Re: [Clamav-users] Best Practice Webinar
ooh, thanks! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] are email notifications of updates still going out?
our email server has not been hit with [clamav-virusdb]Update message since September 01. Are the database update notifications still going out? -rp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] problem installing .90 on UltraSparc
trying to install clamav on mail servers and running into the following error: make all-recursive make[1]: Entering directory `/usr/src/clamav-0.90.1' Making all in libclamav make[2]: Entering directory `/usr/src/clamav-0.90.1/libclamav' source='matcher-ac.c' object='matcher-ac.lo' libtool=yes \ DEPDIR=.deps depmode=gcc /bin/ksh ../depcomp \ /bin/ksh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./unrar-g -O2 -c -o matcher-ac.lo matcher-ac.c ../depcomp[519]: history: not found make[2]: *** [matcher-ac.lo] Error 127 make[2]: Leaving directory `/usr/src/clamav-0.90.1/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/clamav-0.90.1' make: *** [all] Error 2 It goes through the configure but when try to run make this results. Any clues would be appreciated. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] bash script to split mbox file and scan individual messages
> folks: > > here is a tool to split up mailboxes (like those used by thunderbird) > and scan the mails individually. there is another similar tool using > perl in the archives, but this only uses bash commands, formail, and > clamscan. > Thanks gitzo, this will definitely help me out. -p ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Milter Woes...
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Steve Holdoway wrote: > > > Last night, clamav fell over. This is just about the first time it's > > happened. The problem is, it took out the mail server completely. > > > > I'm integrating into sendmail using the following line in > > sendmail.mc > > > > INPUT_MAIL_FILTER(`clamav',`S=unix:/var/run/clamav/clmilter.sock, > > F=T, T=S:4m;R:4m')dnl > > > > and I get pairs of lines like > > You use clamav as the milter? Is this better than using clamav-milter as the milter? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter does not run
> Hello, I'm having problem with Clamav-milter. I have clamav-0.88. > [EMAIL PROTECTED]:~$ /usr/local/sbin/clamav-milter -loD > /var/run/clamav/clmilter.sock --max-children=2 i had trouble in the past with the o option and took it out (replaced with n) ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Question about FOLLOWURLS
How does this work? I'm wondering if it is really a good idea to let some nefarious person know your ip information is alive. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Triggering freshclam with procmail
> I was wondering if it is possible and if it is advisable to trigger > freshclam when I receive a message that the daily database has been > updated. > That is what i do. In the .procmailrc of the user that gets the notifications I have: :0Hc * ^To:[EMAIL PROTECTED] |/etc/smrsh/clamupdate.cmd /etc/smrsh/clamupdate.cmd is one line: cp /root/stuff/freshclam.scr /etc/cron.hourly/ the file /root/stuff/freshclam.scr contains: freshclam \rm /etc/cron.hourly/freshclam.scr /usr/batch/clmilter_watch.pl I put in the hourly cron so that it gets kicked off within the next hour but not right away when lots of people are probably banging away at the server. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-milter
From: analyzer <[EMAIL PROTECTED]> To: clamav-users@lists.clamav.net Date sent: Sun, 04 Dec 2005 14:27:48 +0100 Send reply to: ClamAV users ML Subject:[Clamav-users] ClamAV-milter > Hello everybody > > I had install ClamAV-milter for mailscanning. The config File: > etc/mail/sendmail.mc: > INPUT_MAIL_FILTER(âclmilterâ,âS=local:/var/run/clamav/clmilter.s > ock, F=, T=S:4m;R:4mâ)dnl define(âconfINPUT_MAIL_FILTERSâ, > âclmilterâ) > > I would like start it: > /usr/sbin/clamav-milter -lo /var/run/clamav/clmilter.sock > > Error: > > /usr/sbin/clamav-milter: socket-addr (/var/run/clamav/clmilter.sock) > doesn't agree with sendmail.cf > > Thanks four your help > > analyzer > are you sure you rebuilt the sendmail.m4 and restarted sendmail ? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] virusDB update issue
> Hi all, > > I have one question about the virusDB updating. Supposely my clamd is > scanning for virus while libclamAV is updating the database. Does it > take effect immediately to my current scanning upon the completion of > the updating , or does it take effect on the next time I do the virus > scan and leave the current scanning with the outdated virus pattern? > > The updated database is not in use until the restart of clamav. You should see in your logs something allow the lines of 'database read in' ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter and netzero
I changed the /etc/hosts so that the ip address that is taking the email has the FQDN , before there was no line for that ip address just for 127.0.0.1 Problem still exists. I compiled and ran the program you listed and it reports just "net" and not the full name. I am running Linux net 2.4.20-31.9 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter and netzero
On 31 May 2005 at 14:14, Damian Menscher wrote: > On Tue, 31 May 2005, .rp wrote: > > > When using the -L option, all email from netzero was getting > > trapped. Is the bug in clamav-milter or netzero's email server? > > ClamAV has no bugs, so it must be netzero's fault. ;) > > Seriously, can you get a packet capture of an incoming message from > there? I strongly suspect they're at fault, but having that kind of > proof will make it easier to convince them to change their ways. > > Damian Menscher > -- here is what showed in our maillog: May 30 12:44:42 net sm-mta[31144]: j4UJiVwc031144: Milter: from=<[EMAIL PROTECTED]>, reject=550 5.7.1 You have claimed to be from me, but you are not May 30 12:44:43 net sm-mta[31144]: j4UJiVwc031144: from=<[EMAIL PROTECTED]>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=201-255-30-74.mrse.com.ar [201.255.30.74] (may be forged) I turned off the -L and here is what the headers are for a netzero email: Return-Path: <[EMAIL PROTECTED]> Received: from outbound-mail.nyc.untd.com (outbound-mail.nyc.untd.com = [64.136.20.164]) by net.1234.biz (8.13.0/8.13.0) with SMTP id j51BEGDT032241 for <[EMAIL PROTECTED]>; Wed, 1 Jun 2005 04:14:26 -0700 Received: from outbound21-sr.nyc.untd.com (webmail23.nyc.untd.com = [10.141.27.163]) by smtpout06.nyc.untd.com with SMTP id AABBK5GDQAFJW4H2 for <[EMAIL PROTECTED]> (sender <[EMAIL PROTECTED]>); Wed, 1 Jun 2005 04:13:50 -0700 (PDT) X-UNTD-OriginStamp: = OonNg3M9sJo1NTTWoW+ecP3lLMqAAqmlSlrsq7j5EyfTcN0SmRzMeQ=3 D=3D Received: (from [EMAIL PROTECTED])=20 by webmail23.nyc.untd.com (jqueuemail) id KUEGRZDS; Wed, 01 Jun 2005 = 04:13:42 PDT Received: from [4.153.76.189] by webmail23.nyc.untd.com with HTTP: Wed, 1 Jun 2005 11:13:16 GMT X-Originating-IP: [4.153.76.189] Mime-Version: 1.0 From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Date: Wed, 1 Jun 2005 11:13:16 GMT To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: test X-Mailer: Webmail Version 3.0 Content-Type: text/plain Message-Id: <[EMAIL PROTECTED]> X-ContentStamp: 1:1:1004394087 X-UNTD-Peer-Info: = 10.141.27.163|webmail23.nyc.untd.com|outbound21- sr.nyc.untd.com|[EMAIL PROTECTED] etzero.net ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter and netzero
When using the -L option, all email from netzero was getting trapped. Is the bug in clamav-milter or netzero's email server? ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav build for WinNT
Is there a build anywhere that will run under NT4 ? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] freshclam watchdog?
On 4 May 2005 at 1:52, Matt Fretwell wrote: > Dennis Peterson wrote: > > > > any ideas? i'm thinking about cobbling together something > > > in perl to run from a cron job. > > > > Screw the daemon - run it out of cron. > > > At last, a sensible suggestion :) Cronning it does make the daemon > hanging pretty much a moot point :) > > > Matt > > I use a procmail script that puts a bash to do freshclam in the cron.hourly when I get an update message from the clam people. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Error: Can't create temporary file
I had the same issue and resolved it by moving the clamav user's home directory back to /tmp ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] maillog entries for clamav
The following showed up in our maillog: sm-mta[27410]: j3D3etk5027410: from=<[EMAIL PROTECTED]>, size=33617, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=63-228-107-175.tukw.qwest.net sm-mta[27410]: j3D3etk5027410: Milter delete: rcpt <[EMAIL PROTECTED]> sm-mta[27410]: j3D3etk5027410: Milter add: rcpt: [EMAIL PROTECTED] sm-mta[27410]: j3D3etk5027410: forward /tmp/.forward.net: World writable directry sm-mta[27410]: j3D3etk5027410: forward /tmp/.forward: World writable directory sm-mta[27416]: j3D3etk5027410: forward /tmp/.forward.net: World writable directry sm-mta[27416]: j3D3etk5027410: forward /tmp/.forward: World writable directory net sm-mta[27416]: j3D3etk5027410: [EMAIL PROTECTED], delay=00:00:06, xdelay=00:00:00, mailer=local, pri=63883, dsn=2.0.0, stat=Sent __ How can I change the setup so that the errors 'forward' get resolved? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] problem with clamav-milter
On 8 Apr 2005 at 8:09, Nigel Horne wrote: > On Thursday 07 Apr 2005 19:00, .rp wrote: > > Clamav-milter is running and inspecting the email via sendmail. It > > does seem be catching the phishing emails that get by, but not the > > virii. I manually inspected the mail and had a virus reported. with > > f-prot: /var/spool/mail/fakebox->document_excel.pif Infection: > > W32/[EMAIL PROTECTED] > > > > with clamscan: > > fakebox: Worm.SomeFool.Gen-1 FOUND > > > > Clamav is .83, /etc/sysconfig/clamav-milter is > > CLAMAV_FLAGS="[EMAIL PROTECTED] -HdlfNPn -m 35 -- > > server=localhost local:/var/clamav/clamav-milter.sock" > > I have never heard of this before. Is 0.84RC1 any better? > I don't use RC's for clamav at all. > Any clues in the syslog? > well, there are a few broken pipes and error states. > What if you don't use the -d option? > just turned it off. Where do I check to see what is going with those emails that errored ? ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] problem with clamav-milter
Clamav-milter is running and inspecting the email via sendmail. It does seem be catching the phishing emails that get by, but not the virii. I manually inspected the mail and had a virus reported. with f-prot: /var/spool/mail/fakebox->document_excel.pif Infection: W32/[EMAIL PROTECTED] with clamscan: fakebox: Worm.SomeFool.Gen-1 FOUND Clamav is .83, /etc/sysconfig/clamav-milter is CLAMAV_FLAGS="[EMAIL PROTECTED] -HdlfNPn -m 35 -- server=localhost local:/var/clamav/clamav-milter.sock" ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: How to Filter Spam Mails
I would recommend Bogofilter . ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav update
On 8 Mar 2005 at 8:53, Trog wrote: > On Tue, 2005-03-08 at 11:50 +0300, Jijos wrote: > > it is updated to 0.83 > > it saying in rpm -q clamav is 0.83 > > i don't want to uninstall the exsiting one it is intergrated with my > > mail server so i want to update it to 0.83 i updated it i want to > > configure the updated version 0.81 to 0.83 > > You have some old libraries from 0.81 on your system still. Find and > delete them. > > -trog > > So it would seem that the yum did not update the clamav properly. Do you know which site you pulled the new clamav from? ___ http://lurker.clamav.net/list/clamav-users.html
