Re: [Clamav-users] problems updating using apt
heze54 wrote: hi, How can I upgrade my clamav installation to the latest version using apt-get command??Is possible? debian-volatile keeps up to date with clamav releases http://www.debian.org/devel/debian-volatile/volatile-mirrors -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: How to run clamscan for a list of files from a file?
Tomasz Papszun wrote: The advantage is that clamd can be configured to follow symlinks. From 'man clamd.conf': FollowDirectorySymlinks Follow directory symlinks. Default: disabled FollowFileSymlinks Follow regular file symlinks. Default: disabled MaxDirectoryRecursion NUMBER Maximal depth directories are scanned at. Default: 15 So I believe (I haven't verified that empirically) that after creating in a directory of choice, symlinks to files to scan, there should be no need to split the list of symlinks into smaller parts. Plain launching clamdscan on that directory should be sufficient. Okay, I didn't know about that. I assumed that since clamscan couldn't do that, neither could clamd. Thanks. -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to run clamscan for a list of files from a file?
Dennis Peterson wrote: René Bellora wrote: This sounded like a good idea, so I gave it a try. After spending a few hours to script the softlinks I got it to work for small file lists, but it still doesn't work for lots of files (~5000). When I run 'clamscan /tmp/clamscan/*' I get the following error: /usr/bin/clamscan: Argument list too long this could be circumvented with xargs: cd /tmp/clamscan find . -type f -print0 | xargs -0 clamscan Assumes Linux, or at least gnu find and xargs, but also the files are soft links so the -type f automatically fails. Also, I believe the OP was interested in finding a way to scan all the files from a single invocation of clamscan and xargs won't necessarily do that. As the requirements have evolved it seems more likely a Perl solution is most attractive both for creating the list and for logging the results. And it will eliminate the earlier suggestion of using soft links. This looks interesting: http://www.fpsn.net/index.cgi?pg=products&product=File::Scan::ClamAV That's not a bad suggestion. It would take me some time to get that working since I'm a novice at Perl, but it give me a project. It allows sending files as streams to clamd so there is only a single invocation of perl and clamd is presumed already running. Finally, it is still possible to hack clamscan to read in a file that contains a list of names of files to scan. I logged an enhancement request on bugzilla, but I don't expect it will get a very high priority. -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to run clamscan for a list of files from a file?
Todd Lyons wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Nov 28, 2006 at 05:55:44PM -0300, René Bellora wrote: this could be circumvented with xargs: cd /tmp/clamscan find . -type f -print0 | xargs -0 clamscan If clamscan is complaining about a too long commandline with *, then this will give him the same error. No, using xargs to pass the files to clamscan works, but only sends about 200 file names at a time, forcing clamscan to reload every 200 files. The problem with not using -print0 is that clamscan gets instatiated for each file, and it will unpack and reload the virus database everytime it's instantiated. Not good for efficiency or load. The only solutions as I see it when you get to long enough lists is: 1) write a script that generates the list and feeds it to clamscan in batches of 100 or 1000 or whatever number you deem reasonable. xargs takes care of this already, but the reload time of clamscan is still too large compared to the actual scanning time, in my opinion. 2) configure clamd to run as root and then use clamdscan instead of clamscan (why root? Because files are likely owned by several different users). Running clamdscan would take care of the reload problem, but I don't want to run clamd as root, because I already have it running as a specific user for scanning incoming mail. -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] How to run clamscan for a list of files from a file?
Dennis Peterson wrote: What I am actually trying to do is have clamscan only scan files that are new or have not changed since the last scan. I have gotten as far as creating a filelist containing a list of files that are new or where the md5sum has changed. The problem I have now is how to get that information to clamscan efficiently. Try: - Create a directory in /tmp. In that directory create soft links that reference your files. Run clamscan on the links. Check the logs for viruses. Delete the links. Delete the directory. This sounded like a good idea, so I gave it a try. After spending a few hours to script the softlinks I got it to work for small file lists, but it still doesn't work for lots of files (~5000). When I run 'clamscan /tmp/clamscan/*' I get the following error: /usr/bin/clamscan: Argument list too long It looks like I have the same limitation as before. I also tried to run clamscan -r /tmp/clamscan, but symbolic links are skipped when using -r. - In a script use --include=PATT for each file you wish to scan. Haven't tried this one for a lot of files. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: How to run clamscan for a list of files from a file?
Ian Abbott wrote: On 27/11/2006 23:32, Chris Purves wrote: I have a list of files that I have written to a file and I would like clamscan to read the list from that file and scan only the files in the list. Is there a good way to do this? I have tried cat filelist | xargs clamscan This works, except that xarg can only pass about 200 filenames to clamscan at a time. So for a filelist containing 1000 filenames clamscan will be started 5 times, creating extra overhead. You'll also find that it fails for file names containing whitespace, quote marks, or backslashes. To work around that, you could use tr '\n' '\0' < filelist | xargs -0 clamscan or generate the filelist with null-separated filenames in the first place (perhaps using find's -print0 command) to avoid the tr. This assumes you are using the GNU versions of find and xargs. The -0 option of GNU xargs causes it to use null-separated file names as-is and shell-quote them properly. Yes, I was using find -print0 | xargs -0 combination when creating my filelist. I didn't know about the 'tr' command, though. You learn something new every day. What I am actually trying to do is have clamscan only scan files that are new or have not changed since the last scan. I have gotten as far as creating a filelist containing a list of files that are new or where the md5sum has changed. The problem I have now is how to get that information to clamscan efficiently. It sounds like the ability to read the list of files to scan from a file (or from standard input) would be a useful feature to add to clamscan and clamdscan. Indeed. -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] How to run clamscan for a list of files from a file?
I have a list of files that I have written to a file and I would like clamscan to read the list from that file and scan only the files in the list. Is there a good way to do this? I have tried cat filelist | xargs clamscan This works, except that xarg can only pass about 200 filenames to clamscan at a time. So for a filelist containing 1000 filenames clamscan will be started 5 times, creating extra overhead. What I am actually trying to do is have clamscan only scan files that are new or have not changed since the last scan. I have gotten as far as creating a filelist containing a list of files that are new or where the md5sum has changed. The problem I have now is how to get that information to clamscan efficiently. -- Chris ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Freshclam
On Sat, December 31, 2005 12:48 am, Richard Wallman said:
>
> For anyone else who has the ClamAV support in Exim enabled, and wants to
> get some stats about the viruses it stops:
>
> cat /var/log/exim4/rejectlog.1 | awk -F 'malware ' '/malware/
> {gsub(/[(|)]/,"",$2);count[$2]+=1; total+=1} END {for (virus in count)
> print(virus","count[virus]);print("Total,"total)}' | sort -t, -rnk2
>
> Reports back:
>
> Total,476
> Worm.Mytob.KG,187
> ...
Great script. Thanks.
--
Good day, eh.
Chris
___
http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Recovery Files
Jean-Claude Adams wrote: Hi everybody: I'm new here, and I glad to enjoin with us!... But, I need some help with a files was delete for me, because after to scan the machine, clamav found a infected file. Maybe I'm clic to submit button, before I'm checked a infected file and them clic to erase the file. Anybody know how can recovery this files, well, its not a file, its completely a directory, especially a Inbox mail Thanks for you help, I'm desperate ClamAV is a command-line program...nothing to click. Are you by chance using ClamWin? -- Good day, eh. Chris ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="
Nigel Horne wrote: I receive the following output from a daily clamscan: /etc/cron.daily/clamscan: LibClamAV Warning: Ignoring empty field in " charset=" LibClamAV Warning: Ignoring empty field in " charset=" --- SCAN SUMMARY --- Known viruses: 41434 Engine version: 0.87.1 Scanned directories: 6566 Scanned files: 71132 Infected files: 0 Data scanned: 1894.82 MB Time: 1962.246 sec (32 m 42 s) It means that a header within the email is syntactically wrong, and that clamAV has made a guess at what it should be. I was able to track the warning down to the offending file which, as you said, was an e-mail that did not properly specify the charset. Thanks for your help. -- Good day, eh. Chris ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="
On Sat, December 10, 2005 2:49 pm, Nigel Horne said: > Chris Purves wrote: > >>On Tue, December 6, 2005 11:15 am, Chris Purves said: >> >> >>>I receive the following output from a daily clamscan: >>> >>> >>> >>>/etc/cron.daily/clamscan: >>>LibClamAV Warning: Ignoring empty field in " charset=" >>>LibClamAV Warning: Ignoring empty field in " charset=" >>> >>>--- SCAN SUMMARY --- >>>Known viruses: 41434 >>>Engine version: 0.87.1 >>>Scanned directories: 6566 >>>Scanned files: 71132 >>>Infected files: 0 >>>Data scanned: 1894.82 MB >>>Time: 1962.246 sec (32 m 42 s) >>><<< >>> >>> >>> >> >>Has anyone else experienced this problem? >> >> > It is not a problem, it is a warning that you can ignore, unless a virus > has slipped though > unnoticed, in which case you must submit it to www.clamav.net. > Can you tell me what the warning means? If a virus had slipped through, how would I be able to check since the warning does not specify to which file it belongs? -- Good day, eh. Chris ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="
On Tue, December 6, 2005 11:15 am, Chris Purves said: > I receive the following output from a daily clamscan: > > >>> > /etc/cron.daily/clamscan: > LibClamAV Warning: Ignoring empty field in " charset=" > LibClamAV Warning: Ignoring empty field in " charset=" > > --- SCAN SUMMARY --- > Known viruses: 41434 > Engine version: 0.87.1 > Scanned directories: 6566 > Scanned files: 71132 > Infected files: 0 > Data scanned: 1894.82 MB > Time: 1962.246 sec (32 m 42 s) > <<< > Has anyone else experienced this problem? -- Good day, eh. Chris ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] LibClamAV Warning: Ignoring empty field in " charset="
I receive the following output from a daily clamscan: >>> /etc/cron.daily/clamscan: LibClamAV Warning: Ignoring empty field in " charset=" LibClamAV Warning: Ignoring empty field in " charset=" --- SCAN SUMMARY --- Known viruses: 41434 Engine version: 0.87.1 Scanned directories: 6566 Scanned files: 71132 Infected files: 0 Data scanned: 1894.82 MB Time: 1962.246 sec (32 m 42 s) <<< I have found other people that have reported the same problem, but never an explanation that I could understand. Could someone tell my why I get these warnings and is there anything I can do about it? Thank you. -- Good day, eh. Chris ___ http://lurker.clamav.net/list/clamav-users.html
