box, So is there any way we can install missing decompressors to resolve this problem, pleas your help is highly appreciated. Thanks in advance Following is output bash-2.03# nm /usr/lib/libbz2.so | grep -i bzdecompress [160] | 36724| 464|FUNC |GLOB |0|9 |bzDecompress [173] | 37188| 172|FUNC |GLOB |0|9 |bzDecompressEnd [158] | 32656| 232|FUNC |GLOB |0|9 |bzDecompressInit From my **very** limited understanding, I don't think there is anything missing. It is just a matter of naming. From http://www.bzip.org/CHANGES, for version 1.0 * Avoid library namespace pollution. Prefix all exported symbols with BZ2_. So I think the two names are equivalent. My **guess** is that Sun, in their infinite wisdom, have modified their implementation of the library to retain both sets of names, presumably in the interests of backward compatibility. If I'm right, then what you need to do is get ClamAV to use the non-BZ2_ versions, and the patch I suggested to libclamav/unzip.c should accomplish that. Of course, this is all unofficial. I guess one of us is going to have to open a bug about it. Trouble is, I really don't think I've got the time at the moment. I wish I had :-( HTH, Richard ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Help
Richard.Hall wrote: Of course, this is all unofficial. I guess one of us is going to have to open a bug about it. Trouble is, I really don't think I've got the time at the moment. I wish I had :-( I opened a bugreport pointing to this thread: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=995 Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Issue with Solaris 10 Sparc edition and .93
All, After building and installing the new .93 version I am having an issue with the milter. usually after starting up clam process (freshclam, clamd, and clamav-milter), the entry in the logs looks like this: X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on host After freshclam has updated the definitions the first time, the line looks like this: X-Virus-Scanned: ClamAV 0.93/6862/Mon Apr 21 07:26:20 2008 on host Now, it is never changing. it just shows the app version(s). I have also built it on RH5, and it is working as expected. I am at a loss at to where to start debugging. The fresh clam logs show it's updating the db, clamd -V shows: ClamAV 0.93/6979/Mon Apr 28 09:01:56 2008 And clamv-milter is detecting virus' Here is how I start the process' echo Starting freshclam freshclam -d -c 24 sleep 5 echo Starting clamd clamd STREAM sleep 2 echo Starting clamav-milter clamav-milter -lo --pidfile=/var/run/clamd/clamav-milter.pid --timeout=0 --max-children=50 --from --headers -p [EMAIL PROTECTED] .com -Q clamav /var/run/clamd/clmilter.sock Here is my configure options: ./configure --prefix=/usr/local/clamav \ --enable-milter \ --mandir=/usr/local/man \ --with-libgmp-prefix=/usr/local \ --with-libbz2-prefix=/usr/local Thanks for any help -- Ken Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAV with FreeBSD 7
Has anyone be using ClamAV with FreeBSD 7? Are there any known problems? I use clamd with MIMEDefang and Sendmail. TIA. Richard ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV with FreeBSD 7
Le Mon 28/04/2008, Richard J. Kieran disait Has anyone be using ClamAV with FreeBSD 7? Are there any known problems? I use clamd with MIMEDefang and Sendmail. TIA. Richard I use clamav with clamsmtp and postfix. No problem at all. -- Erwan ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] setup on fedora 8
hi, this is my first post so excuse if it has allready been answered (it did not find an answer...) what i try to is to setup clamav on fedora 8, i use webmin to manage my server and has allready installed a webmin module for clamav but when i click activate clamav it just returns with the same option it can update just fine i have installed clamav via yum... clamav.log is blank, at least the one defined in the webmin module i also keep gettign this e-mail: WARNING: update of clamav database is disabled; please see '/etc/sysconfig/freshclam' i have removed the disable line in the end of that file so i hope it ok now but i'm not sure of these path's.. anyone know the right ones? Working directory Backup directory Daemon init script path Configuration file path i guess that for Quarantine repository directory you can choose whatever dir you want (mine is set to /var/spool/milter) hope someone can help crack this nut regards bo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] setup on fedora 8
Hi sounds like you just need to find and edit the files: freshclam.conf clamd.conf (usually in /etc, or /usr/local/etc) Regards, jamie -Original Message- From: [EMAIL PROTECTED] [mailto:clamav-users- [EMAIL PROTECTED] On Behalf Of Bo Hermannsen Sent: Monday, April 28, 2008 6:54 PM To: ClamAV users ML Subject: [Clamav-users] setup on fedora 8 hi, this is my first post so excuse if it has allready been answered (it did not find an answer...) what i try to is to setup clamav on fedora 8, i use webmin to manage my server and has allready installed a webmin module for clamav but when i click activate clamav it just returns with the same option it can update just fine i have installed clamav via yum... clamav.log is blank, at least the one defined in the webmin module i also keep gettign this e-mail: WARNING: update of clamav database is disabled; please see '/etc/sysconfig/freshclam' i have removed the disable line in the end of that file so i hope it ok now but i'm not sure of these path's.. anyone know the right ones? Working directory Backup directory Daemon init script path Configuration file path i guess that for Quarantine repository directory you can choose whatever dir you want (mine is set to /var/spool/milter) hope someone can help crack this nut regards bo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
