Re: [clamav-users] with main.cvd clamscan dead slow
we convert clamdscan. Thank you for all for helps. Regards On Wed, Dec 21, 2016 at 4:47 PM, Arnaud Jacques / SecuriteInfo.com < webmas...@securiteinfo.com> wrote: > Selçuk, > > > in redhat El 6 version thereis no clamdscan command . > > It is in the "clamd" package. > > http://rpm.pbone.net/index.php3/stat/4/idpl/34508318/dir/ > redhat_el_6/com/clamd-0.99.2-1.el6.x86_64.rpm.html > > -- > Best regards, > > Arnaud Jacques > SecuriteInfo.com > > Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 > Twitter : @SecuriteInfoCom > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] error: 'os_generic' undeclared
Hi, The os_generic was missing from the operating system enumeration. Here is a patch to fix that: diff --git a/libclamav/bytecode_detect.h b/libclamav/bytecode_detect.h index 6f56908..b09c940 100644 --- a/libclamav/bytecode_detect.h +++ b/libclamav/bytecode_detect.h @@ -64,6 +64,7 @@ enum os_kind_conf { os_solaris, os_win32, os_win64, + os_generic, os_ANY = 0xff }; This should get you through that particular compile error. Good luck, Steve On Thu, Dec 22, 2016 at 12:40 AM, crazy thinkerwrote: > Hi all, > > i tried to build clamav source code with ndk tools for android platform > and x86 cpu architecture > > > > please find below my build script info > *#!/bin/bash* > *export NDK=/home/crazythinker-admin/Android/Sdk/ndk-bundle* > > *$NDK/build/tools/make-standalone-toolchain.sh --platform=android-9 > --toolchain=x86-4.9 --install-dir=`pwd`/i686-linux-android --force* > *export TOOLCHAIN_PATH=`pwd`/i686-linux-android/bin* > *export TOOL=i686-linux-android* > > *export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}* > > *export CC=$NDK_TOOLCHAIN_BASENAME-gcc* > *export CXX=$NDK_TOOLCHAIN_BASENAME-g++* > *export LINK=${CXX}* > *export LD=$NDK_TOOLCHAIN_BASENAME-ld* > *export AR=$NDK_TOOLCHAIN_BASENAME-ar* > *export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib* > *export STRIP=$NDK_TOOLCHAIN_BASENAME-strip* > > *export ARCH_FLAGS="-march=i686 -msse3 -mstackrealign -mfpmath=sse"* > *export ARCH_LINK=* > *export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables > -fstack-protector -fno-strict-aliasing -finline-limit=64 "* > *export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables > -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti > -fexceptions "* > *export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables > -fstack-protector -fno-strict-aliasing -finline-limit=64 "* > *export LDFLAGS=" ${ARCH_LINK} "* > > > *#export > CC="$NDK/toolchains/-4.9/prebuilt/linux-i686-linux- > android_64/bin/i686-linux-android-clang > --sysroot=$SYSROOT"* > *#export > AR="$NDK/toolchains/-4.9/prebuilt/linux-i686-linux- > android_64/bin/i686-linux-android-clang-ar > --sysroot=$SYSROOT"* > *./configure --host=x86 --disable-shared --disable-pthreads > --with-openssl=/home/crazythinker-admin/Downloads/ > ClamAVNDK/OpenSSL/openssl-1.0.2 > > --with-pcre=/home/crazythinker-admin/Downloads/ > ClamAVNDK/pcre2-10.22/PCREx86 > --with-zlib=/home/crazythinker-admin/Downloads/ > ClamAVNDK/zlib-1.2.8/ZLIBx86 > --with-libncurses-prefix=/home/crazythinker-admin/ > Downloads/ClamAVNDK/ncurses-gittup/NCURSESx86 > --prefix=$(pwd)/ClamAVx86 --disable-llvm --disable-quikdtop > --disable-clamav --disable-yara --disable-bzip2 --disable-unrar > --disable-fanotify > --with-libcurl=/home/crazythinker-admin/Downloads/ > ClamAVNDK/curl-7.51.0/CURLx86* > *make clean* > > *make* > *make install* > > > my intention is i need to get clamav engine library for android plaatform > so i tried build it using cross compilation mechanisim but i got below > error. > > > *GEN version.h* > * CC libclamav_la-version.lo* > * CC libclamav_la-mpool.lo* > * CC libclamav_la-filtering.lo* > * CC libclamav_la-fmap.lo* > * CC libclamav_la-perflogging.lo* > * CC libclamav_la-bytecode.lo* > * CC libclamav_la-bytecode_vm.lo* > * CC libclamav_la-cpio.lo* > * CC libclamav_la-macho.lo* > * CC libclamav_la-ishield.lo* > * CC libclamav_la-bytecode_api.lo* > * CC libclamav_la-bytecode_api_decl.lo* > * CC libclamav_la-cache.lo* > * CC libclamav_la-bytecode_detect.lo* > *bytecode_detect.c: In function 'cli_detect_environment':* > *bytecode_detect.c:243:24: error: 'os_generic' undeclared (first use in > this function)* > * env->os_category = os_generic;* > *^* > *bytecode_detect.c:243:24: note: each undeclared identifier is reported > only once for each function it appears in* > *make[4]: *** [libclamav_la-bytecode_detect.lo] Error 1* > > > *could you please help me to find root casue and resolve this error* > > any help/suggestions would be appreciated > > > Thanks, > Crazy Thinker > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Cannot skip OLE2 checking
Mark Foley wrote: > Kees - thanks for that info. So, basically I'd have to start a new clamd with > a > different socket and therefore pointing to a different config file. Not sure > then what the point of the --config-file parameter to clamdscan is ... It allows you to call a different clamd than the "system default" - we used this for a time to hack in crude load balancing on our mail infrastructure. (We have a couple of servers running clamd and SpamAssassin's spamd, and both the incoming and outgoing mail-handling servers call the daemons on the dedicated scanner servers, rather than running clamd and SpamAssassin on each mail server.) A set of configuration files with the minimal host and port settings, each directed to a specific scanning host, and chosen at random when assembling the clamdscan call, held up fairly well for several years. I don't recall what the issue was (if we ever even found anything other than "doesn't work"), but some time ago clamd did not play nice with Linux LVM load balancing. More recently we tried again and it's working, so we don't need multiple clamdscan configurations any more. > So, what I will do is keep the "OLE2BlockMacros yes" for clamd/clamav-milter > for > quarantining such incoming messages (I can manually release legitimate ones > later), but I'll use clamscan (not clamdscan) with the settings shown below > for > semi-daily scanning of the Maildir folder without the --block-macros=yes > parameter. This seems to give me the results I want. > > clamscan -a --no-summary --stdout --infected --recursive --allmatch \ > --scan-mail=yes --scan-ole2=yes /home/HPRS/user/Maildir/ *nod* For occasional bulk scanning there's little advantage to using clamd/clamdscan anyway (aside from assembling all the arguments for clamscan) since you only pay the startup time of parsing the signature databases once for each run. For scanning mail, you're making one call for each message, so you don't want to be paying that startup cost on each message. -kgd ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Compile ClamAV for Linux MIPS
Hi all, I am planning to build clamav from sourc for MIPS boarad. could anyone of you help me to build it for mips processor ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Cannot skip OLE2 checking
Am 21.12.2016 um 18:43 schrieb Mark Foley: On Wed, 21 Dec 2016 17:34:05 Reindl Harald wrote: Am 21.12.2016 um 17:25 schrieb Mark Foley: I'm running clamdscan on Maildir folders as: clamdscan --config-file=/usr/local/etc/clamdscan.conf --multiscan \ --fdpass --allmatch --stdout /home/HPRS/user/Maildir/ I want to skip checking for OLE2 macros. The /usr/local/etc/clamdscan.conf has: ScanOLE2 no OLE2BlockMacros no However, it still finds OLE2 macros: /home/HPRS/user/Maildir/.Deleted Items/cur/1448980384.M492273P32500.mail,S=751508,W=761365:2,S: Heuristics.OLE2.ContainsMacros FOUND Is this happening because there is alread a clamd running for mail queue checking which has the above config settings set to "yes"? How can I get clamdscan to skip checking for these macros? "man clamdscan" and think about what the "d" means versus "clamscan" NAME clamdscan - scan files and directories for viruses using Clam AntiVirus Daemon I believe I know what the "d" means. I've recently posted here with the subject "No notice of OLE2.ContainsMacros" and got excellent information from you, in fact. Thinking about what the "d" means doesn't help me solve my problem. clamdscan has an option --config-file. I would assume clamdscan would spawn another clamd with the new option file. Is this not the case? Will the currently running clamd be used regardless of the --config-file parameter? when someone says "man clamdscan" than do "man clamdscan" and read it really - the options above belongs in the configuration of clamd - period DESCRIPTION clamdscan is a clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Cannot skip OLE2 checking
On Wed, 21 Dec 2016 20:05:27 (CET) Kees Theunissen wrote: > > On Wed, 21 Dec 2016, Mark Foley wrote: > > >On Wed, 21 Dec 2016 17:34:05 Reindl Harald wrote: > >> > >> Am 21.12.2016 um 17:25 schrieb Mark Foley: > >> > I'm running clamdscan on Maildir folders as: > >> > > >> > clamdscan --config-file=/usr/local/etc/clamdscan.conf --multiscan \ > >> > --fdpass --allmatch --stdout /home/HPRS/user/Maildir/ > >> > > >> > I want to skip checking for OLE2 macros. The > >> > /usr/local/etc/clamdscan.conf has: > >> > > >> > ScanOLE2 no > >> > OLE2BlockMacros no > > Also specify different values for "LocalSocket", "PidFile" and "LogFile" > and start a second instance of the clamd daemon using this config file. > > < ... > > > >Thinking about what the "d" means doesn't help me solve my problem. clamdscan > >has an option --config-file. I would assume clamdscan would spawn another > >clamd > >with the new option file. Is this not the case? Will the currently running > >clamd > >be used regardless of the --config-file parameter? > > Clamdscan will connect to the socket specified in the config file and > hence to the right deamon process. The socket specification is probably the > only parameter from the config that is used by clamdscan. > Kees - thanks for that info. So, basically I'd have to start a new clamd with a different socket and therefore pointing to a different config file. Not sure then what the point of the --config-file parameter to clamdscan is ... Anyway, that's too much fiddling for what I need. My purpose in this particular scan is to periodically scan (via cron) the domain Maildir repositories for viruses not initially caught by the clamav-milter. This does happen not infrequently because, I suppose, updated signatures reveal possible virus in old messages that made it through before those signature were added. However, Heuristics.OLE2.ContainsMacros (OLE2BlockMacros yes) are ubiquitous in .xls attachments from usually legitimate senders and would indicate hundreds of "infected" files in the Maildir folders. So, what I will do is keep the "OLE2BlockMacros yes" for clamd/clamav-milter for quarantining such incoming messages (I can manually release legitimate ones later), but I'll use clamscan (not clamdscan) with the settings shown below for semi-daily scanning of the Maildir folder without the --block-macros=yes parameter. This seems to give me the results I want. clamscan -a --no-summary --stdout --infected --recursive --allmatch \ --scan-mail=yes --scan-ole2=yes /home/HPRS/user/Maildir/ Thanks! --Mark ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml