[Clamav-users] whitelist broken (again)?
Had discovered this a while back... seems to have come up again. The documentation (man page) for clamav-milter says that the quarantine address is always whitelisted, but this appears to have been broken between 2006-03-18 (the last dev snapshot I was running) and 2006-05-15 (the current snapshot I'm running). Trying it with the "--whitelist-file=/etc/clamav/whitelist" option; will advise as to results. ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 0.86.1 vs clamav-devel-20050605
First, I'll admit to not having tried a more recent CVS than 2005-06-05. Here's my question: clamav-devel-20050605 uses a new options file format. Options require a boolean "yes" or "no." For exampe, CVS from 2005-06-05 requires you specify "LogSyslog yes" instead of "LogSyslog". Clamav 0.86.1 appears not to use the yes/no format. Is this intentional? I'd like to move this server from a CVS version to a "production" version, and it's mildly annoying to have to migrate my configs back to the old format, especially when I'm going to have to update them again when the new options format is released.. I ended up using a CVS version because 0.85 was not properly whitelisting the quarantine address. I guess I'll have to check to see if 0.86.1 fixes that issue next. Dan O'Brien __ Axon Solutions, Inc. Telephone: 703-845-8400 P.O Box 16725 Facsimile: 703-845-5568 Alexandria, VA 22302www.axonsolutions.com __ >From the Technology You Have to the Solutions You Need ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter "whitelist" not working?
Nigel Horne <[EMAIL PROTECTED]> wrote: > You forgot to add "in my configuration", since it is working for me and > others. Your statement implies that it doesn't work at all. I'm happy to report that the CVS version *did* apparently resolve the issue of the whitelist apparently not working. There must have been a couple of infected e-mails that got through just before I shut down sendmail and the milters to update ClamAV with the software from CVS. My bad :( ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter "whitelist" not working?
Primary mail server is a relay that has clamav-milter runnning (along with SpamAssassin) and filters mail for several domains. No problem. Mail found to be carrying a virus is quarantined to [EMAIL PROTECTED] and a notice is sent to the intended recipient to that effect. Clamav-milter is called with -dH -m 10 --from -p [EMAIL PROTECTED] [EMAIL PROTECTED] -t /etc/clamav/virus-warning /var/local/clamav/clamav-milter.sock I've put clamav-milter on a backup mail server to try and elmiminate some of the crap mail from the mass-mailing pestilence that's spreading itself around. Backup mail server is running clamav-milter only. When a virus-laden e-mail is found, it is quarantined to the same address ([EMAIL PROTECTED]) and no notice is sent to the intended recipient. For this configuration clamav-milter is called with -dH -m 10 --from -P [EMAIL PROTECTED] /var/local/clamav/clamav-milter.sock Problem is that the primary mail server is catching the virus-infected e-mail again and generating the notification. According to the man page, the quarantine address is supposed to be whitelisted by the milter. I've also tried using the --whitelist-file option, but it doesn't seem to be working. Anyone else using the whitelist feature successfully? Dan O'Brien __ Axon Solutions, Inc. Telephone: 703-845-8400 P.O Box 16725 Facsimile: 703-845-5568 Alexandria, VA 22302www.axonsolutions.com __ >From the Technology You Have to the Solutions You Need ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Working template (was: Template still broken in clamav-devel-20040806)
Customizable template works great in devel-20040608. I've included my template file for anyone who's interested. Just snip the contents between and specify --template-file= on your clamav-milter startup. Seems not all of the macros listed in the Sendmail ops guide are available. If I get ambitious, I'll do a template with all listed and see what cooks. Dan O'B P.S. The text of the message assumes you're using one of the quarantine or discard options of clamav-milter. *** WARNING *** WARNING *** WARNING *** A virus has been detected in an e-mail to you. The message has been blocked. -- The virus %v was sent to ${rcpt_addr}$. The message appeared to come from ${mail_addr}$ and was received from the Internet host ${_}$. Note: Many viruses and worms spoof or otherwise forge the e-mail address of the sender. The person who appears to have sent you the message may not be infected. (Queue ID: ${i}$) --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Template still broken in clamav-devel-20040806
Jim Maul <[EMAIL PROTECTED]> wrote: > > A virus has detected a virus in an e-mail > > to you. The message has been blocked. > > > > > > I have no idea about this template thing, but i dont think a virus detected a > virus :) Double *DUH!* Sorry, I did some quick editing of the template to protect the innocent. Time for lunch. Must be low blood sugar. Yeah, that's it. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Template still broken in clamav-devel-20040806
Nigel Horne <[EMAIL PROTECTED]> wrote: > Man clamav-milter and look for the handling of sendmail variables within template files. *DUH!* Sorry. Relevant section of man page is excerpted below for others :-) --template-file=file -t file File points to a file whose contents is sent as the warning mes- sage whenever a virus is intercepted. Occurances of %v within the file is replaced with the message returned from clamd, which includes the name of the virus. The %v string can be escaped thus, \%v, to send the string %v. Any occurance of strings in dollar signs are replaced with the appropriate sendmail-vari- able, e.g. ${if_addr}$. If the -t option is not given, cla- mav-milter defaults to a hardcoded message. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Template still broken in clamav-devel-20040806
Nigel Horne <[EMAIL PROTECTED]> wrote: > 0.75f now has improved template file handling. Thanks to you and to "Sergey Y. Afonin" <[EMAIL PROTECTED]> > for pushing me on this. I'm sorry to report that it seems not to be working for me, still. I built from the nightly CVS tarball clamav-devel-20040806. FWIW, here's my template: *** WARNING *** WARNING *** WARNING *** A virus has detected a virus in an e-mail to you. The message has been blocked. -- Additional information: Virus: Eicar-Test-Signature Sender: {f} {g} Recip: {u} Q ID:{i} Addr:{mail_addr} Host:{mail_host} Macro names have been taken from Section 5.2 of the "Sendmail Operations Guide," version 8.609.2.26, for Sendmail 8.12 (pp. SMM:08-43 through SMM:08-49). --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Building latest CVS on Fedora Core 1
"Fajar A. Nugraha" <[EMAIL PROTECTED]> wrote: > On build dir, try running aclocal, autoconf, and automake. That should work. Sure did. Thanks. James Lick <[EMAIL PROTECTED]> wrote: > autoconf 2.58 is required, just like it says. Apparently not. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Building latest CVS on Fedora Core 1
Don't ususally do the CVS builds, but I want to try the new template features. Running my usual configure script (same as since 0.6x): ./configure --enable milter \ --disable-clamuko \ --sysconfdir=/etc/clamav \ --localstatedir=/var/local/clamav \ --withdbdir=/var/local/clamav Results in the build puking: cd . && /bin/sh /root/sw/clamav-devel-20040806/missing --run aclocal-1.8 /root/sw/clamav-devel-20040806/missing: line 46: aclocal-1.8: command not found WARNING: `aclocal-1.8' is missing on your system. You should only need it if you modified `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . && /bin/sh /root/sw/clamav-devel-20040806/missing --run automake-1.8 --gnu /root/sw/clamav-devel-20040806/missing: line 46: automake-1.8: command not found WARNING: `automake-1.8' is missing on your system. You should only need it if you modified `Makefile.am', `acinclude.m4' or `configure.in'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. cd . && /bin/sh /root/sw/clamav-devel-20040806/missing --run autoconf configure.in:20: error: Autoconf version 2.58 or higher is required aclocal.m4:529: AM_INIT_AUTOMAKE is expanded from... configure.in:20: the top level autom4te: /usr/bin/m4 failed with exit status: 1 make: *** [configure] Error 1 I've got automake-1.7.8-1 and autoconf-2.57-3 installed. Can I build with this configuration? I'm trying to keep this machine configured using the "standard" FC1 packages and updates. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Template question
Nigel Horne <[EMAIL PROTECTED]>wrote: > 0.75f now has improved template file handling. Most excellent!! I'll give it a whirl when the next tarball is available. Dan --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Freshclam not respecting CHECKS?
I've got "Checks 12" in my freshclam.conf file, but FreshClam's log shows it checking every hour... I know it *used* to check every 2 hours (24 hours / 12 checks = 2 hours apart), but it's been a while since I looked that carefully at that particular log, so it could have been as far back as 0.6x... Anyone else experiencing this? Do I need to report a bug? __ Axon Solutions, Inc. Telephone: 703-845-8400 P.O Box 16725 Facsimile: 703-845-5568 Alexandria, VA 22302www.axonsolutions.com __ >From the Technology You Have to the Solutions You Need --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Template question
David Champion <[EMAIL PROTECTED]> wrote: > See the Milter.macros options in sendmail.cf. These configure which > variables are available to a milter at each stage of processing. OK -- here's my sendmail.cf: # Milter options #O Milter.LogLevel O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr} O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer} O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr} O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr} And I've got a file /etc/clamav/virus-warning: *** WARNING *** WARNING *** WARNING *** Clam AntiVirus has detected a virus in an e-mail to you. The message has been blocked. -- Additional information: Virus: %v Daemon Name:{daemon_name} If Name:{if_name} If Addr:{if_addr} J: {j} I: {i} Auth Type: {auth_type} Mail Host: {mail_host} Mail Addr: {mail_addr} The file's getting read, and a message reflecting the contects of the template is being created. The variables in braces aren't being replaced, though... I tried putting a percent sign (%) in front of the braces, too, and that's not working either. According to http://www.milter.org/milter_api/smfi_getsymval.html The values should be available... --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Template question
>From the clamav-milter man page: > Any occurance of strings in braces are > replaced with the appropriate {sendmail-variable}. If > the -t option is not given, clamav-milter defaults to a > hardcoded message. This is great... I've been waiting for this since the template feature came out. Just what are the SendMail variables, though? I assumed -- apparently incorrectly -- that they were the $whatever configuration macros, but these don't seem to work in my template file. Can anyone point me to a list? --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Error "Out of memory: cannot allocate memory" fixed
Well, not *exactly* fixed... I started to get this error after performing an upgrade from 0.68 to 0.70 (see my post 04/21/2004). I made no changes to my autoconf options, and no changes to my clamav.conf (apart from ThreadTimeout --> ReadTimeout). v0.70 would cause sendmail to error upon connection from an smtp client with the "Out of memory: cannot allocate memory" error. v0.68 does not do this. After seeing a post about this error being caused by the socket name being wrong, I did a bit of troubleshooting on another system and found it was a permissions problem on the directory where the socket lies (/var/local/clamav). Here are the particulars (Pease note, this this test system is running clamav-milter, not mimedefang, I'm just running as mimedefang. Another system exhibiting the same problem is running as clamav): clamav is complied as follows: ./configure --enable-milter \ --enable-debug \ --with-user=mimedefang \ --with-group=mimedefang \ --with-gnu-ld \ --disable-clamuko \ --sysconfdir=/etc/clamav \ --localstatedir=/var/local/clamav \ --with-dbdir=/var/local/clamav The socket files are /var/local/clamav/clamd.sock and /var/local/clamav/clamav-milter.sock The directory /var/local/clamav is owned by mimedefang with group mimedefang. When /var/local/clamav has permissions 0700 or 0770, I get the "cannot allocate memory" error. When it's 0777, it works fine. If I run clamd and clamav-milter as root, it works fine. I've tried running as mimedefang with "AllowSupplementaryGroups" enabled, but that doesn't work, either (and I'm not entirely clear on its purpose from the notes in clamav.conf). In any case, if /var/local/clamav has group or world write permissions sendmail complains. So the point of this ramble is to find out the following: How should I have clamav configured so it's not running as root, with the config files in /var/local/clamav (with reasonable permissions). And what changed between v0.68 and 0.70 so as to cause this predicament (I didn't see anything in the ChangeLog that gave much of a clue. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Easiest/best sendmail integration
> What is the simplest and best solution for providing virus detection of > incoming email using Clamav with sendmail both assuming I don't have milter > and that I do? RedHat and Fedora have a sendmail-devel package that includes the milter support (provided Sendmail is new enough). It installs in just a few seconds and should solve the failure to detect libmilter. --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Milter errors after upgrade of clamav from 0.68 to 0.70
I attempted to upgrade my ClamAV from 0.68 to 0.70 this morning. 0.68 has been running flawlessly on Fedora Core 1 patched to reasonably current (I haven't put the latest kernel on, I'm still at 2.4.22-2174nptl). The error I get is Apr 21 10:57:27 sweep sendmail[1539]: i3LEvR8Z001539: SYSERR(root): out of memory: Cannot allocate memory Apr 21 10:57:27 sweep sendmail[1542]: i3LEvR8Z001542: SYSERR(root): out of memory: Cannot allocate memory I've got my configuration settings saved in a shell script, so 0.70 was config'd and compiled with the same options as 0.68. I didn't update my startup scripts or the files in /etc/sysconfig. I checked the paths of my socket files; they're identical in sendmail.(mc|cf) and the config files. Clamdscan works fine. I did have to change the ThreadTimeout parameter in clamav.conf to ReadTimeout when I updated the version. I finally had to revert back to 0.68, which worked "as is" (after changing the parm back to "ThreadTimeout"). Thoughts, anyone? Dan O'Brien __ Axon Solutions, Inc. Telephone: 703-845-8400 5827 Columbia Pike #502Facsimile: 703-845-5568 Falls Church, VA 22041 www.axonsolutions.com __ >From the Technology You Have to the Solutions You Need --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Clamav-milter 0.66 not tagging test2.zip or test1.bz2 ?
I've just started using clamav, integrated with SendMail using clamav-milter. It's picked up a few MyDooms and it correctly identifies the test file. It isn't, however, identifying the files test2.zip or test1.bz2. Should it identify infected files from attached archives? Dan O'Brien __ Axon Solutions, Inc. Telephone: 703-845-8400 5827 Columbia Pike #502Facsimile: 703-845-5568 Falls Church, VA 22041 www.axonsolutions.com __ >From the Technology You Have to the Solutions You Need --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users