[Clamav-users] SubmitDetectionStats with clamav-milter?
I recently upgraded to ClamAV 0.94.1 and enabled SubmitDetectionStats. Is there a way to configure clamav-milter to write to clamd.log rather than the maillog? I would like to participate in the submissions if the viruses found by the milter would be useful. I generally catch about 25-35 a week: http://www.wrenkasky.com/cgi-bin/virus/display.pl?number Thanks in advance. Ed ... Randomly Generated Quote (49 of 1466): "Dear Auntie Em, hate you, hate Kansas, took the dog." - Dorothy ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5
Hello, Am Mittwoch, den 12.11.2008, 17:19 +0300 schrieb Odhiambo Washington: > On Wed, Nov 12, 2008 at 3:53 PM, Juergen Dankoweit < > [EMAIL PROTECTED]> wrote: > > > Hello to the list, > > > > on my FreeBSD system I have strange problems with clamav: > > During detection a virus clamav blocks the whole mail traffic for ever. > > Only a restart of postfix, amavis and clamav solves this until the next > > virus. > > > > With clamav 0.93.3 there are no problems but it is too outdated. > > > > Because the ports tree is unupgradable I must use the original source > > from the web site. I compile clamav with the following options: > > ./configure --disable-clamuko --disable-ipv6 > > > [...] > ./configure --prefix=/usr/local --with-group=clamav \ > --disable-clamuko --with-user=mailnull \ > --disable-gethostbyname_r \ > --disable-zlib-vcheck \ > --disable-clamav \ > --enable-bigstack \ > --enable-readdir_r \ > --disable-dependency-tracking \ > --disable-bzip2 > I have tested your options for configure. I doesn't change anything. Thanks for your help. Best regards Jürgen ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats with clamav-milter?
Ed Kasky wrote: > I recently upgraded to ClamAV 0.94.1 and enabled > SubmitDetectionStats. Is there a way to configure clamav-milter to > write to clamd.log rather than the maillog? I would like to > participate in the submissions if the viruses found by the milter > would be useful. I generally catch about 25-35 a week: > > http://www.wrenkasky.com/cgi-bin/virus/display.pl?number > > Thanks in advance. > > Ed > Ed, I believe clamav-milter uses clamd for scanning; so, it should be logging already as a found virus? James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5
Juergen Dankoweit wrote: > Because the ports tree is unupgradable I must use the original source > from the web site. I compile clamav with the following options: > ./configure --disable-clamuko --disable-ipv6 Bah. Upgrade your ports and edit the port Makefile. Delete --enable-gethostbyname_r under CONFIGURE_ARGS= and change PTHREAD_LIBS= -lthr to PTHREAD_LIBS= -pthread. Works with my 5.5. Steven ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5
On Thu, Nov 13, 2008 at 9:03 PM, <[EMAIL PROTECTED]> wrote: > Juergen Dankoweit wrote: > > > Because the ports tree is unupgradable I must use the original source > > from the web site. I compile clamav with the following options: > > ./configure --disable-clamuko --disable-ipv6 > > Bah. Upgrade your ports and edit the port Makefile. Delete > --enable-gethostbyname_r under CONFIGURE_ARGS= and change > PTHREAD_LIBS= -lthr to PTHREAD_LIBS= -pthread. Works with my 5.5. > Hello Steven, You are a star! This works perfectly. Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Oh My God! They killed init! You Bastards!" --from a /. post ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats with clamav-milter?
At 09:25 AM Thursday, 11/13/2008, you wrote -=> >Ed Kasky wrote: > > I recently upgraded to ClamAV 0.94.1 and enabled > > SubmitDetectionStats. Is there a way to configure clamav-milter to > > write to clamd.log rather than the maillog? I would like to > > participate in the submissions if the viruses found by the milter > > would be useful. I generally catch about 25-35 a week: > > > > http://www.wrenkasky.com/cgi-bin/virus/display.pl?number > > > > Thanks in advance. > > > > Ed > > > >Ed, > >I believe clamav-milter uses clamd for scanning; so, it should be >logging already as a found virus? > >James A found virus is logged in the maillog: Nov 13 10:51:35 yoda sendmail[30006]: mADIpNtj030006: Milter: data, reject=554 5.7.1 virus Email.Trojan.GZC detected by ClamAV - http://www.clamav.net Is there a way to log these to clamd.log or to scan the maillog? Not knowing all that much about how the milter works with sendmail, this log entry would seem to be generated by sendmail. Ed ... Randomly Generated Quote (998 of 1466): Persons appear to us according to the light we throw upon them from our own minds. -Laura Ingalls Wilder, author (1867-1957) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats with clamav-milter?
On Thu, 13 Nov 2008 14:37:53 -0800 Ed Kasky <[EMAIL PROTECTED]> wrote: > Nov 13 10:51:35 yoda sendmail[30006]: mADIpNtj030006: Milter: data, > reject=554 5.7.1 virus Email.Trojan.GZC detected by ClamAV - > http://www.clamav.net > > Is there a way to log these to clamd.log or to scan the maillog? Ed, to log to clamd.log you would need to configure and start clamd and then run clamav-milter with the --external option (which instructs it to use clamd for scanning instead of the built-in mechanisms) Regards, -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Nov 14 01:00:19 CET 2008 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Problems with virus submission
I am becoming concerned about the reporting process after a virus I have submitted three times has still not appeared in the database. Background: About a month ago, one of my children used e-mule and downloaded and ran a trojan. The machine became infected with a host of interesting malware. I decided to see if it was actually possible to clean it, so I isolated it from my LAN and swept it with Clamwin until it seemed clean, then went on to watch it for a while. About two weeks ago I found an entry in the HKLM/.../Run registry to run "regsvr32.exe c:\windows\lqrsyvhqlumkzzo.dll" - obviously pretty suspicious. Investigating the registry entries it added, I found that it attached itself to internet explorer and appears to be an adclicker. I checked it out at VirusTotal and got no hits on it. I haven't been first reporter on a new piece of malware for a couple years, so I was actually a little happy about finding it. I reported to ClamAV describing my findings. Follow Up: After reporting to ClamAV, I checked back to see when it would get added to the database. After a few days when it didn't happen, I thought perhaps because there were no corroborating antivirus products that detected it as malware, that maybe my submission wasn't deemed credible. I retested it at VirusTotal and got two hits, and re-reported it to ClamAV, dutifully entering in the corroboration. A few days later and still nothing. So again, a re-test at VirusTotal - 4 hits, resubmission. Nothing again. A few days later 8 hits at VirusTotal, and a resubmission. Today there are 16 hits on VirusTotal for the malware, and still no entry in ClamAV. It has now been two weeks. I don't know why I set ClamAV to update daily if it takes this long to get something added to the database. This has made me extremely concerned with the submission process. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats with clamav-milter?
At 04:02 PM Thursday, 11/13/2008, you wrote -=> >On Thu, 13 Nov 2008 14:37:53 -0800 >Ed Kasky <[EMAIL PROTECTED]> wrote: > > > Nov 13 10:51:35 yoda sendmail[30006]: mADIpNtj030006: Milter: data, > > reject=554 5.7.1 virus Email.Trojan.GZC detected by ClamAV - > > http://www.clamav.net > > > > Is there a way to log these to clamd.log or to scan the maillog? > >Ed, > >to log to clamd.log you would need to configure and start clamd and then >run clamav-milter with the --external option (which instructs it to use clamd >for scanning instead of the built-in mechanisms) > >Regards, Tom, Thanks - I made the adjustment and will see what happens... Ed ... Randomly Generated Quote (202 of 1466): "There is only one way to coast, and that is down hill." ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml