Re: [Clamav-users] Suggestion - make the source package available without the main.cvd database

[James Kosin]

Per Jessen wrote:
 Any chance of making the source package available without the current
 cvd databases?  The current package is 24Mb, without the CVD it's only
 3Mb.  Just a suggestion, but it might just save some bandwidth.
 
 
 /Per Jessen, Zürich
 

Some RPM packages have gone this route; however, you still need to
download the database to get a working ClamAv installation.  So, either
way you are going to have to download the database files, if this is a
fresh NEW installation.

Some HISTORY (from what I remember)

1)  The source is built on the idea that you should be able to download,
compile, and install and have a working installation.  To make thing
easier, the tarball has the latest databases at the time packaged so NEW
users don't get troubled with a LARGE download just after installing and
trying to use the tools for the first time.
2)  Wasn't long ago, ClamAv would crash and not function without a set
of database files installed.  It wasn't till recently that the freshclam
demon could download a fresh set of databases and not just upgrade them.
 (0.90 or something like that)...
3)  RPM builders have switched to this as an attempt to satisfy the
users... don't know the fallout for this; since this involves extra RPM
packages to be installed by new users.  Some have also gone to packaging
the client and server software separately again for those using a
complicated networked approach to ClamAv.

Final Thoughts
--
1)  It could be possible to offer both on the web-site; however that
increases the possibility NEW users may download the wrong one and get
stuck with the LARGE download and complaints will rise.
2)  aCaB is correct, you can get the sources via SVN.  Granted it isn't
the most convenient method; but, you will be getting what you want.

James Kosin



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Question of clamav/clamav-milter

[James Kosin]

Giorgio Bellussi wrote:
 Javier Lopez wrote:
 Hi community,


 man clamav-milter:
 
 ...
 -Q, --quarantine=EMAILADDRESS
   If this e-mail address is given, messages containing a virus  or
   worm are redirected to it.
 
 ...
 
 WBR
 
 G
 ___

That is from the old clamav-milter man page.
Clamav-milter = 0.95.1
has a very slim number of options...

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Virus Infected Message for recipient

[James Kosin]

Dan Metcalf wrote:
 - Original Message - 
 From: Michelle Konzack linux4miche...@tamay-dogan.net
 To: clamav-users@lists.clamav.net
 Sent: Wednesday, April 29, 2009 2:48 PM
 Subject: Re: [Clamav-users] Virus Infected Message for recipient
 
 
 I also came across the same issue.  Of course I Reject the messages, but 
 for
 my own personal domain I like to have the notices of infected email go
 through to the intended local recipient just to keep track of things.

 James Kosin mentioned the backscatter with faked sender addresses, but we
 aren't looking to return the email notice to the sender.  I just want to
 send a notice to the local recipient that the message was not accepted 
 due
 to a virus.
 I would never do this because I do not want to
 be informed about 150-2000 viriis per day.

 Thanks, Greetings and nice Day/Evening
Michelle Konzack
 
 That's nice, but we weren't asking for an opinion poll.
 
 My domain doesn't get very many viruses at all through email, so it's a nice 
 ticker to see when virus activity is on the rise out there.  I could have 
 all of the postmaster virus notifications routed to myself, but that's 
 overkill for my monitoring needs.
 
 Dan Metcalf 
 

Should be easy enough to write a script to parse the log and return a
count of the viruses per day for you.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Virus Infected Message for recipient

[James Kosin]

martinnitram wrote:
 At clamav 0.94, it can config clamav-milter that send a Virus Infected
 notify email to recipient when a virus scanned. But from 0.95.1, the milter
 only had 'Blackhole' option that direct drop the virus email without any
 user notification like 0.94. Is that had any option for milter at 0.95.1 to
 do this? Thank.
clamav-milter has 5 options for this

Accept  -- not recommended if a virus is detected
Reject  -- sending server or client will get a 5xx error message
Defer   -- message acceptance is temporarily rejected for later retry
Blackhole -- sends to oblivion silently
Quarantine -- saves the message for the administrator to verify and
either accept, reject, etc.

I personally use the Reject option; but I've also heard of the
Quarantine option being used heavily as well.
The old Virus Infected messages were discouraged; since it causes
unnecessary back-scatter (most virus programs don't use a valid e-mail
address for the return party; or if they did they ended up being random
e-mail address entries from the true infected machine and not the host
sending the infection)

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] [ClamAV-users] HELP! unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'

[James Kosin]

Noel Jones wrote:
 Gomes, Rich wrote:
 Line referring to the pid has been removed from the conf file but it still 
 throws the same error
 Root owns the files, (same as the old mail server)
 
 Do NOT use the --pidfile *command line* option when starting 
 clamav-milter!  Please read the clamav-milter man page.
 
 You may need to change your init script.
 
-- Noel Jones
 ___


Also, look for clamav-milter in /etc/sysconfig, if using any Fedora or
RedHat release.  Clamav-Milter no longer accepts command line arguments
and all parameters should be passed in the NEW clamav-milter.conf file
located in /etc

If you have the file 'clamav-milter' in /etc/sysconfig, either
rename/remove or comment out the CLAMAV_FLAGS part of the configuration
file!!!  And please EDIT the new /etc/clamav-milter.conf file to
properly setup clamav-milter.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-0.95.1/clamav-milter does not insert headers in messages

[James Kosin]

Robert S wrote:
 You are probably looking for the AddHeader option.
 
 Thanks.  That's fixed it.  Just a minor point:
 
 Version 0.94 gave detailed headers:
 
 X-Virus-Scanned: ClamAV 0.94.2/9256/Sun Apr 19 09:13:04 2009 on 
 myserver.mydomain.com.au
 
 Whereas 0.95 gives a brief header:
 
 X-Virus-Scanned: clamav-milter 0.95.1 at myserver
 
 Can this be changed to the original detailed form?  An altered header could 
 potentially cause a mail system to break.
 
 Where can I find a list of _all_ the options for /etc/clamav-milter.conf? 
 

Should be in the source.
If you compiled from source then, %path_to_source%/etc
If you installed an RPM and already had clamav-milter.conf then look for
 a file named clamav-milter.conf.rpmnew or .rpmsave
You can also try here https://wiki.clamav.net/Main/UpgradeNotes095

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-milter 0.95.1 reject message

[James Kosin]

Jason Bertoch wrote:
 I use OnInfected Reject in my clamav-milter.conf and it seems the new
 behavior is to reject with an error of 5.7.1 Command rejected instead of
 the matching signature name.  In the event of a false positive, it is
 extremely handy to have the signature logged both in the error to the sender
 and in the local logs.  Is there a config option I missed, or is it a
 feature that can be requested?
 
 

Check the configuration file, it is clearly stated as an option.

#RejectMsg

What may not be too clear is the required format...

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] clamav-milter 0.95

[James Kosin]

Everyone,

I also ran across the ReadTimeout setting in clamav-milter.conf, this
setting says setting to 0 disables the timeout.
This does not appear to be the case.  What happens is it honors a
timeout of 0-seconds.  Meaning clamav-milter reports that clamd is not
running or responding.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Missing option on freshclam 0.95?

[James Kosin]

Charles Gregory wrote:
 Started getting these with my Centos4 package freshclam today:
 
 /etc/cron.hourly/freshclam:
 /usr/bin/freshclam: unrecognized option `--log-verbose'
 ERROR: Unknown option passed
 ERROR: Can't parse command line options
 
 The cron job is unchanged since installation.
 Did the above option get deprecated? I don't see it in the docs
 This may be an issue with the packager (dag?) needing to update
 the cron files/jobs.?
 
 Thanks!
 
 - Charles

Most likely.  But do understand 0.95 has changed a lot of the interface
and options.  I'm still crafting so clamav-milter will work with the new
config file and not the command line options.
Hopefully, he subscribes to this list and may already know your issue.
If not, please contact him via his email address found here:
http://dag.wieers.com/personal/

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] NULL dereference in clamav-milter 0.95

[James Kosin]

aCaB wrote:
 Hi,
 
 A bug has been reported affecting clamav-milter 0.95.
 If LogInfected is set to Full and the message being processed lacks
 either the Subject, Message-ID or Date headers a NULL pointer is
 dereferenced which will cause the program to be aborted.
 
 For SVN users the issue is fixed in r4991.
 For Stable users, the issue will be fixed in the upcoming 0.95.1 version
 which is to be released soon. In the meantime it is recommended to set
 LogInfected to Off (the default) or Basic in clamav-milter.conf.
 
 For full details see:
 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1522
 
 Thanks,
 -aCaB

Thanks,

Was the patch provided in the link the only change to fix the issue?
Or were other files affected?

Thanks again,
James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.95RC1 availability

[James Kosin]

Nigel Horne wrote:
 Folks,
 
 0.95 RC1 was published on Wednesday 25/2/09.
 
 For details of the new features please refer to the Changelog.
 
 A what's new document that gives an overview of the new and improved 
 features is currently in preparation for publication on www.clamav.net.
 
 For technical information please refer to 
 https://wiki.clamav.net/Main/UpgradeNotes095 .
 
 We encourage as many people as possible to test this release candidate 
 by downloading it from www.clamav.net. If you don't have access to a 
 test machine you can still help us by downloading it and checking that 
 it compiles and links on your platform. If you do have a test 
 machine/model/network please help us by loading ClamAV 0.95RC1 and 
 testing it.
 
 All bug reports should be filed at http://bugs.clamav.net.
 
 We also encourage all 3rd party developers of products and 
 distribution/port maintainers to download and check this update so that 
 you can go live as soon as the final version is released. The release
 is scheduled for 16th March.
 
 Thank you for your continued support and help,
 
 -Nigel
 
Nigel,

Compiles and links in FC1.  I know it is old; but, nothing is broken in
the compiling.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Feature Request Scanlist

[James Kosin]

Tomasz Kojm wrote:
 On Thu, 29 Jan 2009 13:26:29 +0100
 Andre Hübner andre.hueb...@gmx.de wrote:
snip

 with fileselection which is base for clamscan.
 Thsi fileselection could be reduced by date of creation, special filetypes, 
 chmod, whatever...
 Sure, a complete scan should also be done, but to get fast results or to do 
 quick automated scans of suspicious files this could be a nice feature.

 How about that?
 
 Please search the archives; it was already described how to use clamdscan
 for that purpose.
 

You also have to be careful.  The date/time of creation or modification
can be faked or changed.  So, I wouldn't rely entirely on that alone to
determine what files to scan and which not to scan.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Twitter

[James Kosin]

McDonald, Dan wrote:
 On Thu, 2008-12-04 at 12:45 -0500, Nigel Horne wrote:
 Folks,

 
 how about:
 Daily CVD 8721 (sigs: 32788, new: 1) at 04 Dec 2008 13-26 +
 

The proper phrasing is on and not at

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] SubmitDetectionStats with clamav-milter?

[James Kosin]

Ed Kasky wrote:
 I recently upgraded to ClamAV 0.94.1 and enabled 
 SubmitDetectionStats.  Is there a way to configure clamav-milter to 
 write to clamd.log rather than the maillog?  I would like to 
 participate in the submissions if the viruses found by the milter 
 would be useful.  I generally catch about 25-35 a week:
 
 http://www.wrenkasky.com/cgi-bin/virus/display.pl?number
 
 Thanks in advance.
 
 Ed
 

Ed,

I believe clamav-milter uses clamd for scanning; so, it should be
logging already as a found virus?

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1

[James Kosin]

Nigel Horne wrote:
 Folks,
 
 We are pleased to announce the availability of the first release candidate
 for ClamAV 0.94.1. 0.94.1RC1 is scheduled for release on Wednesday (15/10/08).
 

Nigel,

Everything works on gcc-3.3.6 with Redhat FC1.  I managed to install
check and perform the checks with success.  Log below...

[EMAIL PROTECTED] clamav-0.94.1rc1]# make check
Making check in libclamunrar
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar'
Making check in libclamunrar_iface
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar_iface'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar_iface'
Making check in libclamav
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav'
make  check-recursive
make[2]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav'
Making check in lzma
make[3]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav/lzma'
make[3]: Nothing to be done for `check'.
make[3]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav/lzma'
Making check in .
make[3]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav'
make[3]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav'
make[2]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav'
make[1]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav'
Making check in clamscan
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamscan'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamscan'
Making check in clamd
make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamd'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamd'
Making check in clamdscan
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamdscan'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamdscan'
Making check in freshclam
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/freshclam'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/freshclam'
Making check in sigtool
make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/sigtool'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/sigtool'
Making check in clamconf
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamconf'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamconf'
Making check in database
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/database'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/database'
Making check in docs
make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/docs'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/docs'
Making check in etc
make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/etc'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/etc'
Making check in clamav-milter
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamav-milter'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamav-milter'
Making check in test
make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/test'
make[1]: Nothing to be done for `check'.
make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/test'
Making check in unit_tests
make[1]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests'
make  check_clamav check_clamd.sh check_freshclam.sh check_sigtool.sh
check_clamscan.sh valgrind_tests.sh efence_tests.sh duma_tests.sh
make[2]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests'
make[2]: `check_clamav' is up to date.
make[2]: Nothing to be done for `check_clamd.sh'.
make[2]: Nothing to be done for `check_freshclam.sh'.
make[2]: Nothing to be done for `check_sigtool.sh'.
make[2]: Nothing to be done for `check_clamscan.sh'.
make[2]: Nothing to be done for `valgrind_tests.sh'.
make[2]: Nothing to be done for `efence_tests.sh'.
make[2]: Nothing to be done for `duma_tests.sh'.
make[2]: Leaving directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests'
make  check-TESTS
make[2]: Entering directory
`/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests'
Running suite(s): cl_api
 cli
 jsnorm
 str
 regex
 disasm
 unique
 matchers

Re: [Clamav-users] Timed events

[James Kosin]

Jerry wrote:
 Is there any mechanism build into CM that would allow a user to set
 event to happen at either a predetermined time, or at some
 specific time interval. Other than checking for mail, I do not see any
 way of setting up a time specific event.
 
 If this is currently not available in CM; I think it might be a nice
 addition to the program should the developers decide to include
 something like this in future releases.
 
 
 

in linux, CRON will do what you are asking.  Every user has a CRON list.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] problem during compilation

[James Kosin]

Chandra wrote:
 Hi,
 When I run the command make check while trying to install clamav-0.94, 
 i get the following error:
  
 /usr/bin/ld: cannot find -lcheck
 collect2: ld returned 1 exit status
 make[2]: *** [check_clamav] Error 1
 make[2]: Leaving directory `/root/install/clamav/clamav-0.94/unit_tests'
 make[1]: *** [check-am] Error 2
 make[1]: Leaving directory `/root/install/clamav/clamav-0.94/unit_tests'
 make: *** [check-recursive] Error 1
  
  
 what may have gone wrong ???
  
  

I believe it is 'make test' and not 'make check'.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Stop it!

[James Kosin]

Colin Alston wrote:
 I've had enough now, and I want all you ClamAV people to listen up.
 

Hay, maybe the packagers could write a script or something to indicate a
problem with the current configuration when it is being installed.  Then
users could take the appropriate action ASAP instead of finding out or
having to check the logs on an hourly basis for problems.

James




signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Unable To Run Freshclam...still

[James Kosin]

Brandon Perry wrote:
 your logs are owned by amavis?
 
 On Mon, Sep 22, 2008 at 10:08 AM, Carlos Williams [EMAIL PROTECTED]wrote:
 
 mail:/var/log/clamav# ls -l
 total 112
 -rw-r- 1 amavis adm  3401 2008-09-22 10:29 clamav.log
 -rw-r- 1 amavis adm 23918 2008-09-21 06:25 clamav.log.1
 -rw-r- 1 amavis adm  3063 2008-09-14 06:25 clamav.log.2.gz
 -rw-r- 1 amavis adm 10196 2008-09-22 10:25 freshclam.log
 -rw-r- 1 amavis adm 60461 2008-09-21 06:25 freshclam.log.1
 -rw-r- 1 amavis adm  2718 2008-09-14 06:25 freshclam.log.2.gz

 Can someone please help me understand and resolve this issue?

That and amavis is the ONLY user allowed to write to the files (besides
the root user).

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Cannot compile clamav 0.94 on i386 openbsd 4.0

[James Kosin]

S.Madge wrote:
 That works! Are there any negative consequences by using this trick?
 

Only down side is you will have to do it every time you rebuild samba;
until you or someone else finds out why it isn't working.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Cannot compile clamav 0.94 on i386 openbsd 4.0

[James Kosin]

Török Edwin wrote:
 On 2008-09-17 17:28, James Kosin wrote:
 S.Madge wrote:
   
 That works! Are there any negative consequences by using this trick?

 
 Only down side is you will have to do it every time you rebuild samba;
 
 I don't see anybody talking about samba in this thread ;)
 

Sorry, my head is in the clouds today.  But, same applies for clamav.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Error scanning specific .pdf file

[James Kosin]

Jason Bertoch wrote:
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:clamav-users-
 [EMAIL PROTECTED] On Behalf Of Tomasz Kojm
 Sent: Thursday, September 11, 2008 2:00 PM
 To: clamav-users@lists.clamav.net
 Subject: Re: [Clamav-users] Error scanning specific .pdf file

 On Thu, 11 Sep 2008 13:54:00 -0400
 Jason Bertoch [EMAIL PROTECTED] wrote:

 Should I open a bug report over something as simple as a strange pdf
 problem?
 Yes, please do.

 
 Bug 1181 opened and the pdf can be found as an attachment there.  As such,
 please ignore the link in my previous mail.
 
 /Jason
 
 
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml
 
Well, since nobody has access now to bug 1181:
(a)  I get the same error on a 32-bit compiled platform.  The bug would
have been addressing a 64-bit platform.

 OUTPUT 
-bash-2.05b$ clamscan BYPB08Flyer.pdf
LibClamAV Error: cli_writen: write error: Bad address
BYPB08Flyer.pdf: Input/Output error

--- SCAN SUMMARY ---
Known viruses: 421863
Engine version: 0.94
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 2.27 MB
Time: 10.309 sec (0 m 10 s)
-bash-2.05b$
 

James Kosin



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Database correctly reloaded (0 signatures)

[James Kosin]

Oscar Usifer wrote:

Please see clamav-0.93.3/libclamav/readdb.c:460 sigs++;


From static int cli_loaddb() :


475 if(signo)
476  *signo += sigs;

s/b

475 if (sigs == 0)
476   return CL_EMALFDB;
477
478 if(signo)
479  *signo += sigs;



Oscar,

I don't know if this is really necessary.  A malformed DB file should be 
caught by other checks above this.  One could potentially have a DB file 
with no signatures... could be a possibility.  ie: main.cld is updated 
and daily.cld gets signatures cleared but no update yet.


The user was experiencing a total signature count of zero.  So a check 
after loading all db files for a total count that is above 0 may be in 
order.


James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] [ot?] oh no

[James Kosin]

Spiro Harvey, Knossos Networks Ltd wrote:

  X-Virus-Scanned: Debian amavisd-new at tad.clamav.net

just found this in the headers of this mailing list :(


Don't be surprised.  I often use products I create in my spare time.  If 
you aren't willing to use the product you are creating yourself than how 
can you honestly expect others to.  This just means they are using 
clamav on their own mailing list.  No special feet...


James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] 0.93.3 memory doubling problem

[James Kosin]

Russell Jones wrote:
Sorry for the silly question, however with that patch, do I just replace 
the original thrmgr.c file with this one, then recompile/reinstall? I 
just want to make sure I do it correctly.


Thanks!

No, a patch is more of a difference between two files.  You won't be 
able to compile or otherwise work if you replace the file with the patch 
file.

Under Linux lookup 'man patch', should give you enough to start with.

James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] [Fwd: [Clamav-devel] 0.93.1 / libclamav: no CL_EMAX*-Error-Codes for Applications?]

[James Kosin]

Marcus Neukert wrote:

no answer does mean: there is no chance to change it?

  
There may have been a chance to change it when the developers proposed 
the change in the functionality originally on this list.  The change was 
to get rid of the ZipTooLarge virus definition; which caused more 
confusion than it solved.
And also; unfortunately, many milters consider any non-zero value as a 
VIRUS regardless of the return code.  So even if we had the granularity 
we would still end up with a lot of complaints about the issue.


The solution you are posing would require all the milters be updated to 
have a three stage error message:

 1) Successful, NO VIRUS.
 2) Unsuccessful, due to space or limits set.
 3) VIRUS detected.

The case 1 would be the message would be delivered,  2 the message may 
be delivered with a warning about the reason for the failure, 3 the 
message would be rejected for a VIRUS.


James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Limits still disabled?

[James Kosin]

Ken Williams wrote:

I'm running the latest clamav on linux 2.4.  Works fine.  I noticed today after 
the upgrade my log
file says:

Jun 10 20:07:48 central clamd[301]: Limits: Global size limit protection 
disabled.
Jun 10 20:07:48 central clamd[301]: Limits: File size limit protection disabled.
Jun 10 20:07:48 central clamd[301]: Limits: Recursion level limit protection 
disabled.
Jun 10 20:07:48 central clamd[301]: Limits: Files limit protection disabled.

Why are my limits disabled when I've specifically added them to clamd.conf?  
For example I have:
MaxScanSize = 300
MaxFileSize = 250
MaxRecursion = 5
MaxFiles = 500

Any idea?

  
Remove the '=' from the line.  There should only be space from the 
parameter description and the actual value.


James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.93.1RC1 (libbz issues)

[James Kosin]

Mark Fortescue wrote:

Hi Stephen,

The issue here is that clamav configure does not detect that the installed 
libbz is not compatible with clamav (the libbz API has changed changed in 
the latest bzip2 package).


My solution was to download and compile the latest bzip2 package. This my 
not be posible for others so the configure scripts/clamav libbz API need 
to be fixed to detect the issue and either revert to the older libbz API 
or disable the use of libbz.


Regards
Mark Fortescue.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

  

This is already known and should be fixed in the final.



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.93.1RC1

[James Kosin]

Nigel Horne wrote:

Dear All,

As you may have seen, the first release candidate of 0.93.1 was 
published earlier this week.


0.93.1 http://downloads.sourceforge.net/clamav/clamav-0.93.1rc1.tar.gz 
is a maintenance release with bug fixes for issues raised with 0.93 for 
example portability
problems and other issues discovered by our internal auditing process. 
It also features improved

handling of PDF, CAB, RTF, OLE2 and HTML files.

We welcome any feedback and bugs on this RC prior to the release
of 0.93.1, which is currently scheduled for 6th June. It doesn't matter
if you don't have a test environment, you can still help us for example by
downloading the release candidate and checking it compiles on your 
system even if you don't

install it; we particularly welcome reports on platform compatibility.

Please put any problems you find on our Bugzilla system at
https://wwws.clamav.net/bugzilla/, don't post them here.

For detailed information please refer to 
http://lurker.clamav.net/message/20080304.110134.02e9c4c4.en.html


-Nigel Horne

  

Nigel,

Compiles on FC1 (Fedora Redhat Core 1).  I know it is OLD, but still 
rock solid.


James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.93.1RC1

[James Kosin]

Nigel Horne wrote:

Dear All,

As you may have seen, the first release candidate of 0.93.1 was 
published earlier this week.


0.93.1 http://downloads.sourceforge.net/clamav/clamav-0.93.1rc1.tar.gz 
is a maintenance release with bug fixes for issues raised with 0.93 for 
example portability
problems and other issues discovered by our internal auditing process. 
It also features improved

handling of PDF, CAB, RTF, OLE2 and HTML files.

We welcome any feedback and bugs on this RC prior to the release
of 0.93.1, which is currently scheduled for 6th June. It doesn't matter
if you don't have a test environment, you can still help us for example by
downloading the release candidate and checking it compiles on your 
system even if you don't

install it; we particularly welcome reports on platform compatibility.

Please put any problems you find on our Bugzilla system at
https://wwws.clamav.net/bugzilla/, don't post them here.

For detailed information please refer to 
http://lurker.clamav.net/message/20080304.110134.02e9c4c4.en.html


-Nigel Horne

  

Nigel,

Compiles on FC1 (Fedora Redhat Core 1).  I know it is OLD, but still 
rock solid.


James



signature.asc
Description: OpenPGP digital signature
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] No supported Database

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Dennis Peterson wrote:
| So I currently have a main.cvd and a daily.cld, both files. Is this what
| 0.93 uses or will main.cvd be swapped out with a cld container at some
| point?
|
| dp
Yes, when there is finally an update to main.cvd...
I believe there is also a way to force the update with freshclam.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkgGArwACgkQkNLDmnu1kSlGdwCeOeQQiZuu47pDxmRm5spsIb6+
BvsAn2NELkwdlxOF6MaWS35Y28PnNhAY
=LdDX
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] FreeBSD 4.11 and ports

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
[EMAIL PROTECTED] wrote:
| People who may have problems compiling ClamAV 0.93 with the FreeBSD
| ports on 4.11 may need to patch the port Makefile as I had to.  I am
| not sure if it affects other FreeBSD versions or not, I didn't try it.
|
| --- Makefile.orig   Wed Apr 16 10:59:51 2008
| +++ MakefileWed Apr 16 11:37:41 2008
| @@ -108,7 +108,7 @@
|   .if ${OSVERSION} = 601000
|   PTHREAD_LIBS=  -lthr
|   .else
| -PTHREAD_LIBS=  -lpthread
| +PTHREAD_LIBS=  -pthread
|   .endif
|
|   .if defined(WITH_ARC)
|
| Steven
Steven,

The -pthread should only be needed on IBM RS/6000 and PowerPC platforms.
SPARC has their own option and everyone else should follow into the -l 
category.

Directly from the gcc man page...

~   -l library
~   Search the library named library when linking.  (The second 
alter-
~   native with the library as a separate argument is only for POSIX
~   compliance and is not recommended.)

~   It makes a difference where in the command you write this 
option;
~   the linker searches and processes libraries and object files 
in the
~   order they are specified.  Thus, foo.o -lz bar.o searches 
library z
~   after file foo.o but before bar.o.  If bar.o refers to 
functions in
~   z, those functions may not be loaded.

~   The linker searches a standard list of directories for the 
library,
~   which is actually a file named liblibrary.a.  The linker 
then uses
~   this file as if it had been specified precisely by name.

~   The directories searched include several standard system 
directo-
~   ries plus any that you specify with -L.

~   Normally the files found this way are library 
files---archive files
~   whose members are object files.  The linker handles an 
archive file
~   by scanning through it for members which define symbols that 
have
~   so far been referenced but not defined.  But if the file that is
~   found is an ordinary object file, it is linked in the usual 
fash-
~   ion.  The only difference between using an -l option and 
specifying
~   a file name is that -l surrounds library with lib and .a and
~   searches several directories.

~   SPARC Options
~-
~   -pthreads
~   Add support for multithreading using the POSIX threads library.
~   This option sets flags for both the preprocessor and 
linker.  This
~   option does not affect the thread safety of object code produced
~   by the compiler or that of libraries supplied with it.

~   IBM RS/6000 and PowerPC Options
~-
~   -pthread
~   Adds support for multithreading with the pthreads library.  This
~   option sets flags for both the preprocessor and linker.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkgGRcEACgkQkNLDmnu1kSn98gCeJdfvKcH3HtWsxj7vinM/RKkY
8/gAnjGwXMm0XO6fgcch/kiuY1UGNaJF
=vVyt
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Upgrade ClamAV

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Carlos Williams wrote:
| I searched Google and could not find anything that was obvious to
| resolving this dep. issue.
|
| When I go to search the archives manually, I went to
| http://lurker.clamav.net/list/clamav-users.html and I get a blank page
| for some reason. I am not trying to seem lazy but I am having trouble
| looking for this previous conversation and just joined the list so my
| apologies...
Carlos,

Report the problem to the package maintainer.  If you built the package 
yourself, then uninstall the previous version BEFORE you rebuild the 
packages.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkgGRwEACgkQkNLDmnu1kSlCmQCfQRCf0r2CObeQ0SYgXiYEKBH1
PKUAn1CUQQ8RaTcj8U+347NKJEai2Qw6
=jTK+
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Brian Morrison wrote:
| On Mon, 14 Apr 2008 20:38:21 +0300
| Török Edwin [EMAIL PROTECTED] wrote:
|
| Brian Morrison wrote:
| Török Edwin wrote:
|   
| Brian Morrison wrote:
| 
| I've just built and installed 0.93, when the new versions try and 
start
| I get this error:
|
| /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
| symbol: rarvm_free
|
| A grep through the source doesn't appear to show anything obvious 
to me
| anyway, the system in use is RH9 BTW, patched up to date but of course
| out of support for some time. The rpm build process completed without
| errors.
|
| Back to 0.92.1 for now.
|
| Any ideas?
|   
| Did you install libclamunrar_iface.so, and libclamunrar.so?
| 
| Yes, the rpm build script packaged them correctly, they're in the rpm if
| I look with rpm -qpl package and clamav-0.92.1 also has these
| installed on my system, it was built using the same rpm build script.
|
| I'm wondering if somehow it's not picking up something from a header
| file, I have the -devel package installed for 0.92.1 but I'm building
| using the files supplied in the tarball so the new version should have
| everything it needs.
| Can you try to build manually? Just a simple ./configure  make; and
| then run clamd/clamd.
| Please upload the build logs somewhere (or open a bugreport on bugzilla).
|
| I built using ./configure and make, after passing the
| --enable-experimental argument, and then ran ldd clamd/clamd as a
| check, but it immediately tells me that the program is not a dynamic
| executable, which implies it doesn't link to shared libraries I think.
| I also pass --without milter to avoid building the milter files.
|
| When I build from my spec file, this is what it passes to configure:
|
| %configure \
| --program-prefix=%{?_program_prefix} \
| %{!?_without_milter:--enable-milter} \
| --enable-dns \
| --with-libcurl \
| --disable-clamav \
| --enable-id-check \
| --with-user=clamav \
| --with-group=clamav \
| #--disable-zlib-vcheck \
| --enable-experimental \
| --with-dbdir=%{_localstatedir}/lib/clamav
| %{__make}
|
| the origin of the spec file was from Petr Krisztof back in the late
| RH8/RH9/Fedora 1 days, it's always worked for me with a few changes to
| package new files as they appeared.
|
| This has worked up to and including 0.92.1, and indeed the 0.93 version
| builds OK, it just won't run. I can't see how this happens as all
| the .so libraries are correctly linked and versioned, and are installed
| in the right place. There is only one copy of libclam*.so* on the whole
| system.
|
| Not sure what is happening here. Too tired to debug this any more
| tonight, maybe I'll wait for the DAG rpms and try those.
|
I think I have a clue.
For some reason, clamav is linking against the old version of 
libclamunrar_iface.so.3 file.  I'll try uninstalling the old version of 
clamav and try rebuilding fresh to see if that makes a difference.
I'm using the same .spec file you are; only I also install from RPM.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkgE1R4ACgkQkNLDmnu1kSkOugCcDHevC1kkNRBO0xlht7xVVCB3
d/0Ani51tXtUIJ27N9zBVMVqMNKOaDk+
=afIE
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
James Kosin wrote:
| Brian Morrison wrote:
| | On Mon, 14 Apr 2008 20:38:21 +0300
| | Török Edwin [EMAIL PROTECTED] wrote:
| |
| | Brian Morrison wrote:
| | Török Edwin wrote:
| |   
| | Brian Morrison wrote:
| | 
| | I've just built and installed 0.93, when the new versions try and
| start
| | I get this error:
| |
| | /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined
| | symbol: rarvm_free
| |
| | A grep through the source doesn't appear to show anything obvious
| to me
| | anyway, the system in use is RH9 BTW, patched up to date but of 
course
| | out of support for some time. The rpm build process completed 
without
| | errors.
| |
| | Back to 0.92.1 for now.
| |
| | Any ideas?
| |   
| | Did you install libclamunrar_iface.so, and libclamunrar.so?
| | 
| | Yes, the rpm build script packaged them correctly, they're in the 
rpm if
| | I look with rpm -qpl package and clamav-0.92.1 also has these
| | installed on my system, it was built using the same rpm build script.
| |
| | I'm wondering if somehow it's not picking up something from a header
| | file, I have the -devel package installed for 0.92.1 but I'm building
| | using the files supplied in the tarball so the new version should have
| | everything it needs.
| | Can you try to build manually? Just a simple ./configure  make; and
| | then run clamd/clamd.
| | Please upload the build logs somewhere (or open a bugreport on 
bugzilla).
| |
| | I built using ./configure and make, after passing the
| | --enable-experimental argument, and then ran ldd clamd/clamd as a
| | check, but it immediately tells me that the program is not a dynamic
| | executable, which implies it doesn't link to shared libraries I think.
| | I also pass --without milter to avoid building the milter files.
| |
| | When I build from my spec file, this is what it passes to configure:
| |
| | %configure \
| | --program-prefix=%{?_program_prefix} \
| | %{!?_without_milter:--enable-milter} \
| | --enable-dns \
| | --with-libcurl \
| | --disable-clamav \
| | --enable-id-check \
| | --with-user=clamav \
| | --with-group=clamav \
| | #--disable-zlib-vcheck \
| | --enable-experimental \
| | --with-dbdir=%{_localstatedir}/lib/clamav
| | %{__make}
| |
| | the origin of the spec file was from Petr Krisztof back in the late
| | RH8/RH9/Fedora 1 days, it's always worked for me with a few changes to
| | package new files as they appeared.
| |
| | This has worked up to and including 0.92.1, and indeed the 0.93 version
| | builds OK, it just won't run. I can't see how this happens as all
| | the .so libraries are correctly linked and versioned, and are installed
| | in the right place. There is only one copy of libclam*.so* on the whole
| | system.
| |
| | Not sure what is happening here. Too tired to debug this any more
| | tonight, maybe I'll wait for the DAG rpms and try those.
| |
| I think I have a clue.
| For some reason, clamav is linking against the old version of
| libclamunrar_iface.so.3 file.  I'll try uninstalling the old version of
| clamav and try rebuilding fresh to see if that makes a difference.
| I'm using the same .spec file you are; only I also install from RPM.
|
| James
Well, that did the trick.
I un-installed the old version before building and that fixed the 
dependency issue.

James
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkgE+w8ACgkQkNLDmnu1kSnygwCeJideW7hmWe7Uz5fhULOo5Xyq
c9AAn1n8+IjB3DgpQ7ReGK1kwU9Rry9T
=utWY
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Brian Morrison wrote:
| On Tue, 15 Apr 2008 14:59:27 -0400
| James Kosin [EMAIL PROTECTED] wrote:
|
| | I think I have a clue.
| | For some reason, clamav is linking against the old version of
| | libclamunrar_iface.so.3 file.  I'll try uninstalling the old version of
| | clamav and try rebuilding fresh to see if that makes a difference.
| | I'm using the same .spec file you are; only I also install from RPM.
| |
| | James  
| Well, that did the trick.
| I un-installed the old version before building and that fixed the
| dependency issue.
|
| Yes, I have now had to do the same thing, and it fixed my problem as
| well. I don't understand exactly why this happens, I need to understand
| the cause and fix the underlying problem.
|
| Thanks for the assistance. Probably not a clamav bug after all!
|
No, it may be a ./configure problem or a mis-done makefile resulting 
from configure's output.  Right now the only work around is to build the 
RPMs on a clean system and install afterwards.  I've got a build log and 
things look OK, but, haven't had time to look at the fine details.

If anyone wants the output of make ...  I have the output.  Sorry, don't 
have the RPM build process on this one.  So I'm not sure exactly how the 
build worked; but failed to link against the correct version of 
libclamunrar_iface.so file...???

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkgFB2EACgkQkNLDmnu1kSlPJQCfUMLpTEJKKcZJXmtcpmXQiD8p
1vUAn0+05XOrwzJFeYymvPla+Sx4jG0t
=y5oW
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Steve Holdoway wrote:
| Having just been spending quite some time writing .spec files, it 
could be because rpm -U actually runs the uninstall script of the 
superseeded package ( with $1 set to a different value to if you're 
running -e ) as a part of the upgrade.
|
| It's most confusing and the logic of it offers only lip service to sanity!
|
| Steve
No.  I built the RPMs on a system with 0.92.1 installed and running.  
The resulting RPMs had a dependency on clamav requiring 
libclamunrar_iface.so.3 instead of the packaged so.4 file... ??
To fix the dependency, I had to 'rpm -e clamav clamav-devel 
clamav-milter' ... then rebuild the RPMs from the source for 0.93.  Then 
install the resulting RPMs with -i ...

PS:  I did not use -U but -F to try the upgrade when it failed due to 
the dependency on the old library package.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkgFDcUACgkQkNLDmnu1kSkc8wCcDG0Nc0KTn+33lXSmqkp1YpQA
2iQAnR9lDqWlV3LmAEQ3HBgYntqalDu7
=htqY
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv-Milter Configuration Troubles

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
James Kosin wrote:
| Everyone,
|
| I've got clamav-milter using a .sock file and would like to change it to
| use the IP socket address interface to clamd.
| Any ideas on what I have to do?  If I just change clamav-milter options
| to use --external and remove the local socket file from the options,
| clamav-milter complains.  I want it to use the local machine's IP
| 127.0.0.1 with clamd running.  Anyone have a good configuration to
| share, the documentation is a bit sparse in this area.
|
| James
Hey... anyone out there???

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkf/p0IACgkQkNLDmnu1kSl5JACfffex+uGPkNNgJcGhipU/VasL
b0oAnRwzzdblaeQuwtTZs8aPG9Y5hPgD
=wXTC
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] ClamAv-Milter Configuration Troubles

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Everyone,

I've got clamav-milter using a .sock file and would like to change it to 
use the IP socket address interface to clamd.
Any ideas on what I have to do?  If I just change clamav-milter options 
to use --external and remove the local socket file from the options, 
clamav-milter complains.  I want it to use the local machine's IP 
127.0.0.1 with clamd running.  Anyone have a good configuration to 
share, the documentation is a bit sparse in this area.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD4DBQFH/OTakNLDmnu1kSkRAnjMAJ4wWB4bihjFt6kCANqGHIFRq43jyACY16gE
OAdMMGC4fku/VNVsF+sdqA==
=eNsi
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clam update issue, *.cvd

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Mark Fraser wrote:
| I am having a problem with clam occasionally when it does an update.
| Specifically what happens is that my /var/amavis/tmp directory fills 
up with
| temp files. This seems to happens when clam fails to download an 
update. My
| freshclam.conf file is set to download an update 24 times a day. What 
I see
| when this has happened is that there is a *.cvd file in the
| /var/lib/clamav directory, see the following ls:
|
| total 24
| 4 drwxr-xr-x  4 clamav clamav 4096 Apr  8 09:43 .
| 8 drwxr-xr-x 35 root   root   4096 May 29  2007 ..
| 0 -rw-r--r--  1 root   root  0 Apr  7 05:00 *.cvd
| 4 drwxr-xr-x  2 clamav clamav 4096 Apr  8 08:43 daily.inc
| 4 drwxr-xr-x  2 clamav clamav 4096 Apr  7 04:43 main.inc
| 4 -rw---  1 clamav clamav 1196 Apr  8 09:43 mirrors.dat
|
| I could not initially determine why I would have a *.cvd file in that
| directory, until I was looking at my cron.daily and found that there is a
| freshclam script in it with the following contents:
|
| #!/bin/bash
|
| # Remove garbage occasionally left after unsuccessful updates
| /bin/touch -a /var/lib/clamav/*.cvd
| /usr/sbin/tmpwatch 72 /var/lib/clamav
|
| I do not know why this script is here, but I do know that the touch
| command will create a file called *.cvd if there are no files ending 
with
| cvd in that directory.
| The question is what happened to the original cvd files. I was 
looking at
| the source code for clamav. and found where I think that it removes 
the old
| copies of the data files before it downloads new ones, but I am a little
| rusty in C. if that is the case then should I modify this freshclam script
| to look like the following, or am I missing the bigger picture, I.e. do I
| really need this script in the daily cron? I originally put it in there I
| believe because it was in the general installation instructions for the
| version of clamav that I started with.
|
| I hope that this is clear enough for someone to have a logical answer for
| me. If not then I will answer any questions.
|
| Respectfully,
|
| Mark P. Fraser
Mark,

(1)  Please notify your product packer (RedHat, I'm guessing), that the 
script needs updating so others don't end up in this situation.

#!/bin/bash

# Remove garbage occasionally left after unsuccessful updates
find /var/lib/clamav/ -type f -name '*.cvd' -exec touch -a '{}' ';'
find /var/lib/clamav/ -type d -name '*.inc' | while read dir; do find 
$dir -exec touch -a '{}' ';' ; done
/usr/sbin/tmpwatch 72 /var/lib/clamav


(2)  The older .cvd files have been deprecated, and the new software 
will automatically update to the new format when it sees .cvd files in 
the directory.  The software will still work with the .cvd files.  Be 
careful not to have a .cvd file if you have a corresponding .inc 
directory, you will end up with duplicate database entries if you do.

Good Luck,
James


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFH+6y7kNLDmnu1kSkRAv7QAJwKHQ9FDBMniWA1EfvN7lT6bHRj5wCeLxSO
Xo0nFIGvhQoRW9MSnyCiOY8=
=4XWH
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Memory usage for clamd is huge

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Ben wrote:
| I run clamd on a CentOS server, with freshclam, and clamsmtpd to scan 
mail.
| And I use it interfacing with postfix.
| However, just clamd alone uses 23 Megabytes when idle!
|
| Can someone post configuration options to limit or lower memory
| footstamp of clamav all around?
| I'm looking for concrete functional ways to noticeably lower its
| usage, so not things like
| 'this might lower memory usage'.
| Virus scanning is not even that important on this server, my users
| would never be sending viruses,
| it's more an extra way to block spam and stop having to delete viruses
| from email.
|
| Thanks in advance,
|
| Ben
| ___
| Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
| http://lurker.clamav.net/list/clamav-users.html
Ben,

You are probably better off using spamassassin or mime-defang than 
clamav for spam stopping.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFH8UUakNLDmnu1kSkRAtXPAJsH10SyGcRM0JVLSF2khBsYNygkrwCePGQD
q6ki+3JN9IDTXhFRyAyEfWg=
=IT4o
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] A small survey about limits (Oversized.Zip and friends)

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
aCaB wrote:
| So now the real questions are:
| 1- Do you have a real usage scenario for Oversized.Zip and friends?
Maybe, put a warning in the email message clarifying that the file could 
not be checked by clamav instead of flagging as an 'Oversized.Zip' 
virus.  This may be more useful for the receiver and sender to know than 
to actually cause an annoying DoS prevention.
| 2- Are you aware of what the ArchiveBlockMax option does and if so, have
| you set it to on? And why?
No, I'm using the default of 'no'.  Since I haven't read the 
documentation yet on that feature. (really my fault).

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHn1kukNLDmnu1kSkRAgS+AKCFVvposebZtItCnl85aJmIjZrpjQCfRnRM
9IdMpUn3JQCszDhWTCWzulQ=
=jH8D
-END PGP SIGNATURE-


-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem with clamav on Linux

[James Kosin]

René Berber wrote:
[snip]
 [snip]

 That will never work, you have to choose between using a local socket or 
 a tcp socket, can't have both... and clamd should be advising you with a 
 message to the log.
   

No this is not correct.  It depends on the version of clamav installed.  
The newer version supports both local and IP sockets.  I believe it will 
even support multiple local and IP sockets as well.

-James

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAV-0.92 very high CPU usage

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Stephen Gran wrote:
| On Fri, Jan 11, 2008 at 08:16:06AM -0600, Roberto Ullfig said:
| What version of Kernel are you using?
| ~There is a kernel BUG that could cause this.
|
| Pointer to documentation about it would be great.
Looking for that now...
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHh4LPkNLDmnu1kSkRArJ8AJsGMgNrkPNQWq1jv6fA+uzrAj9OPgCfU2Ew
seV/2u2heTmwgEy1pUWxrzU=
=l9yQ
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAV-0.92 very high CPU usage

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Sandeep Agarwal wrote:
| hello all,
|
| I am experiencing a very high CPU usage by clamd
| process. Top always shows the CPU usage more than
| 100%.
|
| I have clamav to scan AV for my mail server. Its a
| qmail installtion with simscan. Clamav is installed on
| FC5.
|
| Is this a known problem ? Any suggestion to what
| should i look into ?
|
| do let me know if more information is required.
What version of Kernel are you using?
~There is a kernel BUG that could cause this.
~'uname -a'  for completeness.

What version of clamav are you using?
~'clamscan -V'

Is this an RPM or did you compile from source tarball?

James


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHh3gWkNLDmnu1kSkRAvImAJ9d+4QxiQkBp2MebMN18JLfJCSzlwCfWN3v
JuRHZcyn4MsxgpQmhVoOwgs=
=4o5C
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAV-0.92 very high CPU usage

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
James Kosin wrote:
| Stephen Gran wrote:
| | On Fri, Jan 11, 2008 at 08:16:06AM -0600, Roberto Ullfig said:
| | What version of Kernel are you using?
| | ~There is a kernel BUG that could cause this.
| |
| | Pointer to documentation about it would be great.
| Looking for that now...
This is one possible...

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=73a2bcb0edb9ffb0b007b3546b430e2c6e415eee

and yet another possible...

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9301899be75b464ef097f0b5af7af6d9bd8f68a7

Hope this helps a bit.
James

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHh7B+kNLDmnu1kSkRAncyAJwPldSCUtIFgTVHuWSOP//mOsBy6wCeMcZ7
8lmenA8aQw36yQ6ZAQSgTz0=
=Mwuc
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.92 and memory usage

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Chris Blaise wrote:
 Fabio,

 We've seen this too.  See if my patch helps.

 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=736

 Chris

Chris,

The patch causes the acept() to FAIL.

Thu Dec 20 12:32:03 2007 - ERROR: accept() failed:
à¹ØKtøÿ¿Setting connection queue length to 30


- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHaqfakNLDmnu1kSkRAliyAJ9h2hM8xc//vKccM3asE2Mou2O35wCePVpq
KphgWgrJyUvVBtslKThJNr4=
=12rs
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.92 and memory usage

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
James Kosin wrote:
 Chris Blaise wrote:
 Fabio,

 We've seen this too.  See if my patch helps.

 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=736

 Chris

 Chris,

 The patch causes the acept() to FAIL.

 Thu Dec 20 12:32:03 2007 - ERROR: accept() failed:
 à¹ØKtøÿ¿Setting connection queue length to 30


 -James
If I change the config file to have:
TCPAddr 127.0.0.1
the error is still there but the LOG file is clean of any garbage
characters as above.

Thu Dec 20 12:41:58 2007 - ERROR: accept() failed:

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHaqsUkNLDmnu1kSkRAiUAAJ9Uu7MumAor3XvNYNFEy3N18bLoBACdF6zC
Gn/31BTw+s3z/phbvTwrM6E=
=IdTn
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] [main.cvd] Issues when both main.cvd and main.inc are available

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Everyone,

I'm hoping someone knows a quick solution.
If main.cvd and main.inc are installed, the signatures seem to double
themselves.
daily.cvd is also installed; but the files goes away with the first
update.

Any idea on how to get freshclam to automatically/manually update to
get rid of main.cvd like daily.cvd?

Thanks,
James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHaVTzkNLDmnu1kSkRAk44AJ0ZVsvCvZ+XVfCvcuYM1I5Bn0kTcACfQFEe
Cg7tQ0bGyYuxnmWf866AiO0=
=8PK1
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav gcc dependendencies ...

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Per Jessen wrote:
 I guess there was no other way than to make clamav dependent on
 gcc, but it sure is bad timing. Only a week before Christmas, most
 systems are frozen, people have already left for vacation etc.
 Updating clamav is within reason for us, but upgrading gcc too ...

 Was/is there absolutely no way of fixing this gcc problem in the
 clamav source?


 /Per Jessen, Zürich

 ___ Help us build a
 comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://lurker.clamav.net/list/clamav-users.html
 IƧ��[�)Z�a���0rV�j��t===
You may be able to get by with disabling ALL optimizations.  One of
the problems at least was an Optimization problem.
'-O0' may do the trick.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHZuu3kNLDmnu1kSkRAiDnAJoCTzEmX5ZrWlDl68KZAb3gEms+6QCfTR80
CFf4UTv37ubqiMvvKsLD8j8=
=hBp7
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Help needed

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Mohammed Ejaz wrote:
 Dear tkojm,

 Many thanks i have updated to the suggested version, but when i do
 freshclam -v  i got followin messages

 Please help what i did wrong

 TTL: 71
 Software version from DNS: 0.91.2
 main.cvd version from DNS: 44
 main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder:
 sven)
 daily.cvd version from DNS: 4982
 Retrieving http://db.XY.clamav.net/daily-4337.cdiff
 ERROR: Can't get information about db.XY.clamav.net: Host not found
 ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net
 Retrieving http://db.XY.clamav.net/daily-4337.cdiff
 ERROR: Can't get information about db.XY.clamav.net: Host not found
 ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net
 Retrieving http://db.XY.clamav.net/daily-4337.cdiff
 ERROR: Can't get information about db.XY.clamav.net: Host not found
 ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net
 Retrieving http://db.XY.clamav.net/daily-4337.cdiff
 ERROR: Can't get information about db.XY.clamav.net: Host not found
 ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net
 Retrieving http://db.XY.clamav.net/daily-4337.cdiff
 ERROR: Can't get information about db.XY.clamav.net: Host not found
 ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net
 WARNING: Incremental update failed, trying to download daily.cvd
 Retrieving http://db.XY.clamav.net/daily.cvd
 ERROR: Can't get information about db.XY.clamav.net: Host not found
 ERROR: Can't download daily.cvd from db.XY.clamav.net
 Restoring incremental directory daily.inc from backup
 LibClamAV Warning: Couldn't remove daily.inc/COPYING: Permission denied
 Trying again in 5 secs...

 - Original Message -
Edit the configuration file and replace the db.XY.clamav.net with
db.sa.clamav.net to fix this problem.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHVD08kNLDmnu1kSkRApX8AJ0XV/C6e5+yTcWd/HNTg65OHxzcAQCeJWp9
Ji2ynHTE9nwhtBYi/ynTwSE=
=p2WI
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Recent viruses

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Daniel T. Staal wrote:
 On Mon, October 29, 2007 8:58 am, Gomes, Rich said:
 Daniel, I've been searching for how to configure this without
 much luck. Could you point me in the right direction? Again, it
 Sendmail on RH being called by clamav-milter.

 That's not a setup I'm familiar with; though I would expect someone
 else on this list to be.

 Anyone?

 Daniel T. Staal

He has several options:
(1)  use the --quarantine=EMAILADDRESS option with clamav-milter.
(2)  use the --quarantine-dir=DIR option.

I'm sure there may be others.

eidt the file /etc/sysconfig/clamav-milter to make the changes and be
sure to restart the service.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHJfKgkNLDmnu1kSkRAg0DAJ9mLf9725Tn8Zkn0ijM8MOXLN3QGwCfSR7w
0i2qZHxjx9UCQjYOI9VT9hw=
=HmTw
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Quiet period for viruses?

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
fchan wrote:
 Hi,
 Maybe it just me but I noticed that the clamav definitions are still
 at 4540 dated 14 October 2007 0143 UTC or has the virus writers has
 called a truce.

No,  this is probably the LULL before the STORM.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHFO7xkNLDmnu1kSkRAtLtAJ9ciUennGgTDuMktanJeUaQiEFKfgCfRqyB
0VdD0M4VfAG1IRAG79R5wyU=
=k8LM
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] eicar Identified But Not Moved

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Dennis Peterson wrote:
 Sean McGlynn wrote:
 Dennis,

 Thank you for taking the time to reply.

 Yes, I am running the scan as root.

 Sean



 Is the home directory mounted?

 Dennis ___
Should also mention the destination for the move (ClamAV is going to
move the file to) needs to exist and the proper permissions set.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFHFRRCkNLDmnu1kSkRAoglAJ9C4Kict3lQNezX/KdpaUQYwTMJPACeMc1C
roGkHJdxFNWp6acjN1I9GSQ=
=gq4+
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter startup very slow

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Stephen Gran wrote:
 On Tue, Sep 11, 2007 at 08:35:54PM +1200, Dylan Carruthers said:
 Hi

 I'm not sure if this is the correct mailing list but I've got a
 question about clamav-milter startup times that I can't find an
 existing answer for.

 I'm running Debian etch and have found that clamav-milter a very long
 time to start.

 This is fixed in newer versions.  Please use the packages from
 volatile.debian.org.

 Loaded ClamAV 0.90.1/4223/Mon Sep 10 14:06:10 2007ClamAV: Protecting
 against 276647 viruses.

 You also seem to have double the number of signatures that you should
 have.  Check for main.cvd, daily.cvd, main.inc, and daily.inc in
 /var/lib/clamav.  If you have main.inc, delete main.cvd.  Repeat for
 daily.inc and daily.cvd.

 Take care,
Hmm...

Same problem here.  Hadn't noticed it; but, clamd loads the correct
number, but clamav-milter seems to be loading differently and loading
duplicate signatures to the database.
Is there a way to prevent duplicate (identical signatures) from
getting loaded into memory?

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFG5wSXkNLDmnu1kSkRAkyIAJ9NuVhGfbFGYhZ/sReBjAlRKmFIGwCeNxz5
N21F7r52bDGtlxpAUAPRxd0=
=8nzw
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Sourcefire's acquisition of ClamAV -- Will ClamAV become close source ?

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Sergei Lavrov wrote:
 Does this mean ClamAV will become close source
 sometime in the future ?

 Lavrov


   
 
 Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's
updated for today's economy) at Yahoo! Games.
 http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow 
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://lurker.clamav.net/list/clamav-users.html
I believe the correct answer is IT DEPENDS.

This is up to the new company to decide.  No one would be willing to
say Till the end of time... will remain open source. if that is what
you are looking for.

Closed source would mean that many distributions would have to LEAVE
the ClamAV world in droves.  Or take on the choice of managing the
distribution differently; much like the NVIDIA project for the video
cards.  Which in my opinion leaves a SOUR taste in many peoples mouths.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFG0uJWkNLDmnu1kSkRAn6kAJ9/7h7g0lV5BYyTNDyt/Iso7W64uQCePylb
VsgAVdCa1Ld7dG4nFJXAhGE=
=MDB4
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Sourcefire acquires ClamAV

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Tomasz Kojm wrote:
 On Fri, 17 Aug 2007 05:26:14 -0700
 Ed Kasky [EMAIL PROTECTED] wrote:

 lead the advancement of ClamAV and the CVD as employees of Sourcefire.
 Both the ClamAV engine and the signature database will remain under GPL.
 Until they start charging for current updates, etc. like they do with
 Snort...

 Hi Ed,

 you should rest assured that the virus database will stay GPL and will be
 distributed the same way as so far, Sourcefire has no intention of changing
 this.

 Best regards,


I'm complaining now...  because the virus database is not the source
to build the binaries.  If hey are only saying the virus database is
the ONLY part to stay GPL we may have to pay through the nose for the
source to build the compiled binaries!

I'm HOPING this hasn't happened and you mis-typed your reply.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGxbkvkNLDmnu1kSkRAhxLAJ9P1/umbKouOj8g95AjqYIKstlD/ACfYX6S
99RDZjW/7OxwENEF2S0kOfM=
=8whG
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ArchiveMaxFileSize

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Tom Bombadil wrote:
 This is what the conf file says:

 # Files in archives larger than this limit won't be scanned.
 # Value of 0 disables the limit.
 # Default: 10M

 What won't be scanned?
 - files larger than this limit inside an archive?
 - Or files inside an archive whose total size is this limit?


 Cheers :)
Tom,

I believe the answer is BOTH. and the archive is larger than this limit.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGVGkskNLDmnu1kSkRAjsNAJ9rLz723xISGEUU6xrGsH+1ux4/rgCfZQ1G
5dX+WM2zIV/hcNPx1KpKfIs=
=xLDW
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] *.cvd again!

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Obantec Support wrote:
 Hi

 clamd died again

 from clamd.log

 SelfCheck: Database modification detected. Forcing reload.
 Reading databases from /var/lib/clamav
 ERROR: reload db failed: Broken or not a CVD file
 Terminating because of a fatal error.Socket file removed.
 Pid file removed.
 --- Stopped at Thu Apr 12 04:25:08 2007
 /var/run/clamav/clamd.sock: No such file or directory
 /var/run/clamav/clamd.sock: No such file or directory
 /var/run/clamav/clamd.sock: No such file or directory
 repeated until 8am BST when i did routine tests
 /var/run/clamav/clamd.sock: No such file or directory

 found *.cvd in /var/lib/clamav

 since i am using clamav-milter this has a knock on effect of stopping
users
 sending mail.
 for now i have killed all clam and freshmeat until this is resolved.

I think maybe what needs to happen is:
 (1)  Any script files touching *.cvd need to be modified.  This seems
to be causing the problem.
 (2)  ClamAV needs to change to fix the issue of a 0-byte CVD file
causing it to CRASH.

Sorry for SHOUTING,
James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGHjg/kNLDmnu1kSkRAkptAJ9O+UnYgG+QTs4d+s5GKFGPHmOmPQCdHVAd
/wKn409e5k9D4eY/3ihUxCY=
=sq99
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] *.cvd again!

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Luigi Iotti wrote:
 To who is experiencing the *.cvd problem due to the 3rd party
 scripts in the RPM packages maintained by Petr Kristof , available
 on http://crash.fce.vutbr.cz/crash-hat/5/ :

 Petr just released an upddated version of his packages, including
 the patches to the script I suggested on the list. Now the infamous
 *.cvd file problem (and another trivial problem where clamd did not
 start if the main.cvd file was not found) should be solved.

 Thank you Petr.

 Luigi

I just tested and clamd will try to read any file with the extension
of .cvd in the /var/lib/clamav directory.
My simple question is:
  Could this pose a security or virus scanning problem if someone
managed to place an empty or invalid .cvd file intensionally in the
database directory?

I say this, because it makes clamav un-operational and unable to scan
for viruses on the system or email.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGHq3GkNLDmnu1kSkRApw9AJ9QZpuSIr/H6EAma5mPsB0ZFLMlXgCfcwsS
b0KIIfQRv/DUvhUypFm84zk=
=yhzI
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] *.cvd again!

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Tomasz Kojm wrote:

--snip--
 This can be solved using file permissions as well, eg. by running
 clamd with only read privileges to the database directory.

I was thinking about the possible VIRUS or TROJAN being able to gain
root access by some other means on a Linux system.  And by simple
knowledge of the presence of ClamAV on the system; could render the
virus scanning engine completely useless just by placing a simple
blank file in the directory.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGHrimkNLDmnu1kSkRAlmWAJ98PcIdTiKNKVs9zlEo3kEMpp3QjACfQip6
3aYZCpUv02uezfprvuQJ3V8=
=rDsc
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] *.cvd again!

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Tomasz Kojm wrote:
 On Thu, 12 Apr 2007 16:42:07 -0600 (MDT) James Bourne
 [EMAIL PROTECTED] wrote:

 Yes it may be possible, but that's still no excuse for clamd to
 bail when presented with two sets of data files, one invalid and
 one valid.

 There's no perfect solution to this problem. The only good one I
 could think of is an option to clamscan/clamd that would only allow
 loading of digitally signed databases and ignore all the rest. Of
 course, external dbs (sane, msrbl, etc.) would no longer be
 supported in such a mode.

What about a way to check the validity of a database before loading
it, and not fatally stopping the load just because of a bad database
file.  Of course, the user needs to be notified; but, isn't that
supported by a logwatch function. or extension?

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGHrqtkNLDmnu1kSkRAgzEAJ40ztVCo1oYYVnrNDmHiHprsylpFgCfXutS
EdwKwsH9cW4qVTlr6GzC5mU=
=7JOZ
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav suddenly died on several boxes

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Well,

Deleting the database directory and restarting freshclam to get the
databases again seems to have fixed the problem on both systems.

This problem may be related to getting incremental updates and not
being able to update the .CVD database properly.  This is the only
clue I can give.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGHObJkNLDmnu1kSkRAgHYAJ9Fr2zUdedPA9RUXUxBMx8Vu4zQ9gCdE/cs
T+OJjNC65ht0Yi63uwCWKLc=
=HHqU
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav suddenly died on several boxes

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Luigi Iotti wrote:
 Hi all

 I'm new on the list, is this is a FAQ please tell me so. I'm unsure if 
 my problem is related to the other one that today is discussed on the 
 list.

 I have several clamav installations. I use it with Postfix on CentOS 
 (very similar to Red Hat). I use the clamav RPM packages available on 
 http://crash.fce.vutbr.cz , but recompiled on CentOS.

 Last night suddenly, on several of my custoers' mail servers, clamd 
 stopped running.
 In the lo I find:
 Wed Apr 11 04:02:13 2007 - SelfCheck: Database status OK.
 Wed Apr 11 04:38:23 2007 - SelfCheck: Database modification detected. 
 Forcing reload.
 Wed Apr 11 04:38:24 2007 - Reading databases from /var/lib/clamav
 Wed Apr 11 04:38:24 2007 - ERROR: reload db failed: Broken or not a
CVD file
 Wed Apr 11 04:38:24 2007 - Terminating because of a fatal error.
 Wed Apr 11 04:38:24 2007 - Socket file removed.
 Wed Apr 11 04:38:24 2007 - Pid file removed.
 Wed Apr 11 04:38:24 2007 - --- Stopped at Wed Apr 11 04:38:24 2007

 This happened on at least 10 different installations, more or less at 
 the same time.

 I noticed that:
 1) the problem seems to occur only on 0.90 installations. Servers 
 still with 0.8x seem not to be affected.
 2) In /var/lib/clamav , after clamd stopped running, I find the 
 directories daily.inc, main.inc anche the mirrors.dat file. No .cvd 
 files.

 I'm looking for the reason of this massive problem, and I'd like to 
 know if this can be an isolated episode (maybe due to a broken update 
 file).

 I found a minor problem in the RPM package, too. In the rc file, 
 /etc/init.d/clamd, it checks for the existence of 
 /var/lib/clamav/main.cvd and , if not found, it exits echoing ERROR: 
 Clamav DB missing! Run 'freshclam --verbose' as root.
 Having main.inc and not main.cvd, my clamd refused to start with this 
 error. Maybe the package author is listening reading this ML, so he 
 can correct his packages. It seems to me that it is sufficient to 
 check for the existence of the file /var/lib/clamav/main.cvd OR the 
 directory /var/lib/clamav/main.inc . Is this be correct (I mean, 
 main.inc took the place of main.cvd)?

 Thanks for the attention.
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://lurker.clamav.net/list/clamav-users.html

I have the same here...

Tue Apr 10 20:19:34 2007 - Database correctly reloaded (107793
signatures)
Wed Apr 11 06:19:21 2007 - SelfCheck: Database modification detected.
Forcing reload.
Wed Apr 11 06:19:22 2007 - Reading databases from /var/lib/clamav
Wed Apr 11 06:19:22 2007 - ERROR: reload db failed: Broken or not a
CVD file
Wed Apr 11 06:19:22 2007 - Terminating because of a fatal error.Wed
Apr 11 06:19:23 2007 - Socket file removed.
Wed Apr 11 06:19:23 2007 - Pid file removed.
Wed Apr 11 06:19:23 2007 - --- Stopped at Wed Apr 11 06:19:23 2007


I tried restarting the deamon with the same results.

My ClamWin also died today on my personal computer!!!
I fixed ClamWin by blowing away the databases and re-downloading them.
I'll try the same for clamav on the server to see if it fixes the
problem.  But this error is CATASTROPHIC.

- -James

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGHOMokNLDmnu1kSkRAtrXAKCDadn1zNJV6vAapYF/K2sx04ZDWgCfUu0t
1BeA/U5w9rwchiI9ED0IsX4=
=u5Vg
-END PGP SIGNATURE-

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: first impressions on 0.90

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Ian Abbott wrote:
 On 14/02/2007 20:09, Rick Pim wrote:
it's true; if i start clamd and then check, the clamd socket isn't
there. but if i leave clamd alone for a few seconds the socket
appears and clamav-milter starts happily after that. i've tucked
a sleep 30 into the startup script and things seem happy. is
there anything obvious i'm missing?

 That will be because it forks before reading the database (which
 causes the delay) and before creating the sockets. I.e. the initial
 process exits before everything is ready.

 Maybe it would be better if it forked after creating the sockets.

No, because then you would have two active sockets and a replicated
database per instance (fork).
Not good practice, unless you really want the results.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFF1bbskNLDmnu1kSkRArsQAJ44sgqychWJuRugHRmCeYhXlwQduwCfUP1t
O/Z39tvyKOIyRS4syKusj9c=
=OhqU
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Jim Maul wrote:
 Maybe i missed it, but where in his original email did he ask anyone
 to help him by doing something for him?  From what i can see, he
 didnt even ask for help at all.  The way i took it was:

 Gee, I downloaded this package for clamav and installed it and now
 there are all sorts of other things that still need to be done to
 get it working correctly. Maybe clamav developers could work with
 the package maintainers to make this process go more smoothly?

 To which he received responses like:

 Your an idiot.
 We dont care.
 Shut up and stop posting crap like this to the list.

 To me it seems like everyone missed the point and made their own
 assumptions as to what he *really* meant.  Maybe the title was
 worded poorly, or his post looked too similar to others that people
 have seen in the past and it triggered an immediate negative
 response from them, or maybe its just that some people on this list
 havent gotten any lately and are grumpy - who knows.  But to berate
 someone like this over a post they made which i believe was
 interpreted incorrectly to begin with is completely wrong.  I mean
 cmon, the subject clearly states its directed at packagers.  Give
 the guy a flippin break.

 -Jim
Ok,

I'm usually very patient when it comes to responses to email's like
this.  But, I believe he is really asking the wrong people.  He should
be going to the package maintainers.  This group is usually content
with compiling and installing directly from source.

Like Dennis said Bringing it all together is what the admin is for.

ClamAV is a powerful tool; but, would you give a chainsaw to your
2-year old to use  I think not.

Everyone has to learn.  There is no shortcuts when it comes to being a
sysadmin, no matter what level you are.  You can make things easier;
but, usually at a cost.  No one here is willing to make ClamAV a
butter knife when it is already a chainsaw.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFFVJrkkNLDmnu1kSkRAiY3AJ4q4FvrEKs7qdvylNclGZPn3IZYKwCffyxj
cpwgnnzStfnSaPFScEbD3Is=
=5i3r
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Jim Maul wrote:

 Are they really no package maintainers on this list?  I find that
 hard to believe.  Is it really necessary to punish someone for
 thinking that maybe, just maybe, a message about clamav packages on
  the clamav-users list might actually get seen by some packagers
 themselves?


Yes, there are; but, most are looking here for updates, issues, etc.
that may make thing easier for supporting the users of the packages.
All package maintainers also have their own email addresses.  Most are
willing to take suggestions.  Some even make changes.
But, asking this community outright for a change like this to take
place at ClamAV is difficult to manage, and misplaced.

When you first install ClamAV (even from source), you have to make
changes to the configuration.  This I found out myself after a few
days of ClamAV not working... my first time.  Some package maintainers
do make this easier and make a few changes themselves to get things
working; but, then the users may have an inadequate configuration for
their use and not know any better.


 Of course.  Im not saying i completely agree with everything the OP
  wrote.  Im simply saying that i believe people misinterpreted what
  he was ultimately trying to say, and then insulted him because of
 it.

He insulted himself first with the very misdirected subject to the email.

[Clamav-users] Cherishing my ignorance - An appeal to packagers:
QUOTE

 I WANT to know NOTHING about ClamAV, I wish to remain ignorant.  I
 even trust the folks who produce RPMs to come up with reasonable
 defaults for file locations, max sizes, etc. etc. etc.  As _IS_ the
  case with just about every other install.
/QUOTE

He clearly states he wants to know NOTHING about the setup of ClamAV.
This is not the tact to take when installing a package like this.  How
it is configured depends heavily on how you want to use it.  You have
to learn and overcome your ignorance to accomplish this.

His email has no basis in reality as far as anyone can tell.

 WARNING: Your ClamAV installation is OUTDATED!

 Never will be fixed.  I'm not spending another two days monkeying
 with configuration, so this install of ClamAV stays, just ignore
 the warning that it's OUTDATED until then next OS upgrade.  So I'll
  never see any of the new and great features added.
Yes, it is a WARNING, if you read the whole warning it says NOT to PANIC.
Actually, EVERYONE gets theses once in a while.  Unless you have a
script that checks every hour for the latest version you are bound to
get a few of these in the logs.  Everyone knows the drill
download the source, compile, install, done.  Usually that simple.
Packages are usually similar, but the maintainer needs to do the work
of compiling, testing, etc before releasing.


 This means that much of the developers work is wasted, because I
 take the easiet way around an error, no clamav user, the hell with
 it, freshclam runs as root.

 config file, just take out Example keep hacking until it stops
 complaining.
This is just BAD news.  ClamAV should not be treated this way.
Running as root aside, you have to READ the configuration file in its
entirety to appreciate its usefulness.

Nothing he said gave the problem clear details, suggestions or otherwise.
Some questions he could have asked are:

Why does ClamAV always complain about the configuration being bad
after I just installed it on my machine?
Why does ClamAV complain about being OUTDATED?
How can I fix these problems?
Where should I go to find out more about the configuration?
What is the proper way to configure ClamAV for my system?
Why can't freshclam write to the directory for the virus updates?
How can I fix this?

But, he didn't ASK a single question.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFFVLLKkNLDmnu1kSkRAsUBAJ0Yi3gmtAdDW/PUfOg47zomTx6pAgCdHq6s
YIItLVCd8stq3hLZ5+Erh60=
=XBwq
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Cherishing my ignorance - An appeal to packagers

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Jim Redman wrote:
 Of all the packages I install (Fedora), clamav is the only modern
 package that fails to install and just work.

-- snip --
 Jim


You are ranting to the wrong group of people.  ClamAV has nothing to
do with RPM packages or maintaining Fedora releases of the extra
packages they have.

If you want to stay more up to date on these, you should consider
maybe ATRPMs or DAG for a repository for ClamAV.

Or take the route many here will offer of compiling from SOURCE.

- -James

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFFUNvikNLDmnu1kSkRAspLAJ9HWhMUfcFxeiv8chipVKFQPDTK7ACdGMdI
zqXEoJoJPawtXrKzZsUmkjM=
=t6h6
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] I-Worm/Generic.RX undetected

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Daniel Hertanu wrote:
 Hi

 Yesterday I received 3 emails in which the local antivirus (AVG for
 Windows, Free edition) has detected a virus named I-Worm/Generic.RX. The
 email server is a sendmail with clamav-milter. Having a look into the log
 file I discovered that clamav-milter declared the emails as clean.
 Freshclam is executed daily, so the virus database is updated.
 As this virus name is not listed in Clamav virus database, I'm wondering
 if there is known under a different name, and, if so, why it was not
 detected.
 Any idea would be much appreciated. Thank you.

 Daniel

Daniel,

Submit it to clamav.  It may be a variant of an existing worm/virus.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFFEU0PkNLDmnu1kSkRAmciAJ9r+WbzGq7SipHhDNH5yFQh1p7GYQCdGHT4
vMQryaCqVSKu8DvhrjQ=
=YUmh
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Scan Signature

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Diego Lorenzo - OJC wrote:
 Hello, folks!

 I´m needing to mark all incoming and outgoing e-mails with a virus
scanned message, kindda This e-mail was scanned by Clamav (or Amavis),
something like that. Is there any flag I can set it?

 Regards,

 Diego Lorenzo 
Checkout the settings for clamav-milter if that is what you are using.

- --sign --signature-file=/etc/mail/clamav/clamav-signature

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFE5ckCkNLDmnu1kSkRAs5dAJ95ggDjl0GfNhNXCzaJFTu/5lQmvwCaAlUl
AYokkTUvQCos1d1ulSikySQ=
=oIt6
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] broken zlib version

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Fixed.  You can safely ignore the error about that version.

- -James

Thomas Cameron wrote:
 All -

 I'm not reporting a stability problem with an old version, I just
 have a
 question.  I am running Red Hat Enterprise Linux 4, update 3.  The
 version of zlib (zlib-1.2.1.2-1.2) shows these entries in the
 changelog:

 * Tue Jul 12 2005 Ivana Varekova [EMAIL PROTECTED] 1.2.1.2-1.2
 - fix for CAN-2005-1849 (#163037)

 * Mon Jul 04 2005 Tomas Mraz [EMAIL PROTECTED] 1.2.1.2-1.1
 - fix for CAN-2005-2096 (#162391)

 * Sun Sep 12 2004 Jeff Johnson [EMAIL PROTECTED] 1.2.1.2-1
 - update to 1.2.1.2 to fix 2 DoS problems (#131385).

 The warning that clamav gives isn't very instructive as to what the
 stability issue might be.  Can anyone tell me if the brokenness is
 fixed as part of the backport process Red Hat does?

 Thanks,
 Thomas

 ___
 http://lurker.clamav.net/list/clamav-users.html

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFEls4MkNLDmnu1kSkRAk1NAJ95qO9X6v4jauigyXG7Zrl73b8hqACdHgak
paYSpdVuwEjjyVpk00AkNf4=
=8IO4
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] nested attachements question

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Nick wrote:
 Hi all,

 I'm doing some research for my Boss and have been asked whether
 ClamAV can handle multiple nested archive files.  That is, if an
 attachment has a zip of a zip of a zip (etc., etc.) with a virus
 embedded somewhere, can it recurse through effectively?  Anyone know
 ClamAV's abilities regarding this?

It can scan recursively, although the default behavior only allows a
few recursive scans before automatically rejecting the file as a virus
by recursive nature of the zip file.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFEhzQqkNLDmnu1kSkRAlKWAJ9AV5VdNbWrAqrKoftGetax7/iYrACePIGu
WuR9ZZLP4IT/9wsgQXr2nPs=
=Hg0h
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Question About Quarantine

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Kaplan, Andrew H. wrote:
 Hi there --

 As a general rule of thumb, what is the oldest a file should be from
any given
 day that is in the quarantine directory
 before it should be deleted from the system?

Depends on how often you check the quarantine directory.  The
directory is only a temporary place to put something until someone can
verify the file actually contains a true virus and delete it OR
determine the virus may have been intentional (clamav.tar.gz downloads
get quarantined on my system because they contain the test virus) OR
that the virus can be removed and the problem fixed by someone
knowledgeable of how to do such a thing.

I would live with a manual cleaning of the directory and stay away
from an automatic cleaning of the directory.  But, one could say
1-year may be a reasonable amount of time.

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFEayi7kNLDmnu1kSkRAre+AJ9SiTtlzTxvnV6Oab+gg7tuoR+sEQCfULEH
kOm5oexO3Bf9yxUpQVh7Bcc=
=EkTT
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Croxx-Platform Virus

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Everyone,

I just ran over this, and it sounds legit.  I'm afraid the bird-flu is
spreading to the humans (Linux) now.

http://www.ddj.com/dept/security/184429859?cid=RSSfeed_DDJ_Security

- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFEVgitjNkgON6wBZARAtVlAJ0e+cV+Lf3vlLg8Q7IeFkaUa+LgXACfVolM
NGw1NJuYPpAeQU+Bybb5p64=
=3HNi
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] cannot use yum to upgrade to 0.88.1

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Ralf Durkee wrote:
 Has anybody built trustworthy rpm's for ClamAV for Fedora Core 4,
 or would be willing to make them available if I built them? -- Ralf
 Durkee, CISSP, GSEC, GCIH Principal Security Consultant
 http://rd1.net

DAG does a good job.
Check the clamav website for information.

There is also Petr Kristof's site for FC4
http://crash.fce.vutbr.cz/crash-hat/4/clamav/


- -James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD4DBQFEPSOxkNLDmnu1kSkRAkPfAJiFWHBbIgPkaKCAkxmHqzImeBZ1AJ9LMOTu
T7hF4XEVbdr2L73716rlyA==
=EK5y
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem with milter-greylist and clamav 0.88.1

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Davin Flatten wrote:
 I just today tried to upgrade to 0.88.1, but I am having a problem.
 I can configure, make, and make install fine and I am able to start
 clamd fine using the config files from 0.88, but when I start up
 scanning with milter-greylist I get Could not connect to clamd
 daemon at /defangspool/clamd.sock.   If shutdown clamd/sendmail and
 make install from the 0.88 directory everything runs fine.  Is
 anyone else experiencing similar problems?

 -Davin Flatten

David,

I think someone else reported the problem... but, it was related to
having multiple spaces before the socket file name.  I'm guessing
0.88.1 only expects one white-space character separator between the
key-name and value.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFENrH0kNLDmnu1kSkRAr/HAJ98OiApdyhbagdv/8arHLJq5OsDfQCdEcgI
T/ZSwnb4juWoRaU3ovJthdI=
=6SzH
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamscan and file access times

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Miner, Jonathan W (CSC) (US SSA) wrote:
 Hi -

 I've just started to use ClamAV as part of an evaluation of several
 anti-virus products for our UNIX/Linux networks.  Our primary need
 is to scan filesystems. The first thing I noticed was that there
 was no option to preserve file access times, this is a problem for
 me, since we have archive tools that make decisions based on the
 the access and modification times of files.

Hi,

Clamscan shouldn't be modifying the (modification time)...  The access
time should be OK being modified; otherwise you would backup/etc every
time someone viewed a file.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFENR5pkNLDmnu1kSkRAnt7AJ9SN98C68a13z+W3a0BrNRxXScUlwCfYZho
1VifhCmye0MD0fNHNsT63tc=
=jxhc
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamscan and file access times

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Miner, Jonathan W (CSC) (US SSA) wrote:

 Hi,

 Clamscan shouldn't be modifying the (modification time)...  The
 access time should be OK being modified; otherwise you would
 backup/etc every time someone viewed a file.

 Clamscan does not change the modification time... I didn't mean to
 infer that it did.  Sorry for any confusion that might have caused.


No confusion.  I just read your statement and looked at the code and
your code resets both the modified time and the accessed time for the
file.

I'm only a little confused why you would be worried about the accessed
time, and what your are using that time for that is so important for
this kind of a change?

If someone just 'cat' a file or viewed it without changing anything,
the access time will change always.

Unless you are using the accessed time to determine if a file is safe
to remove or move to permanent backup somewhere.

James

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFENSJOkNLDmnu1kSkRArYZAKCFTsQt1Hmh7W9ErBicqnyIqwhXIgCfaLKN
0fI1VyEOBvaODp2X/2cnvv0=
=7Mhp
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav Samba with on access anti virus scans

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Paul Matthews wrote:
 I've googled samba-vscan-clamav and I have come up with a few hits,
 but I can't find anything to do with Fedora and does it require
 samba to be installed by source, not by default installation from
 Fedora install?


Paul,

(1)  Don't top-post.

(2)  Try building from my source RPM.
 
http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-2.fc1.src.rpm

I can't guarantee it will work
PS:  You also need the samba source RPM installed and '-bp' ed at
least to get the vscan-clamav module to compile.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFEM8VskNLDmnu1kSkRAj90AJ9CAVpEH1crJkEcp05oVnhHPDBTPACfSN56
PR/7eJywxfQnAzXsDCC5T5o=
=UXx3
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav Samba with on access anti virus scans

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Paul Matthews wrote:
 hi there,

 i'm currently running a CentOS samba server and i'm looking at getting
 clamav to do on-access scanning of files using clamav.

 can someone point me in the direction of a how-to for setting this up?
 or what programs should be used?
 any information on this topical at all would be helpful.

Google the web for samba-vscan-clamav ...  It is very simple to setup;
although, you get a serious performance hit for using on large files.

James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFEMn26kNLDmnu1kSkRAuYeAJ0QcIMPpoy1sPHtLjRF/Y5bCANybACdESVY
OVC5uZeqoO9Vsi29t9KG2zc=
=6Wvo
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Paulo Ricardo Bruck wrote:
 Hi guys
 
 environment:
 
 Debian Sarge 3.1
 samba3.0.14a-3sarge
 clamav-daemon  0.88-0volatile
 vscan-samba 3.0.6b
 
 When I test w/ eicar w/samba or w/ clamscan it works like a charm, but
 when I tried to look at thunderbird mail at [ home] in samba, CPU
 increase till 100%. 
 This problem only occurs when any user tries to read/receive an email.
 
 Any clues about it? Am I asking at the right list?
 
 openantivir list is out..
 
 thanks in advance

Hi,

This is probably because of your settings for vscan-samba.
Here are my settings, although you may have to tweak things to get
performance up.

You could also try setting one of the 'scan on open' / 'close' flags to
no to see if that suites your needs.

- --- in samba-vscan.conf ---

max file size = 8388608 ; 8M

- 

You could also try the 0.40 snapshot for samba-vscan-clamav.  I have a
copy in my RPM.
http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-2.fc1.src.rpm

You probably are using IMAP or a huge inbox, try the max file size limit
first.

Let me know,
James Kosin

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD4jUskNLDmnu1kSkRAhz7AJoCOVM4rLQniso8mKhNGnFehgnzJgCeOry+
9j6P1AhPNpPtAmolf0ikpX0=
=4pWV
-END PGP SIGNATURE-
-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: Re :Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Paulo Ricardo Bruck wrote:

-- Snip --

Ok, Lets start again.

(1)  Is the mail being stored on a samba share?  Eg: Thunderbird getting
mail and putting it in mail-boxes that are on the server share.

(2)  Do you get any improvement if you temporarily turn off the
samba-vscan?  Just trying to see if this is with samba-vscan or the
Thunderbird client itself.

(3)  Try lowering the max file size option.  samba-vscan does have a
performance hit associated with it.

(4)  Try excluding the mail-box files from being scanned.  Thunderbird
like almost all email clients, won't like the mail-box files
disappearing on them.  Had this problem many times especially with
outlook.
 You don't need to scan twice; especially if you already have
clamav-milter installed and running.

Let me know,
James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD4lzskNLDmnu1kSkRAniWAJ4hAH4tsDH7qFlpDiHhzer6nC990ACeIdyT
nKe7uo9O5yKDTZDbSBGGQJY=
=teFj
-END PGP SIGNATURE-
-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Squirriel Mail clamav scanner

[James Kosin]

Paul Matthews wrote:

well i was thinking it would be like the anti-virus that scans the
e-mails on arrival, such as thunderbird  avgfree or outlook  norton
anti-virus.


-- snip --

Squirrel mail is an html based client.  If you protect using milter / 
etc for sendmail everything should be OK.  This is of course dependant 
on the chance you operate your own emial server.  If not, be sure to get 
clamdscan to scan for viruses or get a script to scan when checking 
email.  There are plenty of choices out there.


James Kosin
--
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamd.conf not recognizing TemporaryDirectory

[James Kosin]

He means restart the clamd server application...

HUP is the kill signal that gets sent to a process to tell it to shut 
everything down.



HUP

The following command 


$ kill -s SIGHUP 1001

sends the HUP or hang-up signal to the program that is running with process ID 
1001. You can also use the numeric value of the signal as follows:

$ kill -1 1001

This command also sends the hang-up signal to the program that is running with 
process ID 1001. Although the default action for this signal calls for the 
process to terminate, many UNIX programs use the HUP signal as an indication 
that they should reinitialize themselves. For this reason, you should use a 
different signal if you are trying to terminate or kill a process.

  QUOTE taken from 
http://www.erdves.lt/kristi/books/Computah%20Stuff/unix-linux/Teach_Yourself_Shell_Programming_In_24hrs.tar/ch19/307-310.html


Good Luck,
James Kosin

Brian McDonald wrote:

You will have to explain what you mean by HUP the process



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Odhiambo
Washington
Sent: Tuesday, January 03, 2006 10:04 AM
To: clamav-users@lists.clamav.net
Subject: Re: [Clamav-users] clamd.conf not recognizing TemporaryDirectory


* On 03/01/06 09:57 -0500, Brian McDonald wrote:


I am trying to change the temporary directory for clamav but the change is
not working clamav is still writing to /tmp.

My clamd.conf

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 5M
LogTime
TemporaryDirectory /var/clamavtmp/tmp
DatabaseDirectory /var/lib/clamav
TCPAddr 127.0.0.1
TCPSocket 3310
User clamav
DetectBrokenExecutables
ArchiveBlockEncrypted




Did you HUP the process?


-Wash

http://www.netmeister.org/news/learn2quote.html

--
+==+
|\  _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED]
Zzz /,`.-'`'-.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_) | GSM: +254 722 743223   +254 733 744121
+==+
H. L. Mencken suffers from the hallucination that he is H. L.
Mencken -- there is no cure for a disease of that magnitude.
-- Maxwell Bodenheim
___
http://lurker.clamav.net/list/clamav-users.html


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006

___
http://lurker.clamav.net/list/clamav-users.html


--
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav doubt

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
 
Bill Maidment wrote:

 Richard Pijnenburg wrote:

 Hi,

 This question is one of many :)
 Like the warning says: Local version: 0.87 Recommended version:
 0.87.1
 Just install the new version.


 Clovis Tristao wrote:

 Hi,

 I'm update Clamav using /etc/cron.d/clamav-update or freshclam,
 but appears this message

 ClamAV update process started at Tue Nov 8 10:26:12 2005
 WARNING: Your ClamAV installation is OUTDATED!
 WARNING: Local version: 0.87 Recommended version: 0.87.1
 DON'T PANIC! Read http://www.clamav.net/faq.html

 What's happening, because I update the system:

 clamav-0.87-1.fc5
 clamav-update-0.87-1.fc5
 clamav-data-0.87-1.fc5
 clamav-lib-0.87-1.fc5

 I'm read the http://www.clamav.net/faq.html, but not found any
 solution.
 Thanks any help,

 Clóvis



 1. Don't top post.
 2. Looks like he did update to 0.87-1 but not successfully.
 3. What is fc5  A typo? Or am I that far out of date?
 4. I think he is confusing signature update with package update.
 5. I'm confused. It's been a lng day.

 Cheers
 Bill

2)  No he didn't update.  0.87-1 is not the same as 0.87.1...
3)  FC5 is the development version of Fedora http://fedora.redhat.com ...

He needs to really tell someone on the fedora-development list that
the packages are out of date now.

This is a normal WARNING that happens often when the version of clamav
updates.

Double Cheers,
James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDcKsQkNLDmnu1kSkRA7hoAJ4m+3xFJ413a0VJPRX4B5uDzDadywCdFPhi
O+1gheQKPRsuUV0SRxwNS2Q=
=cLhh
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] INFO: clamav-0.87.1 pacakges for FC-4

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
 
Krištof Petr wrote:

 Hello all,

 there is new version of FC-4 packages. They are on testing
 repository http://crash.fce.vutbr.cz/crash-hat/testing/4/clamav/
 because the one big change was did from previous build.

 New sub-package clamav-db was introduced. This package is not
 needed to install, because main package clamav downloads actual
 updated virus db from net after installation via freshclam program.


 The primary target of this step is saving of bandwith and network
 infrastructure. Size of virus db grows up rapidly and users with
 freshclam updated systems dont need to install the same data once
 again from clamav package. (Look at discussion a year back about on
 list.)

 If nothing breaks really hard, I will move new build to standard
 repository on Monday 12:00 GMT.

 Regs Petr

 ___
 http://lurker.clamav.net/list/clamav-users.html

Petr,

Hi.

The only problem I see with the change is that users who don't already
have a database loaded on their system will need to download and
install the db package first before installing the main clamav
packages.  Unless maybe you force the freshclam to download the
updates before starting the other services...  but, this also takes up
bandwidth and resources.

Maybe it would be better to look into compressing the databases
somehow.  Having a run-time decompresser to extract the information
from the database as the application needed them.

Just some random ideas,
James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDb15HkNLDmnu1kSkRAxpqAJsEfMUcc/99jDlzhqOSIiaq8U+uJwCfQAJX
UWOfrGKvy/6zkU7/nStFvVg=
=g3cB
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem: clamd dead but subsys locked

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
 
Nauman wrote:

 Hi All,

 i Have Been experiencing this Problem , a couple of times , but this
 time its STUCK . I wanna trace out this problem , if any one of you
 could HELP , it would be so nice of you in advance .

 I have searched on this on google as well , but No solution found .
 I had clamAV running perfectly with Sendmail 8.13 and MIMEDefang (
 ALL Latest Version)
 I have builded this Mail Server on Fedora Core 3. Few Days Back i
 Installed its Web Viewer ( OPENWEBMAIL ) and that too was working
 fine until Today
 i just switched on the machine and found this error, i re-compiled
 my sendmail.cf , and even my sendmail making sure that there is
 nothing extra then MILTER Support in the devtool/Site/site.m4 file .

 I m using MIMEDefang's user - defang as the user in clamd.conf
 which is as follows :

 ** clamd.conf 
 LogSyslog
 User defang
 PidFile /var/spool/MIMEDefang/clamd.pid
 LocalSocket /var/spool/MIMEDefang/clamd.sock
 MaxThreads 5
 MaxDirectoryRecursion 15
 ScanMail
 FollowDirectorySymlinks
 FollowFileSymlinks
 StreamMaxLength 15M
 ScanArchive
 ArchiveMaxFileSize 15M
 ArchiveMaxRecursion 5
 ArchiveMaxFiles 1500

 *

 And My Sendmail.mc file looks like this :


 define(`confMILTER_LOG_LEVEL',`1')dnl
 INPUT_MAIL_FILTER(`mimedefang',
 `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m')


 ***

 The Machine Was Runing - and every thing was perfect : how can i
 trace this PROBLEM -- ANY HELP ?

 Further more - if Any of You are Using SMTP AUTH - can i know which
 way is the best to Apply !!

 Regard,
 Nauman



 ___
 http://lurker.clamav.net/list/clamav-users.html

Nauman,

(1)  Be careful about the user setting in ClamAV.
(a)  Check the permissions on your antivirus databases for clamav?
(b)  If needed, change the user for freshclam.conf.
(c)  Restart all applications after fixing the problem.

Good Luck,
James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDb2XwkNLDmnu1kSkRA4UUAJ0ViuV6YjRSktzQDvFXRsx8tI8VBwCfaRiw
E2AmEORcILQIcmraz+sRRcE=
=bv2V
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] INFO: clamav-0.87.1 pacakges for FC-4

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
 
Tomasz Kojm wrote:

On Mon, 07 Nov 2005 09:01:43 -0500
James Kosin [EMAIL PROTECTED] wrote:

Maybe it would be better to look into compressing the databases
somehow. Having a run-time decompresser to extract the information
from the database as the application needed them.


The databases are already compressed.


--

___
http://lurker.clamav.net/list/clamav-users.html

Ok, remove foot from mouth and apologize.

Sorry, it was too early in the morning for me to properly comment.
I'm better now that I've had my cup of coffee...

James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDb3c2kNLDmnu1kSkRAzMcAJ9fzrDLC5I75ljLxLmhJbOf3Ps9WgCfRALG
hytEaoyFfXcKXscEIz8ZEu0=
=C14Q
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] INFO: clamav-0.87.1 pacakges for FC-4

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
 
Krištof Petr wrote:

 James Kosin wrote:

 The only problem I see with the change is that users who don't already
 have a database loaded on their system will need to download and
 install the db package first before installing the main clamav
 packages. Unless maybe you force the freshclam to download the
 updates before starting the other services... but, this also takes up
 bandwidth and resources.



 I like to give freedom to user to choose his way.

 a) He can install clamav-db and then this sub-package will be upgraded
 each time via yum when new packages are released, even the virus db
 is actual by freshclam. This is the vaste of bandwith what Im talking
 about.

 b) He can install the main packages only, then updated virus db manualy
 and start freshclan to keep data actual.

 I will try to improve main package's post-install script to get
 up-to-date
 db from net after intial installation.

 Regs
 Petr

 ___
 http://lurker.clamav.net/list/clamav-users.html

Petr,

You could test for the existence of the file and run freshclam if the
file does not exist.
I think the directory still needs to be part of the install if not
present; I'm not sure how freshclam will respond.

If you need any help; I can try a few test builds of the packages I've
created from your original ones for FC1 long ago.
I've had to do a few modifications myself; because I have the
installation running as a split user.  Clamd running as root for
samba-vscan / etc and freshclam running as clamav.  This causes it's
own problems, that I've worked out to some degree.

Thanks,
James

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDb3mlkNLDmnu1kSkRA+tfAJ9f07lEpQTXsfVu494mumMk3tmhwwCghI0c
AmVvtDfHcEvoB9sCO9fmR6w=
=Do6A
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] main.cvd corrupt?

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
 
See Kar Leong wrote:

Dear All,

 I'm using clamav with qmail-scanner, I found out my qmail not sending
email today, and in the qmail-scanner log file, there is some error log.

Fri, 21 Oct 2005 10:29:40 +0800:3251: --output of clamscan was:
LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: MD5
verification error
ERROR: MD5 verification error
--
21/10/2005 10:29:40:3251: error_condition: X-Qmail-Scanner-1.20:
clamscan: corrupt or unknown ClamAV scanner error or
memory/resource/perms problem - exit status 50


 I run freshclam at that time but it display a normal output.

ClamAV update process started at Fri Oct 21 10:29:52 2005
main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder:
tkojm)
daily.cvd is up to date (version: 1145, sigs: 1175, f-level: 6, builder:
diego)


 I need to remove the main.cvd and update again to solve the problem,
the output is.

ClamAV update process started at Fri Oct 21 10:30:51 2005
Downloading main.cvd [*]
ERROR: Verification: MD5 verification error
Trying again in 5 secs...
ClamAV update process started at Fri Oct 21 10:31:40 2005
Downloading main.cvd [*]
ERROR: Verification: MD5 verification error
Trying again in 5 secs...
ClamAV update process started at Fri Oct 21 10:32:11 2005
Downloading main.cvd [*]
main.cvd updated (version: 34, sigs: 39625, f-level: 5, builder: tkojm)
daily.cvd is up to date (version: 1145, sigs: 1175, f-level: 6, builder:
diego)
Database updated (40800 signatures) from database.clamav.net (IP:
203.16.234.78)


 Is anyone face this problem before? or is it my hardware to old?
PII,128MB,4GB HDD.


Regards,
karleong

___
http://lurker.clamav.net/list/clamav-users.html

What version of ClamAV are you running?

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
iD8DBQFDWN9okNLDmnu1kSkRAwMEAJ99oWta2KVYmRJBkTiEcSaHOoGBRwCcDw4C
SahsXojfIk+TvUJf/neegs4=
=xZgM
-END PGP SIGNATURE-

-- 
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAntivirus NOT detecting viruses

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Stephen Cheboi wrote:

| Hi there,
| I have clamantivirus installed in my server, but recently a virus
| [EMAIL PROTECTED] infected some pcs on my network.
| I have gone through the clamav.conf file and everything looks fine.
| How can i change this file to enable scanning of e-amail files
| before sending to user mailboxes.
| Will appreciate any assistance.
|
| Thank you.
| Stephen
|
| ___
| http://lurker.clamav.net/list/clamav-users.html

Look at setting up clamav-milter.
James Kosin

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDPTYMkNLDmnu1kSkRAylkAJ9oZo2xKNLxLi30bkvj+w7eHhtruwCfauy2
Y30FKJZRj9tC/m1cgCHT3rU=
=m1OZ
-END PGP SIGNATURE-

--
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav-milter CPU usage

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Elizabeth Schwartz wrote:

|Mine's doing the same. Solaris 9, clamav 0.87, blastwave build. I took a
|look with truss and it seems to be looping doing this over and over
and over
|(I don't se any values changing here):
|
|
|/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7
|/2: fstat64(7, 0xFEEFBD00) = 0
|/2: fcntl(7, F_SETFD, 0x0001) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 208
|/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0
|/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 0
|/2: close(7) = 0
|/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7
|/2: fstat64(7, 0xFEEFBD00) = 0
|/2: fcntl(7, F_SETFD, 0x0001) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 208
|/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0
|/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 0
|/2: close(7) = 0
|/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7
|/2: fstat64(7, 0xFEEFBD00) = 0
|/2: fcntl(7, F_SETFD, 0x0001) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 208
|/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0
|/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 0
|/2: close(7) = 0
|/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7
|/2: fstat64(7, 0xFEEFBD00) = 0
|/2: fcntl(7, F_SETFD, 0x0001) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 208
|/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0
|/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0
|/2: getdents64(7, 0x0196E678, 8192) = 0
|/2: close(7) = 0
|/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7
|
|my clamav-milter flags:
|
|-q -lo --timeout 0 /opt/csw/share/clamav/clmilter.sock
|--sendmail-cf=/opt/csw/et
|c/mail/sendmail.cf
|___
|http://lurker.clamav.net/list/clamav-users.html

What version of the kernel are you running?
If you kill clamav-milter does the usage go down?

I'm using Fedora FC1 with no problems.
CLAMAV_FLAGS=  --quiet \
~--dont-wait \
~--timeout=0 \
~--force-scan \
~--dont-log-clean \
~--server=localhost \
~--sign
- --signature-file=/etc/mail/clamav/clamav-signature \
~--pidfile=/var/run/clamav/clamav-milter.pid \
~local:/var/run/clamav/clamav-milter.sock \
~

I have heard some of the newer kernels having problems with CPU
usage  But that may be fixed with the latest 2.6.13 or 14 releases.

James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDOxGdkNLDmnu1kSkRAwK8AJ0dqF2wj08y+pu6J7Iuzf8pSAyKZACfSTy6
f4J+ft+qPryqdvvrly9hna4=
=n73s
-END PGP SIGNATURE-

--
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav-milter CPU usage

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Brian Riffle wrote:

|
|
| Interesting... looks to me like the watchdog thread is stuck in a
|  tight loop.  It's *supposed* to do that check when: - the milter
| goes idle - there are no free servers available - once every
| readTimeout-1 seconds
|
| Any chance you put ReadTimeout=0 or ReadTimeout=1 in your
| clamd.conf? The milter only makes sure it's non-negative, not
| that it's greater than 1.  (This is probably a bug, though I
| haven't thought about it enough to be sure, so I'll leave that to
| Nigel.)
|
|
| I am running Redhat EL3 with kernel 2.4.213.32.0.1. I just changed
| the ReadTimeout =5 (was at 0) and that seems to have done the
| trick..
|
| The config file says that 0 disables the timeout, so I had it
| there.  Thank you for your help.. And thanks Elizabeth for being so
|  quick with the trace.. I had just started it when you had posted
| it.  Mine had the same loop..
|
| Thanks, Brian
|
Maybe it needs to check that ReadTimeout - 1 is non negative.
I bet if it is negative, it is suppose to not-timeout and non-negative
delays (waits) that many seconds before timing out.

James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDOxQnkNLDmnu1kSkRAyGOAJ9P4QhW24uPhzTEzVWn5ho1mWI0XgCfX7l3
BBHFuBkrFX5xnAOVXZRQNqw=
=xtjD
-END PGP SIGNATURE-

--
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

David Shows wrote:

|  Morning all,
|
|  My version of ClamAV .85 has become outdated and I need to upgrade.
|Unfortunately I get error messages when I try to use RPM to upgrade
because
|of incompatibilities with zlib packages.  I have not tried to ignore the
|issues and force an install, but running out of ideas.
|
|  Anyone upgrade with RedHat yet and solve the RPM issues?  Would like to
|know how you solved them.
|
|Thanks much,
|
|David Shows
|MegaGate Broadband
|
|
|
Depends,

If you have the latest RPMS from RedHat that fix the major important
security issues, than most likely you can ignore the error and force
the issue or compile the source with the flag that skips the ZLib
version check.
RedHat has a tendency to just patch the security vulnerability and
just increment the package number without changing the major version
number of the package.

If you don't have the latest from RedHat, then please update to the
latest and again ignore the problem and force the issue.  It would be
interesting to find out where you are getting the clamav RPMs for this
version of RedHat.

James
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDOWS5kNLDmnu1kSkRAx1OAJ9iMCzjJ6uUl2kWzNXy/pOT/m/BBACeJ5D9
hNoi+OQ1XnZHC4lyI4lyhJE=
=aDin
-END PGP SIGNATURE-

--
Scanned by ClamAV - http://www.clamav.net

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav-milter nscd problem

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Apostolos Papayanakis wrote:

|Last month I started getting 10-20 random clamav-milter segfaults
|each day. The load is a few tens of thousand scans daily.
|
|The very same clamav-milter segfaults can also be induced
|persistently by clmilter_watch. That was a surprize to me, because
|clmilter_watch is only a health monitoring utility for the clamav-milter
|daemon (see http://www.itg.uiuc.edu/itg_software/clmilter_watch).
|
|On a completely quiet system when tested with clmilter_watch, the
|segfaults happen only when using nscd (name service cache daemon) which
|comes as a part of glibc (v2.3.5). This means that if I just pkill nscd
|then the problem vanishes, but if I have nscd running, restart
clamav-milter,
|then probe it with clmilter_watch, clamav-milter segfaults immediately.
|
|Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_eoh
|Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_envbody: 4756 bytes
|Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_eom
|Aug  8 22:07:30 alpha clamav-milter[13116]: j78RCJ7TXH930484: clean
message from 
|Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_close
|Aug  8 22:07:30 alpha clamav-milter[13116]: Segmentation fault :-( Bye..
|
|I have enabled debug code and modes and then tried to strace the
|problem, with limited results. It seems that clamav-milter segfaults
right
|after reading from the nscd socket a hostname resolution result (for
|localhost.localdomain), and before anything else. It maybe a glibc
problem
|as there was a glibc upgrade last month indeed.
|
|Here are the command lines used:
|
|/usr/sbin/clamav-milter --debug --max-children 150 --force-scan
- --timeout=0 --quiet --local inet:33100
|/noc/scripts/nst/clmilter_watch -L /dev/null -s 43210  -t 5 #
monitor of clamav-milter
|
|Here are the options from /etc/clamd.conf
|
|LogClean
|LogSyslog
|LogVerbose
|PidFile /var/run/clamav/clamd.pid
|TemporaryDirectory /var/tmp
|LocalSocket /var/run/clamav/clamd.sock
|FixStaleSocket
|StreamMaxLength 20M
|MaxThreads 150
|User clamav
|Foreground
|Debug
|DetectBrokenExecutables
|ScanRAR
|
|I am currently in the process of testing with a previous version of
|glibc, just in case I have hit a new bug, but this will take time.
Does any
|body else have another hint?
|
I had a simular problem.  That seemed to be fixed with the latest ZLib
libraries:
~http://www.zlib.net

I would get errors from clamav-milter looking something like the
following:
~Aug  5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter
(clmilter): local socket name /var/run/clamav/clamav-milter.sock unsafe
~Aug  5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter
(clmilter): to error state

(1)  What platform are you using?  Debian, Redhat, Fedora, Gentoo?

Good Luck,
James Kosin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+KxAkNLDmnu1kSkRAnLNAJ0VFBCueEfieCuHzn7H6xRGN4avmACeNbAC
o72K07OSDcrXwzzHv7X8EpU=
=QVey
-END PGP SIGNATURE-

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Re: clamav-users Digest, Vol 10, Issue 26

[James Kosin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dawson wrote:

| My problem is probably very simple for all the
| experts out there but has stumped me
|
| my freshclam.og is in /var/log
|
| I set the ownership to clamav
|
| It gets reset to root and then prevents the
| program from running.  You can see what happens:
|
| [EMAIL PROTECTED] public_html]# freshclam
| ERROR: Can't open /var/log/freshclam.log in append mode (check
| permissions!).
| ERROR: Problem with internal logger.
| [EMAIL PROTECTED] public_html]# ls -la /var/log/freshclam.log
| -rw---  1 root root 2528 Jul 25 12:51 /var/log/freshclam.log
| [EMAIL PROTECTED] public_html]# chown clamav.clamav /var/log/freshclam.log
| [EMAIL PROTECTED] public_html]# freshclam
| ClamAV update process started at Fri Jul 29 11:39:35 2005
| WARNING: Your ClamAV installation is OUTDATED!
| WARNING: Local version: 0.86.1 Recommended version: 0.86.2
| DON'T PANIC! Read http://www.clamav.net/faq.html
| main.cvd is up to date (version: 33, sigs: 36102, f-level: 5,
| builder: tkojm)
| Downloading daily.cvd [*]
| daily.cvd updated (version: 997, sigs: 1055, f-level: 5, builder:
| arnaud)
| Database updated (37157 signatures) from db.us.clamav.net (IP:
| 38.136.139.7)
|
| How can I fix this?
| ___
| http://lurker.clamav.net/list/clamav-users.html
|
Are you using an RPM to update clamav?
Does clamd run as root (for samba-vscan module)?
Did you recently update to clamav 0.86.1, and not checked your logfiles?

Sorry for all the questions; but, clamav has evolved over the past few
versions where the permissions of the logfiles / directories / etc has
changed.  And many of them can cause problems if the RPMs have not
been setup to handle the change properly.  One version I packaged, did
that on me and I quickly got a new one out.  Since I've even changed
the spec file a bit to handle my special case of needing to run clamd
as root...  and keep everything else running as clamav user for
database updates and such.

I've now gotten in the habit of checking these things more now

James

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC6pUwkNLDmnu1kSkRAv7rAJwIcX+/n50MIbyUNJUyNqYUAPTUDwCfR611
ugGpUEE28IH/rGuQ5LbCXEo=
=PH9F
-END PGP SIGNATURE-

___
http://lurker.clamav.net/list/clamav-users.html