[Clamav-users] Solaris 9 and clamd
Hi Has anybody else noticed this. When running clamd with the ScanArchive config option set to yes, after a couple of minutes of running cpu usage will look like this: last pid: 2470; load averages: 6.43, 4.06, 2.71 12:16:16 77 processes: 75 sleeping, 2 on cpu CPU states: 2.6% idle, 85.0% user, 12.4% kernel, 0.0% iowait, 0.0% swap Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free PID USERNAME LWP PRI NICE SIZE RES STATETIMECPU COMMAND 833 popuser 11 590 43M 40M cpu/28:50 91.13% clamd 234 root 9 590 47M 15M sleep 14:15 0.22% java 2220 root 1 590 2888K 1776K cpu/10:00 0.20% top 2381 popuser1 590 3968K 2784K sleep0:00 0.09% exim-4.52-1 1405 popuser1 590 3464K 2664K sleep0:00 0.09% exim-4.52-1 A truss -p 833 reveals /6: lwp_park(0x, 0) = 0 /10:lwp_park(0x, 0) = 0 /3: lwp_unpark(10, 1) = 0 /4: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 /2: lwp_park(0x, 0) = 0 /3: lwp_unpark(4, 1)= 0 /4: lwp_park(0x, 0) = 0 /8: lwp_unpark(6, 1)= 0 /6: lwp_park(0x, 0) = 0 /2: lwp_park(0x, 0) = 0 /4: lwp_unpark(6, 1)= 0 /6: lwp_park(0x, 0) = 0 /3: lwp_unpark(2, 1)= 0 /8: lwp_unpark(4, 1)= 0 /2: lwp_park(0x, 0) = 0 /6: lwp_unpark(2, 1)= 0 /3: lwp_park(0x, 0) = 0 /8: lwp_unpark(3, 1)= 0 /3: lwp_park(0x, 0) = 0 /2: lwp_unpark(3, 1)= 0 /6: lwp_unpark(3, 1)= 0 /3: lwp_park(0x, 0) = 0 /8: lwp_unpark(2, 1)= 0 /2: lwp_park(0x, 0) = 0 /8: lwp_unpark(6, 1)= 0 /3: lwp_unpark(2, 1)= 0 /2: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 /3: lwp_unpark(8, 1)= 0 /8: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 ^C/2: lwp_unpark(8, 1)= 0 /10:lwp_unpark(6, 1)= 0 /4: lwp_park(0x, 0) = 0 /8: lwp_park(0x, 0) = 0 /5: lwp_park(0x, 0) = 0 /9: lwp_park(0x, 0) = 0 /3: lwp_unpark(6, 1)= 0 /11:lwp_unpark(5, 1)= 0 /7: lwp_unpark(2, 1)= 0 and that's all that seems to be happening - seems to be in an endless loop. The clamd log file has the following entries Wed Apr 11 12:11:30 2007 -> +++ Started at Wed Apr 11 12:11:30 2007 Wed Apr 11 12:11:30 2007 -> clamd daemon 0.90.1 (OS: solaris2.9, ARCH: sparc, CPU: sparc) Wed Apr 11 12:11:30 2007 -> Log file size limit disabled. Wed Apr 11 12:11:30 2007 -> Reading databases from /usr/local/share/clamav Wed Apr 11 12:11:46 2007 -> Loaded 107793 signatures. Wed Apr 11 12:11:46 2007 -> Unix socket file /usr/local/share/clamav/clamd.socket Wed Apr 11 12:11:46 2007 -> Setting connection queue length to 30 Wed Apr 11 12:11:46 2007 -> Archive: Archived file size limit set to 7340032 bytes. Wed Apr 11 12:11:46 2007 -> Archive: Recursion level limit set to 5. Wed Apr 11 12:11:46 2007 -> Archive: Files limit set to 250. Wed Apr 11 12:11:46 2007 -> Archive: Compression ratio limit set to 250. Wed Apr 11 12:11:46 2007 -> Archive support enabled. Wed Apr 11 12:11:46 2007 -> Algorithmic detection enabled. Wed Apr 11 12:11:46 2007 -> Portable Executable support enabled. Wed Apr 11 12:11:46 2007 -> ELF support enabled. Wed Apr 11 12:11:46 2007 -> Mail files support enabled. Wed Apr 11 12:11:46 2007 -> Mail: Recursion level limit set to 64. Wed Apr 11 12:11:46 2007 -> OLE2 support enabled. Wed Apr 11 12:11:46 2007 -> PDF support disabled. Wed Apr 11 12:11:46 2007 -> HTML support enabled. Wed Apr 11 12:11:46 2007 -> Self checking every 1800 seconds. Wed Apr 11 12:11:51 2007 -> /var/spool/exim/scan/1HbZno-Fq-6x/1HbZno-Fq-6x.eml: OK Wed Apr 11 12:11:51 2007 -> /var/spool/exim/scan/1HbZno-Fq-6
Re: [Clamav-users] Solaris 9 and clamd
Also, if I leave ScanArchive yes and set MaxThreads 1 then it seems to run Ok. Only problem then is that the exim processes build up waiting for service. Is there any possibility that the code used by whatever ScanArchive enables is not thread safe? > Hi > > Has anybody else noticed this. > > When running clamd with the ScanArchive config option set to yes, after a > couple of minutes of running cpu usage will look like this: > > last pid: 2470; load averages: 6.43, 4.06, 2.71 > 12:16:16 > 77 processes: 75 sleeping, 2 on cpu > CPU states: 2.6% idle, 85.0% user, 12.4% kernel, 0.0% iowait, 0.0% swap > Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free > >PID USERNAME LWP PRI NICE SIZE RES STATETIMECPU COMMAND >833 popuser 11 590 43M 40M cpu/28:50 91.13% clamd >234 root 9 590 47M 15M sleep 14:15 0.22% java > 2220 root 1 590 2888K 1776K cpu/10:00 0.20% top > 2381 popuser1 590 3968K 2784K sleep0:00 0.09% exim-4.52-1 > 1405 popuser1 590 3464K 2664K sleep0:00 0.09% exim-4.52-1 > > A truss -p 833 reveals > > /6: lwp_park(0x, 0) = 0 > /10:lwp_park(0x, 0) = 0 > /3: lwp_unpark(10, 1) = 0 > /4: lwp_park(0x, 0) = 0 > /6: lwp_park(0x, 0) = 0 > /2: lwp_park(0x, 0) = 0 > /3: lwp_unpark(4, 1)= 0 > /4: lwp_park(0x, 0) = 0 > /8: lwp_unpark(6, 1)= 0 > /6: lwp_park(0x, 0) = 0 > /2: lwp_park(0x, 0) = 0 > /4: lwp_unpark(6, 1)= 0 > /6: lwp_park(0x, 0) = 0 > /3: lwp_unpark(2, 1)= 0 > /8: lwp_unpark(4, 1)= 0 > /2: lwp_park(0x, 0) = 0 > /6: lwp_unpark(2, 1)= 0 > /3: lwp_park(0x, 0) = 0 > /8: lwp_unpark(3, 1)= 0 > /3: lwp_park(0x, 0) = 0 > /2: lwp_unpark(3, 1)= 0 > /6: lwp_unpark(3, 1)= 0 > /3: lwp_park(0x, 0) = 0 > /8: lwp_unpark(2, 1)= 0 > /2: lwp_park(0x, 0) = 0 > /8: lwp_unpark(6, 1)= 0 > /3: lwp_unpark(2, 1)= 0 > /2: lwp_park(0x, 0) = 0 > /6: lwp_park(0x, 0) = 0 > /3: lwp_unpark(8, 1)= 0 > /8: lwp_park(0x, 0) = 0 > /6: lwp_park(0x, 0) = 0 > ^C/2: lwp_unpark(8, 1)= 0 > /10:lwp_unpark(6, 1)= 0 > /4: lwp_park(0x, 0) = 0 > /8: lwp_park(0x, 0) = 0 > /5: lwp_park(0x, 0) = 0 > /9: lwp_park(0x, 0) = 0 > /3: lwp_unpark(6, 1)= 0 > /11:lwp_unpark(5, 1)= 0 > /7: lwp_unpark(2, 1)= 0 > > and that's all that seems to be happening - seems to be in an endless > loop. > > The clamd log file has the following entries > > Wed Apr 11 12:11:30 2007 -> +++ Started at Wed Apr 11 12:11:30 2007 > Wed Apr 11 12:11:30 2007 -> clamd daemon 0.90.1 (OS: solaris2.9, ARCH: > sparc, CPU: sparc) > Wed Apr 11 12:11:30 2007 -> Log file size limit disabled. > Wed Apr 11 12:11:30 2007 -> Reading databases from /usr/local/share/clamav > Wed Apr 11 12:11:46 2007 -> Loaded 107793 signatures. > Wed Apr 11 12:11:46 2007 -> Unix socket file > /usr/local/share/clamav/clamd.socket > Wed Apr 11 12:11:46 2007 -> Setting connection queue length to 30 > Wed Apr 11 12:11:46 2007 -> Archive: Archived file size limit set to > 7340032 bytes. > Wed Apr 11 12:11:46 2007 -> Archive: Recursion level limit set to 5. > Wed Apr 11 12:11:46 2007 -> Archive: Files limit set to 250. > Wed Apr 11 12:11:46 2007 -> Archive: Compression ratio limit set to 250. > Wed Apr 11 12:11:46 2007 -> Archive support enabled. > Wed Apr 11 12:11:46 2007 -> Algorithmic detection enabled. > Wed Apr 11 12:11:46 2007 -> Portable Executable support enabled. > Wed Apr 11 12:11:46 2007 -> ELF support enabled. > Wed Apr 11 12:11:46 2007 -> Mail files support enabled. > Wed Apr 11 12:11:46 2007 -> Mail: R
Re: [Clamav-users] Solaris 9 and clamd
> I corrected this problem on my servers by removing the MSRBL databases > from the system. CPU usage immediately dropped to normal values. > > dp > ___ Thanks. But I don't beleive I make use of MSRBL. Don't see anything like that in the clamd.conf file or in the clamav documentation for that matter. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] can clamav kill Win32 PE virus?
On Sun, 2 Sep 2007, [EMAIL PROTECTED] wrote: > Dear all: > I am a Fedora 7 user running ClamAV to protect my data on my PC > (though they're extremely rare). However today I ran into problems. My > girlfriend uses a WinXP system, which became severely infected by > viruses. Now she is going to make a system clean-up. The plan is: > > S1. Copy all her important data to a portable media; > S2. Re-format her entire file system (thus destroying everything) and > re-install WinXP; > S3. While she's doing 2, I scan the portable media using ClamAV on my > computer, and (possibly) remove the viruses which might have been > 'backed-up' along with her regular files; > S4. Copy the (possible) ClamAV-scanned data back to her computer. > > The problem is that whether Step 3 can be realized. I don't know > whether ClamAV is able to detect Win32 PE viruses. I'm fairly > confident that the PE viruses could not infect my system but I'm not > sure whether I can detect them. > > I know the above procedure is rather absurd... However I haven't came > up with other ideas. The situation is that she will stick to WinXP and > I cannot afford a Win32 antivirus software, and worst I'm not familiar > with Windows. > > I appreciate your suggestions. > > Cong > > PS. If you find my English bad, please pardon me --- I'm not a native > Englihs speaker. Thank you for your patience. > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > The Micro$ disk format program doesn't completely nuke a hard drive. Use your Fedora system and badblocks to nuke her drive to brand new drive status. The Micro$ format program lifts some data off the drive, does it's formating thingy and puts the info back down on to the drive. The 8 megabyte section beyond the Micro$ partiton is replaced exactly like it was before the re-format. After you scan and remove the nasty stuff on her drive, just copy her critical data back on to her freshly installed drive. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Remote Host Scan Using CLAMAV
On Fri, 18 Jan 2008, TRM wrote: > Hi , > i have installed clamav(KlamAV Anti-Virus Manager) in my Fedora7 box. > Using that how can i scan my remote windows client. Anyone has tried > this.. Please let me know if you have any kind of solutions > regarding my issue.. > Thanks in advance > > Tarak > > Send instant messages to your online friends http://in.messenger.yahoo.com > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > How remote is remote ? Mount the remote Windows box to a directory on the Linux box, use the options to not scan the swap(page) file(s). Use the delete option with caution. Use the Windows file system "scandisk" to make sure the Windows file system is correct and use "defrag" (turn off rearrange to make applications start faster option) to make the scanning faster. Periodically pull the drive out of the Windows machine, delete the swap(page) file(s), the "temporary internet files" and all the .tmp files in the Windows/temp directory, the history files. Watch for multiple swap files. Used to have 30 Windows boxes on the network, now just six, all CAD/CAM boxes. You should scan the Windows boxes over night, every night. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav Updating on Ubuntu
Dear People, I am trying now for a long time now to get clamav updated to first 0.92 and now on 0.93 on my Ubuntu Fiesty server I have tried all kind things compile it from scratch but also through apt-get update (will only update to 0.92) Ubuntu claims to install 0.92 but nothing changes as far I can see. Only one version is installed. Log watch keep on bugging me that I don't have to worry but that I need to update. I have been searching the web for a solution but cannot find one is there anyone how can help me out. Like to hear Frans By the way, for me it is not a solution to upgrade to the latest version of Ubuntu ! -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Financieel BV u contact op te nemen met de afzender. Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te vernietigen en de inhoud aan niemand openbaar te maken. Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden e-mail, noch voor overgebrachte virussen. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Updating on Ubuntu
Oh yes this one I forget as well when I try to add deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free in de source.list I get this response The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EC61E0B0BBE55AB3 how to solve this Regards [EMAIL PROTECTED] schreef: > You have a good point there while compiling I use /etc because that is > the place where I can find clamav > > Is it possible that Ubuntu from his resps installs it in a complete diff > directory. and if so do I frist than have to delete the present version > of clamav and than use /etc again > or do I use youre standard > > I have tried both and in the first situation all of the sudden I had two > installations and by the second Ubuntu could not found Clamav (make more > sense to me) > > And if I installed it like the first with prefix /etc after a update of > Ubuntu it sets Clamav back to 0.91 ? Also the resp from Ubuntu always > claims to install 0.92 but is does not happen! But I think that could be > a problem from Ubuntu. > > Could /etc be a problem as prefix > > Like to hear > > > > Török Edwin schreef: > >> [EMAIL PROTECTED] wrote: >> >> >>> Dear People, >>> >>> I am trying now for a long time now to get clamav updated to first 0.92 >>> and now on 0.93 on my Ubuntu Fiesty server >>> >>> I have tried all kind things compile it from scratch but also through >>> apt-get update (will only update to 0.92) Ubuntu claims to install 0.92 >>> but nothing changes as far I can see. >>> Only one version is installed. >>> >>> >>> >> What problems did you encounter when compiling from scratch? >> Keep in mind that by default it install to /usr/local, if you want to >> install to /usr you need to pass --prefix=/usr to configure. >> >> Best regards, >> --Edwin >> ___ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://lurker.clamav.net/list/clamav-users.html >> >> > > > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Financieel BV u contact op te nemen met de afzender. Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te vernietigen en de inhoud aan niemand openbaar te maken. Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden e-mail, noch voor overgebrachte virussen. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Updating on Ubuntu
You have a good point there while compiling I use /etc because that is the place where I can find clamav Is it possible that Ubuntu from his resps installs it in a complete diff directory. and if so do I frist than have to delete the present version of clamav and than use /etc again or do I use youre standard I have tried both and in the first situation all of the sudden I had two installations and by the second Ubuntu could not found Clamav (make more sense to me) And if I installed it like the first with prefix /etc after a update of Ubuntu it sets Clamav back to 0.91 ? Also the resp from Ubuntu always claims to install 0.92 but is does not happen! But I think that could be a problem from Ubuntu. Could /etc be a problem as prefix Like to hear Török Edwin schreef: > [EMAIL PROTECTED] wrote: > >> Dear People, >> >> I am trying now for a long time now to get clamav updated to first 0.92 >> and now on 0.93 on my Ubuntu Fiesty server >> >> I have tried all kind things compile it from scratch but also through >> apt-get update (will only update to 0.92) Ubuntu claims to install 0.92 >> but nothing changes as far I can see. >> Only one version is installed. >> >> > > What problems did you encounter when compiling from scratch? > Keep in mind that by default it install to /usr/local, if you want to > install to /usr you need to pass --prefix=/usr to configure. > > Best regards, > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Financieel BV u contact op te nemen met de afzender. Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te vernietigen en de inhoud aan niemand openbaar te maken. Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden e-mail, noch voor overgebrachte virussen. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Updating on Ubuntu
Oke, Than I do have a problem there I now found two clamd.conf one in /etc/clamav and one in /usr/local/etc/. So I'll think the best way is once again first remove all the clamav files I can find and than install it again from source. But how can I find which prefix to use or does it does not matter when I start from scratch and simply use /usr What strikes me a strange that I find two conf but when I check if clamav is installed it comes only back with one instalaltion and I also think that Ubuntu is installing in a diff dir than you standard so its better no the use apt-get update here ? Thanks for your support so far. Frans Török Edwin schreef: > [EMAIL PROTECTED] wrote: > >> You have a good point there while compiling I use /etc because that is >> the place where I can find clamav >> >> Is it possible that Ubuntu from his resps installs it in a complete diff >> directory. and if so do I frist than have to delete the present version >> of clamav and than use /etc again >> or do I use youre standard >> >> I have tried both and in the first situation all of the sudden I had two >> installations and by the second Ubuntu could not found Clamav (make more >> sense to me) >> >> And if I installed it like the first with prefix /etc after a update of >> Ubuntu it sets Clamav back to 0.91 ? Also the resp from Ubuntu always >> claims to install 0.92 but is does not happen! But I think that could be >> a problem from Ubuntu. >> >> Could /etc be a problem as prefix >> >> > > Yes, /etc is for configuration, not for binaries! > Usual prefixes are /usr, or /usr/local. > > You should also remove the Ubuntu package before installing the > hand-built binary. > > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Financieel BV u contact op te nemen met de afzender. Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te vernietigen en de inhoud aan niemand openbaar te maken. Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden e-mail, noch voor overgebrachte virussen. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Updating on Ubuntu
Ok, Edwin I appreciate you remark about searching the mailing list but the problem is that there is a lot support to given solutions to rebuild or build clamav but not one why every time Ubuntu is replacing now the 0.93 version with the 0.91 version. I have installed 0.93 now from scratch. I get clamav-daemon and freshclam-daemon now started (only find this ERROR: Can't save PID in file /var/run/clamd.pid not looked into this yet) lam-deamon started but I now have ERROR: Can't save PID in file /var/run/clamd.pid (have not looked into this yet) But I have finally achieved that when I use |clamscan -V thatt I get |ClamAV 0.93/6688/Wed Apr 9 16:40:38 2008 and only this not that there are two versions | And what was more disturbing that even though the clamav website gives tons of information I could not find my solution could also be my way of searching. A part of my problem is now solved because if I want to do now an upgrade for Feisty it offers me to install clamav ? As long there is nothing else to install problem because when I say yes version 0.93 is gone again at least it will not start up anymore. And adjusting de confd is not the solution. So I will never be able to use upgrade anymore (also put this on several forums by Ubuntu) Thanks for you help sofar | Török Edwin schreef: > [EMAIL PROTECTED] wrote: > >> Oke, >> >> > > http://wiki.clamav.net/Main/InstallFromSource > > >> Than I do have a problem there I now found two clamd.conf one in >> /etc/clamav and one in /usr/local/etc/. >> So I'll think the best way is once again first remove all the clamav >> files I can find and than install it again from source. >> >> But how can I find which prefix to use or does it does not matter when I >> start from scratch and simply use /usr >> >> > > A default install from source will put things into /usr/local. It is ok > this way, you can edit the config files in /usr/local/etc, run clamd > from /usr/local/sbin/clamd, ... > Since /usr is managed by dpkg it is best to not put hand-built stuff > inthere, but use /usr/local. > You can force an /usr prefix though: > ./configure --prefix=/usr --sysconfdir=/etc/clamav > > Also try searching the archives of this mailing list, I'm sure questions > like this have been answered more than once. > > >> What strikes me a strange that I find two conf but when I check if >> clamav is installed it comes only back with one instalaltion and I also >> think that Ubuntu is installing in a diff dir than you standard so its >> better no the use apt-get update here ? >> >> > > You can use apt-get update, but you should either use Ubuntu's packages, > or your own binaries, not both. > So do not apt-get install clamav-daemon if you built clamd yourself. > You should remove the packages with apt-get remove. > > Best regards, > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Financieel BV u contact op te nemen met de afzender. Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te vernietigen en de inhoud aan niemand openbaar te maken. Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden e-mail, noch voor overgebrachte virussen. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Updating on Ubuntu
Try it once more, if I do apt-get update Ubuntu will install clamav version 0.91 and will indeed downgrade this happened allready several times. Clamav is a part of one of the resp of Ubuntu but I cannot find which one otherwise I would simply uncomment that resp. And with apt-get upgrade it is or you upgrade everything or nothing at least as far as I now. It not such a big deal because I am building a new server with the latest version of Ubuntu (hardy). And for good orders sake I am talking about a server and not the desktop version of ubuntu. And this one I forgot I still have in de freshclam log this message WARNING: Local version: 0.91.2 Recommended version: 0.93. Have been reading that this should be solved in a cvd update but nothing happend here. Kind regards örök Edwin schreef: > [EMAIL PROTECTED] wrote: > >> Ok, Edwin I appreciate you remark about searching the mailing list but the >> problem is that there is a lot support to given solutions to rebuild or >> build clamav but not one why every time Ubuntu is replacing now the 0.93 >> version with the 0.91 version. >> >> I have installed 0.93 now from scratch. I get clamav-daemon and >> freshclam-daemon now started (only find this ERROR: Can't save PID in file >> /var/run/clamd.pid not looked into this yet) >> lam-deamon started but I now have ERROR: Can't save PID in file >> /var/run/clamd.pid (have not looked into this yet) >> >> > > Permissions? > > >> But I have finally achieved that when I use >> >> |clamscan -V thatt I get |ClamAV 0.93/6688/Wed Apr 9 16:40:38 2008 and >> only this not that there are two versions >> >> | >> And what was more disturbing that even though the clamav website gives tons >> of information I could not find my solution could also be my way of >> searching. >> >> A part of my problem is now solved because if I want to do now an upgrade >> for Feisty it offers me to install clamav ? As long there is nothing else to >> install problem because when I say yes version 0.93 is gone again at least >> it will not start up anymore. And adjusting de confd is not the solution.So >> I will never be able to use upgrade anymore (also put this on several forums >> by Ubuntu) >> >> > > I don't understand what you say. I can only guess: > - you are afraid that when you upgrade Ubuntu it will install an old > clamav package > - you are afraid to upgrade anything, because it might downgrade clamav > > As long as you don't have any clamav packages installed, you don't have > to worry. > Upgrading other packages won't magically install a clamav package, > neither will upgrading Ubuntu install a clamav for you. > > Best regards, > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Financieel BV u contact op te nemen met de afzender. Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te vernietigen en de inhoud aan niemand openbaar te maken. Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden e-mail, noch voor overgebrachte virussen. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Updating on Ubuntu
dpkg -l gives ii clamav-base 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix - base package ii clamav-daemon 0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon ii clamav-freshclam 0.91.2-3ubuntu2.3~feisty1downloads clamav virus databases f rom the In ii libclamav2 0.91.2-3ubuntu2.3~feisty1virus scanner library rc libclamav3 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix - libr ary apt-cache gives clamav: Geïnstalleerd: (geen) Kandidaat: 0.92.1~dfsg2-1.1~feisty1 Versietabel: 0.92.1~dfsg2-1.1~feisty1 0 500 http://nl.archive.ubuntu.com feisty-backports/universe Packages 0.90.2-0ubuntu1.6 0 500 http://security.ubuntu.com feisty-security/universe Packages 0.90.2-0ubuntu1 0 500 http://nl.archive.ubuntu.com feisty/universe Packages clamav-daemon: Geïnstalleerd: 0.91.2-3ubuntu2.3~feisty1 Kandidaat: 0.92.1~dfsg2-1.1~feisty1 Versietabel: 0.92.1~dfsg2-1.1~feisty1 0 500 http://nl.archive.ubuntu.com feisty-backports/universe Packages *** 0.91.2-3ubuntu2.3~feisty1 0 100 /var/lib/dpkg/status 0.90.2-0ubuntu1.6 0 500 http://security.ubuntu.com feisty-security/universe Packages 0.90.2-0ubuntu1 0 500 http://nl.archive.ubuntu.com feisty/universe Packages libclamav3: Geïnstalleerd: (geen) Kandidaat: 0.92.1~dfsg2-1.1~feisty1 Versietabel: 0.92.1~dfsg2-1.1~feisty1 0 500 http://nl.archive.ubuntu.com feisty-backports/universe Packages 100 /var/lib/dpkg/status I have restarted Fresclam en I deed ldconfig and also reboot the machine in total still this message freshclam daemon 0.91.2 (OS: linux-gnu, ARCH: i386, CPU: i486) ClamAV update process started at Sun May 4 21:28:41 2008 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.91.2 Recommended version: 0.93 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven) daily.inc is up to date (version: 7024, sigs: 45628, f-level: 26, builder: ccordes) clamscan and freshclam -V gives ClamAV 0.93/6688/Wed Apr 9 16:40:38 2008 whereis clamscan gives /usr/local/bin/clamscan whereis freshclam gives /usr/bin/freshclam ( is this not odd ) If I do apt-get remove clamav Ubuntu gives message clamav not installed If I do apt-get upgrade Ubuntu want to install the next Reading state information... Klaar De volgende pakketten zijn achtergehouden: clamav-daemon clamav-freshclam De volgende pakketten zullen opgewaardeerd worden: ca-certificates 1 pakketten opgewaardeerd, 0 nieuwe pakketten geïnstalleerd, 0 verwijderen en 2 niet opgewaardeerd. Er moeten 93,9kB aan archieven opgehaald worden. Na het uitpakken zal er 0B extra schijfruimte gebruikt worden. Wilt u doorgaan [J/n]? n Afbreken. Sorry but I am losing it alltough I think the solution is near. Regards Török Edwin schreef: > [EMAIL PROTECTED] wrote: > >> Try it once more, >> >> if I do apt-get update Ubuntu will install clamav version 0.91 and will >> indeed downgrade this happened allready several times. Clamav is a part >> of one of the resp of Ubuntu but I cannot find which one otherwise I >> would simply uncomment that resp. >> >> And with apt-get upgrade it is or you upgrade everything or nothing at >> least as far as I now. >> >> > What is the output of: > dpkg -l | grep clamav > apt-cache policy clamav clamav-daemon libclamav3 > >> It not such a big deal because I am building a new server with the >> latest version of Ubuntu (hardy). >> >> And for good orders sake I am talking about a server and not the desktop >> version of ubuntu. >> >> And this one I forgot I still have in de freshclam log this message >> WARNING: Local version: 0.91.2 Recommended version: 0.93. >> >> > > You need to restart freshclam, you're still running the old version. > Also run ldconfig. > > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Finan
Re: [Clamav-users] Clamav Updating on Ubuntu
Indeed you are right there is still a part of freshclam installed. When I look into the dpkg log found this 2008-05-05 10:09:09 status unpacked libclamav2 0.91.2-3ubuntu2.3~feisty1 2008-05-05 10:09:09 status unpacked libclamav2 0.91.2-3ubuntu2.3~feisty1 2008-05-05 10:09:09 status unpacked libclamav2 0.91.2-3ubuntu2.3~feisty1 2008-05-05 10:09:09 status half-configured libclamav2 0.91.2-3ubuntu2.3~feisty1 2008-05-05 10:09:09 status installed libclamav2 0.91.2-3ubuntu2.3~feisty1 Also did apt-get remove clamav-base etc after that clamav, freshclam would not start could not find shared lib libclamav2 Installed libclamav2 again and clamav starts up again but than with the remark by fresclam wrong version. Before I installed 0.93 i first did apt-get remove clamav and than went manually through Ubuntu to remove all the files related to clamav because apt-get does not remove all also not with auto remove. Oke I did not check with the functions you gave me now (I am only a short time user of Linux, but learning fast *-) ) so it seems that you cannot be sure unless you check it with more than one function. So how can I be sure that I remove all the stuff related to the old installation. Like to hear Török Edwin schreef: > [EMAIL PROTECTED] wrote: > >> dpkg -l gives >> >> >> ii clamav-base >> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix >> - base package >> ii clamav-daemon >> 0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon >> ii clamav-freshclam >> 0.91.2-3ubuntu2.3~feisty1downloads clamav virus >> databases f rom the In >> ii libclamav2 >> 0.91.2-3ubuntu2.3~feisty1virus scanner library >> rc libclamav3 >> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix >> - libr ary >> >> >> > > You need to remove these: apt-get remove clamav-base clamav-daemon > clamav-freshclam libclamav2 libclamav3 > > >> whereis freshclam gives /usr/bin/freshclam ( is this not odd ) >> >> > > You still have freshclam from the Ubuntu package installed, the 'ii' in > dpkg -l says it is installed. > > Best regards, > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Wanneer u dit bericht per abuis ontvangt, verzoekt Frans Lieshout Financieel BV u contact op te nemen met de afzender. Bovendien verzoekt Frans Lieshout Financieel BV u in dat geval deze e-mail te vernietigen en de inhoud aan niemand openbaar te maken. Frans Lieshout Financieel BV aanvaardt geen aansprakelijkheid voor onjuiste, onvolledige dan wel ontijdige overbrenging van de inhoud van een verzonden e-mail, noch voor overgebrachte virussen. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Updating on Ubuntu
Oke, Once again delete everything which relates to clamd clamav clamscan and freshclam after that dit a reboot still dpkg -l | grep clamav rc clamav-daemon 0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon rc clamav-freshclam 0.91.2-3ubuntu2.3~feisty1downloads clamav virus databases fr but two are gone clamscan -V whereis clamscan wheris freshclam dit not return any data so decided to configure 0.93 once again after starting clamav and freshclam the log gave this results CLAMAV +++ Started at Tue May 6 10:54:31 2008 clamd daemon 0.93 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 12582912 bytes. Reading databases from /var/lib/clamav Loaded 231780 signatures. LOCAL: Unix socket file /tmp/clamd.socket LOCAL: Setting connection queue length to 15 Limits: Global size limit set to 104857600 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 16. Limits: Files limit set to 1. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Mail files support enabled. OLE2 support enabled. PDF support disabled. HTML support enabled. Self checking every 600 seconds. FRESCLAM Tue May 6 11:04:18 2008 -> freshclam daemon 0.93 (OS: linux-gnu, ARCH: i386, CPU: i686) Tue May 6 11:04:18 2008 -> ClamAV update process started at Tue May 6 11:04:18 2008 Tue May 6 11:04:18 2008 -> SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES Tue May 6 11:04:18 2008 -> See the FAQ at http://www.clamav.net/support/faq for an explanation. Tue May 6 11:04:38 2008 -> Downloading main.cvd [100%] Tue May 6 11:04:38 2008 -> main.cvd updated (version: 46, sigs: 231834, f-level: 26, builder: sven) Tue May 6 11:04:40 2008 -> Downloading daily.cvd [100%] Tue May 6 11:04:40 2008 -> daily.cvd updated (version: 7040, sigs: 48318, f-level: 26, builder: ccordes) Tue May 6 11:04:40 2008 -> Database updated (280152 signatures) from database.clamav.net (IP: 217.19.16.188) So it seems to go well, but no amavis claims to see a second installation. May 6 11:10:17 myserver amavis[1200]: Found decoder for.exe at /usr/bin/rar May 6 11:10:17 myserver amavis[1200]: Using internal av scanner code for (primary) ClamAV-clamd May 6 11:10:17 myserver amavis[1200]: Using internal av scanner code for (primary) check-jpeg May 6 11:10:17 myserver amavis[1200]: Found secondary av scanner ClamAV-clamscan at /usr/local/bin/clamscan May 6 11:10:17 myserver amavis[1200]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.31, libdb 4.4 I do not know if this something to worry about will digg into this later. But what is suprising how ever that everything now is installed in usr/local and etc/local directories. I think it all went wrong after I did the upgrade which was announced by Ubuntu. I originally used the howto perfect setup for a mailserver which also used the source code and than configure instead of the apt-get. Oke I will watch my log if the problem is gone now Török Edwin schreef: > [EMAIL PROTECTED] wrote: > >> dpkg -l gives >> >> >> ii clamav-base >> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix >> - base package >> ii clamav-daemon >> 0.91.2-3ubuntu2.3~feisty1antivirus scanner daemon >> ii clamav-freshclam >> 0.91.2-3ubuntu2.3~feisty1downloads clamav virus >> databases f rom the In >> ii libclamav2 >> 0.91.2-3ubuntu2.3~feisty1virus scanner library >> rc libclamav3 >> 0.92.1~dfsg2-1.1~feisty1 anti-virus utility for Unix >> - libr ary >> >> >> > > You need to remove these: apt-get remove clamav-base clamav-daemon > clamav-freshclam libclamav2 libclamav3 > > >> whereis freshclam gives /usr/bin/freshclam ( is this not odd ) >> >> > > You still have freshclam from the Ubuntu package installed, the 'ii' in > dpkg -l says it is installed. > > Best regards, > --Edwin > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > -- Frans Lieshout Financieel BV BANJOSTRAAT 49 1312KB Almere NEDERLAND Tel : +31 (36) 5467722 Mobiel : +31 (6) 22406833 Web : http://www.flfinancieel.nl Email :[EMAIL PROTECTED] BTW NR : 812.54.43.16.B.01 KVK Lelystad : 39083803 De informatie in deze e-mail is vertrouwelijk en uitsluitend bestemd v
[Clamav-users] Phishing caught on outbound mail but not on inbound
Before I had ClamAV I used to report phishing attemps to Spamcop by mail. This does not work any longer, because ClamAV intercepts them. OK. Perfect. But, how do the phishing attemps reach me in the first place? Why aren't they caught on inbound mail, when only a few seconds later they are caught on outbound mail? This isn't just an exception. I had ten such cases yesterday. Thanks! Paul ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Newbie need help
Chan Ho said: > I set my server to download virus db automatically. However, do I > need to reload it as I see that clamd has the reload command. If so, > how to do so? > > Chan: clamd should be checking every hour by default. Look at /usr/local/etc/calmav.conf for the database integrity check. -- Bob Greene --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] GNU MP warning
i'm trying to configure clamav 0.70 on RH9 and I get message: WARNING: GNU MP 2 or newer NOT FOUND - digital signature support will be disabled ! What mean this? (I see that I have gmp libraries on default location /usr/lib) Thanks, Iulian --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Unable to create temporary directory
Am Mo, 2004-05-10 um 20.18 schrieb Todd Lyons: > [EMAIL PROTECTED] wanted us to know: > > ># Enable debug messages in libclamav. > >Debug > > Turn that off. Wherever your temp directory is, it's full right now > because debug mode doesn't delete the files after clamav is done > scanning them. Really? I will try that, thank you for your time. Viele Grüße, Peter. -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Unable to create temporary directory
Hi folks! Thank you all for that great clamav! :) I use # clamd -V clamd / ClamAV version 0.70-rc And I get sometimes some errors: May 9 19:23:30 icebear clamd[7587]: /var/spool/qmailscan/tmp/icebear.web4.hm108412340247017626/orig-icebear.web4.hm108412340247017626: Unable to create temporary directory. ERRO R May 9 19:23:50 icebear clamd[7587]: /var/spool/qmailscan/tmp/icebear.web4.hm10841234294708338/orig-icebear.web4.hm10841234294708338: Unable to create temporary directory. ERROR May 9 19:28:01 icebear clamd[464]: /var/spool/qmailscan/tmp/icebear.web4.hm108412368147022063/orig-icebear.web4.hm108412368147022063: Unable to create temporary directory. ERROR May 9 19:28:29 icebear clamd[464]: /var/spool/qmailscan/tmp/icebear.web4.hm108412370747026940/orig-icebear.web4.hm108412370747026940: Unable to create temporary directory. ERROR May 9 19:28:29 icebear clamd[15390]: SelfCheck: Database status OK. May 9 19:28:38 icebear clamd[464]: /var/spool/qmailscan/tmp/icebear.web4.hm108412371747019953/orig-icebear.web4.hm108412371747019953: Unable to create temporary directory. ERROR May 9 19:29:08 icebear clamd[30119]: /var/spool/qmailscan/tmp/icebear.web4.hm108412374747015746/orig-icebear.web4.hm108412374747015746: Unable to create temporary directory. ERR OR May 9 19:29:14 icebear clamd[30119]: /var/spool/qmailscan/tmp/icebear.web4.hm108412375347032046/orig-icebear.web4.hm108412375347032046: Unable to create temporary directory. ERR OR May 9 19:29:15 icebear clamd[30119]: /var/spool/qmailscan/tmp/icebear.web4.hm108412375447023456/orig-icebear.web4.hm108412375447023456: Unable to create temporary directory. ERR OR May 9 19:29:21 icebear clamd[30119]: /var/spool/qmailscan/tmp/icebear.web4.hm10841237604704093/orig-icebear.web4.hm10841237604704093: Unable to create temporary directory. ERROR May 9 19:29:24 icebear clamd[30119]: /var/spool/qmailscan/tmp/icebear.web4.hm108412376247012466/orig-icebear.web4.hm108412376247012466: Unable to create temporary directory. ERR OR May 9 19:29:28 icebear clamd[30119]: /var/spool/qmailscan/tmp/icebear.web4.hm10841237574708429/your_text.pif: Worm.SomeFool.Gen-1 FOUND May 9 19:29:28 icebear clamd[30119]: /var/spool/qmailscan/tmp/icebear.web4.hm10841237574708429/orig-icebear.web4.hm10841237574708429: Unable to create temporary directory. ERROR Do somebody know what this means? I have engough Diskspace at all mount points... ...so I do not know!? Viele Gruesse, Peter. -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Unable to create temporary directory
Am So, 2004-05-09 um 22.50 schrieb Lionel Bouton: > [EMAIL PROTECTED] wrote the following on 05/09/2004 10:33 PM : > > >[...] > >May 9 19:29:28 icebear clamd[30119]: > >/var/spool/qmailscan/tmp/icebear.web4.hm10841237574708429/orig-icebear.web4.hm10841237574708429: > > Unable to create temporary directory. ERROR > > > >Do somebody know what this means? > >I have engough Diskspace at all mount points... > >...so I do not know!? > > > > > > Do you have enough inodes ? (df -i) I think yes: # df -i FilesystemInodes IUsed IFree IUse% Mounted on /dev/scsi/host0/bus0/target0/lun0/part1 1224000 105728 11182729% / /dev/scsi/host0/bus0/target0/lun0/part3 1224000 17035 12069652% /var /dev/scsi/host0/bus0/target0/lun0/part5 1224000 51636 11723645% /usr /dev/scsi/host0/bus0/target0/lun0/part6 1224000 52499 11715015% /home /dev/scsi/host0/bus0/target0/lun0/part7 611648 647 6110011% /tmp /dev/scsi/host0/bus0/target0/lun0/part8 2443200 169710 22734907% /www /dev/scsi/host0/bus0/target0/lun0/part9 2443200 944 24422561% /www1 /dev/scsi/host0/bus0/target0/lun0/part10 2443200 11 24431891% /www2 /dev/scsi/host0/bus0/target0/lun0/part11 2443200 11 24431891% /www3 /dev/scsi/host0/bus0/target0/lun0/part12 2443200 11 24431891% /www4 /dev/scsi/host0/bus0/target0/lun0/part13 2174816 11 21748051% /www5 # Do you have any other idea? -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Unable to create temporary directory
# Value of 0 disables the limit. # WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR # archives are decompressed to the memory. That's why never disable # this limit (but you may increase it of course!) ArchiveMaxFileSize 10M # Archives are scanned recursively - e.g. if Zip archive contains RAR file, # the RAR file will be decompressed, too (but only if recursion limit is set # at least to 1). With this option you may set the recursion level. # Value of 0 disables the limit. ArchiveMaxRecursion 5 # Number of files to be scanned within archive. # Value of 0 disables the limit. ArchiveMaxFiles 1000 # Use slower decompression algorithm which uses less memory. This option # affects bzip2 decompressor only. #ArchiveLimitMemoryUsage ## ## Clamuko settings ## WARNING: This is experimental software. It is very likely it will hang ## up your system !!! ## # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. #ClamukoScanOnLine # Set access mask for Clamuko. ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec # Set the include paths (all files in them will be scanned). You can have # multiple ClamukoIncludePath options, but each directory must be added # in a seperate option. All subdirectories are scanned, too. ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. #ClamukoExcludePath /home/guru # Limit the file size to be scanned (probably you don't want to scan your movie # files ;)) # Value of 0 disables the limit. 1 Mb should be fine. ClamukoMaxFileSize 1M # Enable archive support. It uses the limits from clamd section. # (This option doesn't depend on ScanArchive, you can have archive support # in clamd disabled). ClamukoScanArchive I start the clamd with the djb supervise-daemon, I hope I setup not very stupid with this clamav.conf? Viele Gruesse, Peter. -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] tempfile creation failed
Pad Hosmane said: > Hi, > I have clamav-0.70 installed. Before this I had clamav-0.70-rc and > ran > with out any problem. But with new version I am getting this error > "tempfile creation failed", I am not able send or receive emails. > > Any clue? > > Thanks > PAd > Not much info to go on, but check your permissions. --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: qscanq with qmail (+clamd)
Dale Gallagher said: > Hi > > I appologise for the OT (though related) post. I'm having a > tough time getting qscanq running - the issue is related to > permissions. I'd appreciate a verbose listing of the > relevent dirs on a host where qscanq has been successfully > deployed. Thanks! > > qmail-smtpd (when passing the mail to qscanq) keeps on > rejecting mail. NB. also using qscanq with the QMAILQUEUE > patch. > > qscanq: fatal: unable to chdir to > /var/qmail/qscanq/root/scanq: access denied > > clamd is running under daemontools as user clamav; this > shouldn't pose an issue, as qscanq connects to clamd using > the clamdscan client. > > src/conf-scancmd: > /usr/bin/clamdscan --quiet ./ > > My permission listing: > > # ls -la /var/qmail/ | grep qscanq > drwxr-sr-t 5 root root 4096 May 1 12:49 qscanq/ > > # ls -la /var/qmail/qscanq/root/ | grep sc > drwx--S--- 2 qscan root 4096 May 1 12:49 scanq/ > > with qscanq user/group set as follows: > > qscanq user/group: qscan/qscan (src/conf-users line 1) > qscanq log user/group: qscanlog/qscan (src/conf-users line > 2) > qscanq user for /service: qclean (src/conf-groups line 1) > > Any pointers? > Dale: I ran into the permissions problem on my second deployment. Not quite sure why the first try worked. Anyway, to get around it quickly, I configured clamav .70 --with-user=qscand --with-group=qscand. Netqmail-1.05 + qmail-scanner-1.21 + clamav-0.70 I run clamd under init rather than daemontools just because I haven't had the time to write a startup script. The box went into production immediately after the first successful test; not my choice, but I'm not the boss. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: qscanq with qmail (+clamd)
[EMAIL PROTECTED] said: > Dale Gallagher said: >> Hi >> > Dale: > Oops! I misread this to be something it wasn't. I feel so dirty. I need a shower. :-) -- Bob Greene --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: Question Re: possibly infected W2K Server
Shaun T. Erickson said: > Is there anything free that I can use to scan a possibly infected > Windows 2000 Server system. Norton's Internet Security says it's trying > to DoS my Windows clients, on port 1433. The server is sending > "MSSQL_Null_Packet_DoS" from port 445. I need to know the state of this > system, asap. > Would ClamWin (http://www.clamwin.com) do it? I run it on multiple desktop systems. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamd troubles
Harrell, Roger said: >>If you walk through the following steps, your trouble should be repaired. > As you have not shared your full clamav and procmail >>configuration, I will be as comprehensive as possible. > > Thanks for the response. I got clamdscan working late last week. I'm > working > on getting auto email checking under qmail going. > How are you going to call clamdscam? I've been using qmail-scanner-queue on --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Configuring ClamAV for allowing certain attachments
Clam doesn't reject anything. It just scans and returns a result. Terry Allen said: > Hi again, > Since upgrading to ClamAV 0.71 (& just prior to that the > latest version of Amavis-new), I notice that our server is now > rejecting certain attachments it didn't under ClamAV 0.65, such as > .exe etc..., out of hand, without being scanned. Is this a function > of ClamAV, or is it set in the Amavis-new config? Any assistance much > appreciated. > -- --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav is not rejecting virus emails.
kitten said: > what am i doing wrong? > It would help greatly if you could provide a few details about how you've set it up. Are you using Sendmail, qmail, Postfix, Exim... Happy to help if I can, but need the info to determine the suitability of my answer. --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] logging
List said: > How can i get clam to log dected virus(virii) on qmail-scanner? > Do you mean as in /var/spool/qmailscan/qmail-queue.log? Or the clamd.log? Qmail-scanner writes its log to /var/spool/qmailscan unless you tell it otherwise. Clamd writes to wherever you specify in clamav.conf --- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: Virus page almost ready to go
Rick Macdougall said: > Hi All, > > As promised, the virus stats page is almost ready to go. I'll clean up > the code tomorrow or Thursday and release it GPL. > > http://mail.limelyte.net/admin/virus/ for a preview. > > Suggestions, critique, etc are welcomed. > It looks great! About the only thing I'd add is a list of offending IPs with # of hits. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] OT: Virus page almost ready to go
Dennis Peterson said: > [EMAIL PROTECTED] wrote: >> Rick Macdougall said: >> >>>Hi All, >>> >>>As promised, the virus stats page is almost ready to go. I'll clean up >>>the code tomorrow or Thursday and release it GPL. >>> >>>http://mail.limelyte.net/admin/virus/ for a preview. >>> >>>Suggestions, critique, etc are welcomed. >>> >> >> >> It looks great! About the only thing I'd add is a list of offending IPs >> with # of hits. > > I imagine the spammers would like a little heads-up on who's able to share > the > load too. Bad idea IMO. > True, but I wasn't looking for a public display anyway. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Illegal instruction
Hi folks! My clamav is not running anymore and I dont know why? I thought perhaps I had an old version 0.70-rc so I installed the new 0.73, but everytime I get everytime the same error: I compiled it with: ./configure --sysconfdir=/etc; make; make install; And then: icebear # clamd Illegal instruction ? What happen now? Viele Gruesse, Peter. -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Illegal instruction
btw the same with freshclam: freshclam ClamAV update process started at Wed Jun 16 15:22:02 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder: ddm) Reading CVD header (daily.cvd): OK Downloading daily.cvd [*] Illegal instruction icebear:/var/log # Am Mi, 2004-06-16 um 15.22 schrieb [EMAIL PROTECTED]: > Hi folks! > > My clamav is not running anymore and I dont know why? > > I thought perhaps I had an old version 0.70-rc so I installed the new > 0.73, > but everytime I get everytime the same error: > > I compiled it with: > ./configure --sysconfdir=/etc; > make; > make install; > > And then: > > icebear # clamd > Illegal instruction > > ? > > What happen now? > > Viele Gruesse, > Peter. -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Illegal instruction
Hi Antony! > What Operating System & version? I had a mainboard-crash so I must changed my pentium board with a duron-board. It is a crux linux, it is like LFS based on source. > What compiler & version? I hope this helps: $ gcc -v Reading specs from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.2/specs Configured with: ../gcc-3.3.2/configure --prefix=/usr --enable-languages=c,c++,objc --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-shared --disable-nls Thread model: posix gcc version 3.3.2 (CRUX) $ > Any errors or warnings during the above configure / make / make install? No. When I download the binaries on my SuSE and exeute them, they work without any problems. > Which version of ClamAV did you have successfuly working previously? > > > icebear # clamd > > Illegal instruction > > Have you tried strace to see what happens immediate before failure? Sorry, I have no strace: $ man strace No manual entry for strace $ strace -bash: strace: command not found $ Viele Gruesse, Peter. -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Illegal instruction
Hi Antony! > Have you recompiled your system libraries for the Duron since upgrading from > the Pentium? No, the "old" mainboard is only 6 months old and have guarantee. I hope the new come today or tommorow with a pentium back to me, why? Everything on my system is running best with duron. Apache, MySQL, qmail, SA and many other only the clamav not. What is so special in clamav? Gruss, Peter. -- www: http://peter.tux.hm www: http://tux.hm - Linux- und BSD-UserGroup im Weserbergland gpg: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x690A1AC2 --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Determining the Current Virus DB Version / Date
Ryan Moore said: > Lee W wrote: >> Hi All, >> >> I have just compiled ClamAV and have started playing out with it, >> however after reading though the man pages I have been unable to find an >> easy way of determining the current version or date of the Virus DB >> files. The --version switch the freshclam only reports the version of >> freshclam/clamav itself rather than the DB's. >> >> Is there an easy way of determing the current version other than >> tail'ing the freshclam log file? >> >> Regards >> >> Lee >> > > sigtool --info=/usr/local/share/clamav/daily.cvd > Or just run freshclam from the command line with no switches. [EMAIL PROTECTED] ~# freshclam ClamAV update process started at Fri Jun 18 20:45:40 2004 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder: ddm) Reading CVD header (daily.cvd): OK daily.cvd is up to date (version: 362, sigs: 891, f-level: 2, builder: diego) --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bad Virus Signature?
Benjamin Sherman said: > I was wondering if false positives ever make it into the virus DB updates? > > Since the update on Jun18, all of my windows 2000 workstations with > Service Pack 4 are showing what I beleive to be false positives for > Worm.Lovgate.W-2. The file in question is "spoolsv.exe" and can be fond > in: > C:\WINNT\System32 > C:\WINNT\System32\DllCache > C:\WINNT\ServicePackFiles\i386 (depending on how the service pack was > installed) > > These machines exhibit none of the symptoms of the Lovgate family of > virii except that ClamAV started picking them up after the database > update on Friday Jun18. > > Any suggestions? > I'm seeing the same thing since sp4. You are not alone. --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Bad Virus Signature?
Tomasz Papszun said: > On Mon, 21 Jun 2004 at 15:02:45 -0500, [EMAIL PROTECTED] wrote: >> Benjamin Sherman said: >> > I was wondering if false positives ever make it into the virus DB >> updates? >> > >> > Since the update on Jun18, all of my windows 2000 workstations with >> > Service Pack 4 are showing what I beleive to be false positives for >> > Worm.Lovgate.W-2. The file in question is "spoolsv.exe" and can be >> fond >> > in: >> > C:\WINNT\System32 >> > C:\WINNT\System32\DllCache >> > C:\WINNT\ServicePackFiles\i386 (depending on how the service pack was >> > installed) >> > >> > These machines exhibit none of the symptoms of the Lovgate family of >> > virii except that ClamAV started picking them up after the database >> > update on Friday Jun18. >> > >> > Any suggestions? >> > >> >> I'm seeing the same thing since sp4. You are not alone. >> > > > Just to calm down all of you a little: > we confirm the case. Working on it. The false signature will be > removed/corrected soon. > Thanks for the prompt support. Calming isn't necessary. I doubt anyone saw it as life ending. AV software is just another tool. And ClamAV is generally a better tool than the commercial offerings. And frankly, I'd rather have a false warning than see Zafi get through like it did on all of my machines with PC-Cillin. --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Is this possible? (clamdscan on one server, clamd on another)
Basically I've got a qmail server that has all the mailboxes, etc. This server also runs clamdscan, and spamc (spamassassin). What I'm doing, is moving the spamd and clamd processes to another machine, to take the load off the qmail server. It seems that clamd has to actually have access to the file being scanned - the only way to accomplish this is with NFS, which will put even more of a load on the qmail box. That's a step in the wrong direction. Basically what I want to know is - can I basically do the same setup that you can do with spamc/spamd, with clamav? Client server (qmail) runs clamdscan Antivirus server runs clamd end result: clamdscan transfers the email over a private network to the server running clamd, the clamd server tells clamdscan if it's clean, or if it's a virus, etc. Sorry if this email doesn't make much sense, but I've been working on this all day, and I'm a little tired. --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] qmail-scanner and clamav
ip.guy said: > David Coulson wrote: >> ip.guy wrote: >> >>> nope, didn't work, see error below.. >>> >>> my.server.com X-Qmail-Scanner-1.14: [my.server.com1087974345372110] >>> Requeuing: Undefined subroutine &main::clamscan_scanner called at >>> /var/qmail/bin/qmail-scanner-queue.pl line 797. >>> >>> any ideas ? >> >> >> You have to get the qmail-scanner source and run './configure' again, >> ensure it detects the appropriate external processes, then try again. >> >> Once qmail-scanner is built, you basically have to start over from >> scratch if you add something new. >> >> David > > a "./configure" will not overwrite my current "qmail-scanner-queue.pl" > will it ? > The ./configure writes the qmail-scanner-queue.pl to the current directory. Its up to you to move it to /var/qmail/bin. The configure script even tells you this at completion. If you're not sure, just back up the current version and give it a try. --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Is this possible? (clamdscan on one server, clamd on another)
Clamav-milter will work on Qmail? I thought it was sendmail only? Either way, as far as I can tell, clamav-milter still requires the clamd process to actually have access to the file qmail-scanner is creating. Nigel Horne wrote: On Thursday 24 Jun 2004 21:33, Thomas Jackson wrote: Sounds like the perfect job for an email gateway. That's why I run clamav-milter on one machine and clamd on another. Indeed clamav-milter can load balance between more than one clamd server. -Nigel -- -Robertson --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [Fwd: Cron nice -n 19 run-parts /etc/cron.hourly]
A.R.S. KA9QLQ Alvin Koffman said: > > I ran freshclam after getting this email from cron and it said I'm up to > date. Strange. > > ERROR: Can't get information about database.clamav.net host. > ERROR: Connection with database.clamav.net (IP: ???) failed. > ERROR: Can't get information about database.clamav.net host. > ERROR: Connection with database.clamav.net (IP: ???) failed. > ERROR: Can't get information about database.clamav.net host. > ERROR: Connection with database.clamav.net (IP: ???) failed. > run-parts: /etc/cron.hourly/freshclam exited with return code 52 > Alvin > Is it possible that the previous update was successful? --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] [Fwd: Cron nice -n 19 run-parts/etc/cron.hourly]
A.R.S. KA9QLQ Alvin Koffman said: > > > Antony Stone wrote: > >>On Friday 16 July 2004 8:35 pm, A.R.S. KA9QLQ Alvin Koffman wrote: >> >> >> >>>I ran freshclam after getting this email from cron and it said I'm up to >>>date. Strange. >>> >>>ERROR: Can't get information about database.clamav.net host. >>>ERROR: Connection with database.clamav.net (IP: ???) failed. >>>ERROR: Can't get information about database.clamav.net host. >>>ERROR: Connection with database.clamav.net (IP: ???) failed. >>>ERROR: Can't get information about database.clamav.net host. >>>ERROR: Connection with database.clamav.net (IP: ???) failed. >>>run-parts: /etc/cron.hourly/freshclam exited with return code 52 >>>Alvin >>> >>> >> >>Do you allow TCP port 53 requests from your nameserver? DNS is not >> always >>UDP-based, and the request/reply may be too big to fit in a UDP packet, >> in >>which case the server will use TCP instead. >> >>Regards, >> >>Antony. >> >> >> > Not sure. How would I go about checking? > Alvin > nmap -sUT -p 53 The result from "host a database.clamav.net" is only 395 bytes. It fits within a UDP packet. This looks more like a temporary lookup failure. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] freshclam stops working & clamd crashes his own db
Hi, we two problems with clamav 0.74+0.75. 1. freshclam , startet from a cronjob, does freeze from time to time. ist just freezes on a RECV() Call 2. most important: we get this since we updated to 0.75 i.e. Wed Jul 28 20:11:15 2004 -> +++ Started at Wed Jul 28 20:11:15 2004 Wed Jul 28 20:11:15 2004 -> clamd daemon 0.74 (OS: linux-gnu, ARCH: i386, CPU: i686) Wed Jul 28 20:11:15 2004 -> Log file size limited to 26214400 bytes. Wed Jul 28 20:11:15 2004 -> Running as user clamav (UID 34585, GID 32751) Wed Jul 28 20:11:15 2004 -> Reading databases from /usr/local/share/clamav Wed Jul 28 20:11:15 2004 -> ERROR: Database initialization error. Wed Jul 28 20:11:25 2004 -> +++ Started at Wed Jul 28 20:11:25 2004 What happens as we know it: a.Clamd serves normally for hours.. b.our clamd watchdog pings clamd and the ping does not work. c. clamd gets restarted by our watchdog script OR BY HAND , does not matter! and presents the above message... d. running freshclam e. clamd restarts fine. d+e are clear cause the db is gone but why or who crashed the db!?!?!?! 0.74 does work fine under the same circumstances.. M.Schwarz --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] List Down
Daniel J McDonald said: > On Tue, 2004-08-31 at 13:17, Chris Jett wrote: >> Is the list down? I haven't gotten any list messages since this >> morning... > > No, merely slow. It only took 4 hours to be delivered to me. What do > you want? Back in the bad old days we only got mail once a month, over > a 1200 baud modem, in the snow, uphill both ways! And you're > complaining about a 4-hour delay? Young whippersnapper! ;-) > -- > Daniel J McDonald, CCIE 2495, CNX > Austin Energy > 1200 baud? Slow down, sonny! It wasn't that long ago that I was working at 50 baud with 5 bit code. Then some smart-aleck invented the lower case alphabet and we move to a blazing 56.8 baud and added a bit for the shift character. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Can I submit a file if I'm not sure it's a virus?
D.J. Fan said: > I just received 3 emails with a subject of 'foto' or 'fotos' > and a zip attachment named 'foto.zip' with 'calc.exe' and 'foto.htm' > contained therein that passed through 3 different scanners undetected. > > I don't want to infect my own machine by opening it. > > Can I forward it to someone to check it out? > Check it at http://test-clamav.power-netz.de/ --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Notification E-mail
Christopher X. Candreva said: > On Mon, 20 Sep 2004, Jonathan Pitcher wrote: > >> Is it possible to send a message onto the user that they had an e-mail >> blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to >> them? > > Yes. > > It is also a bad idea. > > Since most viruses forge the From: address, you will not be proideing any > usefull information. > And since most users are idiots, you'll create needless anxiety and extra work for the admin who has to explain that the message you've sent is bogus. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Re: Windows port ?
Fajar A. Nugraha said: > Tomasz Kojm wrote: > >>>I didn't use any source code from orginal project. >>>This full object oriented C++ rewriting. >>>I can send source code to project manager I you want to check about >>>this. I don't modify the DB, I only download it and use it. I display >>>DB copyright in the About Window. >>> >>> >> >>The database is treated as a library and not an executable. Loading it >>into your program requires it to be GPL compliant. >> >> >> > How is that so? > From daily.cvd's COPYING : > > -GNU GENERAL PUBLIC LICENSE Version 2 > Isn't LGPL more suitable for libraries? > - 1. You may copy and distribute verbatim copies of the Program's > source code as you receive it, in any medium ... > He didn't distribute it. He just use it > - 2. You may modify your copy or copies of the Program or any portion > of it ... > He didn't modify it > - 3. You may copy and distribute the Program ... > It's not a program, but again, he didn't copy and distribute it. > - 4. You may not copy, modify, sublicense, or distribute the Program > except as expressly provided under this License. > He did not copy, modify, sublicense, or distribute the Program :) > > And so on > So the question is, is GPL a suitable license for clamav virus db? > Or perhaps it is necessary to make-up your own licensing scheme? > > How is his using clamavdb (but does not distribute it), be different > from hosting appliances (Ensim, CPanel, etc) which uses numerous open > source programs on Linux (apache, mysql, and even clamav) but does not > distribute it? I don't see Ensim released as GPL. > The Barracuda spam filter appears to at least use the clam database. Does Barracuda also distribute source as required by the GPL? --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Re: Windows port ?
Odhiambo Washington said: > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20040922 11:02]: wrote: > [..] > >> The Barracuda spam filter appears to at least use the clam database. >> Does >> Barracuda also distribute source as required by the GPL? > > Spam filter? > That's how they advertise their appliance. Look at http://www.barracudanetworks.com/. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
Steffen Heil said: > Hi > >> As stated by the GPL, you should provide source code for a GPL >> executable > or library. >> Could you provide me source code for the database please ? > > Hey, come on, this is getting a sensless discussion. > If you do not agree with the licence holders position, don't use it. It is > theirs. > Using others information without permission is illegal. > The database is it's own source code, so you have it. > Just as with scripts. There, the executable IS the source code. > I think the question of availablity of database source is legitimate given the context of this entire discussion. The position of the database being GPL without source is not logical. It is either GPL, with source, or it is something else. The database is not a script. It is a binary compilation. Since a portion of the product itself is not compliant, it appears to me that the GPL is not the correct license. Why should anyone else pay attention if the complainant violates his own contract in the same manner. As has already been mentioned, there are several commercial products using the database without attribution and without distributed source. Perhaps the community needs to come up with a license more in line with the intentions of the developers in order to properly protect their hard work. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: Re: Windows port ?
Stefke said: > Advise to Remi. > > Create your own database structure, write a GPL'ed program that converts > Clamav's DB to your own, use your own DB in your "Free but closed source" > program > I think that this violates the viral nature of the GPL. You are still requiring the use of a GPL product. You've just added a layer of abstraction. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
Kevin Spicer said: > On Wed, 2004-09-22 at 14:25, [EMAIL PROTECTED] wrote: > >> The database is not a script. It is a binary compilation. > > It's not a script, true, but it also is not a binary compilation. If > you look inside any of the database files unpacked by sigtool (sigtool > --unpack) you'll note that they are actually a plain text files, one > line per entry. So I think the previous posters point about them being > analagous to scripts in that they are their own source is valid. > Zip files are compressed/packed too. Would you consider them source? Or a container. I was using the term binary as in machine readable. And compilation as defined by Merriam-Webster: 'to collect and edit into a volume' Perhaps not the best choice of wording, but very apparent to me when I wrote it. Source is generally accepted as human readable. A 'cat daily.cvd' yields something other than human readable. The act of unpacking is akin to running a disassembler/unzip/etc. In the end, it is the property of the developers. I just don't see GPL as the correct choice for clearly defining the nature of the product. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] Re: Re: Re: Windows port ?
Graham Toal said: >> > The database is not a script. It is a binary compilation. >> >> It's not a script, true, but it also is not a binary compilation. If >> you look inside any of the database files unpacked by sigtool (sigtool >> --unpack) you'll note that they are actually a plain text files, one >> line per entry. So I think the previous posters point about them being >> analagous to scripts in that they are their own source is valid. > > Fortunately the way this project works is that users upload samples > of viruses, not signatures. That makes the signatures an original > work of the project and should be defendable; there is an implicit > copyright on the work even if it is not explicitly asserted. The > signatures clearly reflect 'sweat of the brow' effort; they are > not simply a collection of other people's work. > > If the converse had been true, and the project admins wanted to restrict > use of uploaded signatures, then they would have needed to assert a > compilation copyright in the database text file from the start. If that > had not already in place, they would have had a lot of difficulty > restricting distribution, had it come to court, and if they wanted to > start asserting a copyright at a late stage in the project they would > have had to re-collect the signatures from user contributions after > getting an explicit transfer of copyright from contributors. > > I am not a lawyer but I did once go through a very similar exercise. > > Bottom line, should anyone ever get serious about legal action in > a project like this, be prepared to spend significant sums of money on > lawyers. 6 or 7 figures for something like this. > > I really objected to paying our lawyers more for a 1hr consultation > than I earned in a month. > > > G > PS If the database is collected/built/stored in Europe then all > bets are off. Totally different game from America. > I'm not a lawyer either, but I saw one in the wild once. I'm happy to live with the spirit of the license and use the product as intended. I also think that the GPL language clear with regard to reuse of components. I just don't think that its the perfect license for this product. ClamAV is still awesome. The ability to add my own signatures coupled with quick updates makes it an ideal solution for me. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Password Protected Zip file
Amit Keshan said: > Hi! > > I installed Clam on my server and realized that it is not allowing emails > to be send if a passowrd protected zip file is attached. One of my esteem > client is really upset with it and is planning to shift his hosting within > a day or two if this issue is not resolved. Please help. > > Thanks, > Amit > ClamAV only scans when requested and reports its findings to the calling application. Are you using clamdscan? How are you calling it and did you intend to scan traffic in both directions? If you are using the milter, then I don't know. I don't use it, but plenty of others do. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ERROR: JPEG.Comment
Christopher X. Candreva said: > On Wed, 29 Sep 2004 [EMAIL PROTECTED] wrote: > >> ... It's interesting that viruses are finally starting to implement >> what >> we were joking about in 1995 at high school... > > It's interesting we were making similar jokes in 1985 in high school. > > And back in the old days, we were lucky to have jokes at all. Mostly had to make due with amusing limericks... In the snow. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] LibClamAV Error: cl_loaddb(): Can't open file 0f09417ac291/main.hdb/daily.cvd
I've just installed and although freshclam appears to work clamscan doesn't. I get the following error: [EMAIL PROTECTED] kec]# clamscan --debug messages LibClamAV debug: Loading databases from /var/lib/clamav LibClamAV debug: Loading /var/lib/clamav/main.cvd LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = a6a7d166b04ca63ab399058cda193eda LibClamAV debug: Decoded signature: a6a7d166b04ca63ab399058cda193eda LibClamAV debug: Digital signature is correct. LibClamAV debug: in cli_untgz() LibClamAV debug: Unpacking /tmp/clamav-e70a0f09417ac291/COPYING LibClamAV debug: Unpacking /tmp/clamav-e70a0f09417ac291/main.db LibClamAV debug: Unpacking /tmp/clamav-e70a0f09417ac291/main.hdb LibClamAV debug: Loading databases from /tmp/clamav-e70a0f09417ac291 LibClamAV debug: Loading /tmp/clamav-e70a0f09417ac291/main.db LibClamAV debug: Initializing main node LibClamAV debug: Initializing trie LibClamAV debug: Initializing BM tables LibClamAV debug: in cli_bm_init() LibClamAV debug: BM: Number of indexes = 63744 LibClamAV debug: Loading /tmp/clamav-e70a0f09417ac291/main.hdb LibClamAV debug: Initializing md5 list structure LibClamAV Error: cl_loaddb(): Can't open file 0f09417ac291/main.hdb/daily.cvd LibClamAV debug: cl_loaddbdir(): error loading database 0f09417ac291/main.hdb/daily.cvd ERROR: Unable to open file or directory --- SCAN SUMMARY --- Known viruses: 26630 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB I/O buffer size: 131072 bytes Time: 1.737 sec (0 m 1 s) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Why use amavis over simscan?
I'm setting up some email gateways for small businesses and was wondering what program the people on this list would use to combine clam and spamassassin for an email gateway. -- Thomas J. Raef e-Based Security, Inc. [EMAIL PROTECTED] "You're either hardened - or you're hacked!" ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] libclamav problems
I am running Debian woody and had clam-0.80 working fine. I tried installing SquidClamAV_Redirector which required libclamav. I downloaded libclamav1 from Debian, installed it and now I get this: /usr/bin/freshclam: error while loading shared libraries: libgmp.so.3: cannot open shared object file: No such file or directory libgmp.so.3 is on my system, any help is greatly appreciated. -- Thomas J. Raef e-Based Security, Inc. [EMAIL PROTECTED] "You're either hardened - or you're hacked!" ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamd logging virus event
Dear all, Bcoz of Worm.Bagle worm, we had to upgrade clamd scan engine from 0.70 to 0.81. Everything go fine after upgraded (and fine tuning of conf file), mail server can block income and outgo mail by using clamd + clamav-milter + sendmail under RH 7.3 But we found that the current version of clamd had not logging the scanning event like 0.70 to the log (which defined at clamav.conf/clamd.conf, "LogFile"). At 0.70, when a virus detected, a message like "stream: Worm.SomeFool.P FOUND" will be found at clmad log file. But now the log file just logged the start/stop event of clamd. Anything i missed? We used flag CLAMAV_FLAGS="--max-children=20 -NlH /var/run/clamav/clmilter.sock" to start clamav-milter and define "LogFile /var/log/clamav/clamd.log" at clamd.conf Thank for helping. Martin ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamav-milter error message
Hi, After upgrade from 0.70 to 0.81, we found the following message in our clamd.log for all Clean Message clamav-milter[32063]: Failed to delete X-Virus-Status header 1 We currently using ClamAV version 0.81, clamav-milter version 0.81b and use CLAMAV_FLAGS="--max-children=20 -CNlH /var/run/clamav/clmilter.sock" to start clamav-milter and define the following in clamd.conf LogFile LogTime LogSyslog LogFacility LOG_LOCAL6 Actually we only want to log the virus name for those infected mail in the clamd.log just like what we have in the 0.70 version. Is there any configure I still have to do? Thanks! Teresa ___ No banners. No pop-ups. No kidding. Make My Way your home on the Web - http://www.myway.com ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] reply question in mail list
from http://lists.clamav.net/lurker/list/clamav-users.en.html i known that to post a new thread to mail list, just compose a email to [EMAIL PROTECTED] But how can i reply a question / archive from web-based maillist reader? Thank for helping. ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Problem whit clamav-milter
Hi all: I start having troubles since i upgrade clamav to version 0.85.1-1.0. Since this clamav-milter log this in maillog but keep running: Milter (clamav): read returned -1: Connection reset by [xxx.xxx.xxx.xxx] Milter (clamav): to error state Milter (clamav): init failed to open Milter (clamav): to error state After logs a lot of that log this and stop running: Milter (clamav): to error state Milter (clamav): error connecting to filter: No such file or directory I using clamav-milter whit sendmail version 8.12.8-9.90 and my milter config. line is this: Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m Someone know this error? I see lot of milters for clamav, some of them is better than clamav-milter? Thanks Jose I. Callero ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem whit clamav-milter
Yes de first step of debugging in ok . When i upgrade clamav i uninstall de old version and the config files. The socket have the right perms. Is a good idea chage the option in sendmail so i did it. The problem is weird, because the milter fail some times not all time. I watch the log for other problems when clamav-milter fail but i no see nothing. In system messages apear this when clamav-milter fail: May 19 04:29:18 smtp clamav-milter[32150]: ClamAv: thread_create() failed: 12, abort May 19 04:29:34 smtp clamav-milter[32150]: Stopping ClamAV version 0.85.1, clamav-milter version 0.85 May 19 04:30:00 smtp clamav-milter: clamav-milter shutdown failed the first line apear 14 times. Thanks Jose I. Callero. On Thursday 19 May 2005 04:58 pm, Dennis Peterson wrote: > [EMAIL PROTECTED] said: > > Hi all: > > > > I start having troubles since i upgrade clamav to version 0.85.1-1.0. > > Since this clamav-milter log this in maillog but keep running: > > > > Milter (clamav): read returned -1: Connection reset by [xxx.xxx.xxx.xxx] > > Milter (clamav): to error state > > Milter (clamav): init failed to open > > Milter (clamav): to error state > > > > After logs a lot of that log this and stop running: > > > > Milter (clamav): to error state > > Milter (clamav): error connecting to filter: No such file or directory > > Do some debugging: Does that socket exist? Does your clamav config file > agree with your sendmail.cf file about that location? Are ownerships and > permissions correct? > > Since you have upgraded, did you properly uninstall the previous version? > If not you may have multiple or fragmented installations that are > confusing you and or your executables. It happens a lot. Depending on what > version you upgraded from, for example, you may not be aware the current > version of clamd config file has a new name (clamd.conf - was > clamav.conf). There may be other significant changes to parameters you > should know about. > > > I using clamav-milter whit sendmail version 8.12.8-9.90 and my milter > > config. > > line is this: > > > > Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m > > With F=R as you have here any such failures will result in a mail > rejection. You might consider using F=T so that the sending system can try > again when your system is running correctly. > > > Someone know this error? > > > > I see lot of milters for clamav, some of them is better than > > clamav-milter? > > Examine your requirements and compare them to milter features. Perhaps > there is one out there that better suits your needs. I use J-Chkmail. > > > > ___ > http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: clamav-milter hangs/crashes when freshclam actuallyupdates
Hello I got same problem after updated to 0.84. clmilter options: clamav_milter_flags="--quiet --max-children=50 --force-scan --noxheader --quarantine-dir=/var/spool/quarantine" sendmail.mc: INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m') I tryed max-children=10 and =100. But same error was logged at clamd.log, after freshclamd had updated to newer *.cvd files. clamd.log: LibClamAV Warning: Not reloading database until idle - waiting for 2 children LibClamAV Warning: Waiting for 1 children until databae reload LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Not accepting inputs at the moment The only "solution" is to start or restarting clamav-milter. Me too. My freshclamd.conf is configured to restart clamav-milter, whenever freshclamd updates to newer *.cvd versions. # Run command after successful database update. # Default: disabled OnUpdateExecute /usr/local/etc/rc.d/clamav-milter.sh restart regards yagisawa ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav-milter dies after working ok for some hours
Hi We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ accounts. Since last week we are experimenting several errors with this combination. Tried to upgrade to latest version, with same results, so now we downgraded to our last "stable" situation, running clamav and milter version 0.83, and sendmail 8.12.8. Basically what happens is that clamav-milter dies, and then sendmail starts to refuse commands. I believe it is a 3 face thing. First it is common to see logs like this one, but mail still works: May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): read returned -1: Connection reset by remote.host.com May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): init failed to open May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to error state May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter: initialization failed, rejecting commands Some minutes laters, we start to see: May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): to error state May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter: initialization failed, rejecting commands May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): error connecting to filter: Connection refused by /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): to error state When it finally dies, we see: May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): write(D) returned -1, expected 5: Broken pipe May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter: [EMAIL PROTECTED], reject=550 5.7.1 Command rejected May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): local socket name /var/clamav/clmilter.socket unsafe May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to error state May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter: initialization failed, rejecting commands At this point, clamav-milter is gone, and the sockets is non existant. Sendmail accepts connections, but refuses to receive any command. If we restart clamav-milter, it works again smoothly for about 3-6 hours. Any clue? Please let us know what other information might me useful to debug this. The relevant configuration parts are: clamd.conf: PidFile /var/run/clamav/clamd.pid LocalSocket /var/run/clamav/clamd.sock /etc/sysconfig/clamav-milter: CLAMAV_FLAGS=" --config-file=/etc/clamd.conf --max-children=240 --force-scan --quiet --dont-log-clean --noreject --dont-scan-on-error -ol local:/var/clamav/clmilter.socket /etc/mail/sendmail.cf: Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m Thanks. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter dies after working ok for some hours
Hi. The OS is RedHat 9 whit 2.4.21-27.ELsmp kernel. And the server is a IBM X235 whit 6 SCSI 360 36Gb. (in raid5 by software) The processors are 2 Intel(R) XEON(TM) CPU 1.80GHz. Have 2Gb of RAM and cero swap used. Thanks Jose I. Callero On Monday 23 May 2005 02:53 am, Damian Menscher wrote: > On Sun, 22 May 2005, [EMAIL PROTECTED] wrote: > > We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ > > accounts. > > What OS (be specific) and hardware? > > Do the failures have a strong time correlation with database updates? > > Damian Menscher ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter dies after working ok for some hours
Hi. I try this option, but i still have the same problem... Thanks JCallero On Monday 23 May 2005 02:46 am, George Chelidze wrote: > [EMAIL PROTECTED] wrote: > > Hi > > > > We have a fairly big sendmail+clamav+clamav-milter setup, with 15000+ > > accounts. > > > > Since last week we are experimenting several errors with this > > combination. Tried to upgrade to latest version, with same results, so > > now we downgraded to our last "stable" situation, running clamav and > > milter version 0.83, and sendmail 8.12.8. > > > > Basically what happens is that clamav-milter dies, and then sendmail > > starts to refuse commands. > > > > I believe it is a 3 face thing. > > > > First it is common to see logs like this one, but mail still works: > > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): > > read returned -1: Connection reset by remote.host.com > > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to > > error state > > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): > > init failed to open > > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter (clamav): to > > error state > > May 21 05:16:14 smtp sendmail[32374]: j4L8F5qX032374: Milter: > > initialization failed, rejecting commands > > > > Some minutes laters, we start to see: > > May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter (clamav): > > error connecting to filter: Connection refused by > > /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[5757]: > > j4L8R3qX005757: Milter (clamav): to error state > > May 21 05:32:01 smtp sendmail[5757]: j4L8R3qX005757: Milter: > > initialization failed, rejecting commands > > May 21 05:32:01 smtp sendmail[6018]: j4L8RRqX006018: Milter (clamav): > > error connecting to filter: Connection refused by > > /var/clamav/clmilter.socket May 21 05:32:01 smtp sendmail[6018]: > > j4L8RRqX006018: Milter (clamav): to error state > > > > When it finally dies, we see: > > May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): > > write(D) returned -1, expected 5: Broken pipe > > May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter (clamav): to > > error state > > May 21 05:55:34 smtp sendmail[16664]: j4L7kBqY016664: Milter: > > [EMAIL PROTECTED], reject=550 5.7.1 Command rejected > > May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): > > local socket name /var/clamav/clmilter.socket unsafe > > May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter (clamav): to > > error state > > May 21 05:55:34 smtp sendmail[18695]: j4L8tYqX018695: Milter: > > initialization failed, rejecting commands > > > > At this point, clamav-milter is gone, and the sockets is non existant. > > Sendmail accepts connections, but refuses to receive any command. > > > > If we restart clamav-milter, it works again smoothly for about 3-6 hours. > > > > Any clue? > > > > Please let us know what other information might me useful to debug this. > > The relevant configuration parts are: > > > > clamd.conf: > > PidFile /var/run/clamav/clamd.pid > > LocalSocket /var/run/clamav/clamd.sock > > > > /etc/sysconfig/clamav-milter: > > CLAMAV_FLAGS=" > > --config-file=/etc/clamd.conf > > --max-children=240 > > --force-scan > > --quiet > > --dont-log-clean > > --noreject > > --dont-scan-on-error > > -ol local:/var/clamav/clmilter.socket > > > > /etc/mail/sendmail.cf: > > Xclamav, S=local:/var/clamav/clmilter.socket, F=R, T=S:10m;R:10m;E:10m > > > > Thanks. > > ___ > > http://lurker.clamav.net/list/clamav-users.html > > try --external > > Best Regards, ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter dies
Hi, Since the last version - ClamAV version 0.85.1, clamav-milter version 0.85, we are getting constant crashes of clamav-milter, syslog errors below: clamav-milter[10246]: ClamAv: thread_create() failed: 12, try again clamav-milter[10246]: ClamAv: thread_create() failed: 12, abort Any ideas? Cheers, Luci ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter dies
At 12:44 PM 6/1/2005, you wrote: What OS and version? Did you install from precompiled binaries or source? Thomas Fedora Core 2, compiled form source. This issue was not present in previous milter versions. Some startup issues were also encountered, but were not documented when first installed. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter dies
At 01:08 PM 1/06/2005, you wrote: What are the entries in /var/log/clamd.log (or whatever you use?) N. The last relevant bits: LibClamAV Warning: Not reloading database until idle - waiting for 2 children LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Not accepting inputs at the moment LibClamAV Warning: Not accepting inputs at the moment ... and so on. The milter is also started with --max-children (but I assume that is not causing the thread creation problem when limit reached). ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter dies
If the issue is with clamav, the milter should probably not die as a side effect. At 01:51 PM 1/06/2005, you wrote: Please read my post to this list on Mon, 30 May 2005 10:58:58 -0500 with subject line Clamav not accepting inputs. I suppose I should add that to the wiki at some point, though hopefully a new release will be out soon anyway. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter dies
To clarify, the milter isn't dying... it's just refusing to accept inputs (there's a difference). And the issue is with the milter, not with libclamav. In my case the milter is dying, and needs to be re-started... (started should I say). ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] limit the temporary files location
Hello! is there a way to limit say TemporaryDirectory usage from clamd to a certain level if not than, what's a work around to getting the TemporaryDirectory kept clean and not risk overusing from clamd? thank __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] probelm installing clam av, zlib dependancy
Erez Epstein wrote: > Hello, > > i have a problem when i try to install clam av. > after running rpm -i > > [EMAIL PROTECTED] GZ]# rpm -ivh clamav-0.87-1.i386.rpm > warning: clamav-0.87-1.i386.rpm: V3 DSA signature: NOKEY, key ID 06827e33 > error: Failed dependencies: >zlib >= 1.2.2 is needed by clamav-0.87-1.i386 > > so i tried to update zlib to ver 1.2.2 > [EMAIL PROTECTED] GZ]# rpm -Uvh zlib-1.2.2.2-5.fc4.i386.rpm > error: Failed dependencies: >zlib = 1.2.1.2 is needed by (installed) zlib-devel-1.2.1.2-1.i386 > > ofcourse when i try the opoosite, i get this > [EMAIL PROTECTED] GZ]# rpm -Uvh zlib-devel-1.2.2.2-2.i386.rpm > warning: zlib-devel-1.2.2.2-2.i386.rpm: V3 DSA signature: NOKEY, key ID > 06827e33 > error: Failed dependencies: >zlib = 1.2.2.2 is needed by zlib-devel-1.2.2.2-2.i386 > > > How can i overcome this? > > > Erez > ___ > http://lurker.clamav.net/list/clamav-users.html remove the existing Zlib dev package. Upgrade zlib and then install the upgraded zlib package. Lyle ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Help Please!
G'day Russell, clamav page has all the answer to your needs. http://www.clamav.net/faq.html#pagestart Russell Bradley wrote: >Just installed ClamAV on an Mac (10.4.8 client not server). Clamd seems to >be running OK. > >Kerio MailServer sees ClamAV just fine. > > >Some basic ClamAV questions: > >How can I test to see if clamd is running properly? > > > On my Debian box, i use "ps -ef | grep clam" to see if it's running. >How do you restart the clamd daemon? > > On my Debian box, I shutdown freshclam with "invoke-rc.d clamav-freshclam stop;" I do "on-demand" scanning rather than have cron run run clamscan. I am sure similar way of shutting clamav exist on Macs. >How can I test to see if freshclam is running properly & updating the >database? > > issue freshclam at your shell and see what happens. It's suppose to connect to virus update site and download the db signatures to appropriate dir (on mine, it's /var/lib/clamav/) >Are there any Mac-specific ClamAV resources available? > > > Other people using clamav on Macs will be able to answer this query. [ ] Cheers, sanobabu. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Copfilter] Copy of quarantined email - *** SPAM *** [6.0/6.0] Re: [Clamav-users] Protection from W32.Sality.U
This is a multi-part message in MIME format. BG Mahesh wrote: > hi > > I am getting few emails which are passing thru clamav. Norton says the > email > is infected with W32.Sality.U > > Is there an update for clamav which can protect me from W32.Sality.U? I am > using 0.88.7 Have you submitted a sample to www.clamav.net? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] res_close on Solaris 8
Hi, all, I'm using Solaris 5.8 and sendmail 8.12.11 on intel cpu. I use Clamav from the old 0.86.x. With the 0.90 version I don't able to compile the clamav-milter because the linker says: Undefined first referenced symbol in file res_close clamav-milter.o the string of linker is: gcc -g -O2 -o .libs/clamav-milter cfgparser.o output.o getopt.o memory. o misc.onetwork.o clamav-milter.o ../libclamav/.libs/libclamav.so /usr/local/lib/libiconv.so -L/usr/local/lib -L/usr/local/ssl/lib - L/usr/local/BerkelelyB.4.2/lib -L/usr/openwin/lib -L/usr/lib -lz -lbz2 /usr/local/lib/libgmp.so -lmilter -lsocket -lnsl -lresolv -lpthread - R/usr/local/lib In what library is res_close? Naviga e telefona senza limiti con Tiscali Scopri le promozioni Tiscali adsl: navighi e telefoni senza canone Telecom http://abbonati.tiscali.it/adsl/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] res_close on Solaris 8
Hi, all, I'm using Solaris 5.8 and sendmail 8.12.11 on intel cpu. I use Clamav from the old 0.86.x. With the 0.90 version I don't able to compile the clamav-milter because the linker says: Undefined first referenced symbol in file res_close clamav-milter.o the string of linker is: gcc -g -O2 -o .libs/clamav-milter cfgparser.o output.o getopt.o memory. o misc.onetwork.o clamav-milter.o ../libclamav/.libs/libclamav.so /usr/local/lib/libiconv.so -L/usr/local/lib -L/usr/local/ssl/lib - L/usr/local/BerkelelyB.4.2/lib -L/usr/openwin/lib -L/usr/lib -lz -lbz2 /usr/local/lib/libgmp.so -lmilter -lsocket -lnsl -lresolv -lpthread - R/usr/local/lib In what library is res_close? Thank you very much Guido Naviga e telefona senza limiti con Tiscali Scopri le promozioni Tiscali adsl: navighi e telefoni senza canone Telecom http://abbonati.tiscali.it/adsl/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Problem with clamassassin
Hello, I use Postfix, Clamassassin 1.2.3, Clamav 0.9 on a Debian 3.1 System. All was good. Last week i got a virus in my incoming-folder. So i realized, that clamassassin is not running without error: mailheader: X-Virus-Status: Failed X-Virus-Report: /usr/local/bin/clamscan error 40 X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.90/2618/Wed Feb 21 15:07:53 2007 signatures 42. What shall I do ? Any suggestions? Thanx ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with clamassassin
[EMAIL PROTECTED] schrieb: Hello, I use Postfix, Clamassassin 1.2.3, Clamav 0.9 on a Debian 3.1 System. All was good. Last week i got a virus in my incoming-folder. So i realized, that clamassassin is not running without error: mailheader: X-Virus-Status: Failed X-Virus-Report: /usr/local/bin/clamscan error 40 X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.90/2618/Wed Feb 21 15:07:53 2007 signatures 42. What shall I do ? Any suggestions? Thanx Ok - i have made a downgrade to Clamav 0.88.7 - the version before 0.9 Clamassassin runs now - perfect. Why does the Version 0.9 not work? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with clamassassin
Daniel T. Staal schrieb: On Wed, February 21, 2007 11:57 am, [EMAIL PROTECTED] said: Ok - i have made a downgrade to Clamav 0.88.7 - the version before 0.9 Clamassassin runs now - perfect. Why does the Version 0.9 not work? From the Clamassassin announce mailing list: The problem is that clamscan has removed the --mbox option which was required in old versions of ClamAV when scanning an email message. Now clamscan can scan email messages without any special options and the --mbox option was removed. In ClamAV 0.90, running clamscan with this option will no longer work. clamassassin had used this option for compatibility with older versions of ClamAV, so clamassassin will fail to work with ClamAV's clamscan. I am testing a version which fixes this problem. In the meantime you have two options: Daniel T. Staal Which options do i have ? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.90.1 - clamd died on Solaris 9
I am experiencing the same problems. We have two quad CPU E450's running Solaris 9 handling the incomming mail on our domains. These servers are generally very busy. I initially installed clamav 0.90 with experimental code enabled. Compiled in this way clamd would crash every 2 minutes without any indication in the logs as to what the problem was. I then installed 0.90 without experimental code. Compiled in this way it would crash every 8 minutes or so. I then reverted to 0.88.7 which runs without any problems. When 0.90.1 was released I installed it and experienced the exact same problems (dying within a couple of minutes). No log rotations were occurring at the time that it died. I installed 0.90.1 on our outbound server which is also running Solaris 9. This server is a lot quieter than our incomming servers. On this server clamd will die intermitantly (at busy times) but not as frequently as on our inbound servers. >From what I can see on our quad CPU machines, using top to view system performance clamd eventually uses 100% CPU and then dies. I hope someone can help with this as I would really like to upgrade to the 0.90 release. I have another server running Suse. Although this server is also not that heavily loaded I have not experienced any problems on that platform. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] freshclam ERROR: Can't open new file...
Hi, I've just built from sources and installed clamav-0.60, according to the User Manual. My problem is that when I try to run this command freshclam -v -l /var/log/clam-update.log --log-verbose I *always* get the following errors messages Checking for a new database - started at Tue Sep 16 15:11:34 2003 ERROR: Can't open new file ./5bb82cbfa3669e7f to write ERROR: Can't download viruses.db from clamav.elektrapro.com repeated for each entry in /usr/share/clamav/mirrors.txt Please note that: 1) I've run the command as root 2) I've created clam-update.log according to the User Manual, i.e. -rw---1 clamav root 761 Sep 16 15:16 /var/log/clam-update.log TIA for any help Roberto --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] whish list ?
On Sat, 2003-11-29 at 14:51, Gianmarco wrote: > 1) A possibility to automagically refuse some (defined in the config) > attachment like *.pif, *.lnk, *.scr and so on and generate an alert like > "UNAUTHORIZED MAIL ATTACH" etc etc... > > 2) Have the possibility to use a "template" like message for the mail that is > sent back to the sender/recipient/admin. > > 3) If the 2) is not possible Is possible to have more vars (than the existent > %v and %f) for the: > VirusEvent COMMAND http://www.ijs.si/software/amavisd/ Cheers, Mike --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
DB mirrors & other support (was Re: [Clamav-users] Nude links on www.clamav.org)
On Thu, 2003-12-11 at 19:18, Fisher wrote: > I can offer mirror space & 100Mbit pipe in Europe/Hungary. Please > contact me in private in case of interest. http://www.clamav.net/doc/mirrors/clamav-mirror-howto.txt > It is quite offtopic now I think Yeah, this threadnevermind. Cheers, Mike --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav.*
Why spend the money buying up all these domain names? Why not just use the country codes in front of clamav.net? Luca, we should add something to the unofficial debian packages to let people select their country code if we decide to go this route. It might be nice to have this as part of the config file or something. This, however, probably belongs on clamav-devel and clamav-mirrors. I'll try to get something done with the nagios plugin for handling mirrors what we discussed. I've been a bit busy lately. Cheers, Mike --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re:[Clamav-users] freshclam ERROR: Can
> Hi Roberto, > Did you get a answer to your problem? I'm having exactly the same problem on Solaris > 9 running clamav 0.65. I'm afraid not. I've upgraded to 0.65, but the problem stays exactly the same. In fact, when I want to update the virusdb, I do it manually using a bash script I've written on purpose. If anyone would like more information to determine what the problem is, I'll be happy to help. Kind regards -- .~. Roberto Neri /V\ Registered Linux User 88943. /( )\ Registered Machine 37596. ^^-^^ Palermo, Italy. > > Thanks > Peter Arnold > > ### Your email > Hi, > I've just built from sources and installed clamav-0.60, according to the > User Manual. > > My problem is that when I try to run this command > > freshclam -v -l /var/log/clam-update.log --log-verbose > > I *always* get the following errors messages > > Checking for a new database - started at Tue Sep 16 15:11:34 2003 > ERROR: Can't open new file ./5bb82cbfa3669e7f to write > ERROR: Can't download viruses.db from clamav.elektrapro.com > > repeated for each entry in /usr/share/clamav/mirrors.txt > > Please note that: > 1) I've run the command as root > 2) I've created clam-update.log according to the User Manual, i.e. > -rw---1 clamav root 761 Sep 16 15:16 /var/log/clam-update.log > > TIA for any help > Roberto > ## > > --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam ERROR: Can
> Can you send me the output of > truss -o /tmp/freshclam.truss /path/to/freshclam > (in private mail rather than to list) ? > > Thomas > > Thank you for your prompt response. I'm sorry, but I've never heard of "truss" before, nor I can find any program by that name in clamav 0.65 or in any package of my Linux distribution (Slackware 9.1). Could you please tell me where I can find it. King regards -- .~. Roberto Neri /V\ Registered Linux User 88943. /( )\ Registered Machine 37596. ^^-^^ Palermo, Italy. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd service down!!
On Wed, 2004-01-07 at 03:50, Marino, Santiago Maximiliano wrote: > Jan 6 00:59:43 ges sendmail[15421]: i05Nxha7015421: Milter > (clamav): error connecting to filter: > Connection refused by /var/run/clamav.sock This (^^^) makes it look like clamd died or your sendmail milter isn't looking for the clamd socket in the right place. If it's configured properly, restart it. What version of clamd are you running? Cheers, Mike --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd service down!!
On Wed, 2004-01-07 at 05:43, Marino, Santiago Maximiliano wrote: > Yes, the clamd died when: ... > but why?? > > sendmail 8.12.10 > > clamav 0.60 I think you answered your own question. Please upgrade to at least ClamAV 0.65. Cheers, Mike --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamd service down!!
On Wed, 2004-01-07 at 05:53, Marino, Santiago Maximiliano wrote: > ok, but with clamAV 0.60 (died) the sendmail service run anyway, with > ClamAV0.65 when clamd die the smtp service die too... Have you tried one of the latest CVS snapshots? > Do you think about this? I'm going to assume you're asking if I knew about this and my answer would be "No." I started phasing out sendmail--in lieu of postfix--on my network earlier this year. Only one more system to go! If upgrading to 0.65 isn't an option and no one else on the list knows of a workaround for you, you might be forced to run clamd under daemontools: http://clamav.elektrapro.com/doc/clamd_supervised/clamd-daemontools-guide.txt > i'am sorry, my english isn't good! ;) do you understand me? > thank!!! I'm a native english speaker and I have similar problems at times. ;) Cheers, Mike --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd crash detection ?
On Wed, 2004-01-07 at 07:02, Power-Netz (Schwarz) wrote: > I found in the manpage docs some commands to send to clamd like PING. > Question is now, HOW ? I hacked out a little perl script to connect to clamd via LocalSocket (unix socket) and put it here: http://mikecathey.com/postfix-cyrus-amavis/clamdwatch.txt I wasn't sure what would happen if all the clamd threads/processes where busy. Does the client just sit in a wait state until it's request is serviced? This could be hacked into a nagios/netsaint plugin quite easily. It could probably be improved by: * adding a check for the existence of the actual file/socket before the IO::Socket::UNIX instance is created * adding code to remove the dead socket file if clamd is dead (does the default/contrib init script do this? ...then restarting the daemon * adding TCP support * ? *suggestions* ? Cheers, Mike --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] clamd crash detection ?
On Wed, 2004-01-07 at 08:57, Power-Netz (Schwarz) wrote: > > This could be hacked into a nagios/netsaint plugin quite easily. > > can snmp access local unix sockets from external? and what would it do? I was thinking in terms of people that use a tcp socket that was listening on a public (not localhost) interface. If you're using the LocalSocket option, you could set up snmpd to call the script and have nagios query it. > I think its not a good solution if you need to restart it anyway :) > max. 1 minute later clamd would be restartet anyway ( we run our cronscript > */1 ). You could add the restart to the script. The script could also be extended to ask clamav to scan a file that's known to be infected and make sure that scanning is actually working. I though about putting the EICAR test signature in the file and then changing the PING to a request to scan the script itself. > Your Scripts works as far as we could test it without crashing a clamd ;) > Time will tell Please let me know. :) Cheers, Mike --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] clamd crash detection ?
On Wed, 2004-01-07 at 09:12, [EMAIL PROTECTED] wrote: > The script could also be extended to ask clamav to scan a file that's > known to be infected and make sure that scanning is actually working. > I thought about putting the EICAR test signature in the file and then > changing the PING to a request to scan the script itself. http://mikecathey.com/postfix-cyrus-amavis/clamdwatch-0.2.txt I added the EICAR test pattern and changed the code so that it asks clamd to scan itself. This should let you know if clamd is actually functioning. See the code for more info. Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: AW: [Clamav-users] clamd crash detection ?
On Wed, 2004-01-07 at 10:59, Power-Netz (Schwarz) wrote: > Your script code does work, but does not recognize the crashed child :-( > The parent task seems to life and answere the PING , but the actual > used child does no longer react. Thx to you will can check the clamd a bit > better. Are you using the new version (0.2; which doesn't send a PING)? If you are, then this is indeed strange. It sounds like the clamd parent process is what answers the PING, but passes scan requests on to it's children. The scan request should just sit there and hang... I need to add some kind of trap/timeout for the scan request. Can you reproduce the clamd "crashes" reliably? If so, how? Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: AW: [Clamav-users] clamd crash detection ?
On Wed, 2004-01-07 at 10:59, Power-Netz (Schwarz) wrote: > Your script code does work, but does not recognize the crashed child :-( > The parent task seems to life and answere the PING , but the actual > used child does no longer react. Thx to you will can check the clamd a bit > better. Try this version: http://mikecathey.com/postfix-cyrus-amavis/clamdwatch-0.3.txt The changes are noted at the top of the file. The main one is the timeout on the scan request. I also added exit codes. Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: AW: [Clamav-users] clamd crash detection ?
On Thu, 2004-01-08 at 04:11, Cedric Foll wrote: > I just have a little pb with it. It's about how you find your path at > the start of the file. > I get the folowing error: > [EMAIL PROTECTED] tmp]# /usr/local/bin/clamdwatch.pl > Clamd is in an unknown state. > It returned: /usr/local/bin/usr/local/bin/clamdwatch.pl: Can't access > the file ERROR Fixed. I moved the clamdwatch scripts to make it easier for people to see the latest version and grab what they want: http://mikecathey.com/code/clamdwatch/ Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
Tomasz, On Thu, 2004-01-08 at 15:07, Tomasz Papszun wrote: > 27645? How come? The database at the moment contains 19799 signatures. Here's what I'm seeing on (on 2 different linux/ia32 machines): Server1: SNIP $ grep -Ei 'protecting|reloaded' clamd.log Sun Jan 4 07:37:29 2004 -> Protecting against 22167 viruses. Mon Jan 5 15:06:47 2004 -> Protecting against 22167 viruses. Tue Jan 6 11:18:50 2004 -> Database correctly reloaded (22172 viruses) Wed Jan 7 01:27:18 2004 -> Database correctly reloaded (22180 viruses) Wed Jan 7 07:25:32 2004 -> Protecting against 22180 viruses. Wed Jan 7 07:29:25 2004 -> Protecting against 22180 viruses. Wed Jan 7 10:31:16 2004 -> Database correctly reloaded (22181 viruses) Wed Jan 7 14:02:37 2004 -> Protecting against 22181 viruses. Wed Jan 7 14:04:28 2004 -> Protecting against 22181 viruses. Wed Jan 7 20:08:07 2004 -> Database correctly reloaded (29950 viruses) Thu Jan 8 06:14:11 2004 -> Database correctly reloaded (29953 viruses) $ clamd --version clamd / ClamAV version devel-20031122 $ tail -6 clamav-freshclam.log -- ClamAV update process started at Thu Jan 8 15:07:00 2004 main.cvd is up to date (version: 13, sigs: 19603, f-level: 1, builder: ddm) daily.cvd is up to date (version: 78, sigs: 196, f-level: 1, builder: tkojm) -- SNIP Server2: SNIP $ grep -Ei 'protecting|reloaded' clamd.log Sun Jan 4 06:25:12 2004 -> Protecting against 12013 viruses. Tue Jan 6 10:57:17 2004 -> Database correctly reloaded (12018 viruses) Tue Jan 6 21:03:35 2004 -> Database correctly reloaded (12026 viruses) Wed Jan 7 09:10:57 2004 -> Database correctly reloaded (12027 viruses) Wed Jan 7 19:17:16 2004 -> Database correctly reloaded (12038 viruses) Wed Jan 7 21:18:33 2004 -> Database correctly reloaded (19796 viruses) Thu Jan 8 07:24:43 2004 -> Database correctly reloaded (19799 viruses) $ clamd --version clamd / ClamAV version 0.65-BugFixesFromCVS-20031123 tail -6 clamav-freshclam.log -- Checking for a new database - started at Thu Jan 8 14:29:44 2004 viruses.db is up to date. viruses.db2 is up to date. -- SNIP And here's the snipped where server2 updated this morning: SNIP -- Checking for a new database - started at Thu Jan 8 06:29:39 2004 viruses.db is up to date. Database updated (containing in total 19799 signatures). Database updated from clamav.elektrapro.com. -- SNIP Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] is the virus db screwed up ?
On Thu, 2004-01-08 at 15:40, Stefan Kaltenbrunner wrote: > I think this happens everytime somebody updates an old installation that > used the *.db file to the new *.cvd format without deleting the old > files. clamd then somehow reports the sum of the signatures in these > files(!). That's exactly what it was in my case. :\ Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: clamdwatch
On Fri, 2004-01-09 at 08:58, Odhiambo Washington wrote: > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20040108 18:12]: wrote: > > http://mikecathey.com/code/clamdwatch/ > > How do I run the script? > Here's an install guide: http://mikecathey.com/code/clamdwatch/INSTALL I just started using this in production this morning... It's now up to version 0.6. I changed the exit codes so that you can just add it to your crontab with something like this: SNIP */1 * * * * root /usr/local/bin/clamdwatch.pl -q && ( /usr/bin/killall -9 clamd; rm -fr /var/amavis/clamd; /etc/init.d/clamav-daemon start 2>&1 ) SNIP See the INSTALL guide for more info. As the bottom of the install guide notes... SNIP NOTES: This could create problems if your virus db is somehow corrupt and cause clamd to be killed and restarted every minute. SNIP If anyone has a suggestion for a more appropriate action to take in a case where clamd doesn't find the virus pattern, please let me know. Run freshclam manually and try again? Cheers, Mike --- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users