Re: [clamav-users] with main.cvd clamscan dead slow

2016-12-22 Thread Selcuk Yazar 
we convert clamdscan. Thank you for all for helps.

Regards


On Wed, Dec 21, 2016 at 4:47 PM, Arnaud Jacques / SecuriteInfo.com <
webmas...@securiteinfo.com> wrote:

> Selçuk,
>
> > in redhat El 6 version thereis no clamdscan command .
>
> It is in the "clamd" package.
>
> http://rpm.pbone.net/index.php3/stat/4/idpl/34508318/dir/
> redhat_el_6/com/clamd-0.99.2-1.el6.x86_64.rpm.html
>
> --
> Best regards,
>
> Arnaud Jacques
> SecuriteInfo.com
>
> Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> Twitter : @SecuriteInfoCom
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] error: 'os_generic' undeclared

2016-12-22 Thread Steven Morgan 
Hi,

The os_generic was missing from the operating system enumeration. Here is a
patch to fix that:

diff --git a/libclamav/bytecode_detect.h b/libclamav/bytecode_detect.h
index 6f56908..b09c940 100644
--- a/libclamav/bytecode_detect.h
+++ b/libclamav/bytecode_detect.h
@@ -64,6 +64,7 @@ enum os_kind_conf {
   os_solaris,
   os_win32,
   os_win64,
+  os_generic,
   os_ANY = 0xff
 };

This should get you through that particular compile error.

Good luck,
Steve


On Thu, Dec 22, 2016 at 12:40 AM, crazy thinker 
wrote:

> Hi  all,
>
> i tried to build clamav source code with ndk tools for android platform
>  and x86 cpu architecture
>
>
>
>  please find below my build script info
> *#!/bin/bash*
> *export NDK=/home/crazythinker-admin/Android/Sdk/ndk-bundle*
>
> *$NDK/build/tools/make-standalone-toolchain.sh --platform=android-9
> --toolchain=x86-4.9  --install-dir=`pwd`/i686-linux-android --force*
> *export TOOLCHAIN_PATH=`pwd`/i686-linux-android/bin*
> *export TOOL=i686-linux-android*
>
> *export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}*
>
> *export CC=$NDK_TOOLCHAIN_BASENAME-gcc*
> *export CXX=$NDK_TOOLCHAIN_BASENAME-g++*
> *export LINK=${CXX}*
> *export LD=$NDK_TOOLCHAIN_BASENAME-ld*
> *export AR=$NDK_TOOLCHAIN_BASENAME-ar*
> *export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib*
> *export STRIP=$NDK_TOOLCHAIN_BASENAME-strip*
>
> *export ARCH_FLAGS="-march=i686 -msse3 -mstackrealign -mfpmath=sse"*
> *export ARCH_LINK=*
> *export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables
> -fstack-protector -fno-strict-aliasing -finline-limit=64 "*
> *export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables
> -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti
> -fexceptions "*
> *export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables
> -fstack-protector -fno-strict-aliasing -finline-limit=64 "*
> *export LDFLAGS=" ${ARCH_LINK} "*
>
>
> *#export
> CC="$NDK/toolchains/-4.9/prebuilt/linux-i686-linux-
> android_64/bin/i686-linux-android-clang
>  --sysroot=$SYSROOT"*
> *#export
> AR="$NDK/toolchains/-4.9/prebuilt/linux-i686-linux-
> android_64/bin/i686-linux-android-clang-ar
>  --sysroot=$SYSROOT"*
> *./configure --host=x86 --disable-shared --disable-pthreads
> --with-openssl=/home/crazythinker-admin/Downloads/
> ClamAVNDK/OpenSSL/openssl-1.0.2
>
>  --with-pcre=/home/crazythinker-admin/Downloads/
> ClamAVNDK/pcre2-10.22/PCREx86
>  --with-zlib=/home/crazythinker-admin/Downloads/
> ClamAVNDK/zlib-1.2.8/ZLIBx86
> --with-libncurses-prefix=/home/crazythinker-admin/
> Downloads/ClamAVNDK/ncurses-gittup/NCURSESx86
>  --prefix=$(pwd)/ClamAVx86  --disable-llvm --disable-quikdtop
> --disable-clamav  --disable-yara --disable-bzip2 --disable-unrar
> --disable-fanotify
> --with-libcurl=/home/crazythinker-admin/Downloads/
> ClamAVNDK/curl-7.51.0/CURLx86*
> *make clean*
>
> *make*
> *make install*
>
>
> my intention is i need to get clamav engine library for android plaatform
> so i tried build it using cross compilation mechanisim but i got below
> error.
>
>
> *GEN  version.h*
> *  CC   libclamav_la-version.lo*
> *  CC   libclamav_la-mpool.lo*
> *  CC   libclamav_la-filtering.lo*
> *  CC   libclamav_la-fmap.lo*
> *  CC   libclamav_la-perflogging.lo*
> *  CC   libclamav_la-bytecode.lo*
> *  CC   libclamav_la-bytecode_vm.lo*
> *  CC   libclamav_la-cpio.lo*
> *  CC   libclamav_la-macho.lo*
> *  CC   libclamav_la-ishield.lo*
> *  CC   libclamav_la-bytecode_api.lo*
> *  CC   libclamav_la-bytecode_api_decl.lo*
> *  CC   libclamav_la-cache.lo*
> *  CC   libclamav_la-bytecode_detect.lo*
> *bytecode_detect.c: In function 'cli_detect_environment':*
> *bytecode_detect.c:243:24: error: 'os_generic' undeclared (first use in
> this function)*
> * env->os_category = os_generic;*
> *^*
> *bytecode_detect.c:243:24: note: each undeclared identifier is reported
> only once for each function it appears in*
> *make[4]: *** [libclamav_la-bytecode_detect.lo] Error 1*
>
>
> *could you please help me to find root casue and resolve this error*
>
> any help/suggestions would be appreciated
>
>
> Thanks,
> Crazy Thinker
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Cannot skip OLE2 checking

2016-12-22 Thread Kris Deugau 
Mark Foley wrote:
> Kees - thanks for that info. So, basically I'd have to start a new clamd with 
> a
> different socket and therefore pointing to a different config file. Not sure
> then what the point of the --config-file parameter to clamdscan is ...

It allows you to call a different clamd than the "system default" - we
used this for a time to hack in crude load balancing on our mail
infrastructure.  (We have a couple of servers running clamd and
SpamAssassin's spamd, and both the incoming and outgoing mail-handling
servers call the daemons on the dedicated scanner servers, rather than
running clamd and SpamAssassin on each mail server.)

A set of configuration files with the minimal host and port settings,
each directed to a specific scanning host, and chosen at random when
assembling the clamdscan call, held up fairly well for several years.

I don't recall what the issue was (if we ever even found anything other
than "doesn't work"), but some time ago clamd did not play nice with
Linux LVM load balancing.  More recently we tried again and it's
working, so we don't need multiple clamdscan configurations any more.

> So, what I will do is keep the "OLE2BlockMacros yes" for clamd/clamav-milter 
> for
> quarantining such incoming messages (I can manually release legitimate ones
> later), but I'll use clamscan (not clamdscan) with the settings shown below 
> for
> semi-daily scanning of the Maildir folder without the --block-macros=yes
> parameter.  This seems to give me the results I want. 
> 
> clamscan -a --no-summary --stdout --infected --recursive --allmatch \
>   --scan-mail=yes --scan-ole2=yes /home/HPRS/user/Maildir/

*nod*  For occasional bulk scanning there's little advantage to using
clamd/clamdscan anyway (aside from assembling all the arguments for
clamscan) since you only pay the startup time of parsing the signature
databases once for each run.  For scanning mail, you're making one call
for each message, so you don't want to be paying that startup cost on
each message.

-kgd
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Compile ClamAV for Linux MIPS

2016-12-22 Thread crazy thinker 
Hi all,


I am planning to build clamav from sourc for MIPS boarad. could  anyone of
you help me to build it for mips processor
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Cannot skip OLE2 checking

2016-12-22 Thread Reindl Harald 



Am 21.12.2016 um 18:43 schrieb Mark Foley:

On Wed, 21 Dec 2016 17:34:05 Reindl Harald wrote:


Am 21.12.2016 um 17:25 schrieb Mark Foley:

I'm running clamdscan on Maildir folders as:

clamdscan --config-file=/usr/local/etc/clamdscan.conf --multiscan \
  --fdpass --allmatch --stdout /home/HPRS/user/Maildir/

I want to skip checking for OLE2 macros. The /usr/local/etc/clamdscan.conf has:

ScanOLE2 no
OLE2BlockMacros no

However, it still finds OLE2 macros:

/home/HPRS/user/Maildir/.Deleted 
Items/cur/1448980384.M492273P32500.mail,S=751508,W=761365:2,S: 
Heuristics.OLE2.ContainsMacros FOUND

Is this happening because there is alread a clamd running for mail queue
checking which has the above config settings set to "yes"?

How can I get clamdscan to skip checking for these macros?


"man clamdscan" and think about what the "d" means versus "clamscan"

NAME
clamdscan - scan files and directories for viruses using Clam AntiVirus
Daemon


I believe I know what the "d" means. I've recently posted here with the subject
"No notice of OLE2.ContainsMacros" and got excellent information from you, in
fact.

Thinking about what the "d" means doesn't help me solve my problem. clamdscan
has an option --config-file. I would assume clamdscan would spawn another clamd
with the new option file. Is this not the case? Will the currently running clamd
be used regardless of the --config-file parameter?


when someone says "man clamdscan" than do "man clamdscan" and read it 
really - the options above belongs in the configuration of clamd - period


DESCRIPTION
clamdscan  is  a  clamd  client  which  may be used as a clamscan 
replacement. It accepts all the options implemented in clamscan but most 
of them will be ignored because its scanning abilities only depend on clamd.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Cannot skip OLE2 checking

2016-12-22 Thread Mark Foley 
On Wed, 21 Dec 2016 20:05:27 (CET) Kees Theunissen wrote:
>
> On Wed, 21 Dec 2016, Mark Foley wrote:
>
> >On Wed, 21 Dec 2016 17:34:05 Reindl Harald wrote:
> >>
> >> Am 21.12.2016 um 17:25 schrieb Mark Foley:
> >> > I'm running clamdscan on Maildir folders as:
> >> >
> >> > clamdscan --config-file=/usr/local/etc/clamdscan.conf --multiscan \
> >> >   --fdpass --allmatch --stdout /home/HPRS/user/Maildir/
> >> >
> >> > I want to skip checking for OLE2 macros. The 
> >> > /usr/local/etc/clamdscan.conf has:
> >> >
> >> > ScanOLE2 no
> >> > OLE2BlockMacros no
>
> Also specify different values for "LocalSocket", "PidFile" and "LogFile"
> and start a second instance of the clamd daemon using this config file.
>
> < ... >
>
> >Thinking about what the "d" means doesn't help me solve my problem. clamdscan
> >has an option --config-file. I would assume clamdscan would spawn another 
> >clamd
> >with the new option file. Is this not the case? Will the currently running 
> >clamd
> >be used regardless of the --config-file parameter?
>
> Clamdscan will connect to the socket specified in the config file and
> hence to the right deamon process. The socket specification is probably the
> only parameter from the config that is used by clamdscan.
>

Kees - thanks for that info. So, basically I'd have to start a new clamd with a
different socket and therefore pointing to a different config file. Not sure
then what the point of the --config-file parameter to clamdscan is ...

Anyway, that's too much fiddling for what I need.  My purpose in this particular
scan is to periodically scan (via cron) the domain Maildir repositories for
viruses not initially caught by the clamav-milter.  This does happen not
infrequently because, I suppose, updated signatures reveal possible virus in old
messages that made it through before those signature were added. 

However, Heuristics.OLE2.ContainsMacros (OLE2BlockMacros yes) are ubiquitous in
.xls attachments from usually legitimate senders and would indicate hundreds of
"infected" files in the Maildir folders. 

So, what I will do is keep the "OLE2BlockMacros yes" for clamd/clamav-milter for
quarantining such incoming messages (I can manually release legitimate ones
later), but I'll use clamscan (not clamdscan) with the settings shown below for
semi-daily scanning of the Maildir folder without the --block-macros=yes
parameter.  This seems to give me the results I want. 

clamscan -a --no-summary --stdout --infected --recursive --allmatch \
  --scan-mail=yes --scan-ole2=yes /home/HPRS/user/Maildir/

Thanks!

--Mark
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml