Re: [Clamav-users] ClamAV missing 100% of Worm.SomeFool.Gen-1 on OSX
This sounds less like a ClamAV problem than a definition freshness problem... Run freshclam, and try again... Carl On Wed, 24 Mar 2004, OpenMacNews wrote: hi, all three of (1) latest head build, (2) 0.70rc and (3) 0.67 of clamav on OSX 10.3.3 are missing 100% of the Worm.SomeFool.Gen-1 virus. clamav is being called via the CGPAV script from CommuniGatePro ... its doing a fine job on almost all others ... my second stage virus checker, McAfee, *is* currently catching every Worm.SomeFool.Gen-1 that makes it past ClamAV. is this a known issue, and, is there a fix/workaround available? --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: Re: making clamav on solaris {Scanned}
As a caveat, sometimes the 'who am i' will return something more along the lines of: username!host pts. such that the awk solution may or may not work... Might think to awk or cut the line, and then a sed to be sure to get just the username... Carl On Mon, 16 Feb 2004, Tommy McNeely wrote: On Sun, 08 Feb 2004 15:34:01 +, Andy Fiddaman wrote: Probably worth mentioning at this point that the 'whoami' utility isn't standard in core solaris either, that needs the SUNWscpu (SunOS 4.x compatibility utilities) - who am i | awk '{print$1}' does the same though. Andy [EMAIL PROTECTED] clamav-0.67]# who am i tommy pts/2Jan 29 14:56(pickles) [EMAIL PROTECTED] clamav-0.67]# /usr/ucb/whoami root Just thought I would mention that whoami and who am i are not quite the same... its better to do something like id | grep -c root .. but even that can be thrown off Tommy --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] New freshclam config file DatabaseMIrror...
All- With the new config file format for freshclam, are multiple DatabaseMirror keys allowed... (Why would you want this? To enforce a preference of some servers over others...) Thanks! Carl -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] finding viruses in email : please help
If you're using qmail, look into qmailscanner.. [http://qmail-scanner.sourceforge.net/]... build a string of virus checkers (includeing it's own built-in perl scanner) to process your mail... We use it on a system with 18000+ messages a day, running each through spamassassin and clamav without any trouble... Definitely worth a look... Carl Tomasz Kojm wrote: On Wed, 21 Jan 2004 04:58:17 + Payal Rathod [EMAIL PROTECTED] wrote: Hi, I am using clamdscan with qmail in conjuction with dot-qmail files. I have in .qmail | /usr/local/bin/clamdscan -; [ $? != 1 ] || exit 99 ./Maildir/ # ps aux | grep clamd root 7967 0.0 4.2 29396 10776 ? S20:54 0:00 clamd When I send a eicar test vrus it was caught properly, but when I sent a Sobig virus and others they were not caught at all and were delivered normally. I have the latest virus definitions with me. What is wrong here? Please suggest someway. It is harrassing. Take a look at contrib/trashscan and use it instead of clamdscan in .qmail. Best regards, Tomasz Kojm --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd not starting
First thing to check: was the socket (/tmp/clamd) removed? If not, this will prevent clamd from loading... Hope it helps.. Carl On Tue, 6 Jan 2004, Matt wrote: I'm running clamscan 0.65 and it was working until the server was rebooted... now clamd won't start.. [EMAIL PROTECTED] root]# /usr/local/sbin/clamd -V clamd / ClamAV version 0.65 however doing a /usr/local/sbin/clamd just causes it to pause for a moment then return to the command prompt and it never loads into memory. Of course clamdscan errors: [EMAIL PROTECTED] root]# /usr/local/bin/clamdscan connect(): Connection refused ERROR: Can't connect to clamd. --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) I tried recompiling and re-installing (just on a whim).. no go... also tried wiping the virus definitions and re-downloading.. also no go.. any ideas? -- Matt [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd not starting
In your shutdown scripts, you might include a little block similar to: if [ -S /tmp/clamd ] then `rm /tmp/clamd` fi to ensure a clean restart... Carl On Tue, 6 Jan 2004, Matt wrote: that did it! blah... stupid little thing =) On Tue, 2004-01-06 at 14:03, Carl Holtje ;021;vcsg6; wrote: First thing to check: was the socket (/tmp/clamd) removed? If not, this will prevent clamd from loading... Hope it helps.. Carl On Tue, 6 Jan 2004, Matt wrote: I'm running clamscan 0.65 and it was working until the server was rebooted... now clamd won't start.. [EMAIL PROTECTED] root]# /usr/local/sbin/clamd -V clamd / ClamAV version 0.65 however doing a /usr/local/sbin/clamd just causes it to pause for a moment then return to the command prompt and it never loads into memory. Of course clamdscan errors: [EMAIL PROTECTED] root]# /usr/local/bin/clamdscan connect(): Connection refused ERROR: Can't connect to clamd. --- SCAN SUMMARY --- Infected files: 0 Time: 0.001 sec (0 m 0 s) I tried recompiling and re-installing (just on a whim).. no go... also tried wiping the virus definitions and re-downloading.. also no go.. any ideas? -- Matt [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Matt [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV .65 CVD troubles..
On Sun, 28 Dec 2003, Tomasz Kojm wrote: On Fri, 26 Dec 2003 09:25:28 -0500 (EST) Carl Holtje ;021;vcsg6; [EMAIL PROTECTED] wrote: All- When loading clamd, I receive the following error message: LibClamAV Error: Wrote 0 instead of 512 (/tmp/[...]/viruses.db) LibClamAV Error: cli_cvdload(): Can't unpack CVD file. ERROR: CVD extraction failure. Looking into the code, this might lead me to think the gunzip functionality isn't working due to file permissions in /tmp; this would not seem to be the case however (/tmp is 1777). Clamd is set to run as clamav:clamav. What is your OS ? Please check the file system quota settings for the clamav user. Well.. by some stroke of madness, things are working nicely now.. I'm not sure what has changed or what enabled this to work, but all seems well... Thanks! Carl Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\Sun Dec 28 21:30:20 CET 2003 - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ClamAV .65 CVD troubles..
All- When loading clamd, I receive the following error message: LibClamAV Error: Wrote 0 instead of 512 (/tmp/[...]/viruses.db) LibClamAV Error: cli_cvdload(): Can't unpack CVD file. ERROR: CVD extraction failure. Looking into the code, this might lead me to think the gunzip functionality isn't working due to file permissions in /tmp; this would not seem to be the case however (/tmp is 1777). Clamd is set to run as clamav:clamav. freshclam works fine, and using sigtool reports that the dialy.cvd and main.cvd files valid and current Any help would be greatly appreciated! Thanks so much!! Carl Holtje - -- There are 10 types of people in the world: Those who understand binary and those that don't. $whoami: Carl Holtje $mail holtje: [EMAIL PROTECTED] $cu: http://www.cs.rit.edu/~cwh0803 $whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users