[Clamav-users] Solaris 9 and clamd

[[EMAIL PROTECTED]]

Hi

Has anybody else noticed this.

When running clamd with the ScanArchive config option set to yes, after a
couple of minutes of running cpu usage will look like this:

last pid:  2470;  load averages:  6.43,  4.06,  2.71  
 12:16:16
77 processes:  75 sleeping, 2 on cpu
CPU states:  2.6% idle, 85.0% user, 12.4% kernel,  0.0% iowait,  0.0% swap
Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free

   PID USERNAME LWP PRI NICE  SIZE   RES STATETIMECPU COMMAND
   833 popuser   11  590   43M   40M cpu/28:50 91.13% clamd
   234 root   9  590   47M   15M sleep   14:15  0.22% java
  2220 root   1  590 2888K 1776K cpu/10:00  0.20% top
  2381 popuser1  590 3968K 2784K sleep0:00  0.09% exim-4.52-1
  1405 popuser1  590 3464K 2664K sleep0:00  0.09% exim-4.52-1

A truss -p 833 reveals

/6: lwp_park(0x, 0) = 0
/10:lwp_park(0x, 0) = 0
/3: lwp_unpark(10, 1)   = 0
/4: lwp_park(0x, 0) = 0
/6: lwp_park(0x, 0) = 0
/2: lwp_park(0x, 0) = 0
/3: lwp_unpark(4, 1)= 0
/4: lwp_park(0x, 0) = 0
/8: lwp_unpark(6, 1)= 0
/6: lwp_park(0x, 0) = 0
/2: lwp_park(0x, 0) = 0
/4: lwp_unpark(6, 1)= 0
/6: lwp_park(0x, 0) = 0
/3: lwp_unpark(2, 1)= 0
/8: lwp_unpark(4, 1)= 0
/2: lwp_park(0x, 0) = 0
/6: lwp_unpark(2, 1)= 0
/3: lwp_park(0x, 0) = 0
/8: lwp_unpark(3, 1)= 0
/3: lwp_park(0x, 0) = 0
/2: lwp_unpark(3, 1)= 0
/6: lwp_unpark(3, 1)= 0
/3: lwp_park(0x, 0) = 0
/8: lwp_unpark(2, 1)= 0
/2: lwp_park(0x, 0) = 0
/8: lwp_unpark(6, 1)= 0
/3: lwp_unpark(2, 1)= 0
/2: lwp_park(0x, 0) = 0
/6: lwp_park(0x, 0) = 0
/3: lwp_unpark(8, 1)= 0
/8: lwp_park(0x, 0) = 0
/6: lwp_park(0x, 0) = 0
^C/2:   lwp_unpark(8, 1)= 0
/10:lwp_unpark(6, 1)= 0
/4: lwp_park(0x, 0) = 0
/8: lwp_park(0x, 0) = 0
/5: lwp_park(0x, 0) = 0
/9: lwp_park(0x, 0) = 0
/3: lwp_unpark(6, 1)= 0
/11:lwp_unpark(5, 1)= 0
/7: lwp_unpark(2, 1)= 0

and that's all that seems to be happening - seems to be in an endless loop.

The clamd log file has the following entries

Wed Apr 11 12:11:30 2007 -> +++ Started at Wed Apr 11 12:11:30 2007
Wed Apr 11 12:11:30 2007 -> clamd daemon 0.90.1 (OS: solaris2.9, ARCH:
sparc, CPU: sparc)
Wed Apr 11 12:11:30 2007 -> Log file size limit disabled.
Wed Apr 11 12:11:30 2007 -> Reading databases from /usr/local/share/clamav
Wed Apr 11 12:11:46 2007 -> Loaded 107793 signatures.
Wed Apr 11 12:11:46 2007 -> Unix socket file
/usr/local/share/clamav/clamd.socket
Wed Apr 11 12:11:46 2007 -> Setting connection queue length to 30
Wed Apr 11 12:11:46 2007 -> Archive: Archived file size limit set to
7340032 bytes.
Wed Apr 11 12:11:46 2007 -> Archive: Recursion level limit set to 5.
Wed Apr 11 12:11:46 2007 -> Archive: Files limit set to 250.
Wed Apr 11 12:11:46 2007 -> Archive: Compression ratio limit set to 250.
Wed Apr 11 12:11:46 2007 -> Archive support enabled.
Wed Apr 11 12:11:46 2007 -> Algorithmic detection enabled.
Wed Apr 11 12:11:46 2007 -> Portable Executable support enabled.
Wed Apr 11 12:11:46 2007 -> ELF support enabled.
Wed Apr 11 12:11:46 2007 -> Mail files support enabled.
Wed Apr 11 12:11:46 2007 -> Mail: Recursion level limit set to 64.
Wed Apr 11 12:11:46 2007 -> OLE2 support enabled.
Wed Apr 11 12:11:46 2007 -> PDF support disabled.
Wed Apr 11 12:11:46 2007 -> HTML support enabled.
Wed Apr 11 12:11:46 2007 -> Self checking every 1800 seconds.
Wed Apr 11 12:11:51 2007 ->
/var/spool/exim/scan/1HbZno-Fq-6x/1HbZno-Fq-6x.eml: OK
Wed Apr 11 12:11:51 2007 ->
/var/spool/exim/scan/1HbZno-Fq-6

Re: [Clamav-users] Solaris 9 and clamd

[[EMAIL PROTECTED]]

Also, if I leave ScanArchive yes and set MaxThreads 1
then it seems to run Ok. Only problem then is that the exim processes
build up waiting for service.

Is there any possibility that the code used by whatever ScanArchive
enables is not thread safe?

> Hi
>
> Has anybody else noticed this.
>
> When running clamd with the ScanArchive config option set to yes, after a
> couple of minutes of running cpu usage will look like this:
>
> last pid:  2470;  load averages:  6.43,  4.06,  2.71
>  12:16:16
> 77 processes:  75 sleeping, 2 on cpu
> CPU states:  2.6% idle, 85.0% user, 12.4% kernel,  0.0% iowait,  0.0% swap
> Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free
>
>PID USERNAME LWP PRI NICE  SIZE   RES STATETIMECPU COMMAND
>833 popuser   11  590   43M   40M cpu/28:50 91.13% clamd
>234 root   9  590   47M   15M sleep   14:15  0.22% java
>   2220 root   1  590 2888K 1776K cpu/10:00  0.20% top
>   2381 popuser1  590 3968K 2784K sleep0:00  0.09% exim-4.52-1
>   1405 popuser1  590 3464K 2664K sleep0:00  0.09% exim-4.52-1
>
> A truss -p 833 reveals
>
> /6: lwp_park(0x, 0) = 0
> /10:lwp_park(0x, 0) = 0
> /3: lwp_unpark(10, 1)   = 0
> /4: lwp_park(0x, 0) = 0
> /6: lwp_park(0x, 0) = 0
> /2: lwp_park(0x, 0) = 0
> /3: lwp_unpark(4, 1)= 0
> /4: lwp_park(0x, 0) = 0
> /8: lwp_unpark(6, 1)= 0
> /6: lwp_park(0x, 0) = 0
> /2: lwp_park(0x, 0) = 0
> /4: lwp_unpark(6, 1)= 0
> /6: lwp_park(0x, 0) = 0
> /3: lwp_unpark(2, 1)= 0
> /8: lwp_unpark(4, 1)= 0
> /2: lwp_park(0x, 0) = 0
> /6: lwp_unpark(2, 1)= 0
> /3: lwp_park(0x, 0) = 0
> /8: lwp_unpark(3, 1)= 0
> /3: lwp_park(0x, 0) = 0
> /2: lwp_unpark(3, 1)= 0
> /6: lwp_unpark(3, 1)= 0
> /3: lwp_park(0x, 0) = 0
> /8: lwp_unpark(2, 1)= 0
> /2: lwp_park(0x, 0) = 0
> /8: lwp_unpark(6, 1)= 0
> /3: lwp_unpark(2, 1)= 0
> /2: lwp_park(0x, 0) = 0
> /6: lwp_park(0x, 0) = 0
> /3: lwp_unpark(8, 1)= 0
> /8: lwp_park(0x, 0) = 0
> /6: lwp_park(0x, 0) = 0
> ^C/2:   lwp_unpark(8, 1)= 0
> /10:lwp_unpark(6, 1)= 0
> /4: lwp_park(0x, 0) = 0
> /8: lwp_park(0x, 0) = 0
> /5: lwp_park(0x, 0) = 0
> /9: lwp_park(0x, 0) = 0
> /3: lwp_unpark(6, 1)= 0
> /11:lwp_unpark(5, 1)= 0
> /7: lwp_unpark(2, 1)= 0
>
> and that's all that seems to be happening - seems to be in an endless
> loop.
>
> The clamd log file has the following entries
>
> Wed Apr 11 12:11:30 2007 -> +++ Started at Wed Apr 11 12:11:30 2007
> Wed Apr 11 12:11:30 2007 -> clamd daemon 0.90.1 (OS: solaris2.9, ARCH:
> sparc, CPU: sparc)
> Wed Apr 11 12:11:30 2007 -> Log file size limit disabled.
> Wed Apr 11 12:11:30 2007 -> Reading databases from /usr/local/share/clamav
> Wed Apr 11 12:11:46 2007 -> Loaded 107793 signatures.
> Wed Apr 11 12:11:46 2007 -> Unix socket file
> /usr/local/share/clamav/clamd.socket
> Wed Apr 11 12:11:46 2007 -> Setting connection queue length to 30
> Wed Apr 11 12:11:46 2007 -> Archive: Archived file size limit set to
> 7340032 bytes.
> Wed Apr 11 12:11:46 2007 -> Archive: Recursion level limit set to 5.
> Wed Apr 11 12:11:46 2007 -> Archive: Files limit set to 250.
> Wed Apr 11 12:11:46 2007 -> Archive: Compression ratio limit set to 250.
> Wed Apr 11 12:11:46 2007 -> Archive support enabled.
> Wed Apr 11 12:11:46 2007 -> Algorithmic detection enabled.
> Wed Apr 11 12:11:46 2007 -> Portable Executable support enabled.
> Wed Apr 11 12:11:46 2007 -> ELF support enabled.
> Wed Apr 11 12:11:46 2007 -> Mail files support enabled.
> Wed Apr 11 12:11:46 2007 -> Mail: R

Re: [Clamav-users] Solaris 9 and clamd

[[EMAIL PROTECTED]]

> I corrected this problem on my servers by removing the MSRBL databases
> from the system. CPU usage immediately dropped to normal values.
>
> dp
> ___

Thanks. But I don't beleive I make use of MSRBL. Don't see anything like
that in the clamd.conf file or in the clamav documentation for that
matter.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] can clamav kill Win32 PE virus?

[[EMAIL PROTECTED]]

On Sun, 2 Sep 2007, [EMAIL PROTECTED] wrote:

> Dear all:
> I am a Fedora 7 user running ClamAV to protect my data on my PC
> (though they're extremely rare). However today I ran into problems. My
> girlfriend uses a WinXP system, which became severely infected by
> viruses. Now she is going to make a system clean-up. The plan is:
>
> S1. Copy all her important data to a portable media;
> S2. Re-format her entire file system (thus destroying everything) and
> re-install WinXP;
> S3. While she's doing 2, I scan the portable media using ClamAV on my
> computer, and (possibly) remove the viruses which might have been
> 'backed-up' along with her regular files;
> S4. Copy the (possible) ClamAV-scanned data back to her computer.
>
> The problem is that whether Step 3 can be realized. I don't know
> whether ClamAV is able to detect Win32 PE viruses. I'm fairly
> confident that the PE viruses could not infect my system but I'm not
> sure whether I can detect them.
>
> I know the above procedure is rather absurd... However I haven't came
> up with other ideas. The situation is that she will stick to WinXP and
> I cannot afford a Win32 antivirus software, and worst I'm not familiar
> with Windows.
>
> I appreciate your suggestions.
>
> Cong
>
> PS. If you find my English bad, please pardon me --- I'm not a native
> Englihs speaker. Thank you for your patience.
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>

The Micro$ disk format program doesn't completely nuke a hard drive.
Use your Fedora system and badblocks to nuke her drive to brand new drive 
status.  The Micro$ format program lifts some data off the drive, does 
it's formating thingy and puts the info back down on to the drive. The 8 
megabyte section beyond the Micro$ partiton is replaced exactly like it 
was before the re-format.  After you scan and remove the nasty stuff on 
her drive, just copy her critical data back on to her freshly installed 
drive.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Remote Host Scan Using CLAMAV

[[EMAIL PROTECTED]]

On Fri, 18 Jan 2008, TRM wrote:

> Hi ,
> i have installed clamav(KlamAV Anti-Virus Manager) in my Fedora7 box.
> Using that how can i scan my remote windows client. Anyone has tried
> this.. Please let me know if you have any kind of solutions
> regarding my issue..
> Thanks in advance
>
> Tarak
>
> Send instant messages to your online friends http://in.messenger.yahoo.com
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>
How remote is remote ?

Mount the remote Windows box to a directory on the Linux box, use the 
options to not scan the swap(page) file(s). Use the delete option with 
caution. Use the Windows file system "scandisk" to make sure the Windows 
file system is correct and use "defrag" (turn off rearrange to make 
applications start faster option) to make the scanning faster. 
Periodically pull the drive out of the Windows machine, delete the 
swap(page) file(s), the "temporary internet files" and all the .tmp files 
in the Windows/temp directory, the history files. Watch for multiple swap 
files. Used to have 30 Windows boxes on the network, now just six, all 
CAD/CAM boxes. You should scan the Windows boxes over night, every night.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

Dear People,

I am trying now for a long time now to get clamav updated to first 0.92 
and now on 0.93 on my Ubuntu Fiesty server

I have tried all kind things compile it from scratch but also through 
apt-get update (will only update to 0.92) Ubuntu claims to install 0.92 
but nothing changes as far I can see.
Only one version is installed.

Log watch keep on bugging me that I don't have to worry but that I need 
to update.

I have been searching the web for a solution but cannot find one is 
there anyone how can help me out.

Like to hear

Frans

By the way, for me it is not a solution to upgrade to the latest version 
of Ubuntu !

-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Financieel BV u contact op te nemen met de afzender.
Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te 
vernietigen en de inhoud aan niemand openbaar te maken. 
Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, 
onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden 
e-mail, noch voor overgebrachte virussen.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

Oh yes this one I forget as well

when I try to add deb http://volatile.debian.org/debian-volatile 
etch/volatile main contrib non-free in de source.list
 
I get this response The following signatures couldn't be verified 
because the public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

how to solve this

Regards



[EMAIL PROTECTED] schreef:
> You have a good point there while compiling I use /etc because that is 
> the place where I can find clamav
>
> Is it possible that Ubuntu from his resps installs it in a complete diff 
> directory. and if so do I frist than have to delete the present version 
> of clamav and than use /etc again
> or do I use youre standard
>
> I have tried both and in the first situation all of the sudden I had two 
> installations and by the second Ubuntu could not found Clamav (make more 
> sense to me)
>
> And if I installed it like the first with prefix /etc  after a update of 
> Ubuntu it sets Clamav back to 0.91 ? Also the resp from Ubuntu always 
> claims to install 0.92 but is does not happen! But I think that could be 
> a problem from Ubuntu.
>
> Could /etc be a problem as prefix
>
> Like to hear
>
>
>
> Török Edwin schreef:
>   
>> [EMAIL PROTECTED] wrote:
>>   
>> 
>>> Dear People,
>>>
>>> I am trying now for a long time now to get clamav updated to first 0.92 
>>> and now on 0.93 on my Ubuntu Fiesty server
>>>
>>> I have tried all kind things compile it from scratch but also through 
>>> apt-get update (will only update to 0.92) Ubuntu claims to install 0.92 
>>> but nothing changes as far I can see.
>>> Only one version is installed.
>>>   
>>> 
>>>   
>> What problems did you encounter when compiling from scratch?
>> Keep in mind that by default it install to /usr/local, if you want to
>> install to /usr you need to pass --prefix=/usr to configure.
>>
>> Best regards,
>> --Edwin
>> ___
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://lurker.clamav.net/list/clamav-users.html
>>   
>> 
>
>
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Financieel BV u contact op te nemen met de afzender.
Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te 
vernietigen en de inhoud aan niemand openbaar te maken. 
Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, 
onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden 
e-mail, noch voor overgebrachte virussen.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

You have a good point there while compiling I use /etc because that is 
the place where I can find clamav

Is it possible that Ubuntu from his resps installs it in a complete diff 
directory. and if so do I frist than have to delete the present version 
of clamav and than use /etc again
or do I use youre standard

I have tried both and in the first situation all of the sudden I had two 
installations and by the second Ubuntu could not found Clamav (make more 
sense to me)

And if I installed it like the first with prefix /etc  after a update of 
Ubuntu it sets Clamav back to 0.91 ? Also the resp from Ubuntu always 
claims to install 0.92 but is does not happen! But I think that could be 
a problem from Ubuntu.

Could /etc be a problem as prefix

Like to hear



Török Edwin schreef:
> [EMAIL PROTECTED] wrote:
>   
>> Dear People,
>>
>> I am trying now for a long time now to get clamav updated to first 0.92 
>> and now on 0.93 on my Ubuntu Fiesty server
>>
>> I have tried all kind things compile it from scratch but also through 
>> apt-get update (will only update to 0.92) Ubuntu claims to install 0.92 
>> but nothing changes as far I can see.
>> Only one version is installed.
>>   
>> 
>
> What problems did you encounter when compiling from scratch?
> Keep in mind that by default it install to /usr/local, if you want to
> install to /usr you need to pass --prefix=/usr to configure.
>
> Best regards,
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Financieel BV u contact op te nemen met de afzender.
Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te 
vernietigen en de inhoud aan niemand openbaar te maken. 
Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, 
onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden 
e-mail, noch voor overgebrachte virussen.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

Oke,

Than I do have a problem there  I now found two clamd.conf one in 
/etc/clamav and one in /usr/local/etc/.
 So I'll think the best way is once again first remove all the clamav 
files I can find and than install it again from source.

But how can I find which prefix to use or does it does not matter when I 
start from scratch and simply use /usr

What strikes me a strange that I find two conf but when I check if 
clamav is installed it comes only back with one instalaltion and I also 
think that Ubuntu is installing in a diff dir than you standard so its 
better no the use apt-get update here ?

Thanks for your support so far.

Frans



Török Edwin schreef:
> [EMAIL PROTECTED] wrote:
>   
>> You have a good point there while compiling I use /etc because that is 
>> the place where I can find clamav
>>
>> Is it possible that Ubuntu from his resps installs it in a complete diff 
>> directory. and if so do I frist than have to delete the present version 
>> of clamav and than use /etc again
>> or do I use youre standard
>>
>> I have tried both and in the first situation all of the sudden I had two 
>> installations and by the second Ubuntu could not found Clamav (make more 
>> sense to me)
>>
>> And if I installed it like the first with prefix /etc  after a update of 
>> Ubuntu it sets Clamav back to 0.91 ? Also the resp from Ubuntu always 
>> claims to install 0.92 but is does not happen! But I think that could be 
>> a problem from Ubuntu.
>>
>> Could /etc be a problem as prefix
>>   
>> 
>
> Yes, /etc is for configuration, not for binaries!
> Usual prefixes are /usr, or /usr/local.
>
> You should also remove the Ubuntu package before installing the
> hand-built binary.
>
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Financieel BV u contact op te nemen met de afzender.
Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te 
vernietigen en de inhoud aan niemand openbaar te maken. 
Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, 
onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden 
e-mail, noch voor overgebrachte virussen.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

Ok, Edwin I appreciate you remark about searching the mailing list but the 
problem is that there is a lot support to given solutions to rebuild or build 
clamav but not one why every time Ubuntu is replacing now the 0.93 version with 
the 0.91 version.

I have installed 0.93 now from scratch. I get clamav-daemon and 
freshclam-daemon now started (only find this ERROR: Can't save PID in file 
/var/run/clamd.pid not looked into this yet)
lam-deamon started but I now have ERROR: Can't save PID in file 
/var/run/clamd.pid (have not looked into this yet)

But I have finally achieved that when I use 

|clamscan -V  thatt I get  |ClamAV 0.93/6688/Wed Apr  9 16:40:38 2008 and only 
this not that there are two versions

|
And what was more disturbing that even though the clamav website gives tons of 
information I could not find my solution could also be my way of searching.

A part of my problem is now solved because if I want to do now an upgrade for 
Feisty it offers me to install clamav ? As long there is nothing else to 
install problem because when I say yes version 0.93 is gone again at least it 
will not start up anymore. And adjusting de confd is not the solution.
So I will never be able to use upgrade anymore (also put this on several forums 
by Ubuntu)

Thanks for you help sofar
|


Török Edwin schreef:
> [EMAIL PROTECTED] wrote:
>   
>> Oke,
>>   
>> 
>
> http://wiki.clamav.net/Main/InstallFromSource
>
>   
>> Than I do have a problem there  I now found two clamd.conf one in 
>> /etc/clamav and one in /usr/local/etc/.
>>  So I'll think the best way is once again first remove all the clamav 
>> files I can find and than install it again from source.
>>
>> But how can I find which prefix to use or does it does not matter when I 
>> start from scratch and simply use /usr
>>   
>> 
>
> A default install from source will put things into /usr/local. It is ok
> this way, you can edit the config files in /usr/local/etc, run clamd
> from /usr/local/sbin/clamd, ...
> Since /usr is managed by dpkg it is best to not put hand-built stuff
> inthere, but use /usr/local.
> You can force an /usr prefix though:
> ./configure --prefix=/usr --sysconfdir=/etc/clamav
>
> Also try searching the archives of this mailing list, I'm sure questions
> like this have been answered more than once.
>
>   
>> What strikes me a strange that I find two conf but when I check if 
>> clamav is installed it comes only back with one instalaltion and I also 
>> think that Ubuntu is installing in a diff dir than you standard so its 
>> better no the use apt-get update here ?
>>   
>> 
>
> You can use apt-get update, but you should either use Ubuntu's packages,
> or your own binaries, not both.
> So do not apt-get install clamav-daemon if you built clamd yourself.
> You should remove the packages with apt-get remove.
>
> Best regards,
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Financieel BV u contact op te nemen met de afzender.
Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te 
vernietigen en de inhoud aan niemand openbaar te maken. 
Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, 
onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden 
e-mail, noch voor overgebrachte virussen.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

Try it once more,

if I do apt-get update Ubuntu will install clamav version 0.91 and will 
indeed downgrade this happened allready several times. Clamav is a part 
of one of the resp of Ubuntu but I cannot find which one otherwise I 
would simply uncomment that resp.

And with apt-get upgrade it is or you upgrade everything or nothing at 
least as far as I now.

It not such a big deal because I am building a new server with the 
latest version of Ubuntu (hardy).

And for good orders sake I am talking about a server and not the desktop 
version of ubuntu.

And this one I forgot I still have in de freshclam log this message 
WARNING: Local version: 0.91.2 Recommended version: 0.93.
Have been reading that this should be solved in a cvd update but nothing 
happend here.

Kind regards



örök Edwin schreef:
> [EMAIL PROTECTED] wrote:
>   
>> Ok, Edwin I appreciate you remark about searching the mailing list but the 
>> problem is that there is a lot support to given solutions to rebuild or 
>> build clamav but not one why every time Ubuntu is replacing now the 0.93 
>> version with the 0.91 version.
>>
>> I have installed 0.93 now from scratch. I get clamav-daemon and 
>> freshclam-daemon now started (only find this ERROR: Can't save PID in file 
>> /var/run/clamd.pid not looked into this yet)
>> lam-deamon started but I now have ERROR: Can't save PID in file 
>> /var/run/clamd.pid (have not looked into this yet)
>>   
>> 
>
> Permissions?
>
>   
>> But I have finally achieved that when I use 
>>
>> |clamscan -V  thatt I get  |ClamAV 0.93/6688/Wed Apr  9 16:40:38 2008 and 
>> only this not that there are two versions
>>
>> |
>> And what was more disturbing that even though the clamav website gives tons 
>> of information I could not find my solution could also be my way of 
>> searching.
>>
>> A part of my problem is now solved because if I want to do now an upgrade 
>> for Feisty it offers me to install clamav ? As long there is nothing else to 
>> install problem because when I say yes version 0.93 is gone again at least 
>> it will not start up anymore. And adjusting de confd is not the solution.So 
>> I will never be able to use upgrade anymore (also put this on several forums 
>> by Ubuntu)
>>   
>> 
>
> I don't understand what you say. I can only guess:
> - you are afraid that when you upgrade Ubuntu it will install an old
> clamav package
> - you are afraid to upgrade anything, because it might downgrade clamav
>
> As long as you don't have any clamav packages installed, you don't have
> to worry.
> Upgrading other packages won't magically install a clamav package,
> neither will upgrading Ubuntu install a clamav for you.
>
> Best regards,
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Financieel BV u contact op te nemen met de afzender.
Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te 
vernietigen en de inhoud aan niemand openbaar te maken. 
Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, 
onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden 
e-mail, noch voor overgebrachte virussen.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

dpkg -l gives


ii  clamav-base  
0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix 
- base   package
ii  clamav-daemon
0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon
ii  clamav-freshclam 
0.91.2-3ubuntu2.3~feisty1downloads clamav virus 
databases f  rom the In
ii  libclamav2   
0.91.2-3ubuntu2.3~feisty1virus scanner library
rc  libclamav3   
0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix 
- libr  ary

apt-cache gives

clamav:

  Geïnstalleerd: (geen)
  Kandidaat: 0.92.1~dfsg2-1.1~feisty1
  Versietabel:
 0.92.1~dfsg2-1.1~feisty1 0
500 http://nl.archive.ubuntu.com feisty-backports/universe Packages
 0.90.2-0ubuntu1.6 0
500 http://security.ubuntu.com feisty-security/universe Packages
 0.90.2-0ubuntu1 0
500 http://nl.archive.ubuntu.com feisty/universe Packages
clamav-daemon:
  Geïnstalleerd: 0.91.2-3ubuntu2.3~feisty1
  Kandidaat: 0.92.1~dfsg2-1.1~feisty1
  Versietabel:
 0.92.1~dfsg2-1.1~feisty1 0
500 http://nl.archive.ubuntu.com feisty-backports/universe Packages
 *** 0.91.2-3ubuntu2.3~feisty1 0
100 /var/lib/dpkg/status
 0.90.2-0ubuntu1.6 0
500 http://security.ubuntu.com feisty-security/universe Packages
 0.90.2-0ubuntu1 0
500 http://nl.archive.ubuntu.com feisty/universe Packages
libclamav3:
  Geïnstalleerd: (geen)
  Kandidaat: 0.92.1~dfsg2-1.1~feisty1
  Versietabel:
 0.92.1~dfsg2-1.1~feisty1 0
500 http://nl.archive.ubuntu.com feisty-backports/universe Packages
100 /var/lib/dpkg/status

I have restarted Fresclam en I deed ldconfig and also reboot the machine 
in total still this message

freshclam daemon 0.91.2 (OS: linux-gnu, ARCH: i386, CPU: i486)
ClamAV update process started at Sun May  4 21:28:41 2008
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.91.2 Recommended version: 0.93
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: 
sven)
daily.inc is up to date (version: 7024, sigs: 45628, f-level: 26, 
builder: ccordes)

clamscan and freshclam -V gives  ClamAV 0.93/6688/Wed Apr  9 16:40:38 2008
whereis clamscan gives /usr/local/bin/clamscan
whereis freshclam gives /usr/bin/freshclam  ( is this not odd )

If I do apt-get remove clamav Ubuntu gives message clamav not installed

If I do apt-get upgrade Ubuntu want to install the next

Reading state information... Klaar
De volgende pakketten zijn achtergehouden:
  clamav-daemon clamav-freshclam
De volgende pakketten zullen opgewaardeerd worden:
  ca-certificates
1 pakketten opgewaardeerd, 0 nieuwe pakketten geïnstalleerd, 0 
verwijderen en 2 niet opgewaardeerd.
Er moeten 93,9kB aan archieven opgehaald worden.
Na het uitpakken zal er 0B extra schijfruimte gebruikt worden.
Wilt u doorgaan [J/n]? n
Afbreken.

Sorry but I am losing it alltough I think the solution is near.

Regards

Török Edwin schreef:
> [EMAIL PROTECTED] wrote:
>   
>> Try it once more,
>>
>> if I do apt-get update Ubuntu will install clamav version 0.91 and will 
>> indeed downgrade this happened allready several times. Clamav is a part 
>> of one of the resp of Ubuntu but I cannot find which one otherwise I 
>> would simply uncomment that resp.
>>
>> And with apt-get upgrade it is or you upgrade everything or nothing at 
>> least as far as I now.
>>   
>> 
> What is the output of:
> dpkg -l | grep clamav
> apt-cache policy clamav clamav-daemon libclamav3
>   
>> It not such a big deal because I am building a new server with the 
>> latest version of Ubuntu (hardy).
>>
>> And for good orders sake I am talking about a server and not the desktop 
>> version of ubuntu.
>>
>> And this one I forgot I still have in de freshclam log this message 
>> WARNING: Local version: 0.91.2 Recommended version: 0.93.
>>   
>> 
>
> You need to restart freshclam, you're still running the old version.
> Also run ldconfig.
>
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Finan

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

Indeed you are right there is still a part of freshclam installed.

When I look into the dpkg log found this

2008-05-05 10:09:09 status unpacked libclamav2 0.91.2-3ubuntu2.3~feisty1
2008-05-05 10:09:09 status unpacked libclamav2 0.91.2-3ubuntu2.3~feisty1
2008-05-05 10:09:09 status unpacked libclamav2 0.91.2-3ubuntu2.3~feisty1
2008-05-05 10:09:09 status half-configured libclamav2 
0.91.2-3ubuntu2.3~feisty1
2008-05-05 10:09:09 status installed libclamav2 0.91.2-3ubuntu2.3~feisty1

Also did apt-get remove clamav-base etc after that clamav, freshclam 
would not start could not find shared lib libclamav2

Installed libclamav2 again and clamav starts up again but than with the 
remark by fresclam wrong version.

Before I installed 0.93 i first did apt-get remove clamav and than went 
manually through Ubuntu to remove all the files related to clamav 
because apt-get does not remove all also not with auto remove.

Oke I did not check with the functions you gave me now (I am only a 
short time user of Linux, but learning fast *-) ) so it seems that you 
cannot be sure unless you check it with more than one function.

So how can I be sure that I remove all the stuff related to the old 
installation.

Like to hear

Török Edwin schreef:
> [EMAIL PROTECTED] wrote:
>   
>> dpkg -l gives
>>
>>
>> ii  clamav-base  
>> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix 
>> - base   package
>> ii  clamav-daemon
>> 0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon
>> ii  clamav-freshclam 
>> 0.91.2-3ubuntu2.3~feisty1downloads clamav virus 
>> databases f  rom the In
>> ii  libclamav2   
>> 0.91.2-3ubuntu2.3~feisty1virus scanner library
>> rc  libclamav3   
>> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix 
>> - libr  ary
>>
>>   
>> 
>
> You need to remove these: apt-get remove clamav-base clamav-daemon
> clamav-freshclam libclamav2 libclamav3
>
>   
>> whereis freshclam gives /usr/bin/freshclam  ( is this not odd )
>>   
>> 
>
> You still have freshclam from the Ubuntu package installed, the 'ii' in
> dpkg -l says it is installed.
>
> Best regards,
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de 
geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans 
Lieshout Financieel BV u contact op te nemen met de afzender.
Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te 
vernietigen en de inhoud aan niemand openbaar te maken. 
Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, 
onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden 
e-mail, noch voor overgebrachte virussen.

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Updating on Ubuntu

[[EMAIL PROTECTED]]

Oke,

Once again delete everything which relates to clamd clamav clamscan and 
freshclam after that dit a reboot

still

dpkg -l | grep clamav
rc  clamav-daemon
0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon
rc  clamav-freshclam 
0.91.2-3ubuntu2.3~feisty1downloads clamav virus 
databases fr

but two are gone

clamscan -V whereis clamscan wheris freshclam dit not return any data so 
decided to configure 0.93 once again

after starting clamav and freshclam the log gave this results

CLAMAV

+++ Started at Tue May  6 10:54:31 2008
clamd daemon 0.93 (OS: linux-gnu, ARCH: i386, CPU: i686)
Log file size limited to 12582912 bytes.
Reading databases from /var/lib/clamav
Loaded 231780 signatures.
LOCAL: Unix socket file /tmp/clamd.socket
LOCAL: Setting connection queue length to 15
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 1.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support disabled.
HTML support enabled.
Self checking every 600 seconds.

FRESCLAM

Tue May  6 11:04:18 2008 -> freshclam daemon 0.93 (OS: linux-gnu, ARCH: 
i386, CPU: i686)
Tue May  6 11:04:18 2008 -> ClamAV update process started at Tue May  6 
11:04:18 2008
Tue May  6 11:04:18 2008 -> SECURITY WARNING: NO SUPPORT FOR DIGITAL 
SIGNATURES
Tue May  6 11:04:18 2008 -> See the FAQ at 
http://www.clamav.net/support/faq for an explanation.
Tue May  6 11:04:38 2008 -> Downloading main.cvd [100%]
Tue May  6 11:04:38 2008 -> main.cvd updated (version: 46, sigs: 231834, 
f-level: 26, builder: sven)
Tue May  6 11:04:40 2008 -> Downloading daily.cvd [100%]
Tue May  6 11:04:40 2008 -> daily.cvd updated (version: 7040, sigs: 
48318, f-level: 26, builder: ccordes)
Tue May  6 11:04:40 2008 -> Database updated (280152 signatures) from 
database.clamav.net (IP: 217.19.16.188)

So it seems to go well, but no amavis claims to see a second installation.

May  6 11:10:17 myserver amavis[1200]: Found decoder for.exe  at 
/usr/bin/rar
May  6 11:10:17 myserver amavis[1200]: Using internal av scanner code 
for (primary) ClamAV-clamd
May  6 11:10:17 myserver amavis[1200]: Using internal av scanner code 
for (primary) check-jpeg
May  6 11:10:17 myserver amavis[1200]: Found secondary av scanner 
ClamAV-clamscan at /usr/local/bin/clamscan
May  6 11:10:17 myserver amavis[1200]: Creating db in 
/var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4

I do not know if this something to worry about will digg into this later.

But what is suprising how ever that everything now is installed in 
usr/local and etc/local directories. I think it all went wrong after I 
did the upgrade which was announced by Ubuntu. I originally used the 
howto perfect setup for a mailserver which also used the source code and 
than configure instead of the apt-get.

Oke I will watch my log if the problem is gone now




Török Edwin schreef:
> [EMAIL PROTECTED] wrote:
>   
>> dpkg -l gives
>>
>>
>> ii  clamav-base  
>> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix 
>> - base   package
>> ii  clamav-daemon
>> 0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon
>> ii  clamav-freshclam 
>> 0.91.2-3ubuntu2.3~feisty1downloads clamav virus 
>> databases f  rom the In
>> ii  libclamav2   
>> 0.91.2-3ubuntu2.3~feisty1virus scanner library
>> rc  libclamav3   
>> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix 
>> - libr  ary
>>
>>   
>> 
>
> You need to remove these: apt-get remove clamav-base clamav-daemon
> clamav-freshclam libclamav2 libclamav3
>
>   
>> whereis freshclam gives /usr/bin/freshclam  ( is this not odd )
>>   
>> 
>
> You still have freshclam from the Ubuntu package installed, the 'ii' in
> dpkg -l says it is installed.
>
> Best regards,
> --Edwin
> ___
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>   


-- 
Frans Lieshout Financieel BV

BANJOSTRAAT 49
1312KB Almere
NEDERLAND

Tel : +31 (36) 5467722
Mobiel : +31 (6) 22406833

Web : http://www.flfinancieel.nl 
Email :[EMAIL PROTECTED] 

BTW NR :
812.54.43.16.B.01
KVK Lelystad : 39083803

De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd v

[Clamav-users] Phishing caught on outbound mail but not on inbound

[[EMAIL PROTECTED]]

Before I had ClamAV I used to report phishing attemps to Spamcop by 
mail. This does not work any longer, because ClamAV intercepts them. OK. 
Perfect.

But, how do the phishing attemps reach me in the first place? Why aren't 
they caught on inbound mail, when only a few seconds later they are 
caught on outbound mail?

This isn't just an exception. I had ten such cases yesterday.

Thanks!

Paul
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Newbie need help

[[EMAIL PROTECTED]]

Chan Ho said:
> I set my server to download virus db automatically. However, do I
> need to reload it as I see that clamd has the reload command. If so,
> how to do so?
>
>

Chan:

clamd should be checking every hour by default.  Look at
/usr/local/etc/calmav.conf for the database integrity check.

-- 

Bob Greene


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] GNU MP warning

[[EMAIL PROTECTED]]

i'm trying to configure clamav 0.70 on RH9 and I get message:

WARNING: GNU MP 2 or newer NOT FOUND - digital signature support will be 
disabled !

What mean this?

(I see that I have gmp libraries on default location /usr/lib)

Thanks,
Iulian




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Unable to create temporary directory

[[EMAIL PROTECTED]]

Am Mo, 2004-05-10 um 20.18 schrieb Todd Lyons:
> [EMAIL PROTECTED] wanted us to know:
> 
> ># Enable debug messages in libclamav.
> >Debug
> 
> Turn that off.  Wherever your temp directory is, it's full right now
> because debug mode doesn't delete the files after clamav is done
> scanning them.
Really?

I will try that,
thank you for your time.

Viele Grüße,
Peter.
-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Unable to create temporary directory

[[EMAIL PROTECTED]]

Hi folks!

Thank you all for that great clamav! :)

I use
# clamd -V
clamd / ClamAV version 0.70-rc


And I get sometimes some errors:

May  9 19:23:30 icebear clamd[7587]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412340247017626/orig-icebear.web4.hm108412340247017626:
 Unable to create temporary directory. ERRO
R
May  9 19:23:50 icebear clamd[7587]:
/var/spool/qmailscan/tmp/icebear.web4.hm10841234294708338/orig-icebear.web4.hm10841234294708338:
 Unable to create temporary directory. ERROR
May  9 19:28:01 icebear clamd[464]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412368147022063/orig-icebear.web4.hm108412368147022063:
 Unable to create temporary directory. ERROR

May  9 19:28:29 icebear clamd[464]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412370747026940/orig-icebear.web4.hm108412370747026940:
 Unable to create temporary directory. ERROR

May  9 19:28:29 icebear clamd[15390]: SelfCheck: Database status OK.
May  9 19:28:38 icebear clamd[464]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412371747019953/orig-icebear.web4.hm108412371747019953:
 Unable to create temporary directory. ERROR

May  9 19:29:08 icebear clamd[30119]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412374747015746/orig-icebear.web4.hm108412374747015746:
 Unable to create temporary directory. ERR
OR
May  9 19:29:14 icebear clamd[30119]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412375347032046/orig-icebear.web4.hm108412375347032046:
 Unable to create temporary directory. ERR
OR
May  9 19:29:15 icebear clamd[30119]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412375447023456/orig-icebear.web4.hm108412375447023456:
 Unable to create temporary directory. ERR
OR
May  9 19:29:21 icebear clamd[30119]:
/var/spool/qmailscan/tmp/icebear.web4.hm10841237604704093/orig-icebear.web4.hm10841237604704093:
 Unable to create temporary directory. ERROR

May  9 19:29:24 icebear clamd[30119]:
/var/spool/qmailscan/tmp/icebear.web4.hm108412376247012466/orig-icebear.web4.hm108412376247012466:
 Unable to create temporary directory. ERR
OR
May  9 19:29:28 icebear clamd[30119]:
/var/spool/qmailscan/tmp/icebear.web4.hm10841237574708429/your_text.pif:
Worm.SomeFool.Gen-1 FOUND
May  9 19:29:28 icebear clamd[30119]:
/var/spool/qmailscan/tmp/icebear.web4.hm10841237574708429/orig-icebear.web4.hm10841237574708429:
 Unable to create temporary directory. ERROR

Do somebody know what this means?
I have engough Diskspace at all mount points...
...so I do not know!?

Viele Gruesse,
Peter.
-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Unable to create temporary directory

[[EMAIL PROTECTED]]

Am So, 2004-05-09 um 22.50 schrieb Lionel Bouton:
> [EMAIL PROTECTED] wrote the following on 05/09/2004 10:33 PM :
> 
> >[...]
> >May  9 19:29:28 icebear clamd[30119]:
> >/var/spool/qmailscan/tmp/icebear.web4.hm10841237574708429/orig-icebear.web4.hm10841237574708429:
> > Unable to create temporary directory. ERROR
> >
> >Do somebody know what this means?
> >I have engough Diskspace at all mount points...
> >...so I do not know!?
> >  
> >
> 
> Do you have enough inodes ? (df -i)
I think yes:
# df -i
FilesystemInodes   IUsed   IFree IUse% Mounted on
/dev/scsi/host0/bus0/target0/lun0/part1
 1224000  105728 11182729% /
/dev/scsi/host0/bus0/target0/lun0/part3
 1224000   17035 12069652% /var
/dev/scsi/host0/bus0/target0/lun0/part5
 1224000   51636 11723645% /usr
/dev/scsi/host0/bus0/target0/lun0/part6
 1224000   52499 11715015% /home
/dev/scsi/host0/bus0/target0/lun0/part7
  611648 647  6110011% /tmp
/dev/scsi/host0/bus0/target0/lun0/part8
 2443200  169710 22734907% /www
/dev/scsi/host0/bus0/target0/lun0/part9
 2443200 944 24422561% /www1
/dev/scsi/host0/bus0/target0/lun0/part10
 2443200  11 24431891% /www2
/dev/scsi/host0/bus0/target0/lun0/part11
 2443200  11 24431891% /www3
/dev/scsi/host0/bus0/target0/lun0/part12
 2443200  11 24431891% /www4
/dev/scsi/host0/bus0/target0/lun0/part13
 2174816  11 21748051% /www5
#

Do you have any other idea?

-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Unable to create temporary directory

[[EMAIL PROTECTED]]

# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one)
in RAR
#  archives are decompressed to the memory. That's why never
disable
#  this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M

# Archives are scanned recursively - e.g. if Zip archive contains RAR
file,
# the RAR file will be decompressed, too (but only if recursion limit is
set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.
ArchiveMaxRecursion 5

# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000

# Use slower decompression algorithm which uses less memory. This option
# affects bzip2 decompressor only.
#ArchiveLimitMemoryUsage

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will
hang
##  up your system !!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
#ClamukoScanOnLine

# Set access mask for Clamuko.
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can
have
# multiple ClamukoIncludePath options, but each directory must be added
# in a seperate option. All subdirectories are scanned, too.
ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
#ClamukoExcludePath /home/guru

# Limit the file size to be scanned (probably you don't want to scan
your movie
# files ;))
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 1M

# Enable archive support. It uses the limits from clamd section.
# (This option doesn't depend on ScanArchive, you can have archive
support
# in clamd disabled).
ClamukoScanArchive

I start the clamd with the djb supervise-daemon, I hope I setup not very
stupid with this clamav.conf?

Viele Gruesse,
Peter.
-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] tempfile creation failed

[[EMAIL PROTECTED]]

Pad Hosmane said:
> Hi,
>   I have clamav-0.70 installed. Before this I had clamav-0.70-rc and
> ran
> with out any problem. But with new version I am getting this error
> "tempfile  creation failed", I am not able send or receive emails.
>
> Any clue?
>
> Thanks
> PAd
>

Not much info to go on, but check your permissions.


---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OT: qscanq with qmail (+clamd)

[[EMAIL PROTECTED]]

Dale Gallagher said:
> Hi
>
> I appologise for the OT (though related) post. I'm having a
> tough time getting qscanq running - the issue is related to
> permissions. I'd appreciate a verbose listing of the
> relevent dirs on a host where qscanq has been successfully
> deployed. Thanks!
>
> qmail-smtpd (when passing the mail to qscanq) keeps on
> rejecting mail. NB. also using qscanq with the QMAILQUEUE
> patch.
>
>   qscanq: fatal: unable to chdir to
> /var/qmail/qscanq/root/scanq: access denied
>
> clamd is running under daemontools as user clamav; this
> shouldn't pose an issue, as qscanq connects to clamd using
> the clamdscan client.
>
> src/conf-scancmd:
>   /usr/bin/clamdscan --quiet ./
>
> My permission listing:
>
> # ls -la /var/qmail/ | grep qscanq
> drwxr-sr-t 5 root root 4096 May 1 12:49 qscanq/
>
> # ls -la /var/qmail/qscanq/root/ | grep sc
> drwx--S--- 2 qscan root 4096 May 1 12:49 scanq/
>
> with qscanq user/group set as follows:
>
> qscanq user/group: qscan/qscan (src/conf-users line 1)
> qscanq log user/group: qscanlog/qscan (src/conf-users line
> 2)
> qscanq user for /service: qclean (src/conf-groups line 1)
>
> Any pointers?
>

Dale:

I ran into the permissions problem on my second deployment.  Not quite
sure why the first try worked.  Anyway, to get around it quickly, I
configured clamav .70 --with-user=qscand --with-group=qscand.

Netqmail-1.05 + qmail-scanner-1.21 + clamav-0.70

I run clamd under init rather than daemontools just because I haven't had
the time to write a startup script.  The box went into production
immediately after the first successful test; not my choice, but I'm not
the boss.


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OT: qscanq with qmail (+clamd)

[[EMAIL PROTECTED]]

[EMAIL PROTECTED] said:
> Dale Gallagher said:
>> Hi
>>
> Dale:
>

Oops!  I misread this to be something it wasn't.  I feel so dirty.  I need
a shower. :-)

-- 

Bob Greene


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OT: Question Re: possibly infected W2K Server

[[EMAIL PROTECTED]]

Shaun T. Erickson said:
> Is there anything free that I can use to scan a possibly infected
> Windows 2000 Server system. Norton's Internet Security says it's trying
> to DoS my Windows clients, on port 1433. The server is sending
> "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this
> system, asap.
>

Would ClamWin (http://www.clamwin.com) do it?  I run it on multiple
desktop systems.


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clamd troubles

[[EMAIL PROTECTED]]

Harrell, Roger said:
>>If you walk through the following steps, your trouble should be repaired.
> As you have not shared your full clamav and procmail
>>configuration, I will be as comprehensive as possible.
>
> Thanks for the response. I got clamdscan working late last week. I'm
> working
> on getting auto email checking under qmail going.
>

How are you going to call clamdscam?  I've been using qmail-scanner-queue on


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Configuring ClamAV for allowing certain attachments

[[EMAIL PROTECTED]]

Clam doesn't reject anything.  It just scans and returns a result.

Terry Allen said:
> Hi again,
>   Since upgrading to ClamAV 0.71 (& just prior to that the
> latest version of Amavis-new), I notice that our server is now
> rejecting certain attachments it didn't under ClamAV 0.65, such as
> .exe etc..., out of hand, without being scanned. Is this a function
> of ClamAV, or is it set in the Amavis-new config? Any assistance much
> appreciated.
> --


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav is not rejecting virus emails.

[[EMAIL PROTECTED]]

kitten said:
> what am i doing wrong?
>

It would help greatly if you could provide a few details about how you've
set it up.  Are you using Sendmail, qmail, Postfix, Exim...

Happy to help if I can, but need the info to determine the suitability of
my answer.


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] logging

[[EMAIL PROTECTED]]

List said:
> How can i get clam to log dected virus(virii) on qmail-scanner?
>

Do you mean as in /var/spool/qmailscan/qmail-queue.log?  Or the clamd.log?

Qmail-scanner writes its log to /var/spool/qmailscan unless you tell it
otherwise.  Clamd writes to wherever you specify in clamav.conf


---
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OT: Virus page almost ready to go

[[EMAIL PROTECTED]]

Rick Macdougall said:
> Hi All,
>
> As promised, the virus stats page is almost ready to go.  I'll clean up
> the code tomorrow or Thursday and release it GPL.
>
> http://mail.limelyte.net/admin/virus/ for a preview.
>
> Suggestions, critique, etc are welcomed.
>

It looks great!  About the only thing I'd add is a list of offending IPs
with # of hits.


---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] OT: Virus page almost ready to go

[[EMAIL PROTECTED]]

Dennis Peterson said:
> [EMAIL PROTECTED] wrote:
>> Rick Macdougall said:
>>
>>>Hi All,
>>>
>>>As promised, the virus stats page is almost ready to go.  I'll clean up
>>>the code tomorrow or Thursday and release it GPL.
>>>
>>>http://mail.limelyte.net/admin/virus/ for a preview.
>>>
>>>Suggestions, critique, etc are welcomed.
>>>
>>
>>
>> It looks great!  About the only thing I'd add is a list of offending IPs
>> with # of hits.
>
> I imagine the spammers would like a little heads-up on who's able to share
> the
> load too. Bad idea IMO.
>

True, but I wasn't looking for a public display anyway.


---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Illegal instruction

[[EMAIL PROTECTED]]

Hi folks!

My clamav is not running anymore and I dont know why?

I thought perhaps I had an old version 0.70-rc so I installed the new
0.73,
but everytime I get everytime the same error:

I compiled it with:
 ./configure --sysconfdir=/etc;
make;
make install;

And then:

icebear # clamd
Illegal instruction

?

What happen now?

Viele Gruesse,
Peter.
-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Illegal instruction

[[EMAIL PROTECTED]]

btw the same with freshclam:
freshclam
ClamAV update process started at Wed Jun 16 15:22:02 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder:
ddm)
Reading CVD header (daily.cvd): OK
Downloading daily.cvd [*]
Illegal instruction
icebear:/var/log #

Am Mi, 2004-06-16 um 15.22 schrieb [EMAIL PROTECTED]:
> Hi folks!
> 
> My clamav is not running anymore and I dont know why?
> 
> I thought perhaps I had an old version 0.70-rc so I installed the new
> 0.73,
> but everytime I get everytime the same error:
> 
> I compiled it with:
>  ./configure --sysconfdir=/etc;
> make;
> make install;
> 
> And then:
> 
> icebear # clamd
> Illegal instruction
> 
> ?
> 
> What happen now?
> 
> Viele Gruesse,
> Peter.
-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Illegal instruction

[[EMAIL PROTECTED]]

Hi Antony!

> What Operating System & version?
I had a mainboard-crash so I must changed my pentium board with a
duron-board.
It is a crux linux, it is like LFS based on source.

> What compiler & version?
I hope this helps:
$ gcc -v
Reading specs from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.2/specs
Configured with: ../gcc-3.3.2/configure --prefix=/usr
--enable-languages=c,c++,objc --enable-threads=posix
--enable-__cxa_atexit --enable-clocale=gnu --enable-shared --disable-nls
Thread model: posix
gcc version 3.3.2 (CRUX)
$

> Any errors or warnings during the above configure / make / make install?
No.
When I download the binaries on my SuSE and exeute them, they work
without any problems.

> Which version of ClamAV did you have successfuly working previously?
> 
> > icebear # clamd
> > Illegal instruction
> 
> Have you tried strace to see what happens immediate before failure?
Sorry, I have no strace:
$ man strace
No manual entry for strace
$ strace
-bash: strace: command not found
$

Viele Gruesse,
Peter.
-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Illegal instruction

[[EMAIL PROTECTED]]

Hi Antony!

> Have you recompiled your system libraries for the Duron since upgrading from 
> the Pentium?
No, the "old" mainboard is only 6 months old and have guarantee.
I hope the new come today or tommorow with a pentium back to me, why?

Everything on my system is running best with duron.
Apache, MySQL, qmail, SA and many other only the clamav not.

What is so special in clamav?

Gruss,
Peter.

-- 
www: http://peter.tux.hm
www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland
gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2



---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Determining the Current Virus DB Version / Date

[[EMAIL PROTECTED]]

Ryan Moore said:
> Lee W wrote:
>> Hi All,
>>
>> I have just compiled ClamAV and have started playing out with it,
>> however after reading though the man pages I have been unable to find an
>> easy way of determining the current version or date of the Virus DB
>> files.  The --version switch the freshclam only reports the version of
>> freshclam/clamav itself rather than the DB's.
>>
>> Is there an easy way of determing the current version other than
>> tail'ing the freshclam log file?
>>
>> Regards
>>
>> Lee
>>
>
> sigtool --info=/usr/local/share/clamav/daily.cvd
>

Or just run freshclam from the command line with no switches.

[EMAIL PROTECTED] ~# freshclam
ClamAV update process started at Fri Jun 18 20:45:40 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder: ddm)
Reading CVD header (daily.cvd): OK
daily.cvd is up to date (version: 362, sigs: 891, f-level: 2, builder: diego)



---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Bad Virus Signature?

[[EMAIL PROTECTED]]

Benjamin Sherman said:
> I was wondering if false positives ever make it into the virus DB updates?
>
> Since the update on Jun18, all of my windows 2000 workstations with
> Service Pack 4 are showing what I beleive to be false positives for
> Worm.Lovgate.W-2. The file in question is "spoolsv.exe" and can be fond
> in:
> C:\WINNT\System32
> C:\WINNT\System32\DllCache
> C:\WINNT\ServicePackFiles\i386  (depending on how the service pack was
> installed)
>
> These machines exhibit none of the symptoms of the Lovgate family of
> virii except that ClamAV started picking them up after the database
> update on Friday Jun18.
>
> Any suggestions?
>

I'm seeing the same thing since sp4.  You are not alone.


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Bad Virus Signature?

[[EMAIL PROTECTED]]

Tomasz Papszun said:
> On Mon, 21 Jun 2004 at 15:02:45 -0500, [EMAIL PROTECTED] wrote:
>> Benjamin Sherman said:
>> > I was wondering if false positives ever make it into the virus DB
>> updates?
>> >
>> > Since the update on Jun18, all of my windows 2000 workstations with
>> > Service Pack 4 are showing what I beleive to be false positives for
>> > Worm.Lovgate.W-2. The file in question is "spoolsv.exe" and can be
>> fond
>> > in:
>> > C:\WINNT\System32
>> > C:\WINNT\System32\DllCache
>> > C:\WINNT\ServicePackFiles\i386  (depending on how the service pack was
>> > installed)
>> >
>> > These machines exhibit none of the symptoms of the Lovgate family of
>> > virii except that ClamAV started picking them up after the database
>> > update on Friday Jun18.
>> >
>> > Any suggestions?
>> >
>>
>> I'm seeing the same thing since sp4.  You are not alone.
>>
>
>
> Just to calm down all of you a little:
> we confirm the case. Working on it. The false signature will be
> removed/corrected soon.
>

Thanks for the prompt support.  Calming isn't necessary.  I doubt anyone
saw it as life ending.  AV software is just another tool.  And ClamAV is
generally a better tool than the commercial offerings.  And frankly, I'd
rather have a false warning than see Zafi get through like it did on all
of my machines with PC-Cillin.


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Is this possible? (clamdscan on one server, clamd on another)

[[EMAIL PROTECTED]]

Basically I've got a qmail server that has all the mailboxes, etc.  This 
server also runs clamdscan, and spamc (spamassassin).

What I'm doing, is moving the spamd and clamd processes to another 
machine, to take the load off the qmail server.

It seems that clamd has to actually have access to the file being 
scanned - the only way to accomplish this is with NFS, which will put 
even more of a load on the qmail box.  That's a step in the wrong direction.

Basically what I want to know is - can I basically do the same setup 
that you can do with spamc/spamd, with clamav?

Client server (qmail) runs clamdscan
Antivirus server runs clamd
end result: clamdscan transfers the email over a private network to the 
server running clamd, the clamd server tells clamdscan if it's clean, or 
if it's a virus, etc.

Sorry if this email doesn't make much sense, but I've been working on 
this all day, and I'm a little tired.


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] qmail-scanner and clamav

[[EMAIL PROTECTED]]

ip.guy said:
> David Coulson wrote:
>> ip.guy wrote:
>>
>>> nope, didn't work, see error below..
>>>
>>> my.server.com X-Qmail-Scanner-1.14: [my.server.com1087974345372110]
>>> Requeuing: Undefined subroutine &main::clamscan_scanner called at
>>> /var/qmail/bin/qmail-scanner-queue.pl line 797.
>>>
>>> any ideas ?
>>
>>
>> You have to get the qmail-scanner source and run './configure' again,
>> ensure it detects the appropriate external processes, then try again.
>>
>> Once qmail-scanner is built, you basically have to start over from
>> scratch if you add something new.
>>
>> David
>
> a "./configure" will not overwrite my current "qmail-scanner-queue.pl"
> will it ?
>

The ./configure writes the qmail-scanner-queue.pl to the current
directory.  Its up to you to move it to /var/qmail/bin.  The configure
script even tells you this at completion.  If you're not sure, just back
up the current version and give it a try.


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Is this possible? (clamdscan on one server, clamd on another)

[[EMAIL PROTECTED]]

Clamav-milter will work on Qmail?  I thought it was sendmail only? 
Either way, as far as I can tell, clamav-milter still requires the clamd 
process to actually have access to the file qmail-scanner is creating.


Nigel Horne wrote:
On Thursday 24 Jun 2004 21:33, Thomas Jackson wrote:
Sounds like the perfect job for an email gateway.

That's why I run clamav-milter on one machine and clamd on another. Indeed
clamav-milter can load balance between more than one clamd server.
-Nigel
--
-Robertson
---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [Fwd: Cron nice -n 19 run-parts /etc/cron.hourly]

[[EMAIL PROTECTED]]

A.R.S. KA9QLQ Alvin Koffman said:
>
> I ran freshclam after getting this email from cron and it said I'm up to
> date. Strange.
>
> ERROR: Can't get information about database.clamav.net host.
> ERROR: Connection with database.clamav.net (IP: ???) failed.
> ERROR: Can't get information about database.clamav.net host.
> ERROR: Connection with database.clamav.net (IP: ???) failed.
> ERROR: Can't get information about database.clamav.net host.
> ERROR: Connection with database.clamav.net (IP: ???) failed.
> run-parts: /etc/cron.hourly/freshclam exited with return code 52
> Alvin
>

Is it possible that the previous update was successful?


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] [Fwd: Cron nice -n 19 run-parts/etc/cron.hourly]

[[EMAIL PROTECTED]]

A.R.S. KA9QLQ Alvin Koffman said:
>
>
> Antony Stone wrote:
>
>>On Friday 16 July 2004 8:35 pm, A.R.S. KA9QLQ Alvin Koffman wrote:
>>
>>
>>
>>>I ran freshclam after getting this email from cron and it said I'm up to
>>>date. Strange.
>>>
>>>ERROR: Can't get information about database.clamav.net host.
>>>ERROR: Connection with database.clamav.net (IP: ???) failed.
>>>ERROR: Can't get information about database.clamav.net host.
>>>ERROR: Connection with database.clamav.net (IP: ???) failed.
>>>ERROR: Can't get information about database.clamav.net host.
>>>ERROR: Connection with database.clamav.net (IP: ???) failed.
>>>run-parts: /etc/cron.hourly/freshclam exited with return code 52
>>>Alvin
>>>
>>>
>>
>>Do you allow TCP port 53 requests from your nameserver?   DNS is not
>> always
>>UDP-based, and the request/reply may be too big to fit in a UDP packet,
>> in
>>which case the server will use TCP instead.
>>
>>Regards,
>>
>>Antony.
>>
>>
>>
> Not sure. How would I go about checking?
> Alvin
>

nmap -sUT -p 53 

The result from "host a database.clamav.net" is only 395 bytes.  It fits
within a UDP packet.

This looks more like a temporary lookup failure.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] freshclam stops working & clamd crashes his own db

[[EMAIL PROTECTED]]

Hi,
we two problems with clamav 0.74+0.75.
1. freshclam , startet from a cronjob,  does freeze from time to time.
   ist just freezes on a RECV() Call
2. most important:
we get this since we updated to 0.75 i.e.
Wed Jul 28 20:11:15 2004 -> +++ Started at Wed Jul 28 20:11:15 2004
Wed Jul 28 20:11:15 2004 -> clamd daemon 0.74 (OS: linux-gnu, ARCH: 
i386, CPU: i686)
Wed Jul 28 20:11:15 2004 -> Log file size limited to 26214400 bytes.
Wed Jul 28 20:11:15 2004 -> Running as user clamav (UID 34585, GID 32751)
Wed Jul 28 20:11:15 2004 -> Reading databases from /usr/local/share/clamav
Wed Jul 28 20:11:15 2004 -> ERROR: Database initialization error.
Wed Jul 28 20:11:25 2004 -> +++ Started at Wed Jul 28 20:11:25 
2004  

What happens as we know it:
a.Clamd serves normally for hours..
b.our clamd watchdog pings clamd and the ping does not work.
c. clamd gets restarted by our watchdog script OR BY HAND , does not matter!
   and presents the above message...
d. running freshclam
e. clamd restarts fine.
d+e are clear cause the db is gone but why or who crashed  the db!?!?!?!
0.74 does work fine under the same circumstances..
M.Schwarz

---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] List Down

[[EMAIL PROTECTED]]

Daniel J McDonald said:
> On Tue, 2004-08-31 at 13:17, Chris Jett wrote:
>> Is the list down?  I haven't gotten any list messages since this
>> morning...
>
> No, merely slow.  It only took 4 hours to be delivered to me.  What do
> you want?  Back in the bad old days we only got mail once a month, over
> a 1200 baud modem, in the snow, uphill both ways!  And you're
> complaining about a 4-hour delay?  Young whippersnapper! ;-)
> --
> Daniel J McDonald, CCIE 2495, CNX
> Austin Energy
>

1200 baud?  Slow down, sonny!  It wasn't that long ago that I was working
at 50 baud with 5 bit code.  Then some smart-aleck invented the lower case
alphabet and we move to a blazing 56.8 baud and added a bit for the shift
character.


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Can I submit a file if I'm not sure it's a virus?

[[EMAIL PROTECTED]]

D.J. Fan said:
> I just received 3 emails with a subject of 'foto' or 'fotos'
> and a zip attachment named 'foto.zip' with 'calc.exe' and 'foto.htm'
> contained therein that passed through 3 different scanners undetected.
>
> I don't want to infect my own machine by opening it.
>
> Can I forward it to someone to check it out?
>

Check it at http://test-clamav.power-netz.de/


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Notification E-mail

[[EMAIL PROTECTED]]

Christopher X. Candreva said:
> On Mon, 20 Sep 2004, Jonathan Pitcher wrote:
>
>> Is it possible to send a message onto the user that they had an e-mail
>> blocked?  Or to an admin stating that [EMAIL PROTECTED] had a virus sent to
>> them?
>
> Yes.
>
> It is also a bad idea.
>
> Since most viruses forge the From: address, you will not be proideing any
> usefull information.
>

And since most users are idiots, you'll create needless anxiety and extra
work for the admin who has to explain that the message you've sent is
bogus.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Re: Windows port ?

[[EMAIL PROTECTED]]

Fajar A. Nugraha said:
> Tomasz Kojm wrote:
>
>>>I didn't use any source code from orginal project.
>>>This full object oriented C++ rewriting.
>>>I can send source code to project manager I you want to check about
>>>this. I don't modify the DB, I only download it and use it. I display
>>>DB copyright in the About Window.
>>>
>>>
>>
>>The database is treated as a library and not an executable. Loading it
>>into your program requires it to be GPL compliant.
>>
>>
>>
> How is that so?
>  From daily.cvd's COPYING :
>
> -GNU GENERAL PUBLIC LICENSE Version 2
> Isn't LGPL more suitable for libraries?
> -   1. You may copy and distribute verbatim copies of the Program's
> source code as you receive it, in any medium ...
>  He didn't distribute it. He just use it
> -   2. You may modify your copy or copies of the Program or any portion
> of it ...
> He didn't modify it
> -   3. You may copy and distribute the Program ...
> It's not a program, but again, he didn't copy and distribute it.
> -   4. You may not copy, modify, sublicense, or distribute the Program
> except as expressly provided under this License.
>  He did not copy, modify, sublicense, or distribute the Program :)
>
> And so on 
> So the question is, is GPL a suitable license for clamav virus db?
> Or perhaps it is necessary to make-up your own licensing scheme?
>
> How is his using clamavdb (but does not distribute it), be different
> from hosting appliances (Ensim, CPanel, etc) which uses numerous open
> source programs on Linux (apache, mysql, and even clamav) but does not
> distribute it? I don't see Ensim released as GPL.
>

The Barracuda spam filter appears to at least use the clam database.  Does
Barracuda also distribute source as required by the GPL?


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Re: Windows port ?

[[EMAIL PROTECTED]]

Odhiambo Washington said:
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20040922 11:02]: wrote:
> [..]
>
>> The Barracuda spam filter appears to at least use the clam database.
>> Does
>> Barracuda also distribute source as required by the GPL?
>
> Spam filter?
>

That's how they advertise their appliance.  Look at
http://www.barracudanetworks.com/.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: [Clamav-users] Re: Re: Re: Windows port ?

[[EMAIL PROTECTED]]

Steffen Heil said:
> Hi
>
>> As stated by the GPL, you should provide source code for a GPL
>> executable
> or library.
>> Could you provide me source code for the database please ?
>
> Hey, come on, this is getting a sensless discussion.
> If you do not agree with the licence holders position, don't use it. It is
> theirs.
> Using others information without permission is illegal.
> The database is it's own source code, so you have it.
> Just as with scripts. There, the executable IS the source code.
>

I think the question of availablity of database source is legitimate given
the context of this entire discussion.  The position of the database being
GPL without source is not logical.  It is either GPL, with source, or it
is something else.

The database is not a script.  It is a binary compilation.

Since a portion of the product itself is not compliant, it appears to me
that the GPL is not the correct license.  Why should anyone else pay
attention if the complainant violates his own contract in the same manner.
 As has already been mentioned, there are several commercial products
using the database without attribution and without distributed source.

Perhaps the community needs to come up with a license more in line with
the intentions of the developers in order to properly protect their hard
work.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: Re: Windows port ?

[[EMAIL PROTECTED]]

Stefke said:
> Advise to Remi.
>
> Create your own database structure, write a GPL'ed program that converts
> Clamav's DB to your own, use your own DB in your "Free but closed source"
> program
>

I think that this violates the viral nature of the GPL.  You are still
requiring the use of a GPL product.  You've just added a layer of
abstraction.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: [Clamav-users] Re: Re: Re: Windows port ?

[[EMAIL PROTECTED]]

Kevin Spicer said:
> On Wed, 2004-09-22 at 14:25, [EMAIL PROTECTED] wrote:
>
>> The database is not a script.  It is a binary compilation.
>
> It's not a script, true, but it also is not a binary compilation.  If
> you look inside any of the database files unpacked by sigtool (sigtool
> --unpack) you'll note that they are actually a plain text files, one
> line per entry.  So I think the previous posters point about them being
> analagous to scripts in that they are their own source is valid.
>

Zip files are compressed/packed too.  Would you consider them source?  Or
a container.

I was using the term binary as in machine readable.  And compilation as
defined by Merriam-Webster: 'to collect and edit into a volume'

Perhaps not the best choice of wording, but very apparent to me when I
wrote it.

Source is generally accepted as human readable.  A 'cat daily.cvd' yields
something other than human readable.

The act of unpacking is akin to running a disassembler/unzip/etc.

In the end, it is the property of the developers.  I just don't see GPL as
the correct choice for clearly defining the nature of the product.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: [Clamav-users] Re: Re: Re: Windows port ?

[[EMAIL PROTECTED]]

Graham Toal said:
>> > The database is not a script.  It is a binary compilation.
>>
>> It's not a script, true, but it also is not a binary compilation.  If
>> you look inside any of the database files unpacked by sigtool (sigtool
>> --unpack) you'll note that they are actually a plain text files, one
>> line per entry.  So I think the previous posters point about them being
>> analagous to scripts in that they are their own source is valid.
>
> Fortunately the way this project works is that users upload samples
> of viruses, not signatures.  That makes the signatures an original
> work of the project and should be defendable; there is an implicit
> copyright on the work even if it is not explicitly asserted.  The
> signatures clearly reflect 'sweat of the brow' effort; they are
> not simply a collection of other people's work.
>
> If the converse had been true, and the project admins wanted to restrict
> use of uploaded signatures, then they would have needed to assert a
> compilation copyright in the database text file from the start.  If that
> had not already in place, they would have had a lot of difficulty
> restricting distribution, had it come to court, and if they wanted to
> start asserting a copyright at a late stage in the project they would
> have had to re-collect the signatures from user contributions after
> getting an explicit transfer of copyright from contributors.
>
> I am not a lawyer but I did once go through a very similar exercise.
>
> Bottom line, should anyone ever get serious about legal action in
> a project like this, be prepared to spend significant sums of money on
> lawyers.  6 or 7 figures for something like this.
>
> I really objected to paying our lawyers more for a 1hr consultation
> than I earned in a month.
>
>
> G
> PS If the database is collected/built/stored in Europe then all
> bets are off.  Totally different game from America.
>

I'm not a lawyer either, but I saw one in the wild once.

I'm happy to live with the spirit of the license and use the product as
intended.  I also think that the GPL language clear with regard to reuse
of components.  I just don't think that its the perfect license for this
product.

ClamAV is still awesome.  The ability to add my own signatures coupled
with quick updates makes it an ideal solution for me.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Password Protected Zip file

[[EMAIL PROTECTED]]

Amit Keshan said:
> Hi!
>
> I installed Clam on my server and realized that it is not allowing emails
> to be send if a passowrd protected zip file is attached.  One of my esteem
> client is really upset with it and is planning to shift his hosting within
> a day or two if this issue is not resolved. Please help.
>
> Thanks,
> Amit
>

ClamAV only scans when requested and reports its findings to the calling
application.  Are you using clamdscan?  How are you calling it and did you
intend to scan traffic in both directions?  If you are using the milter,
then I don't know.  I don't use it, but plenty of others do.


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] ERROR: JPEG.Comment

[[EMAIL PROTECTED]]

Christopher X. Candreva said:
> On Wed, 29 Sep 2004 [EMAIL PROTECTED] wrote:
>
>>  ... It's interesting that viruses are finally starting to implement
>> what
>> we were joking about in 1995 at high school...
>
> It's interesting we were making similar jokes in 1985 in high school.
>
>

And back in the old days, we were lucky to have jokes at all.  Mostly had
to make due with amusing limericks...  In the snow.
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] LibClamAV Error: cl_loaddb(): Can't open file 0f09417ac291/main.hdb/daily.cvd

[[EMAIL PROTECTED]]

I've just installed and although freshclam appears to work clamscan doesn't.  
I get the following error:

[EMAIL PROTECTED] kec]# clamscan --debug messages
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/main.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = a6a7d166b04ca63ab399058cda193eda
LibClamAV debug: Decoded signature: a6a7d166b04ca63ab399058cda193eda
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-e70a0f09417ac291/COPYING
LibClamAV debug: Unpacking /tmp/clamav-e70a0f09417ac291/main.db
LibClamAV debug: Unpacking /tmp/clamav-e70a0f09417ac291/main.hdb
LibClamAV debug: Loading databases from /tmp/clamav-e70a0f09417ac291
LibClamAV debug: Loading /tmp/clamav-e70a0f09417ac291/main.db
LibClamAV debug: Initializing main node
LibClamAV debug: Initializing trie
LibClamAV debug: Initializing BM tables
LibClamAV debug: in cli_bm_init()
LibClamAV debug: BM: Number of indexes = 63744
LibClamAV debug: Loading /tmp/clamav-e70a0f09417ac291/main.hdb
LibClamAV debug: Initializing md5 list structure
LibClamAV Error: cl_loaddb(): Can't open file 0f09417ac291/main.hdb/daily.cvd
LibClamAV debug: cl_loaddbdir(): error loading database 
0f09417ac291/main.hdb/daily.cvd
ERROR: Unable to open file or directory

--- SCAN SUMMARY ---
Known viruses: 26630
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 1.737 sec (0 m 1 s)

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Why use amavis over simscan?

[[EMAIL PROTECTED]]

I'm setting up some email gateways for small businesses and was wondering what 
program the people on this list would use to combine clam and spamassassin for 
an email gateway.

-- 
Thomas J. Raef
e-Based Security, Inc.
[EMAIL PROTECTED]

"You're either hardened - or you're hacked!"
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] libclamav problems

[[EMAIL PROTECTED]]

I am running Debian woody and had clam-0.80 working fine. I tried installing 
SquidClamAV_Redirector which required libclamav.

I downloaded libclamav1 from Debian, installed it and now I get this:

/usr/bin/freshclam: error while loading shared libraries: libgmp.so.3:
cannot open shared object file: No such file or directory

libgmp.so.3 is on my system, any help is greatly appreciated.
-- 
Thomas J. Raef
e-Based Security, Inc.
[EMAIL PROTECTED]

"You're either hardened - or you're hacked!"
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamd logging virus event

[[EMAIL PROTECTED]]

Dear all,

   Bcoz of Worm.Bagle worm, we had to upgrade clamd scan engine from 0.70 to 
0.81. Everything go fine after upgraded (and fine tuning of conf file), mail 
server can block income and outgo mail by using clamd + clamav-milter + 
sendmail under RH 7.3
   But we found that the current version of clamd had not logging the scanning 
event like 0.70 to the log (which defined at clamav.conf/clamd.conf, 
"LogFile"). At 0.70, when a virus detected, a message like "stream: 
Worm.SomeFool.P FOUND" will be found at clmad log file. But now the log file 
just logged the start/stop event of clamd.

  Anything i missed? We used flag
  CLAMAV_FLAGS="--max-children=20 -NlH /var/run/clamav/clmilter.sock"
to start clamav-milter and 
  define "LogFile /var/log/clamav/clamd.log" at clamd.conf

  Thank for helping.
Martin

___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] clamav-milter error message

[[EMAIL PROTECTED]]

Hi,

After upgrade from 0.70 to 0.81, we found the following message in our 
clamd.log for all Clean Message
clamav-milter[32063]: Failed to delete X-Virus-Status header 1

We currently using ClamAV version 0.81, clamav-milter version 0.81b
and use
CLAMAV_FLAGS="--max-children=20 -CNlH /var/run/clamav/clmilter.sock" to start 
clamav-milter
and define the following in clamd.conf
LogFile
LogTime
LogSyslog
LogFacility LOG_LOCAL6

Actually we only want to log the virus name for those infected mail in the 
clamd.log just like what we have in the 0.70 version. Is there any configure I 
still have to do?

Thanks!
Teresa




___
No banners. No pop-ups. No kidding.
Make My Way your home on the Web - http://www.myway.com
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] reply question in mail list

[[EMAIL PROTECTED]]

 from 
  http://lists.clamav.net/lurker/list/clamav-users.en.html
 i known that to post a new thread to mail list, just compose a email to [EMAIL 
PROTECTED] But how can i reply a question / archive from web-based maillist 
reader?
 Thank for helping.


___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

[Clamav-users] Problem whit clamav-milter

[[EMAIL PROTECTED]]

Hi all:

I start having  troubles since i upgrade   clamav to version 
0.85.1-1.0. 
Since this clamav-milter log this in maillog but keep running:

Milter (clamav): read returned -1: Connection reset by [xxx.xxx.xxx.xxx]
Milter (clamav): to error state
Milter (clamav): init failed to open
Milter (clamav): to error state

After logs a lot of that log this and stop running:

Milter (clamav): to error state
Milter (clamav): error connecting to filter: No such file or directory

I using clamav-milter whit sendmail version  8.12.8-9.90 and my milter config. 
line is this:

Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m


Someone know this error?

I see lot of milters for clamav, some of them is better than clamav-milter?

Thanks

Jose I. Callero

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem whit clamav-milter

[[EMAIL PROTECTED]]

Yes de first step of debugging in ok . 
When i upgrade clamav i uninstall de old version and the config files. 
The  socket have the right perms.
Is a good idea chage the option in sendmail so i did it.
The problem is weird, because the milter fail some times not all time. I watch 
the log for other problems when clamav-milter fail but i no see nothing.
In system messages apear this when clamav-milter fail: 


May 19 04:29:18 smtp clamav-milter[32150]: ClamAv: thread_create() failed: 12, 
abort
May 19 04:29:34 smtp clamav-milter[32150]: Stopping ClamAV version 0.85.1, 
clamav-milter version 0.85
May 19 04:30:00 smtp clamav-milter: clamav-milter shutdown failed


the first line apear 14 times.


Thanks
Jose I. Callero.



On Thursday 19 May 2005 04:58 pm, Dennis Peterson wrote:
> [EMAIL PROTECTED] said:
> > Hi all:
> >
> > I start having  troubles since i upgrade   clamav to version 0.85.1-1.0.
> > Since this clamav-milter log this in maillog but keep running:
> >
> > Milter (clamav): read returned -1: Connection reset by [xxx.xxx.xxx.xxx]
> > Milter (clamav): to error state
> > Milter (clamav): init failed to open
> > Milter (clamav): to error state
> >
> > After logs a lot of that log this and stop running:
> >
> > Milter (clamav): to error state
> > Milter (clamav): error connecting to filter: No such file or directory
>
> Do some debugging: Does that socket exist? Does your clamav config file
> agree with your sendmail.cf file about that location? Are ownerships and
> permissions correct?
>
> Since you have upgraded, did you properly uninstall the previous version?
> If not you may have multiple or fragmented installations that are
> confusing you and or your executables. It happens a lot. Depending on what
> version you upgraded from, for example, you may not be aware the current
> version of clamd config file has a new name (clamd.conf - was
> clamav.conf). There may be other significant changes to parameters you
> should know about.
>
> > I using clamav-milter whit sendmail version  8.12.8-9.90 and my milter
> > config.
> > line is this:
> >
> > Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m
>
> With F=R as you have here any such failures will result in a mail
> rejection. You might consider using F=T so that the sending system can try
> again when your system is running correctly.
>
> > Someone know this error?
> >
> > I see lot of milters for clamav, some of them is better than
> > clamav-milter?
>
> Examine your requirements and compare them to milter features. Perhaps
> there is one out there that better suits your needs. I use J-Chkmail.
>
>
>
> ___
> http://lurker.clamav.net/list/clamav-users.html
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Re: clamav-milter hangs/crashes when freshclam actuallyupdates

[[EMAIL PROTECTED]]

Hello
I got same problem after updated to 0.84.
clmilter options:
clamav_milter_flags="--quiet --max-children=50 --force-scan --noxheader --quarantine-dir=/var/spool/quarantine"
sendmail.mc:
INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, F=, 
T=S:4m;R:4m')

I tryed max-children=10 and =100.
But same error was logged at clamd.log, after freshclamd had updated to 
newer *.cvd files.

clamd.log:
LibClamAV Warning: Not reloading database until idle - waiting for 2 
children
LibClamAV Warning: Waiting for 1 children until databae reload
LibClamAV Warning: Not accepting inputs at the moment
LibClamAV Warning: Not accepting inputs at the moment

The only "solution" is to start or restarting clamav-milter.
Me too.
My freshclamd.conf is configured to restart clamav-milter, whenever 
freshclamd updates to newer *.cvd versions.

# Run command after successful database update.
# Default: disabled
OnUpdateExecute /usr/local/etc/rc.d/clamav-milter.sh restart
regards
yagisawa 

___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Clamav-milter dies after working ok for some hours

[[EMAIL PROTECTED]]

Hi

We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ 
accounts.

Since last week we are experimenting several errors with this combination. 
Tried to upgrade to latest version, with same results, so now we downgraded 
to our last "stable" situation, running clamav and milter version 0.83, and 
sendmail 8.12.8.

Basically what happens is that clamav-milter dies, and then sendmail starts 
to refuse commands.

I believe it is a 3 face thing.

First it is common to see logs like this one, but mail still works:
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): read 
returned -1: Connection reset by remote.host.com
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to 
error state
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): init 
failed to open
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to 
error state
May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter: initialization 
failed, rejecting commands

Some minutes laters, we start to see:
May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): error 
connecting to filter: Connection refused by /var/clamav/clmilter.socket
May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): to 
error state
May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter: initialization 
failed, rejecting commands
May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): error 
connecting to filter: Connection refused by /var/clamav/clmilter.socket
May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): to 
error state

When it finally dies, we see:
May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): 
write(D) returned -1, expected 5: Broken pipe
May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to 
error state
May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter: 
[EMAIL PROTECTED], reject=550 5.7.1 Command rejected
May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): local 
socket name /var/clamav/clmilter.socket unsafe
May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to 
error state
May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter: initialization 
failed, rejecting commands

At this point, clamav-milter is gone, and the sockets is non existant. 
Sendmail accepts connections, but refuses to receive any command.

If we restart clamav-milter, it works again smoothly for about 3-6 hours.

Any clue?

Please let us know what other information might me useful to debug this. The 
relevant configuration parts are:

clamd.conf:
 PidFile /var/run/clamav/clamd.pid
 LocalSocket /var/run/clamav/clamd.sock

/etc/sysconfig/clamav-milter:
CLAMAV_FLAGS="
--config-file=/etc/clamd.conf
--max-children=240
--force-scan
--quiet
--dont-log-clean
--noreject
--dont-scan-on-error
-ol local:/var/clamav/clmilter.socket

/etc/mail/sendmail.cf:
 Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m

Thanks. 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav-milter dies after working ok for some hours

[[EMAIL PROTECTED]]

Hi.

The OS is RedHat 9 whit 2.4.21-27.ELsmp kernel.
And the server is a IBM X235 whit 6 SCSI 360 36Gb. (in raid5 by software)
The processors are 2 Intel(R) XEON(TM) CPU 1.80GHz.
Have 2Gb of RAM and cero swap used.

Thanks

Jose I. Callero

On Monday 23 May 2005 02:53 am, Damian Menscher wrote:
> On Sun, 22 May 2005, [EMAIL PROTECTED] wrote:
> > We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+
> > accounts.
>
> What OS (be specific) and hardware?
>
> Do the failures have a strong time correlation with database updates?
>
> Damian Menscher
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav-milter dies after working ok for some hours

[[EMAIL PROTECTED]]

Hi.
I try this option, but i still have the same problem...

Thanks
JCallero
On Monday 23 May 2005 02:46 am, George Chelidze wrote:
> [EMAIL PROTECTED] wrote:
> > Hi
> >
> > We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+
> > accounts.
> >
> > Since last week we are experimenting several errors with this
> > combination. Tried to upgrade to latest version, with same results, so
> > now we downgraded to our last "stable" situation, running clamav and
> > milter version 0.83, and sendmail 8.12.8.
> >
> > Basically what happens is that clamav-milter dies, and then sendmail
> > starts to refuse commands.
> >
> > I believe it is a 3 face thing.
> >
> > First it is common to see logs like this one, but mail still works:
> > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav):
> > read returned -1: Connection reset by remote.host.com
> > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to
> > error state
> > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav):
> > init failed to open
> > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to
> > error state
> > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter:
> > initialization failed, rejecting commands
> >
> > Some minutes laters, we start to see:
> > May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav):
> > error connecting to filter: Connection refused by
> > /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[5757]:
> > j4L8R3qX005757: Milter (clamav): to error state
> > May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter:
> > initialization failed, rejecting commands
> > May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav):
> > error connecting to filter: Connection refused by
> > /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[6018]:
> > j4L8RRqX006018: Milter (clamav): to error state
> >
> > When it finally dies, we see:
> > May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav):
> > write(D) returned -1, expected 5: Broken pipe
> > May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to
> > error state
> > May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter:
> > [EMAIL PROTECTED], reject=550 5.7.1 Command rejected
> > May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav):
> > local socket name /var/clamav/clmilter.socket unsafe
> > May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to
> > error state
> > May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter:
> > initialization failed, rejecting commands
> >
> > At this point, clamav-milter is gone, and the sockets is non existant.
> > Sendmail accepts connections, but refuses to receive any command.
> >
> > If we restart clamav-milter, it works again smoothly for about 3-6 hours.
> >
> > Any clue?
> >
> > Please let us know what other information might me useful to debug this.
> > The relevant configuration parts are:
> >
> > clamd.conf:
> >  PidFile /var/run/clamav/clamd.pid
> >  LocalSocket /var/run/clamav/clamd.sock
> >
> > /etc/sysconfig/clamav-milter:
> > CLAMAV_FLAGS="
> > --config-file=/etc/clamd.conf
> > --max-children=240
> > --force-scan
> > --quiet
> > --dont-log-clean
> > --noreject
> > --dont-scan-on-error
> > -ol local:/var/clamav/clmilter.socket
> >
> > /etc/mail/sendmail.cf:
> >  Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m
> >
> > Thanks.
> > ___
> > http://lurker.clamav.net/list/clamav-users.html
>
> try --external
>
> Best Regards,
___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] clamav-milter dies

[[EMAIL PROTECTED]]

Hi,

Since the last version - ClamAV version 0.85.1, clamav-milter version 0.85, 
we are getting constant crashes of clamav-milter, syslog errors below:


clamav-milter[10246]: ClamAv: thread_create() failed: 12, try again
clamav-milter[10246]: ClamAv: thread_create() failed: 12, abort

Any ideas?

Cheers,

Luci 


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter dies

[[EMAIL PROTECTED]]

At 12:44 PM 6/1/2005, you wrote:

What OS and version?  Did you install from precompiled binaries or
source?

Thomas


Fedora Core 2, compiled form source. This issue was not present in previous 
milter versions. Some startup issues were also encountered, but were not 
documented when first installed.




___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter dies

[[EMAIL PROTECTED]]

At 01:08 PM 1/06/2005, you wrote:


What are the entries in /var/log/clamd.log (or whatever you
use?)

N.



The last relevant bits:

LibClamAV Warning: Not reloading database until idle - waiting for 2 children
LibClamAV Warning: Not accepting inputs at the moment
LibClamAV Warning: Not accepting inputs at the moment
LibClamAV Warning: Not accepting inputs at the moment
... and so on.

The milter is also started with --max-children (but I assume that is not 
causing the thread creation problem when limit reached).


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter dies

[[EMAIL PROTECTED]]

If the issue is with clamav, the milter should probably not die as a side 
effect.


At 01:51 PM 1/06/2005, you wrote:
Please read my post to this list on Mon, 30 May 2005 10:58:58 -0500 with 
subject line Clamav not accepting inputs.


I suppose I should add that to the wiki at some point, though hopefully a 
new release will be out soon anyway.


___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter dies

[[EMAIL PROTECTED]]

To clarify, the milter isn't dying... it's just refusing to accept inputs 
(there's a difference).  And the issue is with the milter, not with libclamav.



In my case the milter is dying, and needs to be re-started... (started 
should I say).


___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] limit the temporary files location

[[EMAIL PROTECTED]]

Hello!

is there a way to limit say

TemporaryDirectory usage from clamd to a certain
level

if not than, what's a work around

to getting the TemporaryDirectory kept clean
and not risk overusing from clamd?


thank

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] probelm installing clam av, zlib dependancy

[[EMAIL PROTECTED]]

Erez Epstein wrote:
> Hello,
>
> i have a problem when i try to install clam av.
> after running rpm -i
>
> [EMAIL PROTECTED] GZ]# rpm -ivh clamav-0.87-1.i386.rpm
> warning: clamav-0.87-1.i386.rpm: V3 DSA signature: NOKEY, key ID 06827e33
> error: Failed dependencies:
>zlib >= 1.2.2 is needed by clamav-0.87-1.i386
>
> so i tried to update zlib to ver 1.2.2
> [EMAIL PROTECTED] GZ]# rpm -Uvh zlib-1.2.2.2-5.fc4.i386.rpm
> error: Failed dependencies:
>zlib = 1.2.1.2 is needed by (installed) zlib-devel-1.2.1.2-1.i386
>
> ofcourse when i try the opoosite, i get this
> [EMAIL PROTECTED] GZ]# rpm -Uvh zlib-devel-1.2.2.2-2.i386.rpm
> warning: zlib-devel-1.2.2.2-2.i386.rpm: V3 DSA signature: NOKEY, key ID
> 06827e33
> error: Failed dependencies:
>zlib = 1.2.2.2 is needed by zlib-devel-1.2.2.2-2.i386
>
>
> How can i overcome this?
>
>
> Erez
> ___
> http://lurker.clamav.net/list/clamav-users.html
remove the existing Zlib dev package.  Upgrade zlib and then install the
upgraded zlib package.

Lyle

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Help Please!

[[EMAIL PROTECTED]]

G'day Russell,

clamav page has all the answer to your needs.
http://www.clamav.net/faq.html#pagestart


Russell Bradley wrote:

>Just installed ClamAV on an Mac (10.4.8 client not server). Clamd seems to
>be running OK. 
>
>Kerio MailServer sees ClamAV just fine.
>
>
>Some basic ClamAV questions:
>
>How can I test to see if clamd is running properly?
>
>  
>
On my Debian box, i use "ps -ef | grep clam" to see if it's running.

>How do you restart the clamd daemon?
>  
>

On my Debian box, I shutdown freshclam with "invoke-rc.d
clamav-freshclam stop;"
I do "on-demand" scanning rather than have cron run run clamscan.

I am sure similar way of shutting clamav exist on Macs.

>How can I test to see if freshclam is running properly & updating the
>database?
>  
>

issue freshclam at your shell and see what happens.
It's suppose to connect to virus update site and download the db
signatures to appropriate dir (on mine, it's /var/lib/clamav/)

>Are there any Mac-specific ClamAV resources available?
>
>  
>
Other people using clamav on Macs will be able to answer this query.


[  ]


Cheers,
sanobabu.




___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Copfilter] Copy of quarantined email - *** SPAM *** [6.0/6.0] Re: [Clamav-users] Protection from W32.Sality.U

[[EMAIL PROTECTED]]

This is a multi-part message in MIME format.
BG Mahesh wrote:
> hi
> 
> I am getting few emails which are passing thru clamav. Norton says the 
> email
> is infected with W32.Sality.U
> 
> Is there an update for clamav which can protect me from W32.Sality.U? I am
> using 0.88.7

Have you submitted a sample to www.clamav.net?

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] res_close on Solaris 8

[[EMAIL PROTECTED]]

Hi, all,

I'm using Solaris 5.8 and sendmail 8.12.11 on intel cpu. I use Clamav
from the old 0.86.x. With the 0.90 version I don't able to compile the
clamav-milter because the linker says:

Undefined   first referenced
symbol in file
res_close   clamav-milter.o

the string of linker is:
gcc -g -O2 -o .libs/clamav-milter cfgparser.o output.o getopt.o 
memory.
o misc.onetwork.o clamav-milter.o  ../libclamav/.libs/libclamav.so
/usr/local/lib/libiconv.so -L/usr/local/lib -L/usr/local/ssl/lib -
L/usr/local/BerkelelyB.4.2/lib -L/usr/openwin/lib -L/usr/lib -lz -lbz2
/usr/local/lib/libgmp.so -lmilter -lsocket -lnsl -lresolv -lpthread -
R/usr/local/lib

In what library is res_close?


Naviga e telefona senza limiti con Tiscali 
Scopri le promozioni Tiscali adsl: navighi e telefoni senza canone Telecom

http://abbonati.tiscali.it/adsl/

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] res_close on Solaris 8

[[EMAIL PROTECTED]]

Hi, all,

I'm using Solaris 5.8 and sendmail 8.12.11 on intel cpu. I use Clamav 
from the old 0.86.x. With the 0.90 version I don't able to compile the 
clamav-milter because the linker says:

Undefined   first referenced
 symbol in file
res_close   clamav-milter.o

the string of linker is:
gcc -g -O2 -o .libs/clamav-milter cfgparser.o output.o getopt.o memory.
o misc.onetwork.o clamav-milter.o  ../libclamav/.libs/libclamav.so 
/usr/local/lib/libiconv.so -L/usr/local/lib -L/usr/local/ssl/lib -
L/usr/local/BerkelelyB.4.2/lib -L/usr/openwin/lib -L/usr/lib -lz -lbz2 
/usr/local/lib/libgmp.so -lmilter -lsocket -lnsl -lresolv -lpthread -
R/usr/local/lib

In what library is res_close?

Thank you very much

Guido


Naviga e telefona senza limiti con Tiscali 
Scopri le promozioni Tiscali adsl: navighi e telefoni senza canone Telecom

http://abbonati.tiscali.it/adsl/

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Problem with clamassassin

[[EMAIL PROTECTED]]

Hello,

I use Postfix, Clamassassin 1.2.3, Clamav 0.9 on a Debian 3.1 System.

All was good.
Last week i got a virus in my incoming-folder.

So i realized, that clamassassin is not running without error:

mailheader:

X-Virus-Status: Failed
X-Virus-Report: /usr/local/bin/clamscan error 40
X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 
0.90/2618/Wed Feb 21 15:07:53 2007 signatures 42.


What shall I do ?

Any suggestions?

Thanx

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem with clamassassin

[[EMAIL PROTECTED]]

[EMAIL PROTECTED] schrieb:

Hello,

I use Postfix, Clamassassin 1.2.3, Clamav 0.9 on a Debian 3.1 System.

All was good.
Last week i got a virus in my incoming-folder.

So i realized, that clamassassin is not running without error:

mailheader:

X-Virus-Status: Failed
X-Virus-Report: /usr/local/bin/clamscan error 40
X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 
0.90/2618/Wed Feb 21 15:07:53 2007 signatures 42.


What shall I do ?

Any suggestions?

Thanx



Ok - i have made a downgrade to Clamav 0.88.7 - the version before 0.9

Clamassassin runs now - perfect.

Why does the Version 0.9 not work?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem with clamassassin

[[EMAIL PROTECTED]]

Daniel T. Staal schrieb:

On Wed, February 21, 2007 11:57 am, [EMAIL PROTECTED] said:


Ok - i have made a downgrade to Clamav 0.88.7 - the version before 0.9

Clamassassin runs now - perfect.

Why does the Version 0.9 not work?



From the Clamassassin announce mailing list:



   The problem is that clamscan has removed the --mbox option which was
required in old versions of ClamAV when scanning an email message.  Now
clamscan can scan email messages without any special options and the
--mbox option was removed.  In ClamAV 0.90, running clamscan with this
option will no longer work.  clamassassin had used this option for
compatibility with older versions of ClamAV, so clamassassin will fail
to work with ClamAV's clamscan.

   I am testing a version which fixes this problem.  In the meantime
you have two options:


Daniel T. Staal



Which options do i have ?
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9

[[EMAIL PROTECTED]]

I am experiencing the same problems.

We have two quad CPU E450's running Solaris 9 handling the incomming mail
on our domains. These servers are generally very busy.

I initially installed clamav 0.90 with experimental code enabled. Compiled
in this way clamd would crash every 2 minutes without any indication in
the logs as to what the problem was.

I then installed 0.90 without experimental code. Compiled in this way it
would crash every 8 minutes or so. I then reverted to 0.88.7 which runs
without any problems.

When 0.90.1 was released I installed it and experienced the exact same
problems (dying within a couple of minutes).

No log rotations were occurring at the time that it died.

I installed 0.90.1 on our outbound server which is also running Solaris 9.
This server is a lot quieter than our incomming servers. On this server
clamd will die intermitantly (at busy times) but not as frequently as on
our inbound servers.

>From what I can see on our quad CPU machines, using top to view system
performance clamd eventually uses 100% CPU and then dies.

I hope someone can help with this as I would really like to upgrade to the
0.90 release.

I have another server running Suse. Although this server is also not that
heavily loaded I have not experienced any problems on that platform.


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] freshclam ERROR: Can't open new file...

[[EMAIL PROTECTED]]

Hi,
I've just built from sources and installed clamav-0.60, according to the
User Manual.

My problem is that when I try to run this command

freshclam -v -l /var/log/clam-update.log --log-verbose

I *always* get the following errors messages

Checking for a new database - started at Tue Sep 16 15:11:34 2003
ERROR: Can't open new file ./5bb82cbfa3669e7f to write
ERROR: Can't download viruses.db from clamav.elektrapro.com

repeated for each entry in /usr/share/clamav/mirrors.txt 

Please note that:
1) I've run the command as root
2) I've created clam-update.log according to the User Manual, i.e.
-rw---1 clamav   root  761 Sep 16 15:16 /var/log/clam-update.log

TIA for any help
Roberto




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] whish list ?

[[EMAIL PROTECTED]]

On Sat, 2003-11-29 at 14:51, Gianmarco wrote:
> 1) A possibility to automagically refuse some (defined in the config) 
> attachment like *.pif, *.lnk,  *.scr and so on and generate an alert like 
> "UNAUTHORIZED MAIL ATTACH"  etc etc...
> 
> 2) Have the possibility to use a "template" like message for the mail that is 
> sent back to the sender/recipient/admin.
> 
> 3) If the 2) is not possible Is possible to have more vars (than the existent 
> %v  and %f) for the:
> VirusEvent COMMAND

http://www.ijs.si/software/amavisd/

Cheers,

Mike



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

DB mirrors & other support (was Re: [Clamav-users] Nude links on www.clamav.org)

[[EMAIL PROTECTED]]

On Thu, 2003-12-11 at 19:18, Fisher wrote:
> I can offer mirror space & 100Mbit pipe in Europe/Hungary. Please 
> contact me in private in case of interest.

http://www.clamav.net/doc/mirrors/clamav-mirror-howto.txt

> It is quite offtopic now I think

Yeah, this threadnevermind.

Cheers,

Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav.*

[[EMAIL PROTECTED]]

Why spend the money buying up all these domain names?  Why not just use
the country codes in front of clamav.net?

Luca, we should add something to the unofficial debian packages to let
people select their country code if we decide to go this route.  It
might be nice to have this as part of the config file or something. 
This, however, probably belongs on clamav-devel and clamav-mirrors.

I'll try to get something done with the nagios plugin for handling
mirrors what we discussed.  I've been a bit busy lately.

Cheers,

Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re:[Clamav-users] freshclam ERROR: Can

[[EMAIL PROTECTED]]

> Hi Roberto,
> Did you get a answer to your problem? I'm having exactly the same problem on Solaris 
> 9 running clamav
0.65.

I'm afraid not. I've upgraded to 0.65, but the problem stays exactly the same.
In fact, when I want to update the virusdb, I do it manually using a bash script
I've written on purpose.
If anyone would like more information to determine what the problem is, I'll be
happy to help.
Kind regards 
--
  .~.  Roberto Neri
  /V\  Registered Linux User 88943.
 /( )\ Registered Machine 37596.
 ^^-^^ Palermo, Italy.

>
> Thanks
> Peter Arnold
>
> ### Your email 
> Hi,
> I've just built from sources and installed clamav-0.60, according to the
> User Manual.
>
> My problem is that when I try to run this command
>  
> freshclam -v -l /var/log/clam-update.log --log-verbose
>
> I *always* get the following errors messages
>
> Checking for a new database - started at Tue Sep 16 15:11:34 2003
> ERROR: Can't open new file ./5bb82cbfa3669e7f to write
> ERROR: Can't download viruses.db from clamav.elektrapro.com
>
> repeated for each entry in /usr/share/clamav/mirrors.txt
>
> Please note that:
> 1) I've run the command as root
> 2) I've created clam-update.log according to the User Manual, i.e. 
> -rw---1 clamav   root  761 Sep 16 15:16 /var/log/clam-update.log
>
> TIA for any help
> Roberto
> ##
>
>



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] freshclam ERROR: Can

[[EMAIL PROTECTED]]

> Can you send me the output of
> truss -o /tmp/freshclam.truss /path/to/freshclam
> (in private mail rather than to list) ?
>
> Thomas 
>
>
Thank you for your prompt response.
I'm sorry, but I've never heard of "truss" before, nor I can find any
program by that name in clamav 0.65 or in any package of my Linux
distribution (Slackware 9.1). 
Could you please tell me where I can find it.
King regards
--
  .~.  Roberto Neri
  /V\  Registered Linux User 88943.
 /( )\ Registered Machine 37596.
 ^^-^^ Palermo, Italy.




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd service down!!

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 03:50, Marino, Santiago Maximiliano wrote:
> Jan  6 00:59:43 ges sendmail[15421]: i05Nxha7015421: Milter
> (clamav): error connecting to filter:
> Connection refused by /var/run/clamav.sock

This (^^^) makes it look like clamd died or your
sendmail milter isn't looking for the clamd socket in the right
place.  If it's configured properly, restart it.

What version of clamd are you running?

Cheers,


Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd service down!!

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 05:43, Marino, Santiago Maximiliano wrote:
> Yes, the clamd died when:
...
> but why??
> 
> sendmail 8.12.10
> 
> clamav 0.60

I think you answered your own question.  Please upgrade to at least
ClamAV 0.65.

Cheers,

Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd service down!!

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 05:53, Marino, Santiago Maximiliano wrote:
> ok, but with clamAV 0.60 (died) the sendmail service run anyway, with
> ClamAV0.65 when clamd die the smtp service die too...

Have you tried one of the latest CVS snapshots?

> Do you think about this?

I'm going to assume you're asking if I knew about this and my answer
would be "No."  I started phasing out sendmail--in lieu of postfix--on
my network earlier this year.  Only one more system to go!

If upgrading to 0.65 isn't an option and no one else on the list knows
of a workaround for you, you might be forced to run clamd under
daemontools:

http://clamav.elektrapro.com/doc/clamd_supervised/clamd-daemontools-guide.txt

> i'am sorry, my english isn't good! ;) do you understand me?
> thank!!!

I'm a native english speaker and I have similar problems at times. ;)

Cheers,

Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamd crash detection ?

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 07:02, Power-Netz (Schwarz) wrote:
> I found in the manpage docs some commands to send to clamd like PING.
> Question is now, HOW ?

I hacked out a little perl script to connect to clamd via LocalSocket
(unix socket) and put it here:

http://mikecathey.com/postfix-cyrus-amavis/clamdwatch.txt

I wasn't sure what would happen if all the clamd threads/processes where
busy.  Does the client just sit in a wait state until it's request is
serviced?

This could be hacked into a nagios/netsaint plugin quite easily.

It could probably be improved by:

* adding a check for the existence of the actual file/socket before the
IO::Socket::UNIX instance is created
* adding code to remove the dead socket file if clamd is dead (does the
default/contrib init script do this? ...then restarting the daemon
* adding TCP support
* ? *suggestions* ?

Cheers,

Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: [Clamav-users] clamd crash detection ?

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 08:57, Power-Netz (Schwarz) wrote:
> > This could be hacked into a nagios/netsaint plugin quite easily.
> 
> can snmp access local unix sockets from external? and what would it do?

I was thinking in terms of people that use a tcp socket that was
listening on a public (not localhost) interface.  If you're using the
LocalSocket option, you could set up snmpd to call the script and have
nagios query it.

> I think its not a good solution if you need to restart it anyway :)
> max. 1 minute later clamd would be restartet anyway ( we run our cronscript
> */1 ).

You could add the restart to the script.

The script could also be extended to ask clamav to scan a file that's
known to be infected and make sure that scanning is actually working.  I
though about putting the EICAR test signature in the file and then
changing the PING to a request to scan the script itself.

> Your Scripts works as far as we could test it without crashing a clamd ;)
> Time will tell

Please let me know. :)

Cheers,

Mike



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: [Clamav-users] clamd crash detection ?

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 09:12, [EMAIL PROTECTED] wrote:
> The script could also be extended to ask clamav to scan a file that's
> known to be infected and make sure that scanning is actually working.
> I thought about putting the EICAR test signature in the file and then
> changing the PING to a request to scan the script itself.

http://mikecathey.com/postfix-cyrus-amavis/clamdwatch-0.2.txt

I added the EICAR test pattern and changed the code so that it asks clamd
to scan itself.  This should let you know if clamd is actually
functioning.  See the code for more info.

Cheers,

Mike



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: AW: [Clamav-users] clamd crash detection ?

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 10:59, Power-Netz (Schwarz) wrote:
> Your script code does work, but does not recognize the crashed child :-(
> The parent task seems to life and answere the PING , but the actual
> used child does no longer react. Thx to you will can check the clamd a bit
> better.

Are you using the new version (0.2; which doesn't send a PING)?

If you are, then this is indeed strange.

It sounds like the clamd parent process is what answers the PING, but
passes scan requests on to it's children.  The scan request should just
sit there and hang...

I need to add some kind of trap/timeout for the scan request.

Can you reproduce the clamd "crashes" reliably?  If so, how?

Cheers,

Mike



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: AW: [Clamav-users] clamd crash detection ?

[[EMAIL PROTECTED]]

On Wed, 2004-01-07 at 10:59, Power-Netz (Schwarz) wrote:
> Your script code does work, but does not recognize the crashed child :-(
> The parent task seems to life and answere the PING , but the actual
> used child does no longer react. Thx to you will can check the clamd a bit
> better.

Try this version:

http://mikecathey.com/postfix-cyrus-amavis/clamdwatch-0.3.txt

The changes are noted at the top of the file.  The main one
is the timeout on the scan request.  I also added exit codes.

Cheers,

Mike



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: AW: AW: [Clamav-users] clamd crash detection ?

[[EMAIL PROTECTED]]

On Thu, 2004-01-08 at 04:11, Cedric Foll wrote:
> I just have a little pb with it. It's about how you find your path at
> the start of the file.
> I get the folowing error:
> [EMAIL PROTECTED] tmp]# /usr/local/bin/clamdwatch.pl
> Clamd is in an unknown state.
> It returned: /usr/local/bin/usr/local/bin/clamdwatch.pl: Can't access
> the file ERROR

Fixed.

I moved the clamdwatch scripts to make it easier for people to see the
latest version and grab what they want:

http://mikecathey.com/code/clamdwatch/

Cheers,

Mike



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] is the virus db screwed up ?

[[EMAIL PROTECTED]]

Tomasz,

On Thu, 2004-01-08 at 15:07, Tomasz Papszun wrote:
> 27645? How come? The database at the moment contains 19799 signatures.

Here's what I'm seeing on (on 2 different linux/ia32 machines):

Server1:

SNIP
$ grep -Ei 'protecting|reloaded' clamd.log
Sun Jan  4 07:37:29 2004 -> Protecting against 22167 viruses.
Mon Jan  5 15:06:47 2004 -> Protecting against 22167 viruses.
Tue Jan  6 11:18:50 2004 -> Database correctly reloaded (22172 viruses)
Wed Jan  7 01:27:18 2004 -> Database correctly reloaded (22180 viruses)
Wed Jan  7 07:25:32 2004 -> Protecting against 22180 viruses.
Wed Jan  7 07:29:25 2004 -> Protecting against 22180 viruses.
Wed Jan  7 10:31:16 2004 -> Database correctly reloaded (22181 viruses)
Wed Jan  7 14:02:37 2004 -> Protecting against 22181 viruses.
Wed Jan  7 14:04:28 2004 -> Protecting against 22181 viruses.
Wed Jan  7 20:08:07 2004 -> Database correctly reloaded (29950 viruses)
Thu Jan  8 06:14:11 2004 -> Database correctly reloaded (29953 viruses)
$ clamd --version
clamd / ClamAV version devel-20031122
$ tail -6 clamav-freshclam.log
--
ClamAV update process started at Thu Jan  8 15:07:00 2004
main.cvd is up to date (version: 13, sigs: 19603, f-level: 1, builder:
ddm)
daily.cvd is up to date (version: 78, sigs: 196, f-level: 1, builder:
tkojm)

--
SNIP

Server2:

SNIP
$ grep -Ei 'protecting|reloaded' clamd.log
Sun Jan  4 06:25:12 2004 -> Protecting against 12013 viruses.
Tue Jan  6 10:57:17 2004 -> Database correctly reloaded (12018 viruses)
Tue Jan  6 21:03:35 2004 -> Database correctly reloaded (12026 viruses)
Wed Jan  7 09:10:57 2004 -> Database correctly reloaded (12027 viruses)
Wed Jan  7 19:17:16 2004 -> Database correctly reloaded (12038 viruses)
Wed Jan  7 21:18:33 2004 -> Database correctly reloaded (19796 viruses)
Thu Jan  8 07:24:43 2004 -> Database correctly reloaded (19799 viruses)
$ clamd --version
clamd / ClamAV version 0.65-BugFixesFromCVS-20031123
 tail -6 clamav-freshclam.log
--
Checking for a new database - started at Thu Jan  8 14:29:44 2004
viruses.db is up to date.
viruses.db2 is up to date.

--
SNIP

And here's the snipped where server2 updated this morning:
SNIP
--
Checking for a new database - started at Thu Jan  8 06:29:39 2004
viruses.db is up to date.
Database updated (containing in total 19799 signatures).
Database updated from clamav.elektrapro.com.

--
SNIP

Cheers,

Mike



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] is the virus db screwed up ?

[[EMAIL PROTECTED]]

On Thu, 2004-01-08 at 15:40, Stefan Kaltenbrunner wrote:
> I think this happens everytime somebody updates an old installation that 
> used the *.db file to the new *.cvd format without deleting the old 
> files. clamd then somehow reports the sum of the signatures in these 
> files(!).

That's exactly what it was in my case. :\

Cheers,

Mike



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Re: clamdwatch

[[EMAIL PROTECTED]]

On Fri, 2004-01-09 at 08:58, Odhiambo Washington wrote:
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20040108 18:12]: wrote:
> > http://mikecathey.com/code/clamdwatch/
>
> How do I run the script?
> 

Here's an install guide:

http://mikecathey.com/code/clamdwatch/INSTALL

I just started using this in production this morning...

It's now up to version 0.6.  I changed the exit codes so that you can
just add it to your crontab with something like this:

SNIP
*/1 *   * * * root  /usr/local/bin/clamdwatch.pl -q && ( /usr/bin/killall -9 
clamd; rm -fr /var/amavis/clamd; /etc/init.d/clamav-daemon start 2>&1 )
SNIP

See the INSTALL guide for more info.

As the bottom of the install guide notes...

SNIP
NOTES: This could create problems if your virus db is somehow corrupt
and cause clamd to be killed and restarted every minute.
SNIP

If anyone has a suggestion for a more appropriate action to take in
a case where clamd doesn't find the virus pattern, please let me know.

Run freshclam manually and try again?

Cheers,

Mike



---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users