Re: [Clamav-users] upgrading clamav changes permissions on directories?

[Dilip M]

On Wed, 21 Apr 2004 11:02:02 +0200, Kri¨tof Petr <[EMAIL PROTECTED]> 
wrote:

Jim Maul wrote:

I just upgraded my clamav RPMs from 0.70rc to 0.70 (from
http://crash.fce.vutbr.cz/crash-hat/1/clamav/)
Since i am running qmail with qmail-scanner, i run clamav as user 
qscand and
have to change /var/run/clamav, /var/log/clamav and /var/lib/clamav to 
be
owned by qscand.  While upgrading to 0.70 i noticed that all three of 
these
directories have changed back to clamav.clamav.   Would it be possible 
to
NOT change ownership back to clamav during an upgrade?

Its not that big of a deal, just sorta annoying.

Same things happened in my case..!! i'm running clamav as mailnull user !
So i need to change all clamav owned files to mailnull users :)


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] After upgarding to ClamAV 0.70 only 3 of testvirus got tro...

[Dilip M]

On Sat, 17 Apr 2004 11:34:18 +0200, Luca Gibelli <[EMAIL PROTECTED]> wrote:

Dear ClamAV users,

we are finally ready to mark the 0.70 release as "stable". Here is a sum
up of the major changes since the 0.68 release:
Just now upgraded the mine from 'clamav-0.70rc-1' to 'clamav-0.70-1'.

My box is redhat 8,running
Exim version 4.30
Exiscan-acl patch revision 16
Before Virus numbers : 19,21,23,25

After upgrading only 21,23,25 got tro

-Dilip

--
Sorry for my engalishit  not my mother tongue ;)
---
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] System scan...

[Dilip M]

On Fri, 16 Apr 2004 18:36:57 +0530, Dilip M <[EMAIL PROTECTED]> wrote:

On Fri, 16 Apr 2004 14:20:39 +0200, Mike van Vugt <[EMAIL PROTECTED]> 
wrote:

Scaned a lot of files:

--- SCAN SUMMARY ---
Known viruses: 21074
Scanned directories: 9239
Scanned files: 97704
Infected files: 8
Data scanned: 13575.66 MB
I/O buffer size: 131072 bytes
Time: 6137.270 sec (102 m 17 s)
[EMAIL PROTECTED] root]#
Now how to find the infected ones ??? I have Bin looking for logfiles
but canot find it

EX:grep 'FOUND' 

$grep 'FOUND' /var/log/clamav/clamd.log
:)
-Dilip



--
Sorry for my engalishit  not my mother tongue ;)
---
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Virus stats using php/rrdtool

[Dilip M]

[...]

So I created static linux php binary ready to use.

It's available at http://clamav.or.id/contrib/clamd-stat

RRD files are stored under rra, and graphs are stored under html/graph.

I tried and i'm getting this error:

# /opt/php5 bin/parse_log.php < /var/log/clamav/clamd.log
Bus error

My box is :
# more /etc/redhat-release;rpm -qa|grep -i kernel
Red Hat Linux release 8.0 (Psyche)
kernel-2.4.18-14
kernel-pcmcia-cs-3.1.31-9
kernel-2.4.20-28.7

# ls -l /var/log/clamav/clamd.log
-rw-r-1 mailnull mailnull 1409 Apr 13 15:28 
/var/log/clamav/clamd.log
--
# ls -l /opt/php5
-rwxr-xr-x1 root root53496 Apr 13 12:51 /opt/php5
--
What's happening ?



Problem was with download.Informed "Fajar A. Nugraha".He have gzipped that 
'php5' file.
I downloaded it and its working fine:)

Thanks Fajar,
-Dilip.M
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamd Virus stats using php/rrdtool

[Dilip M]

[..]

Is anyone using mrtg to gather stats on spam/virus activity?

So, I created something using php and rrdtool (not mrtg, but similar).
Why php? Because I like it best :)
Even though it IS written in PHP, it is intended (for now) as command 
line application,
not web based application. Changing it would be a simple thing though.

You'll need cgi or cli version of php with rrdtool as either built in or 
loadable module.
Creating this is a little hard, since by default rrdtool is not a php 
extension.
So I created static linux php binary ready to use.

It's available at http://clamav.or.id/contrib/clamd-stat

RRD files are stored under rra, and graphs are stored under html/graph.

I tried and i'm getting this error:

# /opt/php5 bin/parse_log.php < /var/log/clamav/clamd.log
Bus error

My box is :
# more /etc/redhat-release;rpm -qa|grep -i kernel
Red Hat Linux release 8.0 (Psyche)
kernel-2.4.18-14
kernel-pcmcia-cs-3.1.31-9
kernel-2.4.20-28.7

# ls -l /var/log/clamav/clamd.log
-rw-r-1 mailnull mailnull 1409 Apr 13 15:28 
/var/log/clamav/clamd.log
--
# ls -l /opt/php5
-rwxr-xr-x1 root root53496 Apr 13 12:51 /opt/php5
--
What's happening ?

-Dilip

--
Sorry for my engalishit not my mother tongue ;)
---
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Updating ClamAV method other than freshclam

[Dilip M]

On Thu, 08 Apr 2004 14:36:52 +0800, Seve Ho <[EMAIL PROTECTED]> wrote:

I installed clamav on a Redhat. The machine do not have a direct 
internet connection, so that it cannot use freshclam to update it 
database.
My question is , is there any method to update ClamAV databases other 
than freshclam?
For example, can I do a freshclam on another machine and copy the 
database file(what is the path?) to a floppy/CD and then copy to the 
Redhat?
Well on my box,

# grep DatabaseDirectory /etc/clamav.conf
DatabaseDirectory /var/lib/clamav
---
# ls -lut /var/lib/clamav/
total 2034
-rw-r--r--1 clamav   clamav  57729 Apr  8 12:28 daily.cvd
-rw-r--r--1 clamav   clamav 965110 Apr  8 12:28 main.cvd
-
Yes its there ;)
-Dilip



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clam eats up most CPU usage

[Dilip M]

Hi,

Clam eats up most CPU usage  :(

The O/p of top is,



  PID USER PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
  440 mailnull   9   0 12384  12M   920 S99.9  6.4   0:07 clamd
  487 mysql  9   0  5460 5460  2460 S 0.2  2.8   0:01 mysqld
  569 xfs9   0  3108 3108   840 S 0.0  1.6   0:00 xfs
-
The very next second it is

-
  PID USER PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
  440 mailnull   9   0 12384  12M   920 S 0.0  6.4   0:07 clamd
  487 mysql  9   0  5460 5460  2460 S 0.0  2.8   0:01 mysqld
  569 xfs9   0  3108 3108   840 S 0.0  1.6   0:00 xfs
  893 root   9   0  2552 2552  1776 S 0.0  1.3   0:18 httpd
-
Regards,
-Dilip
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: Yet another TESTVIRUS.org result !!

[Dilip M]

[...]

Some people complained that ClamAV is not a 'vulnerability/exploit' 
scanner,
but a virus scanner. This makes sense (and helps to avoid code bloat), 
but if
[...]

After blocking 'com' extension i absorved that many of viruses from
testvirus.org had 'com' extension!!
Better i block the 'com' extension itself,atleast reducing the load on
CLAM :))
Which scanner are you using? qmail-scanner scans viruses FIRST, then 
blocks extensions based on policy. This change was made between 1.20-rc2 
and 1.20-rc3 if I remember correctly.
I'm using Exim mailserver with " exiscan-acl patch revision 14"
This will block unwanted attachments first,than scans allowed attachments..
Why to scan those attachments which we won't allow!! As i seen right now 
clamav is only process which is taking most of CPU usage!!(Compared to 
other process on the server,but not a problem)

Atleast this scan reduce load on CLAMAV ;)

Better if we won't block these attachment while we are testing CLAMAV :)

-Dilip



--
I was born intelligent  education ruined me.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Yet another TESTVIRUS.org result !!

[Dilip M]

[..]
Test # 12,19,21,23,25

Is this normal or i need to upgrade ?
Get latest clamav, 0.70rc or even CVS, then enable ScanMail.


Just now i got this CLAMAV installed...
---
# rpm -qa|grep clam
clamav-0.70rc-1
-
ClamAV update process started at Fri Mar 26 15:45:25 2004
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 217, sigs: 615, f-level: 1, builder: 
diego)
-

Only improvement is Test # 12 was detected ?

Where as all other Viruses,ie
Test # 19,21,23,25
came through :(
After blocking 'com' extension i absorved that many of viruses from 
testvirus.org had 'com' extension!!

Better i block the 'com' extension itself,atleast reducing the load on 
CLAM :))

I think it better to do this as last after testing Clam is detecting those 
viruses or not :)

-Dilip



--
I was born intelligent  education ruined me.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Yet another TESTVIRUS.org result !!

[Dilip M]

On Wed, 24 Mar 2004 10:19:26 -0300, Everton da Silva Marques 
<[EMAIL PROTECTED]> wrote:

On Wed, Mar 24, 2004 at 02:33:09PM +0530, Dilip M wrote:
I'm running "clamav-0.67-1",
with Exim 4.30/exiscan-acl patch revision 14.
I got these viruses skipped while testing tro testvirus.org

Test # 12,19,21,23,25

Is this normal or i need to upgrade ?
Get latest clamav, 0.70rc or even CVS, then enable ScanMail.


Just now i got this CLAMAV installed...
---
# rpm -qa|grep clam
clamav-0.70rc-1
-
ClamAV update process started at Fri Mar 26 15:45:25 2004
main.cvd is up to date (version: 21, sigs: 20094, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 217, sigs: 615, f-level: 1, builder: 
diego)
-

Only improvement is Test # 12 was detected ?

Where as all other Viruses,ie
Test # 19,21,23,25
came through :(
-Dilip

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Building Clam-RPM without milter support ?

[Dilip M]

On Fri, 26 Mar 2004 14:33:46 +0530, Dilip M <[EMAIL PROTECTED]> wrote:

Hi,

Just downloaded the src RPM "clamav-0.70rc-1.src.rpm  " 

I wanted to build RPM without milter support ?

Did
%define _without_milter 1
its getting built :)



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Building Clam-RPM without milter support ?

[Dilip M]

Hi,

Just downloaded the src RPM "clamav-0.70rc-1.src.rpm  " 

I wanted to build RPM without milter support ?

What i need to change in SPEC file...

Sorry i know very very little abt SPEC file .

Thanks

-Dilip

--
The brain is a wonderful organ. It gets automounted  the moment you get Up 
in the morning and does not goes to sleep state until you force fully 
umount it !!
-

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Application to generate CLAMAV report

[Dilip M]

On Thu, 25 Mar 2004 15:33:39 +0700, Fajar A. Nugraha <[EMAIL PROTECTED]> 
wrote:

Bo-Lina teknisk support wrote:

Neither of these link's work.


I downloaded the programs. It worked, but then I got these :

The web site you are trying to access has exceeded its allocated data 
transfer.
Visit our help area  for more 
information.Access to this site will be restored within an hour. Please 
try again later.

I have
# rpm -qa|grep clam
clamav-0.67-1
clamav-devel-0.67-1

# exim -bV
Exim version 4.30 #1 built 10-Mar-2004 12:35:24
Copyright (c) University of Cambridge 2003
Berkeley DB: Sleepycat Software: Berkeley DB 4.0.14: (November 18, 2001)
Support for: iconv() OpenSSL
Lookups: lsearch wildlsearch nwildlsearch dbm dmbnz mysql
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Fixed never_users: 0
Contains exiscan-acl patch revision 14 (c) Tom Kistner 
[http://duncanthrax.net/exiscan/]
Configuration file is /etc/exim/exim.conf
---
How can i get this work my side ?

-Dilip

--
I was born intelligent  education ruined me.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Yet another TESTVIRUS.org result !!

[Dilip M]

Hi,

I'm running "clamav-0.67-1",
with Exim 4.30/exiscan-acl patch revision 14.
I got these viruses skipped while testing tro testvirus.org

Test # 12,19,21,23,25

Is this normal or i need to upgrade ?

Thanks

-Dilip



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Exim & Clam : demime acl condition: error while creating mbox spool file

[Dilip M]

When ever the mail comes i see this log in 'main.log' and 'panic.log'

# tail -f main.log
2004-03-22 17:03:43 1B5Ngd-00014I-9a malware acl condition: clamd: ClamAV 
returned /var/spool/exim/scan/1B5Ngd-00014I-9a: Can't access the file ERROR
2004-03-22 17:03:43 1B5Ngd-00014I-9a H=(mail.s7solutions.com) 
[202.144.44.94] Warning: ACL "warn" statement skipped: condition test 
deferred:
2004-03-22 17:03:43 1B5Ngd-00014I-9a SA: Debug: SAEximRunCond expand 
returned: '0'
2004-03-22 17:03:43 1B5Ngd-00014I-9a SA: Notice: Not running SA because 
SAEximRunCond expanded to false
2004-03-22 17:03:43 1B5Ngd-00014I-9a <= [EMAIL PROTECTED] 
H=(mail.s7solutions.com) [202.144.44.94] P=smtp S=872 
[EMAIL PROTECTED]
2004-03-22 17:03:43 1B5Ngd-00014I-9a => 
/var/mail/vdomains/s7technologies.com/dilipm/Maildir 
<[EMAIL PROTECTED]> R=virtual_domains T=virtual_delivery
2004-03-22 17:03:43 1B5Ngd-00014I-9a Completed
---
# tail -f panic.log
2004-03-22 17:04:24 1B5NhI-00014S-Al malware acl condition: clamd: ClamAV 
returned /var/spool/exim/scan/1B5NhI-00014S-Al: Can't access the file ERROR
-

So thought that its would be a permission problem on 
"/var/spool/exim/scan/"
# ls -ld /var/spool/exim/scan/
drwxr-x---2 mailnull mailnull 1024 Mar 22 17:04 
/var/spool/exim/scan/
-
And changed it to:
# ls -dl /var/spool/exim/scan/
drwxrwx---2 clamav   mailnull 1024 Mar 22 17:04 
/var/spool/exim/scan/

# tail -f main.log
2004-03-22 17:08:57 1B5Nlh-00014n-Q7 demime acl condition: error while 
creating mbox spool file
2004-03-22 17:08:57 1B5Nlh-00014n-Q7 H=(mail.s7solutions.com) 
[202.144.44.94] F=<[EMAIL PROTECTED]> temporarily rejected after DATA
-
# tail -f panic.log
2004-03-22 17:08:57 1B5Nlh-00014n-Q7 demime acl condition: error while 
creating mbox spool file
--

What wornf [EMAIL PROTECTED] exim]# tail -f panic.log
2004-03-22 17:08:57 1B5Nlh-00014n-Q7 demime acl condition: error while 
creating mbox spool file

What wrong ?

-Dilip

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Where is the "sock" file

[Dilip M]

On Tue, 16 Mar 2004 10:13:48 +0300, Odhiambo Washington 
<[EMAIL PROTECTED]> wrote:
[...]


>Do you have a file clamav.conf??
>
>
I'm talking about "socket" file ?
Is there a way to coonect to CLAM using socket ??


Very much! Go slowly and read the installation docs. The answers are
there. That is why I asked you if you even have a file called
clamav.conf. The fact that you are asking this question shows that
you obviously haven't read anything to do with install, or if you
did, you were in a great hurry, which is not good for you in the long
run.
I know soon someone here is gonna tell you to RTM. Badly enough, I
happen to have just done it;(
Hi Washington,

You are right!! Few months back when i started to use Clam_AV , i had 
little knowledge {(compared to today :) }  on it

So i re-read the doc and solved this !! Let me check how much better/poor 
performance does CLAM give using Socket :)

Thanks
-Dilip
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Where is the "sock" file

[Dilip M]

On Tue, 16 Mar 2004 09:11:40 +0300, Odhiambo Washington 
<[EMAIL PROTECTED]> wrote:

* Dilip M <[EMAIL PROTECTED]> [20040316 09:10]: wrote:
Hi,

I have these RPMS installed .
# rpm -qa|grep clam
clamav-devel-0.67-1
clamav-0.67-1
Where is the "sock" file ?
What is a "sock" file?
Do you have a file clamav.conf??

I'm talking about "socket" file ?
Is there a way to coonect to CLAM using socket ??
--
I was born intelligent  education ruined me.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Where is the "sock" file

[Dilip M]

Hi,

I have these RPMS installed .
# rpm -qa|grep clam
clamav-devel-0.67-1
clamav-0.67-1
Where is the "sock" file ?

I searched the whole system,no where i found socket file for clamav.

-Thanks
-Dilip


--
I was born intelligent  education ruined me.

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Hello i'm not getting mails !!

[Dilip M]

I'm getting :))

On Wed, 14 Jan 2004 12:24:34 +0530, Dilip M <[EMAIL PROTECTED]> 
wrote:

Hi,

I posted a mail to lsit and its reflecting in 
http://sourceforge.net/mailarchive/forum.php?forum=clamav-users,but i 
have'nt received any mails tro "[EMAIL PROTECTED]"

Is list working ?

-Dilip.M

---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


--
"RISK:Winners don't wait for chances,they take them."
--
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Check mail - IGNORE

[Dilip M]

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Hello i'm not getting mails !!

[Dilip M]

Hi,

I posted a mail to lsit and its reflecting in 
http://sourceforge.net/mailarchive/forum.php?forum=clamav-users,but i 
have'nt received any mails tro "[EMAIL PROTECTED]"

Is list working ?

-Dilip.M

---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] How to make Clam-AV to detect perticular virus

[Dilip M]

Hi,

I'm having,

# clamdscan -V;clamscan -V
clamdscan / ClamAV version 0.65
clamscan / ClamAV version 0.65
# more /var/log/clam-update.log
--
ClamAV update process started at Wed Jan 14 06:15:00 2004
main.cvd is up to date (version: 16, sigs: 19819, f-level: 1, builder: ddm)
daily.cvd is up to date (version: 84, sigs: 282, f-level: 1, builder: ddm)
--
Some of the virus are being detected,but i got one of this following virus 
without being detected by Clam-AV.(See the file attached for details)

How could i make Clam-AV to detect this ?

Thanks
-Dilip.MDisplay all headers 
Date:  Wed, 14 Jan 2004 00:00:59 +0900 
From:  "Microsoft Corporation Internet Security Division" <[EMAIL PROTECTED]> 
To:  "Client" <[EMAIL PROTECTED]> 
Subject:  Latest Network Security Update 

Microsoft  All Products | Support | Search | Microsoft.com Guide  
Microsoft Home  


MS Client

this is the latest version of security update, the "January 2004, Cumulative 
Patch" update which eliminates all known security vulnerabilities affecting MS 
Internet Explorer, MS Outlook and MS Outlook Express as well as three new 
vulnerabilities. Install now to help protect your computer from these 
vulnerabilities, the most serious of which could allow an attacker to run 
executable on your computer. This update includes the functionality of all 
previously released patches.  


System requirements  Windows 95/98/Me/2000/NT/XP 
This update applies to  MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later  
Recommendation Customers should install the patch at the earliest opportunity. 
How to install Run attached file. Choose Yes on displayed dialog box. 
How to use You don't need to do anything after installing this item. 

Microsoft Product Support Services and Knowledge Base articles can be found on 
the Microsoft Technical Support web site. For security-related information about 
Microsoft products, please visit the Microsoft Security Advisor web site, or 
Contact Us. 

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail 
address and we are unable to respond to any replies.

The names of the actual companies and products mentioned herein are the 
trademarks of their respective owners.  

Contact Us | Legal | TRUSTe  
©2004 Microsoft Corporation. All rights reserved. Terms of Use | Privacy 
Statement | Accessibility  

Installer3.exe 

[Clamav-users] 6 viruses in http://www.testvirus.org/ were NOT detected by Clam-AV

[Dilip M]

Hi all,

Hope  some guys in grp are NOT fed up from my mails :(( If so i'm 
apolozise.

Yday i had a problem of Clam-AV not detecting viruses sent from 
http://www.testvirus.org/

===
Problem was with /etc/clam.conf
#ClamukoIncludePath /home
The above line was UN-commented out.Re-reading a clamdoc.pdf again (with 
patiece) help : Its says:
---
Never protect a directory your mail-scanner software uses for attachment 
unpacking.
Access to all infected files will be automagically blocked and the scanner
(even clamd) wonât be able to detect a virus. The infected mail will be 
delivered.
---
===

Lastly follwoing viruses were not detected !!

*Eicar virus sent using BinHex encoding
*Eicar virus sent using BinHex encoding within a MIME segment
*Outlook 'Blank Folding' Vulnerability (does not include Eicar virus, but 
your mail server still must catch this)
*Outlook 'Boundary Space Gap' Vulnerability (does not include Eicar virus, 
but your mail server still must catch this)
*Outlook 'Long Boundary' Vulnerability (does not include Eicar virus, but 
your mail server still must catch this)
*A file with a CLSID extension which may hide the real file extension 
(does not include Eicar virus, but your mail server still must catch this)

Is this common with Clam-AV or am i need take care of some things in 
Clam-AV ?

Kindly Guide...

Thanks
-Dilip.M


---
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Clam-AV Related issue !!

[Dilip M]

Hi,

I'm testing clam-av and some viruses are getting tro.
This is a header of mail when i sent a mail from 
"http://www.testvirus.org/";
-

Return-Path: 	<[EMAIL PROTECTED]>	
Delivered-To: 	[EMAIL PROTECTED]	
Received: 	(qmail 1380 invoked by uid 509); 7 Jan 2004 14:13:32 -	
Received: 	from [EMAIL PROTECTED] by mail.s7solutions.com by uid 502 
with qmail-scanner-1.20 (clamuko: 0.65. spamassassin: 2.61. 
Clear:RC:0(12.5.18.175):SA:0(0.0/5.0):. Processed in 2.493889 secs); 07 
Jan 2004 14:13:32 -	
X-Spam-Status: 	No, hits=0.0 required=5.0	
Received: 	from 12.5.18.175.excedent.us (HELO mail01.excedent.us) 
(12.5.18.175) by 0 with SMTP; 7 Jan 2004 14:13:30 -	
X-Originating-Ip: 	202.144.44.90	
Message-Id: 	<[EMAIL PROTECTED]>	
Date: 	Wed, 07 Jan 2004 08:57:57 -0500	
From: 	"testvirus.org" <[EMAIL PROTECTED]>	
To: 	<[EMAIL PROTECTED]>	
Subject: 	Virus Scanner Test	
Mime-Version: 	1.0	
Content-Type: 	multipart/mixed; 
boundary="=_804689079==_"	
X-Note: 	Report abuse to [EMAIL PROTECTED]	
X-From: 	[EMAIL PROTECTED] - ([127.0.0.1]), outgoing 1.	
X-Note: 	IPMX, NOLEGIT (0)

# more /var/log/clam-update.log

ClamAV update process started at Wed Jan  7 18:01:01 2004
main.cvd is up to date (version: 12, sigs: 11867, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 74, sigs: 159, f-level: 1, builder: 
tomek)
--
ClamAV update process started at Wed Jan  7 19:37:43 2004
main.cvd is up to date (version: 12, sigs: 11867, f-level: 1, builder: 
tkojm)
daily.cvd updated (version: 75, sigs: 160, f-level: 1, builder: diego)
Database updated (12027 signatures) from database.clamav.net 
(64.74.124.90).
--

Kindly help me in getting this solved !!

Thanks
-Dilip.M
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Some basics doubts :)

[Dilip M]

On Wed, 7 Jan 2004 11:46:03 -, Nigel Horne <[EMAIL PROTECTED]> wrote:

I tested using http://www.testvirus.org/

The very first virus ("Eicar virus sent using base64 encoding") was NOT
caught :((
I tried it and got this e-mail:

"A message sent from <[EMAIL PROTECTED]> to
<[EMAIL PROTECTED]>
contained a virus and has not been delivered.
stream: Eicar-Test-Signature FOUND"
-Dilip.M

-Nigel

Hi,

One thing i noticed is it was able to detect "Eicar virus sent using 
binary encoding"
But NOT "Eicar virus sent using base64 encoding"

--
# which clamscan clamdscan
/usr/local/bin/clamscan
/usr/local/bin/clamdscan
--
# clamdscan -V ; clamscan -V
clamscan / ClamAV version 0.65
clamscan / ClamAV version 0.65
--
# ps -ef|grep clamd
root 25901 1  0 11:05 ?00:00:00 clamd
root 25902 25901  0 11:05 ?00:00:00 clamd
root 25903 25902  0 11:05 ?00:00:00 clamd
root 32230 32138  0 18:53 pts/000:00:00 grep clamd
--
Am i need to change something in /etc/clamav.conf ??

Kindly guide me in getting this solved.

Thanks n Regards
-Dilip.M
 

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Some basics doubts :)

[Dilip M]

On Tue, 6 Jan 2004 15:43:29 +0100, Tomasz Kojm <[EMAIL PROTECTED]> wrote:

On Tue, 06 Jan 2004 20:14:43 +0530
Dilip M <[EMAIL PROTECTED]> wrote:
My clam-update.log is as aboveis it up2date ?
Yes, your virus database is up to date.

Best regards,
Tomasz Kojm
I tested using http://www.testvirus.org/

The very first virus ("Eicar virus sent using base64 encoding") was NOT 
caught :((

While come of virus are being filtered

-Dilip.M

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Some basics doubts :)

[Dilip M]

On Tue, 6 Jan 2004 21:58:07 +0100, Christoph Cordes <[EMAIL PROTECTED]> 
wrote:

Hello Dilip,

Tuesday, January 6, 2004, 3:44:43 PM, you wrote:

DM> Hi,

DM> I just got Clam-AV and Freshclam working :) Was little tough :(

DM> I'm running Qmail on Redhat7.3

DM> # more /var/log/clam-update.log
DM> 

DM> ClamAV update process started at Tue Jan  6 20:03:08 2004
DM> main.cvd is up to date (version: 12, sigs: 11867, f-level: 1, 
builder:
DM> tkojm)
DM> daily.cvd is up to date (version: 73, sigs: 151, f-level: 1, builder:
DM> diego)
DM> 


DM> But i have gone tro the clamdoc.pdf.Was not able to understand some
DM> basics..
DM> My clam-update.log is as aboveis it up2date ?

DM> Sometime back read that if we send mail to some site,it will reply 
with
DM> virus! Which ID ? so that i come to know that my clam-av in up2date 
and
DM> working fine:)

try http://www.testvirus.org/

hth

Hi Christoph,

I did testing for all Viruses in "http://www.testvirus.org/";
I got some viruses detected but few of them escaped :(
-
Ex of some mails that got tro:
-
This message was sent to you because you or someone you know is
testing your mail server's virus scanner at:
http://www.testvirus.org/?co=
This test message contains:

Outlook 'Boundary Space Gap' Vulnerability (does not include Eicar virus, 
but your mail server still must
catch this)

If your mail server's virus scanner did not detect this email,
it allows some viruses through!  This free test is provided by
Webmail.us - for secure email hosting services visit
http://www.webmail.us
Note: This test message uses the EICAR test virus, which is
completely benign and contains no viral code.  For more
information see:  http://www.eicar.org
--=_307115168==_--

HOW COULD I FIX THIS NOW ?

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Some basics doubts :)

[Dilip M]

Hi,

I just got Clam-AV and Freshclam working :) Was little tough :(

I'm running Qmail on Redhat7.3

# more /var/log/clam-update.log

ClamAV update process started at Tue Jan  6 20:03:08 2004
main.cvd is up to date (version: 12, sigs: 11867, f-level: 1, builder: 
tkojm)
daily.cvd is up to date (version: 73, sigs: 151, f-level: 1, builder: 
diego)


But i have gone tro the clamdoc.pdf.Was not able to understand some 
basics..

My clam-update.log is as aboveis it up2date ?

Sometime back read that if we send mail to some site,it will reply with 
virus! Which ID ? so that i come to know that my clam-av in up2date and 
working fine:)

-Dilip.M

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] clamuko: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 2

[Dilip M]

Hi ,

I'm running Qmail on machine is Redhat 7.3

Everything was fine till i upgraded Clam-AV from 0-60 to 0.65.

Just Complied clam-av 0.65 as per 
http://www.qmailrocks.org/qmailscanner_db.htm
i'm held up in this stage :(

# ./test_installation.sh -doit
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this 
test...

Sending standard test message - no viruses...

X-Qmail-Scanner-1.20:[mail.s7solutions.com107338586546110022] clamuko: 
corrupt or unknown clamd scanner error or memory/resource/perms problem - 
exit status 2

qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died


-Dilip.M

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users