Re: [Clamav-users] Suggestion - make the source package available without the main.cvd database
Per Jessen wrote: Any chance of making the source package available without the current cvd databases? The current package is 24Mb, without the CVD it's only 3Mb. Just a suggestion, but it might just save some bandwidth. /Per Jessen, Zürich Some RPM packages have gone this route; however, you still need to download the database to get a working ClamAv installation. So, either way you are going to have to download the database files, if this is a fresh NEW installation. Some HISTORY (from what I remember) 1) The source is built on the idea that you should be able to download, compile, and install and have a working installation. To make thing easier, the tarball has the latest databases at the time packaged so NEW users don't get troubled with a LARGE download just after installing and trying to use the tools for the first time. 2) Wasn't long ago, ClamAv would crash and not function without a set of database files installed. It wasn't till recently that the freshclam demon could download a fresh set of databases and not just upgrade them. (0.90 or something like that)... 3) RPM builders have switched to this as an attempt to satisfy the users... don't know the fallout for this; since this involves extra RPM packages to be installed by new users. Some have also gone to packaging the client and server software separately again for those using a complicated networked approach to ClamAv. Final Thoughts -- 1) It could be possible to offer both on the web-site; however that increases the possibility NEW users may download the wrong one and get stuck with the LARGE download and complaints will rise. 2) aCaB is correct, you can get the sources via SVN. Granted it isn't the most convenient method; but, you will be getting what you want. James Kosin signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Question of clamav/clamav-milter
Giorgio Bellussi wrote: Javier Lopez wrote: Hi community, man clamav-milter: ... -Q, --quarantine=EMAILADDRESS If this e-mail address is given, messages containing a virus or worm are redirected to it. ... WBR G ___ That is from the old clamav-milter man page. Clamav-milter = 0.95.1 has a very slim number of options... James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Virus Infected Message for recipient
Dan Metcalf wrote: - Original Message - From: Michelle Konzack linux4miche...@tamay-dogan.net To: clamav-users@lists.clamav.net Sent: Wednesday, April 29, 2009 2:48 PM Subject: Re: [Clamav-users] Virus Infected Message for recipient I also came across the same issue. Of course I Reject the messages, but for my own personal domain I like to have the notices of infected email go through to the intended local recipient just to keep track of things. James Kosin mentioned the backscatter with faked sender addresses, but we aren't looking to return the email notice to the sender. I just want to send a notice to the local recipient that the message was not accepted due to a virus. I would never do this because I do not want to be informed about 150-2000 viriis per day. Thanks, Greetings and nice Day/Evening Michelle Konzack That's nice, but we weren't asking for an opinion poll. My domain doesn't get very many viruses at all through email, so it's a nice ticker to see when virus activity is on the rise out there. I could have all of the postmaster virus notifications routed to myself, but that's overkill for my monitoring needs. Dan Metcalf Should be easy enough to write a script to parse the log and return a count of the viruses per day for you. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Virus Infected Message for recipient
martinnitram wrote: At clamav 0.94, it can config clamav-milter that send a Virus Infected notify email to recipient when a virus scanned. But from 0.95.1, the milter only had 'Blackhole' option that direct drop the virus email without any user notification like 0.94. Is that had any option for milter at 0.95.1 to do this? Thank. clamav-milter has 5 options for this Accept -- not recommended if a virus is detected Reject -- sending server or client will get a 5xx error message Defer -- message acceptance is temporarily rejected for later retry Blackhole -- sends to oblivion silently Quarantine -- saves the message for the administrator to verify and either accept, reject, etc. I personally use the Reject option; but I've also heard of the Quarantine option being used heavily as well. The old Virus Infected messages were discouraged; since it causes unnecessary back-scatter (most virus programs don't use a valid e-mail address for the return party; or if they did they ended up being random e-mail address entries from the true infected machine and not the host sending the infection) James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [ClamAV-users] HELP! unrecognized option `--pidfile=/var/run/clamav-milter/clamav-milter.pid'
Noel Jones wrote: Gomes, Rich wrote: Line referring to the pid has been removed from the conf file but it still throws the same error Root owns the files, (same as the old mail server) Do NOT use the --pidfile *command line* option when starting clamav-milter! Please read the clamav-milter man page. You may need to change your init script. -- Noel Jones ___ Also, look for clamav-milter in /etc/sysconfig, if using any Fedora or RedHat release. Clamav-Milter no longer accepts command line arguments and all parameters should be passed in the NEW clamav-milter.conf file located in /etc If you have the file 'clamav-milter' in /etc/sysconfig, either rename/remove or comment out the CLAMAV_FLAGS part of the configuration file!!! And please EDIT the new /etc/clamav-milter.conf file to properly setup clamav-milter. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-0.95.1/clamav-milter does not insert headers in messages
Robert S wrote: You are probably looking for the AddHeader option. Thanks. That's fixed it. Just a minor point: Version 0.94 gave detailed headers: X-Virus-Scanned: ClamAV 0.94.2/9256/Sun Apr 19 09:13:04 2009 on myserver.mydomain.com.au Whereas 0.95 gives a brief header: X-Virus-Scanned: clamav-milter 0.95.1 at myserver Can this be changed to the original detailed form? An altered header could potentially cause a mail system to break. Where can I find a list of _all_ the options for /etc/clamav-milter.conf? Should be in the source. If you compiled from source then, %path_to_source%/etc If you installed an RPM and already had clamav-milter.conf then look for a file named clamav-milter.conf.rpmnew or .rpmsave You can also try here https://wiki.clamav.net/Main/UpgradeNotes095 James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav-milter 0.95.1 reject message
Jason Bertoch wrote: I use OnInfected Reject in my clamav-milter.conf and it seems the new behavior is to reject with an error of 5.7.1 Command rejected instead of the matching signature name. In the event of a false positive, it is extremely handy to have the signature logged both in the error to the sender and in the local logs. Is there a config option I missed, or is it a feature that can be requested? Check the configuration file, it is clearly stated as an option. #RejectMsg What may not be too clear is the required format... James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamav-milter 0.95
Everyone, I also ran across the ReadTimeout setting in clamav-milter.conf, this setting says setting to 0 disables the timeout. This does not appear to be the case. What happens is it honors a timeout of 0-seconds. Meaning clamav-milter reports that clamd is not running or responding. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Missing option on freshclam 0.95?
Charles Gregory wrote: Started getting these with my Centos4 package freshclam today: /etc/cron.hourly/freshclam: /usr/bin/freshclam: unrecognized option `--log-verbose' ERROR: Unknown option passed ERROR: Can't parse command line options The cron job is unchanged since installation. Did the above option get deprecated? I don't see it in the docs This may be an issue with the packager (dag?) needing to update the cron files/jobs.? Thanks! - Charles Most likely. But do understand 0.95 has changed a lot of the interface and options. I'm still crafting so clamav-milter will work with the new config file and not the command line options. Hopefully, he subscribes to this list and may already know your issue. If not, please contact him via his email address found here: http://dag.wieers.com/personal/ James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] NULL dereference in clamav-milter 0.95
aCaB wrote: Hi, A bug has been reported affecting clamav-milter 0.95. If LogInfected is set to Full and the message being processed lacks either the Subject, Message-ID or Date headers a NULL pointer is dereferenced which will cause the program to be aborted. For SVN users the issue is fixed in r4991. For Stable users, the issue will be fixed in the upcoming 0.95.1 version which is to be released soon. In the meantime it is recommended to set LogInfected to Off (the default) or Basic in clamav-milter.conf. For full details see: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1522 Thanks, -aCaB Thanks, Was the patch provided in the link the only change to fix the issue? Or were other files affected? Thanks again, James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.95RC1 availability
Nigel Horne wrote: Folks, 0.95 RC1 was published on Wednesday 25/2/09. For details of the new features please refer to the Changelog. A what's new document that gives an overview of the new and improved features is currently in preparation for publication on www.clamav.net. For technical information please refer to https://wiki.clamav.net/Main/UpgradeNotes095 . We encourage as many people as possible to test this release candidate by downloading it from www.clamav.net. If you don't have access to a test machine you can still help us by downloading it and checking that it compiles and links on your platform. If you do have a test machine/model/network please help us by loading ClamAV 0.95RC1 and testing it. All bug reports should be filed at http://bugs.clamav.net. We also encourage all 3rd party developers of products and distribution/port maintainers to download and check this update so that you can go live as soon as the final version is released. The release is scheduled for 16th March. Thank you for your continued support and help, -Nigel Nigel, Compiles and links in FC1. I know it is old; but, nothing is broken in the compiling. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Feature Request Scanlist
Tomasz Kojm wrote: On Thu, 29 Jan 2009 13:26:29 +0100 Andre Hübner andre.hueb...@gmx.de wrote: snip with fileselection which is base for clamscan. Thsi fileselection could be reduced by date of creation, special filetypes, chmod, whatever... Sure, a complete scan should also be done, but to get fast results or to do quick automated scans of suspicious files this could be a nice feature. How about that? Please search the archives; it was already described how to use clamdscan for that purpose. You also have to be careful. The date/time of creation or modification can be faked or changed. So, I wouldn't rely entirely on that alone to determine what files to scan and which not to scan. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Twitter
McDonald, Dan wrote: On Thu, 2008-12-04 at 12:45 -0500, Nigel Horne wrote: Folks, how about: Daily CVD 8721 (sigs: 32788, new: 1) at 04 Dec 2008 13-26 + The proper phrasing is on and not at James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats with clamav-milter?
Ed Kasky wrote: I recently upgraded to ClamAV 0.94.1 and enabled SubmitDetectionStats. Is there a way to configure clamav-milter to write to clamd.log rather than the maillog? I would like to participate in the submissions if the viruses found by the milter would be useful. I generally catch about 25-35 a week: http://www.wrenkasky.com/cgi-bin/virus/display.pl?number Thanks in advance. Ed Ed, I believe clamav-milter uses clamd for scanning; so, it should be logging already as a found virus? James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Announcing ClamAV 0.94.1 RC1
Nigel Horne wrote: Folks, We are pleased to announce the availability of the first release candidate for ClamAV 0.94.1. 0.94.1RC1 is scheduled for release on Wednesday (15/10/08). Nigel, Everything works on gcc-3.3.6 with Redhat FC1. I managed to install check and perform the checks with success. Log below... [EMAIL PROTECTED] clamav-0.94.1rc1]# make check Making check in libclamunrar make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar' Making check in libclamunrar_iface make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar_iface' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamunrar_iface' Making check in libclamav make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make check-recursive make[2]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' Making check in lzma make[3]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav/lzma' make[3]: Nothing to be done for `check'. make[3]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav/lzma' Making check in . make[3]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make[3]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make[2]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/libclamav' Making check in clamscan make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamscan' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamscan' Making check in clamd make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamd' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamd' Making check in clamdscan make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamdscan' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamdscan' Making check in freshclam make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/freshclam' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/freshclam' Making check in sigtool make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/sigtool' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/sigtool' Making check in clamconf make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamconf' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamconf' Making check in database make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/database' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/database' Making check in docs make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/docs' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/docs' Making check in etc make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/etc' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/etc' Making check in clamav-milter make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamav-milter' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/clamav-milter' Making check in test make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/test' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/test' Making check in unit_tests make[1]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' make check_clamav check_clamd.sh check_freshclam.sh check_sigtool.sh check_clamscan.sh valgrind_tests.sh efence_tests.sh duma_tests.sh make[2]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' make[2]: `check_clamav' is up to date. make[2]: Nothing to be done for `check_clamd.sh'. make[2]: Nothing to be done for `check_freshclam.sh'. make[2]: Nothing to be done for `check_sigtool.sh'. make[2]: Nothing to be done for `check_clamscan.sh'. make[2]: Nothing to be done for `valgrind_tests.sh'. make[2]: Nothing to be done for `efence_tests.sh'. make[2]: Nothing to be done for `duma_tests.sh'. make[2]: Leaving directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' make check-TESTS make[2]: Entering directory `/usr/src/redhat/BUILD/clamav-0.94.1rc1/unit_tests' Running suite(s): cl_api cli jsnorm str regex disasm unique matchers
Re: [Clamav-users] Timed events
Jerry wrote: Is there any mechanism build into CM that would allow a user to set event to happen at either a predetermined time, or at some specific time interval. Other than checking for mail, I do not see any way of setting up a time specific event. If this is currently not available in CM; I think it might be a nice addition to the program should the developers decide to include something like this in future releases. in linux, CRON will do what you are asking. Every user has a CRON list. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] problem during compilation
Chandra wrote: Hi, When I run the command make check while trying to install clamav-0.94, i get the following error: /usr/bin/ld: cannot find -lcheck collect2: ld returned 1 exit status make[2]: *** [check_clamav] Error 1 make[2]: Leaving directory `/root/install/clamav/clamav-0.94/unit_tests' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/root/install/clamav/clamav-0.94/unit_tests' make: *** [check-recursive] Error 1 what may have gone wrong ??? I believe it is 'make test' and not 'make check'. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Stop it!
Colin Alston wrote: I've had enough now, and I want all you ClamAV people to listen up. Hay, maybe the packagers could write a script or something to indicate a problem with the current configuration when it is being installed. Then users could take the appropriate action ASAP instead of finding out or having to check the logs on an hourly basis for problems. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Unable To Run Freshclam...still
Brandon Perry wrote: your logs are owned by amavis? On Mon, Sep 22, 2008 at 10:08 AM, Carlos Williams [EMAIL PROTECTED]wrote: mail:/var/log/clamav# ls -l total 112 -rw-r- 1 amavis adm 3401 2008-09-22 10:29 clamav.log -rw-r- 1 amavis adm 23918 2008-09-21 06:25 clamav.log.1 -rw-r- 1 amavis adm 3063 2008-09-14 06:25 clamav.log.2.gz -rw-r- 1 amavis adm 10196 2008-09-22 10:25 freshclam.log -rw-r- 1 amavis adm 60461 2008-09-21 06:25 freshclam.log.1 -rw-r- 1 amavis adm 2718 2008-09-14 06:25 freshclam.log.2.gz Can someone please help me understand and resolve this issue? That and amavis is the ONLY user allowed to write to the files (besides the root user). James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Cannot compile clamav 0.94 on i386 openbsd 4.0
S.Madge wrote: That works! Are there any negative consequences by using this trick? Only down side is you will have to do it every time you rebuild samba; until you or someone else finds out why it isn't working. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Cannot compile clamav 0.94 on i386 openbsd 4.0
Török Edwin wrote: On 2008-09-17 17:28, James Kosin wrote: S.Madge wrote: That works! Are there any negative consequences by using this trick? Only down side is you will have to do it every time you rebuild samba; I don't see anybody talking about samba in this thread ;) Sorry, my head is in the clouds today. But, same applies for clamav. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Error scanning specific .pdf file
Jason Bertoch wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:clamav-users- [EMAIL PROTECTED] On Behalf Of Tomasz Kojm Sent: Thursday, September 11, 2008 2:00 PM To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] Error scanning specific .pdf file On Thu, 11 Sep 2008 13:54:00 -0400 Jason Bertoch [EMAIL PROTECTED] wrote: Should I open a bug report over something as simple as a strange pdf problem? Yes, please do. Bug 1181 opened and the pdf can be found as an attachment there. As such, please ignore the link in my previous mail. /Jason ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml Well, since nobody has access now to bug 1181: (a) I get the same error on a 32-bit compiled platform. The bug would have been addressing a 64-bit platform. OUTPUT -bash-2.05b$ clamscan BYPB08Flyer.pdf LibClamAV Error: cli_writen: write error: Bad address BYPB08Flyer.pdf: Input/Output error --- SCAN SUMMARY --- Known viruses: 421863 Engine version: 0.94 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 2.27 MB Time: 10.309 sec (0 m 10 s) -bash-2.05b$ James Kosin signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Database correctly reloaded (0 signatures)
Oscar Usifer wrote: Please see clamav-0.93.3/libclamav/readdb.c:460 sigs++; From static int cli_loaddb() : 475 if(signo) 476 *signo += sigs; s/b 475 if (sigs == 0) 476 return CL_EMALFDB; 477 478 if(signo) 479 *signo += sigs; Oscar, I don't know if this is really necessary. A malformed DB file should be caught by other checks above this. One could potentially have a DB file with no signatures... could be a possibility. ie: main.cld is updated and daily.cld gets signatures cleared but no update yet. The user was experiencing a total signature count of zero. So a check after loading all db files for a total count that is above 0 may be in order. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [ot?] oh no
Spiro Harvey, Knossos Networks Ltd wrote: X-Virus-Scanned: Debian amavisd-new at tad.clamav.net just found this in the headers of this mailing list :( Don't be surprised. I often use products I create in my spare time. If you aren't willing to use the product you are creating yourself than how can you honestly expect others to. This just means they are using clamav on their own mailing list. No special feet... James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.93.3 memory doubling problem
Russell Jones wrote: Sorry for the silly question, however with that patch, do I just replace the original thrmgr.c file with this one, then recompile/reinstall? I just want to make sure I do it correctly. Thanks! No, a patch is more of a difference between two files. You won't be able to compile or otherwise work if you replace the file with the patch file. Under Linux lookup 'man patch', should give you enough to start with. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Fwd: [Clamav-devel] 0.93.1 / libclamav: no CL_EMAX*-Error-Codes for Applications?]
Marcus Neukert wrote: no answer does mean: there is no chance to change it? There may have been a chance to change it when the developers proposed the change in the functionality originally on this list. The change was to get rid of the ZipTooLarge virus definition; which caused more confusion than it solved. And also; unfortunately, many milters consider any non-zero value as a VIRUS regardless of the return code. So even if we had the granularity we would still end up with a lot of complaints about the issue. The solution you are posing would require all the milters be updated to have a three stage error message: 1) Successful, NO VIRUS. 2) Unsuccessful, due to space or limits set. 3) VIRUS detected. The case 1 would be the message would be delivered, 2 the message may be delivered with a warning about the reason for the failure, 3 the message would be rejected for a VIRUS. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Limits still disabled?
Ken Williams wrote: I'm running the latest clamav on linux 2.4. Works fine. I noticed today after the upgrade my log file says: Jun 10 20:07:48 central clamd[301]: Limits: Global size limit protection disabled. Jun 10 20:07:48 central clamd[301]: Limits: File size limit protection disabled. Jun 10 20:07:48 central clamd[301]: Limits: Recursion level limit protection disabled. Jun 10 20:07:48 central clamd[301]: Limits: Files limit protection disabled. Why are my limits disabled when I've specifically added them to clamd.conf? For example I have: MaxScanSize = 300 MaxFileSize = 250 MaxRecursion = 5 MaxFiles = 500 Any idea? Remove the '=' from the line. There should only be space from the parameter description and the actual value. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.93.1RC1 (libbz issues)
Mark Fortescue wrote: Hi Stephen, The issue here is that clamav configure does not detect that the installed libbz is not compatible with clamav (the libbz API has changed changed in the latest bzip2 package). My solution was to download and compile the latest bzip2 package. This my not be posible for others so the configure scripts/clamav libbz API need to be fixed to detect the issue and either revert to the older libbz API or disable the use of libbz. Regards Mark Fortescue. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html This is already known and should be fixed in the final. signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.93.1RC1
Nigel Horne wrote: Dear All, As you may have seen, the first release candidate of 0.93.1 was published earlier this week. 0.93.1 http://downloads.sourceforge.net/clamav/clamav-0.93.1rc1.tar.gz is a maintenance release with bug fixes for issues raised with 0.93 for example portability problems and other issues discovered by our internal auditing process. It also features improved handling of PDF, CAB, RTF, OLE2 and HTML files. We welcome any feedback and bugs on this RC prior to the release of 0.93.1, which is currently scheduled for 6th June. It doesn't matter if you don't have a test environment, you can still help us for example by downloading the release candidate and checking it compiles on your system even if you don't install it; we particularly welcome reports on platform compatibility. Please put any problems you find on our Bugzilla system at https://wwws.clamav.net/bugzilla/, don't post them here. For detailed information please refer to http://lurker.clamav.net/message/20080304.110134.02e9c4c4.en.html -Nigel Horne Nigel, Compiles on FC1 (Fedora Redhat Core 1). I know it is OLD, but still rock solid. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.93.1RC1
Nigel Horne wrote: Dear All, As you may have seen, the first release candidate of 0.93.1 was published earlier this week. 0.93.1 http://downloads.sourceforge.net/clamav/clamav-0.93.1rc1.tar.gz is a maintenance release with bug fixes for issues raised with 0.93 for example portability problems and other issues discovered by our internal auditing process. It also features improved handling of PDF, CAB, RTF, OLE2 and HTML files. We welcome any feedback and bugs on this RC prior to the release of 0.93.1, which is currently scheduled for 6th June. It doesn't matter if you don't have a test environment, you can still help us for example by downloading the release candidate and checking it compiles on your system even if you don't install it; we particularly welcome reports on platform compatibility. Please put any problems you find on our Bugzilla system at https://wwws.clamav.net/bugzilla/, don't post them here. For detailed information please refer to http://lurker.clamav.net/message/20080304.110134.02e9c4c4.en.html -Nigel Horne Nigel, Compiles on FC1 (Fedora Redhat Core 1). I know it is OLD, but still rock solid. James signature.asc Description: OpenPGP digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] No supported Database
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dennis Peterson wrote: | So I currently have a main.cvd and a daily.cld, both files. Is this what | 0.93 uses or will main.cvd be swapped out with a cld container at some | point? | | dp Yes, when there is finally an update to main.cvd... I believe there is also a way to force the update with freshclam. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgGArwACgkQkNLDmnu1kSlGdwCeOeQQiZuu47pDxmRm5spsIb6+ BvsAn2NELkwdlxOF6MaWS35Y28PnNhAY =LdDX -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] FreeBSD 4.11 and ports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | People who may have problems compiling ClamAV 0.93 with the FreeBSD | ports on 4.11 may need to patch the port Makefile as I had to. I am | not sure if it affects other FreeBSD versions or not, I didn't try it. | | --- Makefile.orig Wed Apr 16 10:59:51 2008 | +++ MakefileWed Apr 16 11:37:41 2008 | @@ -108,7 +108,7 @@ | .if ${OSVERSION} = 601000 | PTHREAD_LIBS= -lthr | .else | -PTHREAD_LIBS= -lpthread | +PTHREAD_LIBS= -pthread | .endif | | .if defined(WITH_ARC) | | Steven Steven, The -pthread should only be needed on IBM RS/6000 and PowerPC platforms. SPARC has their own option and everyone else should follow into the -l category. Directly from the gcc man page... ~ -l library ~ Search the library named library when linking. (The second alter- ~ native with the library as a separate argument is only for POSIX ~ compliance and is not recommended.) ~ It makes a difference where in the command you write this option; ~ the linker searches and processes libraries and object files in the ~ order they are specified. Thus, foo.o -lz bar.o searches library z ~ after file foo.o but before bar.o. If bar.o refers to functions in ~ z, those functions may not be loaded. ~ The linker searches a standard list of directories for the library, ~ which is actually a file named liblibrary.a. The linker then uses ~ this file as if it had been specified precisely by name. ~ The directories searched include several standard system directo- ~ ries plus any that you specify with -L. ~ Normally the files found this way are library files---archive files ~ whose members are object files. The linker handles an archive file ~ by scanning through it for members which define symbols that have ~ so far been referenced but not defined. But if the file that is ~ found is an ordinary object file, it is linked in the usual fash- ~ ion. The only difference between using an -l option and specifying ~ a file name is that -l surrounds library with lib and .a and ~ searches several directories. ~ SPARC Options ~- ~ -pthreads ~ Add support for multithreading using the POSIX threads library. ~ This option sets flags for both the preprocessor and linker. This ~ option does not affect the thread safety of object code produced ~ by the compiler or that of libraries supplied with it. ~ IBM RS/6000 and PowerPC Options ~- ~ -pthread ~ Adds support for multithreading with the pthreads library. This ~ option sets flags for both the preprocessor and linker. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgGRcEACgkQkNLDmnu1kSn98gCeJdfvKcH3HtWsxj7vinM/RKkY 8/gAnjGwXMm0XO6fgcch/kiuY1UGNaJF =vVyt -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Upgrade ClamAV
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carlos Williams wrote: | I searched Google and could not find anything that was obvious to | resolving this dep. issue. | | When I go to search the archives manually, I went to | http://lurker.clamav.net/list/clamav-users.html and I get a blank page | for some reason. I am not trying to seem lazy but I am having trouble | looking for this previous conversation and just joined the list so my | apologies... Carlos, Report the problem to the package maintainer. If you built the package yourself, then uninstall the previous version BEFORE you rebuild the packages. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgGRwEACgkQkNLDmnu1kSlCmQCfQRCf0r2CObeQ0SYgXiYEKBH1 PKUAn1CUQQ8RaTcj8U+347NKJEai2Qw6 =jTK+ -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Morrison wrote: | On Mon, 14 Apr 2008 20:38:21 +0300 | Török Edwin [EMAIL PROTECTED] wrote: | | Brian Morrison wrote: | Török Edwin wrote: | | Brian Morrison wrote: | | I've just built and installed 0.93, when the new versions try and start | I get this error: | | /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined | symbol: rarvm_free | | A grep through the source doesn't appear to show anything obvious to me | anyway, the system in use is RH9 BTW, patched up to date but of course | out of support for some time. The rpm build process completed without | errors. | | Back to 0.92.1 for now. | | Any ideas? | | Did you install libclamunrar_iface.so, and libclamunrar.so? | | Yes, the rpm build script packaged them correctly, they're in the rpm if | I look with rpm -qpl package and clamav-0.92.1 also has these | installed on my system, it was built using the same rpm build script. | | I'm wondering if somehow it's not picking up something from a header | file, I have the -devel package installed for 0.92.1 but I'm building | using the files supplied in the tarball so the new version should have | everything it needs. | Can you try to build manually? Just a simple ./configure make; and | then run clamd/clamd. | Please upload the build logs somewhere (or open a bugreport on bugzilla). | | I built using ./configure and make, after passing the | --enable-experimental argument, and then ran ldd clamd/clamd as a | check, but it immediately tells me that the program is not a dynamic | executable, which implies it doesn't link to shared libraries I think. | I also pass --without milter to avoid building the milter files. | | When I build from my spec file, this is what it passes to configure: | | %configure \ | --program-prefix=%{?_program_prefix} \ | %{!?_without_milter:--enable-milter} \ | --enable-dns \ | --with-libcurl \ | --disable-clamav \ | --enable-id-check \ | --with-user=clamav \ | --with-group=clamav \ | #--disable-zlib-vcheck \ | --enable-experimental \ | --with-dbdir=%{_localstatedir}/lib/clamav | %{__make} | | the origin of the spec file was from Petr Krisztof back in the late | RH8/RH9/Fedora 1 days, it's always worked for me with a few changes to | package new files as they appeared. | | This has worked up to and including 0.92.1, and indeed the 0.93 version | builds OK, it just won't run. I can't see how this happens as all | the .so libraries are correctly linked and versioned, and are installed | in the right place. There is only one copy of libclam*.so* on the whole | system. | | Not sure what is happening here. Too tired to debug this any more | tonight, maybe I'll wait for the DAG rpms and try those. | I think I have a clue. For some reason, clamav is linking against the old version of libclamunrar_iface.so.3 file. I'll try uninstalling the old version of clamav and try rebuilding fresh to see if that makes a difference. I'm using the same .spec file you are; only I also install from RPM. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgE1R4ACgkQkNLDmnu1kSkOugCcDHevC1kkNRBO0xlht7xVVCB3 d/0Ani51tXtUIJ27N9zBVMVqMNKOaDk+ =afIE -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Kosin wrote: | Brian Morrison wrote: | | On Mon, 14 Apr 2008 20:38:21 +0300 | | Török Edwin [EMAIL PROTECTED] wrote: | | | | Brian Morrison wrote: | | Török Edwin wrote: | | | | Brian Morrison wrote: | | | | I've just built and installed 0.93, when the new versions try and | start | | I get this error: | | | | /usr/sbin/clamd: relocation error: /usr/libclamav.so.4: undefined | | symbol: rarvm_free | | | | A grep through the source doesn't appear to show anything obvious | to me | | anyway, the system in use is RH9 BTW, patched up to date but of course | | out of support for some time. The rpm build process completed without | | errors. | | | | Back to 0.92.1 for now. | | | | Any ideas? | | | | Did you install libclamunrar_iface.so, and libclamunrar.so? | | | | Yes, the rpm build script packaged them correctly, they're in the rpm if | | I look with rpm -qpl package and clamav-0.92.1 also has these | | installed on my system, it was built using the same rpm build script. | | | | I'm wondering if somehow it's not picking up something from a header | | file, I have the -devel package installed for 0.92.1 but I'm building | | using the files supplied in the tarball so the new version should have | | everything it needs. | | Can you try to build manually? Just a simple ./configure make; and | | then run clamd/clamd. | | Please upload the build logs somewhere (or open a bugreport on bugzilla). | | | | I built using ./configure and make, after passing the | | --enable-experimental argument, and then ran ldd clamd/clamd as a | | check, but it immediately tells me that the program is not a dynamic | | executable, which implies it doesn't link to shared libraries I think. | | I also pass --without milter to avoid building the milter files. | | | | When I build from my spec file, this is what it passes to configure: | | | | %configure \ | | --program-prefix=%{?_program_prefix} \ | | %{!?_without_milter:--enable-milter} \ | | --enable-dns \ | | --with-libcurl \ | | --disable-clamav \ | | --enable-id-check \ | | --with-user=clamav \ | | --with-group=clamav \ | | #--disable-zlib-vcheck \ | | --enable-experimental \ | | --with-dbdir=%{_localstatedir}/lib/clamav | | %{__make} | | | | the origin of the spec file was from Petr Krisztof back in the late | | RH8/RH9/Fedora 1 days, it's always worked for me with a few changes to | | package new files as they appeared. | | | | This has worked up to and including 0.92.1, and indeed the 0.93 version | | builds OK, it just won't run. I can't see how this happens as all | | the .so libraries are correctly linked and versioned, and are installed | | in the right place. There is only one copy of libclam*.so* on the whole | | system. | | | | Not sure what is happening here. Too tired to debug this any more | | tonight, maybe I'll wait for the DAG rpms and try those. | | | I think I have a clue. | For some reason, clamav is linking against the old version of | libclamunrar_iface.so.3 file. I'll try uninstalling the old version of | clamav and try rebuilding fresh to see if that makes a difference. | I'm using the same .spec file you are; only I also install from RPM. | | James Well, that did the trick. I un-installed the old version before building and that fixed the dependency issue. James ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgE+w8ACgkQkNLDmnu1kSnygwCeJideW7hmWe7Uz5fhULOo5Xyq c9AAn1n8+IjB3DgpQ7ReGK1kwU9Rry9T =utWY -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Morrison wrote: | On Tue, 15 Apr 2008 14:59:27 -0400 | James Kosin [EMAIL PROTECTED] wrote: | | | I think I have a clue. | | For some reason, clamav is linking against the old version of | | libclamunrar_iface.so.3 file. I'll try uninstalling the old version of | | clamav and try rebuilding fresh to see if that makes a difference. | | I'm using the same .spec file you are; only I also install from RPM. | | | | James | Well, that did the trick. | I un-installed the old version before building and that fixed the | dependency issue. | | Yes, I have now had to do the same thing, and it fixed my problem as | well. I don't understand exactly why this happens, I need to understand | the cause and fix the underlying problem. | | Thanks for the assistance. Probably not a clamav bug after all! | No, it may be a ./configure problem or a mis-done makefile resulting from configure's output. Right now the only work around is to build the RPMs on a clean system and install afterwards. I've got a build log and things look OK, but, haven't had time to look at the fine details. If anyone wants the output of make ... I have the output. Sorry, don't have the RPM build process on this one. So I'm not sure exactly how the build worked; but failed to link against the correct version of libclamunrar_iface.so file...??? James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgFB2EACgkQkNLDmnu1kSlPJQCfUMLpTEJKKcZJXmtcpmXQiD8p 1vUAn0+05XOrwzJFeYymvPla+Sx4jG0t =y5oW -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav 0.93 - clamd and freshclam fail to start with relocation error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Holdoway wrote: | Having just been spending quite some time writing .spec files, it could be because rpm -U actually runs the uninstall script of the superseeded package ( with $1 set to a different value to if you're running -e ) as a part of the upgrade. | | It's most confusing and the logic of it offers only lip service to sanity! | | Steve No. I built the RPMs on a system with 0.92.1 installed and running. The resulting RPMs had a dependency on clamav requiring libclamunrar_iface.so.3 instead of the packaged so.4 file... ?? To fix the dependency, I had to 'rpm -e clamav clamav-devel clamav-milter' ... then rebuild the RPMs from the source for 0.93. Then install the resulting RPMs with -i ... PS: I did not use -U but -F to try the upgrade when it failed due to the dependency on the old library package. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgFDcUACgkQkNLDmnu1kSkc8wCcDG0Nc0KTn+33lXSmqkp1YpQA 2iQAnR9lDqWlV3LmAEQ3HBgYntqalDu7 =htqY -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAv-Milter Configuration Troubles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Kosin wrote: | Everyone, | | I've got clamav-milter using a .sock file and would like to change it to | use the IP socket address interface to clamd. | Any ideas on what I have to do? If I just change clamav-milter options | to use --external and remove the local socket file from the options, | clamav-milter complains. I want it to use the local machine's IP | 127.0.0.1 with clamd running. Anyone have a good configuration to | share, the documentation is a bit sparse in this area. | | James Hey... anyone out there??? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkf/p0IACgkQkNLDmnu1kSl5JACfffex+uGPkNNgJcGhipU/VasL b0oAnRwzzdblaeQuwtTZs8aPG9Y5hPgD =wXTC -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ClamAv-Milter Configuration Troubles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Everyone, I've got clamav-milter using a .sock file and would like to change it to use the IP socket address interface to clamd. Any ideas on what I have to do? If I just change clamav-milter options to use --external and remove the local socket file from the options, clamav-milter complains. I want it to use the local machine's IP 127.0.0.1 with clamd running. Anyone have a good configuration to share, the documentation is a bit sparse in this area. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFH/OTakNLDmnu1kSkRAnjMAJ4wWB4bihjFt6kCANqGHIFRq43jyACY16gE OAdMMGC4fku/VNVsF+sdqA== =eNsi -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam update issue, *.cvd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Fraser wrote: | I am having a problem with clam occasionally when it does an update. | Specifically what happens is that my /var/amavis/tmp directory fills up with | temp files. This seems to happens when clam fails to download an update. My | freshclam.conf file is set to download an update 24 times a day. What I see | when this has happened is that there is a *.cvd file in the | /var/lib/clamav directory, see the following ls: | | total 24 | 4 drwxr-xr-x 4 clamav clamav 4096 Apr 8 09:43 . | 8 drwxr-xr-x 35 root root 4096 May 29 2007 .. | 0 -rw-r--r-- 1 root root 0 Apr 7 05:00 *.cvd | 4 drwxr-xr-x 2 clamav clamav 4096 Apr 8 08:43 daily.inc | 4 drwxr-xr-x 2 clamav clamav 4096 Apr 7 04:43 main.inc | 4 -rw--- 1 clamav clamav 1196 Apr 8 09:43 mirrors.dat | | I could not initially determine why I would have a *.cvd file in that | directory, until I was looking at my cron.daily and found that there is a | freshclam script in it with the following contents: | | #!/bin/bash | | # Remove garbage occasionally left after unsuccessful updates | /bin/touch -a /var/lib/clamav/*.cvd | /usr/sbin/tmpwatch 72 /var/lib/clamav | | I do not know why this script is here, but I do know that the touch | command will create a file called *.cvd if there are no files ending with | cvd in that directory. | The question is what happened to the original cvd files. I was looking at | the source code for clamav. and found where I think that it removes the old | copies of the data files before it downloads new ones, but I am a little | rusty in C. if that is the case then should I modify this freshclam script | to look like the following, or am I missing the bigger picture, I.e. do I | really need this script in the daily cron? I originally put it in there I | believe because it was in the general installation instructions for the | version of clamav that I started with. | | I hope that this is clear enough for someone to have a logical answer for | me. If not then I will answer any questions. | | Respectfully, | | Mark P. Fraser Mark, (1) Please notify your product packer (RedHat, I'm guessing), that the script needs updating so others don't end up in this situation. #!/bin/bash # Remove garbage occasionally left after unsuccessful updates find /var/lib/clamav/ -type f -name '*.cvd' -exec touch -a '{}' ';' find /var/lib/clamav/ -type d -name '*.inc' | while read dir; do find $dir -exec touch -a '{}' ';' ; done /usr/sbin/tmpwatch 72 /var/lib/clamav (2) The older .cvd files have been deprecated, and the new software will automatically update to the new format when it sees .cvd files in the directory. The software will still work with the .cvd files. Be careful not to have a .cvd file if you have a corresponding .inc directory, you will end up with duplicate database entries if you do. Good Luck, James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH+6y7kNLDmnu1kSkRAv7QAJwKHQ9FDBMniWA1EfvN7lT6bHRj5wCeLxSO Xo0nFIGvhQoRW9MSnyCiOY8= =4XWH -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben wrote: | I run clamd on a CentOS server, with freshclam, and clamsmtpd to scan mail. | And I use it interfacing with postfix. | However, just clamd alone uses 23 Megabytes when idle! | | Can someone post configuration options to limit or lower memory | footstamp of clamav all around? | I'm looking for concrete functional ways to noticeably lower its | usage, so not things like | 'this might lower memory usage'. | Virus scanning is not even that important on this server, my users | would never be sending viruses, | it's more an extra way to block spam and stop having to delete viruses | from email. | | Thanks in advance, | | Ben | ___ | Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net | http://lurker.clamav.net/list/clamav-users.html Ben, You are probably better off using spamassassin or mime-defang than clamav for spam stopping. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH8UUakNLDmnu1kSkRAtXPAJsH10SyGcRM0JVLSF2khBsYNygkrwCePGQD q6ki+3JN9IDTXhFRyAyEfWg= =IT4o -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] A small survey about limits (Oversized.Zip and friends)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 aCaB wrote: | So now the real questions are: | 1- Do you have a real usage scenario for Oversized.Zip and friends? Maybe, put a warning in the email message clarifying that the file could not be checked by clamav instead of flagging as an 'Oversized.Zip' virus. This may be more useful for the receiver and sender to know than to actually cause an annoying DoS prevention. | 2- Are you aware of what the ArchiveBlockMax option does and if so, have | you set it to on? And why? No, I'm using the default of 'no'. Since I haven't read the documentation yet on that feature. (really my fault). James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHn1kukNLDmnu1kSkRAgS+AKCFVvposebZtItCnl85aJmIjZrpjQCfRnRM 9IdMpUn3JQCszDhWTCWzulQ= =jH8D -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with clamav on Linux
René Berber wrote: [snip] [snip] That will never work, you have to choose between using a local socket or a tcp socket, can't have both... and clamd should be advising you with a message to the log. No this is not correct. It depends on the version of clamav installed. The newer version supports both local and IP sockets. I believe it will even support multiple local and IP sockets as well. -James -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-0.92 very high CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen Gran wrote: | On Fri, Jan 11, 2008 at 08:16:06AM -0600, Roberto Ullfig said: | What version of Kernel are you using? | ~There is a kernel BUG that could cause this. | | Pointer to documentation about it would be great. Looking for that now... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHh4LPkNLDmnu1kSkRArJ8AJsGMgNrkPNQWq1jv6fA+uzrAj9OPgCfU2Ew seV/2u2heTmwgEy1pUWxrzU= =l9yQ -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-0.92 very high CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sandeep Agarwal wrote: | hello all, | | I am experiencing a very high CPU usage by clamd | process. Top always shows the CPU usage more than | 100%. | | I have clamav to scan AV for my mail server. Its a | qmail installtion with simscan. Clamav is installed on | FC5. | | Is this a known problem ? Any suggestion to what | should i look into ? | | do let me know if more information is required. What version of Kernel are you using? ~There is a kernel BUG that could cause this. ~'uname -a' for completeness. What version of clamav are you using? ~'clamscan -V' Is this an RPM or did you compile from source tarball? James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHh3gWkNLDmnu1kSkRAvImAJ9d+4QxiQkBp2MebMN18JLfJCSzlwCfWN3v JuRHZcyn4MsxgpQmhVoOwgs= =4o5C -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV-0.92 very high CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Kosin wrote: | Stephen Gran wrote: | | On Fri, Jan 11, 2008 at 08:16:06AM -0600, Roberto Ullfig said: | | What version of Kernel are you using? | | ~There is a kernel BUG that could cause this. | | | | Pointer to documentation about it would be great. | Looking for that now... This is one possible... http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=73a2bcb0edb9ffb0b007b3546b430e2c6e415eee and yet another possible... http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9301899be75b464ef097f0b5af7af6d9bd8f68a7 Hope this helps a bit. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHh7B+kNLDmnu1kSkRAncyAJwPldSCUtIFgTVHuWSOP//mOsBy6wCeMcZ7 8lmenA8aQw36yQ6ZAQSgTz0= =Mwuc -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.92 and memory usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Blaise wrote: Fabio, We've seen this too. See if my patch helps. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=736 Chris Chris, The patch causes the acept() to FAIL. Thu Dec 20 12:32:03 2007 - ERROR: accept() failed: à¹ØKtøÿ¿Setting connection queue length to 30 - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHaqfakNLDmnu1kSkRAliyAJ9h2hM8xc//vKccM3asE2Mou2O35wCePVpq KphgWgrJyUvVBtslKThJNr4= =12rs -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 0.92 and memory usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Kosin wrote: Chris Blaise wrote: Fabio, We've seen this too. See if my patch helps. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=736 Chris Chris, The patch causes the acept() to FAIL. Thu Dec 20 12:32:03 2007 - ERROR: accept() failed: à¹ØKtøÿ¿Setting connection queue length to 30 -James If I change the config file to have: TCPAddr 127.0.0.1 the error is still there but the LOG file is clean of any garbage characters as above. Thu Dec 20 12:41:58 2007 - ERROR: accept() failed: - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHaqsUkNLDmnu1kSkRAiUAAJ9Uu7MumAor3XvNYNFEy3N18bLoBACdF6zC Gn/31BTw+s3z/phbvTwrM6E= =IdTn -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] [main.cvd] Issues when both main.cvd and main.inc are available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Everyone, I'm hoping someone knows a quick solution. If main.cvd and main.inc are installed, the signatures seem to double themselves. daily.cvd is also installed; but the files goes away with the first update. Any idea on how to get freshclam to automatically/manually update to get rid of main.cvd like daily.cvd? Thanks, James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHaVTzkNLDmnu1kSkRAk44AJ0ZVsvCvZ+XVfCvcuYM1I5Bn0kTcACfQFEe Cg7tQ0bGyYuxnmWf866AiO0= =8PK1 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav gcc dependendencies ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Per Jessen wrote: I guess there was no other way than to make clamav dependent on gcc, but it sure is bad timing. Only a week before Christmas, most systems are frozen, people have already left for vacation etc. Updating clamav is within reason for us, but upgrading gcc too ... Was/is there absolutely no way of fixing this gcc problem in the clamav source? /Per Jessen, Zürich ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html IƧ��[�)Z�a���0rV�j��t=== You may be able to get by with disabling ALL optimizations. One of the problems at least was an Optimization problem. '-O0' may do the trick. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHZuu3kNLDmnu1kSkRAiDnAJoCTzEmX5ZrWlDl68KZAb3gEms+6QCfTR80 CFf4UTv37ubqiMvvKsLD8j8= =hBp7 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Help needed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammed Ejaz wrote: Dear tkojm, Many thanks i have updated to the suggested version, but when i do freshclam -v i got followin messages Please help what i did wrong TTL: 71 Software version from DNS: 0.91.2 main.cvd version from DNS: 44 main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven) daily.cvd version from DNS: 4982 Retrieving http://db.XY.clamav.net/daily-4337.cdiff ERROR: Can't get information about db.XY.clamav.net: Host not found ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net Retrieving http://db.XY.clamav.net/daily-4337.cdiff ERROR: Can't get information about db.XY.clamav.net: Host not found ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net Retrieving http://db.XY.clamav.net/daily-4337.cdiff ERROR: Can't get information about db.XY.clamav.net: Host not found ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net Retrieving http://db.XY.clamav.net/daily-4337.cdiff ERROR: Can't get information about db.XY.clamav.net: Host not found ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net Retrieving http://db.XY.clamav.net/daily-4337.cdiff ERROR: Can't get information about db.XY.clamav.net: Host not found ERROR: getpatch: Can't download daily-4337.cdiff from db.XY.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Retrieving http://db.XY.clamav.net/daily.cvd ERROR: Can't get information about db.XY.clamav.net: Host not found ERROR: Can't download daily.cvd from db.XY.clamav.net Restoring incremental directory daily.inc from backup LibClamAV Warning: Couldn't remove daily.inc/COPYING: Permission denied Trying again in 5 secs... - Original Message - Edit the configuration file and replace the db.XY.clamav.net with db.sa.clamav.net to fix this problem. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHVD08kNLDmnu1kSkRApX8AJ0XV/C6e5+yTcWd/HNTg65OHxzcAQCeJWp9 Ji2ynHTE9nwhtBYi/ynTwSE= =p2WI -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Recent viruses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel T. Staal wrote: On Mon, October 29, 2007 8:58 am, Gomes, Rich said: Daniel, I've been searching for how to configure this without much luck. Could you point me in the right direction? Again, it Sendmail on RH being called by clamav-milter. That's not a setup I'm familiar with; though I would expect someone else on this list to be. Anyone? Daniel T. Staal He has several options: (1) use the --quarantine=EMAILADDRESS option with clamav-milter. (2) use the --quarantine-dir=DIR option. I'm sure there may be others. eidt the file /etc/sysconfig/clamav-milter to make the changes and be sure to restart the service. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJfKgkNLDmnu1kSkRAg0DAJ9mLf9725Tn8Zkn0ijM8MOXLN3QGwCfSR7w 0i2qZHxjx9UCQjYOI9VT9hw= =HmTw -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Quiet period for viruses?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 fchan wrote: Hi, Maybe it just me but I noticed that the clamav definitions are still at 4540 dated 14 October 2007 0143 UTC or has the virus writers has called a truce. No, this is probably the LULL before the STORM. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFO7xkNLDmnu1kSkRAtLtAJ9ciUennGgTDuMktanJeUaQiEFKfgCfRqyB 0VdD0M4VfAG1IRAG79R5wyU= =k8LM -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] eicar Identified But Not Moved
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dennis Peterson wrote: Sean McGlynn wrote: Dennis, Thank you for taking the time to reply. Yes, I am running the scan as root. Sean Is the home directory mounted? Dennis ___ Should also mention the destination for the move (ClamAV is going to move the file to) needs to exist and the proper permissions set. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHFRRCkNLDmnu1kSkRAoglAJ9C4Kict3lQNezX/KdpaUQYwTMJPACeMc1C roGkHJdxFNWp6acjN1I9GSQ= =gq4+ -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter startup very slow
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen Gran wrote: On Tue, Sep 11, 2007 at 08:35:54PM +1200, Dylan Carruthers said: Hi I'm not sure if this is the correct mailing list but I've got a question about clamav-milter startup times that I can't find an existing answer for. I'm running Debian etch and have found that clamav-milter a very long time to start. This is fixed in newer versions. Please use the packages from volatile.debian.org. Loaded ClamAV 0.90.1/4223/Mon Sep 10 14:06:10 2007ClamAV: Protecting against 276647 viruses. You also seem to have double the number of signatures that you should have. Check for main.cvd, daily.cvd, main.inc, and daily.inc in /var/lib/clamav. If you have main.inc, delete main.cvd. Repeat for daily.inc and daily.cvd. Take care, Hmm... Same problem here. Hadn't noticed it; but, clamd loads the correct number, but clamav-milter seems to be loading differently and loading duplicate signatures to the database. Is there a way to prevent duplicate (identical signatures) from getting loaded into memory? - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG5wSXkNLDmnu1kSkRAkyIAJ9NuVhGfbFGYhZ/sReBjAlRKmFIGwCeNxz5 N21F7r52bDGtlxpAUAPRxd0= =8nzw -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Sourcefire's acquisition of ClamAV -- Will ClamAV become close source ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sergei Lavrov wrote: Does this mean ClamAV will become close source sometime in the future ? Lavrov Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html I believe the correct answer is IT DEPENDS. This is up to the new company to decide. No one would be willing to say Till the end of time... will remain open source. if that is what you are looking for. Closed source would mean that many distributions would have to LEAVE the ClamAV world in droves. Or take on the choice of managing the distribution differently; much like the NVIDIA project for the video cards. Which in my opinion leaves a SOUR taste in many peoples mouths. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG0uJWkNLDmnu1kSkRAn6kAJ9/7h7g0lV5BYyTNDyt/Iso7W64uQCePylb VsgAVdCa1Ld7dG4nFJXAhGE= =MDB4 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Sourcefire acquires ClamAV
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Kojm wrote: On Fri, 17 Aug 2007 05:26:14 -0700 Ed Kasky [EMAIL PROTECTED] wrote: lead the advancement of ClamAV and the CVD as employees of Sourcefire. Both the ClamAV engine and the signature database will remain under GPL. Until they start charging for current updates, etc. like they do with Snort... Hi Ed, you should rest assured that the virus database will stay GPL and will be distributed the same way as so far, Sourcefire has no intention of changing this. Best regards, I'm complaining now... because the virus database is not the source to build the binaries. If hey are only saying the virus database is the ONLY part to stay GPL we may have to pay through the nose for the source to build the compiled binaries! I'm HOPING this hasn't happened and you mis-typed your reply. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxbkvkNLDmnu1kSkRAhxLAJ9P1/umbKouOj8g95AjqYIKstlD/ACfYX6S 99RDZjW/7OxwENEF2S0kOfM= =8whG -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ArchiveMaxFileSize
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Bombadil wrote: This is what the conf file says: # Files in archives larger than this limit won't be scanned. # Value of 0 disables the limit. # Default: 10M What won't be scanned? - files larger than this limit inside an archive? - Or files inside an archive whose total size is this limit? Cheers :) Tom, I believe the answer is BOTH. and the archive is larger than this limit. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGVGkskNLDmnu1kSkRAjsNAJ9rLz723xISGEUU6xrGsH+1ux4/rgCfZQ1G 5dX+WM2zIV/hcNPx1KpKfIs= =xLDW -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] *.cvd again!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Obantec Support wrote: Hi clamd died again from clamd.log SelfCheck: Database modification detected. Forcing reload. Reading databases from /var/lib/clamav ERROR: reload db failed: Broken or not a CVD file Terminating because of a fatal error.Socket file removed. Pid file removed. --- Stopped at Thu Apr 12 04:25:08 2007 /var/run/clamav/clamd.sock: No such file or directory /var/run/clamav/clamd.sock: No such file or directory /var/run/clamav/clamd.sock: No such file or directory repeated until 8am BST when i did routine tests /var/run/clamav/clamd.sock: No such file or directory found *.cvd in /var/lib/clamav since i am using clamav-milter this has a knock on effect of stopping users sending mail. for now i have killed all clam and freshmeat until this is resolved. I think maybe what needs to happen is: (1) Any script files touching *.cvd need to be modified. This seems to be causing the problem. (2) ClamAV needs to change to fix the issue of a 0-byte CVD file causing it to CRASH. Sorry for SHOUTING, James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHjg/kNLDmnu1kSkRAkptAJ9O+UnYgG+QTs4d+s5GKFGPHmOmPQCdHVAd /wKn409e5k9D4eY/3ihUxCY= =sq99 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] *.cvd again!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luigi Iotti wrote: To who is experiencing the *.cvd problem due to the 3rd party scripts in the RPM packages maintained by Petr Kristof , available on http://crash.fce.vutbr.cz/crash-hat/5/ : Petr just released an upddated version of his packages, including the patches to the script I suggested on the list. Now the infamous *.cvd file problem (and another trivial problem where clamd did not start if the main.cvd file was not found) should be solved. Thank you Petr. Luigi I just tested and clamd will try to read any file with the extension of .cvd in the /var/lib/clamav directory. My simple question is: Could this pose a security or virus scanning problem if someone managed to place an empty or invalid .cvd file intensionally in the database directory? I say this, because it makes clamav un-operational and unable to scan for viruses on the system or email. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHq3GkNLDmnu1kSkRApw9AJ9QZpuSIr/H6EAma5mPsB0ZFLMlXgCfcwsS b0KIIfQRv/DUvhUypFm84zk= =yhzI -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] *.cvd again!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Kojm wrote: --snip-- This can be solved using file permissions as well, eg. by running clamd with only read privileges to the database directory. I was thinking about the possible VIRUS or TROJAN being able to gain root access by some other means on a Linux system. And by simple knowledge of the presence of ClamAV on the system; could render the virus scanning engine completely useless just by placing a simple blank file in the directory. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHrimkNLDmnu1kSkRAlmWAJ98PcIdTiKNKVs9zlEo3kEMpp3QjACfQip6 3aYZCpUv02uezfprvuQJ3V8= =rDsc -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] *.cvd again!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Kojm wrote: On Thu, 12 Apr 2007 16:42:07 -0600 (MDT) James Bourne [EMAIL PROTECTED] wrote: Yes it may be possible, but that's still no excuse for clamd to bail when presented with two sets of data files, one invalid and one valid. There's no perfect solution to this problem. The only good one I could think of is an option to clamscan/clamd that would only allow loading of digitally signed databases and ignore all the rest. Of course, external dbs (sane, msrbl, etc.) would no longer be supported in such a mode. What about a way to check the validity of a database before loading it, and not fatally stopping the load just because of a bad database file. Of course, the user needs to be notified; but, isn't that supported by a logwatch function. or extension? - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHrqtkNLDmnu1kSkRAgzEAJ40ztVCo1oYYVnrNDmHiHprsylpFgCfXutS EdwKwsH9cW4qVTlr6GzC5mU= =7JOZ -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, Deleting the database directory and restarting freshclam to get the databases again seems to have fixed the problem on both systems. This problem may be related to getting incremental updates and not being able to update the .CVD database properly. This is the only clue I can give. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHObJkNLDmnu1kSkRAgHYAJ9Fr2zUdedPA9RUXUxBMx8Vu4zQ9gCdE/cs T+OJjNC65ht0Yi63uwCWKLc= =HHqU -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luigi Iotti wrote: Hi all I'm new on the list, is this is a FAQ please tell me so. I'm unsure if my problem is related to the other one that today is discussed on the list. I have several clamav installations. I use it with Postfix on CentOS (very similar to Red Hat). I use the clamav RPM packages available on http://crash.fce.vutbr.cz , but recompiled on CentOS. Last night suddenly, on several of my custoers' mail servers, clamd stopped running. In the lo I find: Wed Apr 11 04:02:13 2007 - SelfCheck: Database status OK. Wed Apr 11 04:38:23 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 04:38:24 2007 - Reading databases from /var/lib/clamav Wed Apr 11 04:38:24 2007 - ERROR: reload db failed: Broken or not a CVD file Wed Apr 11 04:38:24 2007 - Terminating because of a fatal error. Wed Apr 11 04:38:24 2007 - Socket file removed. Wed Apr 11 04:38:24 2007 - Pid file removed. Wed Apr 11 04:38:24 2007 - --- Stopped at Wed Apr 11 04:38:24 2007 This happened on at least 10 different installations, more or less at the same time. I noticed that: 1) the problem seems to occur only on 0.90 installations. Servers still with 0.8x seem not to be affected. 2) In /var/lib/clamav , after clamd stopped running, I find the directories daily.inc, main.inc anche the mirrors.dat file. No .cvd files. I'm looking for the reason of this massive problem, and I'd like to know if this can be an isolated episode (maybe due to a broken update file). I found a minor problem in the RPM package, too. In the rc file, /etc/init.d/clamd, it checks for the existence of /var/lib/clamav/main.cvd and , if not found, it exits echoing ERROR: Clamav DB missing! Run 'freshclam --verbose' as root. Having main.inc and not main.cvd, my clamd refused to start with this error. Maybe the package author is listening reading this ML, so he can correct his packages. It seems to me that it is sufficient to check for the existence of the file /var/lib/clamav/main.cvd OR the directory /var/lib/clamav/main.inc . Is this be correct (I mean, main.inc took the place of main.cvd)? Thanks for the attention. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html I have the same here... Tue Apr 10 20:19:34 2007 - Database correctly reloaded (107793 signatures) Wed Apr 11 06:19:21 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 06:19:22 2007 - Reading databases from /var/lib/clamav Wed Apr 11 06:19:22 2007 - ERROR: reload db failed: Broken or not a CVD file Wed Apr 11 06:19:22 2007 - Terminating because of a fatal error.Wed Apr 11 06:19:23 2007 - Socket file removed. Wed Apr 11 06:19:23 2007 - Pid file removed. Wed Apr 11 06:19:23 2007 - --- Stopped at Wed Apr 11 06:19:23 2007 I tried restarting the deamon with the same results. My ClamWin also died today on my personal computer!!! I fixed ClamWin by blowing away the databases and re-downloading them. I'll try the same for clamav on the server to see if it fixes the problem. But this error is CATASTROPHIC. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHOMokNLDmnu1kSkRAtrXAKCDadn1zNJV6vAapYF/K2sx04ZDWgCfUu0t 1BeA/U5w9rwchiI9ED0IsX4= =u5Vg -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: first impressions on 0.90
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ian Abbott wrote: On 14/02/2007 20:09, Rick Pim wrote: it's true; if i start clamd and then check, the clamd socket isn't there. but if i leave clamd alone for a few seconds the socket appears and clamav-milter starts happily after that. i've tucked a sleep 30 into the startup script and things seem happy. is there anything obvious i'm missing? That will be because it forks before reading the database (which causes the delay) and before creating the sockets. I.e. the initial process exits before everything is ready. Maybe it would be better if it forked after creating the sockets. No, because then you would have two active sockets and a replicated database per instance (fork). Not good practice, unless you really want the results. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF1bbskNLDmnu1kSkRArsQAJ44sgqychWJuRugHRmCeYhXlwQduwCfUP1t O/Z39tvyKOIyRS4syKusj9c= =OhqU -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Maul wrote: Maybe i missed it, but where in his original email did he ask anyone to help him by doing something for him? From what i can see, he didnt even ask for help at all. The way i took it was: Gee, I downloaded this package for clamav and installed it and now there are all sorts of other things that still need to be done to get it working correctly. Maybe clamav developers could work with the package maintainers to make this process go more smoothly? To which he received responses like: Your an idiot. We dont care. Shut up and stop posting crap like this to the list. To me it seems like everyone missed the point and made their own assumptions as to what he *really* meant. Maybe the title was worded poorly, or his post looked too similar to others that people have seen in the past and it triggered an immediate negative response from them, or maybe its just that some people on this list havent gotten any lately and are grumpy - who knows. But to berate someone like this over a post they made which i believe was interpreted incorrectly to begin with is completely wrong. I mean cmon, the subject clearly states its directed at packagers. Give the guy a flippin break. -Jim Ok, I'm usually very patient when it comes to responses to email's like this. But, I believe he is really asking the wrong people. He should be going to the package maintainers. This group is usually content with compiling and installing directly from source. Like Dennis said Bringing it all together is what the admin is for. ClamAV is a powerful tool; but, would you give a chainsaw to your 2-year old to use I think not. Everyone has to learn. There is no shortcuts when it comes to being a sysadmin, no matter what level you are. You can make things easier; but, usually at a cost. No one here is willing to make ClamAV a butter knife when it is already a chainsaw. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFVJrkkNLDmnu1kSkRAiY3AJ4q4FvrEKs7qdvylNclGZPn3IZYKwCffyxj cpwgnnzStfnSaPFScEbD3Is= =5i3r -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to package rs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Maul wrote: Are they really no package maintainers on this list? I find that hard to believe. Is it really necessary to punish someone for thinking that maybe, just maybe, a message about clamav packages on the clamav-users list might actually get seen by some packagers themselves? Yes, there are; but, most are looking here for updates, issues, etc. that may make thing easier for supporting the users of the packages. All package maintainers also have their own email addresses. Most are willing to take suggestions. Some even make changes. But, asking this community outright for a change like this to take place at ClamAV is difficult to manage, and misplaced. When you first install ClamAV (even from source), you have to make changes to the configuration. This I found out myself after a few days of ClamAV not working... my first time. Some package maintainers do make this easier and make a few changes themselves to get things working; but, then the users may have an inadequate configuration for their use and not know any better. Of course. Im not saying i completely agree with everything the OP wrote. Im simply saying that i believe people misinterpreted what he was ultimately trying to say, and then insulted him because of it. He insulted himself first with the very misdirected subject to the email. [Clamav-users] Cherishing my ignorance - An appeal to packagers: QUOTE I WANT to know NOTHING about ClamAV, I wish to remain ignorant. I even trust the folks who produce RPMs to come up with reasonable defaults for file locations, max sizes, etc. etc. etc. As _IS_ the case with just about every other install. /QUOTE He clearly states he wants to know NOTHING about the setup of ClamAV. This is not the tact to take when installing a package like this. How it is configured depends heavily on how you want to use it. You have to learn and overcome your ignorance to accomplish this. His email has no basis in reality as far as anyone can tell. WARNING: Your ClamAV installation is OUTDATED! Never will be fixed. I'm not spending another two days monkeying with configuration, so this install of ClamAV stays, just ignore the warning that it's OUTDATED until then next OS upgrade. So I'll never see any of the new and great features added. Yes, it is a WARNING, if you read the whole warning it says NOT to PANIC. Actually, EVERYONE gets theses once in a while. Unless you have a script that checks every hour for the latest version you are bound to get a few of these in the logs. Everyone knows the drill download the source, compile, install, done. Usually that simple. Packages are usually similar, but the maintainer needs to do the work of compiling, testing, etc before releasing. This means that much of the developers work is wasted, because I take the easiet way around an error, no clamav user, the hell with it, freshclam runs as root. config file, just take out Example keep hacking until it stops complaining. This is just BAD news. ClamAV should not be treated this way. Running as root aside, you have to READ the configuration file in its entirety to appreciate its usefulness. Nothing he said gave the problem clear details, suggestions or otherwise. Some questions he could have asked are: Why does ClamAV always complain about the configuration being bad after I just installed it on my machine? Why does ClamAV complain about being OUTDATED? How can I fix these problems? Where should I go to find out more about the configuration? What is the proper way to configure ClamAV for my system? Why can't freshclam write to the directory for the virus updates? How can I fix this? But, he didn't ASK a single question. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFVLLKkNLDmnu1kSkRAsUBAJ0Yi3gmtAdDW/PUfOg47zomTx6pAgCdHq6s YIItLVCd8stq3hLZ5+Erh60= =XBwq -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Cherishing my ignorance - An appeal to packagers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Redman wrote: Of all the packages I install (Fedora), clamav is the only modern package that fails to install and just work. -- snip -- Jim You are ranting to the wrong group of people. ClamAV has nothing to do with RPM packages or maintaining Fedora releases of the extra packages they have. If you want to stay more up to date on these, you should consider maybe ATRPMs or DAG for a repository for ClamAV. Or take the route many here will offer of compiling from SOURCE. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUNvikNLDmnu1kSkRAspLAJ9HWhMUfcFxeiv8chipVKFQPDTK7ACdGMdI zqXEoJoJPawtXrKzZsUmkjM= =t6h6 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] I-Worm/Generic.RX undetected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Hertanu wrote: Hi Yesterday I received 3 emails in which the local antivirus (AVG for Windows, Free edition) has detected a virus named I-Worm/Generic.RX. The email server is a sendmail with clamav-milter. Having a look into the log file I discovered that clamav-milter declared the emails as clean. Freshclam is executed daily, so the virus database is updated. As this virus name is not listed in Clamav virus database, I'm wondering if there is known under a different name, and, if so, why it was not detected. Any idea would be much appreciated. Thank you. Daniel Daniel, Submit it to clamav. It may be a variant of an existing worm/virus. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFEU0PkNLDmnu1kSkRAmciAJ9r+WbzGq7SipHhDNH5yFQh1p7GYQCdGHT4 vMQryaCqVSKu8DvhrjQ= =YUmh -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Scan Signature
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Diego Lorenzo - OJC wrote: Hello, folks! I´m needing to mark all incoming and outgoing e-mails with a virus scanned message, kindda This e-mail was scanned by Clamav (or Amavis), something like that. Is there any flag I can set it? Regards, Diego Lorenzo Checkout the settings for clamav-milter if that is what you are using. - --sign --signature-file=/etc/mail/clamav/clamav-signature - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE5ckCkNLDmnu1kSkRAs5dAJ95ggDjl0GfNhNXCzaJFTu/5lQmvwCaAlUl AYokkTUvQCos1d1ulSikySQ= =oIt6 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] broken zlib version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fixed. You can safely ignore the error about that version. - -James Thomas Cameron wrote: All - I'm not reporting a stability problem with an old version, I just have a question. I am running Red Hat Enterprise Linux 4, update 3. The version of zlib (zlib-1.2.1.2-1.2) shows these entries in the changelog: * Tue Jul 12 2005 Ivana Varekova [EMAIL PROTECTED] 1.2.1.2-1.2 - fix for CAN-2005-1849 (#163037) * Mon Jul 04 2005 Tomas Mraz [EMAIL PROTECTED] 1.2.1.2-1.1 - fix for CAN-2005-2096 (#162391) * Sun Sep 12 2004 Jeff Johnson [EMAIL PROTECTED] 1.2.1.2-1 - update to 1.2.1.2 to fix 2 DoS problems (#131385). The warning that clamav gives isn't very instructive as to what the stability issue might be. Can anyone tell me if the brokenness is fixed as part of the backport process Red Hat does? Thanks, Thomas ___ http://lurker.clamav.net/list/clamav-users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEls4MkNLDmnu1kSkRAk1NAJ95qO9X6v4jauigyXG7Zrl73b8hqACdHgak paYSpdVuwEjjyVpk00AkNf4= =8IO4 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] nested attachements question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nick wrote: Hi all, I'm doing some research for my Boss and have been asked whether ClamAV can handle multiple nested archive files. That is, if an attachment has a zip of a zip of a zip (etc., etc.) with a virus embedded somewhere, can it recurse through effectively? Anyone know ClamAV's abilities regarding this? It can scan recursively, although the default behavior only allows a few recursive scans before automatically rejecting the file as a virus by recursive nature of the zip file. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEhzQqkNLDmnu1kSkRAlKWAJ9AV5VdNbWrAqrKoftGetax7/iYrACePIGu WuR9ZZLP4IT/9wsgQXr2nPs= =Hg0h -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Question About Quarantine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaplan, Andrew H. wrote: Hi there -- As a general rule of thumb, what is the oldest a file should be from any given day that is in the quarantine directory before it should be deleted from the system? Depends on how often you check the quarantine directory. The directory is only a temporary place to put something until someone can verify the file actually contains a true virus and delete it OR determine the virus may have been intentional (clamav.tar.gz downloads get quarantined on my system because they contain the test virus) OR that the virus can be removed and the problem fixed by someone knowledgeable of how to do such a thing. I would live with a manual cleaning of the directory and stay away from an automatic cleaning of the directory. But, one could say 1-year may be a reasonable amount of time. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEayi7kNLDmnu1kSkRAre+AJ9SiTtlzTxvnV6Oab+gg7tuoR+sEQCfULEH kOm5oexO3Bf9yxUpQVh7Bcc= =EkTT -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Croxx-Platform Virus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Everyone, I just ran over this, and it sounds legit. I'm afraid the bird-flu is spreading to the humans (Linux) now. http://www.ddj.com/dept/security/184429859?cid=RSSfeed_DDJ_Security - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEVgitjNkgON6wBZARAtVlAJ0e+cV+Lf3vlLg8Q7IeFkaUa+LgXACfVolM NGw1NJuYPpAeQU+Bybb5p64= =3HNi -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] cannot use yum to upgrade to 0.88.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Durkee wrote: Has anybody built trustworthy rpm's for ClamAV for Fedora Core 4, or would be willing to make them available if I built them? -- Ralf Durkee, CISSP, GSEC, GCIH Principal Security Consultant http://rd1.net DAG does a good job. Check the clamav website for information. There is also Petr Kristof's site for FC4 http://crash.fce.vutbr.cz/crash-hat/4/clamav/ - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFEPSOxkNLDmnu1kSkRAkPfAJiFWHBbIgPkaKCAkxmHqzImeBZ1AJ9LMOTu T7hF4XEVbdr2L73716rlyA== =EK5y -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with milter-greylist and clamav 0.88.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Davin Flatten wrote: I just today tried to upgrade to 0.88.1, but I am having a problem. I can configure, make, and make install fine and I am able to start clamd fine using the config files from 0.88, but when I start up scanning with milter-greylist I get Could not connect to clamd daemon at /defangspool/clamd.sock. If shutdown clamd/sendmail and make install from the 0.88 directory everything runs fine. Is anyone else experiencing similar problems? -Davin Flatten David, I think someone else reported the problem... but, it was related to having multiple spaces before the socket file name. I'm guessing 0.88.1 only expects one white-space character separator between the key-name and value. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFENrH0kNLDmnu1kSkRAr/HAJ98OiApdyhbagdv/8arHLJq5OsDfQCdEcgI T/ZSwnb4juWoRaU3ovJthdI= =6SzH -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan and file access times
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Miner, Jonathan W (CSC) (US SSA) wrote: Hi - I've just started to use ClamAV as part of an evaluation of several anti-virus products for our UNIX/Linux networks. Our primary need is to scan filesystems. The first thing I noticed was that there was no option to preserve file access times, this is a problem for me, since we have archive tools that make decisions based on the the access and modification times of files. Hi, Clamscan shouldn't be modifying the (modification time)... The access time should be OK being modified; otherwise you would backup/etc every time someone viewed a file. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFENR5pkNLDmnu1kSkRAnt7AJ9SN98C68a13z+W3a0BrNRxXScUlwCfYZho 1VifhCmye0MD0fNHNsT63tc= =jxhc -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan and file access times
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Miner, Jonathan W (CSC) (US SSA) wrote: Hi, Clamscan shouldn't be modifying the (modification time)... The access time should be OK being modified; otherwise you would backup/etc every time someone viewed a file. Clamscan does not change the modification time... I didn't mean to infer that it did. Sorry for any confusion that might have caused. No confusion. I just read your statement and looked at the code and your code resets both the modified time and the accessed time for the file. I'm only a little confused why you would be worried about the accessed time, and what your are using that time for that is so important for this kind of a change? If someone just 'cat' a file or viewed it without changing anything, the access time will change always. Unless you are using the accessed time to determine if a file is safe to remove or move to permanent backup somewhere. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFENSJOkNLDmnu1kSkRArYZAKCFTsQt1Hmh7W9ErBicqnyIqwhXIgCfaLKN 0fI1VyEOBvaODp2X/2cnvv0= =7Mhp -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav Samba with on access anti virus scans
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Matthews wrote: I've googled samba-vscan-clamav and I have come up with a few hits, but I can't find anything to do with Fedora and does it require samba to be installed by source, not by default installation from Fedora install? Paul, (1) Don't top-post. (2) Try building from my source RPM. http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-2.fc1.src.rpm I can't guarantee it will work PS: You also need the samba source RPM installed and '-bp' ed at least to get the vscan-clamav module to compile. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEM8VskNLDmnu1kSkRAj90AJ9CAVpEH1crJkEcp05oVnhHPDBTPACfSN56 PR/7eJywxfQnAzXsDCC5T5o= =UXx3 -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav Samba with on access anti virus scans
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Matthews wrote: hi there, i'm currently running a CentOS samba server and i'm looking at getting clamav to do on-access scanning of files using clamav. can someone point me in the direction of a how-to for setting this up? or what programs should be used? any information on this topical at all would be helpful. Google the web for samba-vscan-clamav ... It is very simple to setup; although, you get a serious performance hit for using on large files. James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEMn26kNLDmnu1kSkRAuYeAJ0QcIMPpoy1sPHtLjRF/Y5bCANybACdESVY OVC5uZeqoO9Vsi29t9KG2zc= =6Wvo -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paulo Ricardo Bruck wrote: Hi guys environment: Debian Sarge 3.1 samba3.0.14a-3sarge clamav-daemon 0.88-0volatile vscan-samba 3.0.6b When I test w/ eicar w/samba or w/ clamscan it works like a charm, but when I tried to look at thunderbird mail at [ home] in samba, CPU increase till 100%. This problem only occurs when any user tries to read/receive an email. Any clues about it? Am I asking at the right list? openantivir list is out.. thanks in advance Hi, This is probably because of your settings for vscan-samba. Here are my settings, although you may have to tweak things to get performance up. You could also try setting one of the 'scan on open' / 'close' flags to no to see if that suites your needs. - --- in samba-vscan.conf --- max file size = 8388608 ; 8M - You could also try the 0.40 snapshot for samba-vscan-clamav. I have a copy in my RPM. http://support.intcomgrp.com/mirror/fedora-core/beta/src/samba-vscan-clamav-0.4.0-2.fc1.src.rpm You probably are using IMAP or a huge inbox, try the max file size limit first. Let me know, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4jUskNLDmnu1kSkRAhz7AJoCOVM4rLQniso8mKhNGnFehgnzJgCeOry+ 9j6P1AhPNpPtAmolf0ikpX0= =4pWV -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: Re :Re: [Clamav-users] 100% CPU clamav samba-vscan thunderbird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paulo Ricardo Bruck wrote: -- Snip -- Ok, Lets start again. (1) Is the mail being stored on a samba share? Eg: Thunderbird getting mail and putting it in mail-boxes that are on the server share. (2) Do you get any improvement if you temporarily turn off the samba-vscan? Just trying to see if this is with samba-vscan or the Thunderbird client itself. (3) Try lowering the max file size option. samba-vscan does have a performance hit associated with it. (4) Try excluding the mail-box files from being scanned. Thunderbird like almost all email clients, won't like the mail-box files disappearing on them. Had this problem many times especially with outlook. You don't need to scan twice; especially if you already have clamav-milter installed and running. Let me know, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4lzskNLDmnu1kSkRAniWAJ4hAH4tsDH7qFlpDiHhzer6nC990ACeIdyT nKe7uo9O5yKDTZDbSBGGQJY= =teFj -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Squirriel Mail clamav scanner
Paul Matthews wrote: well i was thinking it would be like the anti-virus that scans the e-mails on arrival, such as thunderbird avgfree or outlook norton anti-virus. -- snip -- Squirrel mail is an html based client. If you protect using milter / etc for sendmail everything should be OK. This is of course dependant on the chance you operate your own emial server. If not, be sure to get clamdscan to scan for viruses or get a script to scan when checking email. There are plenty of choices out there. James Kosin -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamd.conf not recognizing TemporaryDirectory
He means restart the clamd server application... HUP is the kill signal that gets sent to a process to tell it to shut everything down. HUP The following command $ kill -s SIGHUP 1001 sends the HUP or hang-up signal to the program that is running with process ID 1001. You can also use the numeric value of the signal as follows: $ kill -1 1001 This command also sends the hang-up signal to the program that is running with process ID 1001. Although the default action for this signal calls for the process to terminate, many UNIX programs use the HUP signal as an indication that they should reinitialize themselves. For this reason, you should use a different signal if you are trying to terminate or kill a process. QUOTE taken from http://www.erdves.lt/kristi/books/Computah%20Stuff/unix-linux/Teach_Yourself_Shell_Programming_In_24hrs.tar/ch19/307-310.html Good Luck, James Kosin Brian McDonald wrote: You will have to explain what you mean by HUP the process -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Odhiambo Washington Sent: Tuesday, January 03, 2006 10:04 AM To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] clamd.conf not recognizing TemporaryDirectory * On 03/01/06 09:57 -0500, Brian McDonald wrote: I am trying to change the temporary directory for clamav but the change is not working clamav is still writing to /tmp. My clamd.conf LogFile /var/log/clamav/clamd.log LogFileMaxSize 5M LogTime TemporaryDirectory /var/clamavtmp/tmp DatabaseDirectory /var/lib/clamav TCPAddr 127.0.0.1 TCPSocket 3310 User clamav DetectBrokenExecutables ArchiveBlockEncrypted Did you HUP the process? -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington[EMAIL PROTECTED] Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ H. L. Mencken suffers from the hallucination that he is H. L. Mencken -- there is no cure for a disease of that magnitude. -- Maxwell Bodenheim ___ http://lurker.clamav.net/list/clamav-users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006 ___ http://lurker.clamav.net/list/clamav-users.html -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav doubt
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Bill Maidment wrote: Richard Pijnenburg wrote: Hi, This question is one of many :) Like the warning says: Local version: 0.87 Recommended version: 0.87.1 Just install the new version. Clovis Tristao wrote: Hi, I'm update Clamav using /etc/cron.d/clamav-update or freshclam, but appears this message ClamAV update process started at Tue Nov 8 10:26:12 2005 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.87 Recommended version: 0.87.1 DON'T PANIC! Read http://www.clamav.net/faq.html What's happening, because I update the system: clamav-0.87-1.fc5 clamav-update-0.87-1.fc5 clamav-data-0.87-1.fc5 clamav-lib-0.87-1.fc5 I'm read the http://www.clamav.net/faq.html, but not found any solution. Thanks any help, Clóvis 1. Don't top post. 2. Looks like he did update to 0.87-1 but not successfully. 3. What is fc5 A typo? Or am I that far out of date? 4. I think he is confusing signature update with package update. 5. I'm confused. It's been a lng day. Cheers Bill 2) No he didn't update. 0.87-1 is not the same as 0.87.1... 3) FC5 is the development version of Fedora http://fedora.redhat.com ... He needs to really tell someone on the fedora-development list that the packages are out of date now. This is a normal WARNING that happens often when the version of clamav updates. Double Cheers, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDcKsQkNLDmnu1kSkRA7hoAJ4m+3xFJ413a0VJPRX4B5uDzDadywCdFPhi O+1gheQKPRsuUV0SRxwNS2Q= =cLhh -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] INFO: clamav-0.87.1 pacakges for FC-4
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Krištof Petr wrote: Hello all, there is new version of FC-4 packages. They are on testing repository http://crash.fce.vutbr.cz/crash-hat/testing/4/clamav/ because the one big change was did from previous build. New sub-package clamav-db was introduced. This package is not needed to install, because main package clamav downloads actual updated virus db from net after installation via freshclam program. The primary target of this step is saving of bandwith and network infrastructure. Size of virus db grows up rapidly and users with freshclam updated systems dont need to install the same data once again from clamav package. (Look at discussion a year back about on list.) If nothing breaks really hard, I will move new build to standard repository on Monday 12:00 GMT. Regs Petr ___ http://lurker.clamav.net/list/clamav-users.html Petr, Hi. The only problem I see with the change is that users who don't already have a database loaded on their system will need to download and install the db package first before installing the main clamav packages. Unless maybe you force the freshclam to download the updates before starting the other services... but, this also takes up bandwidth and resources. Maybe it would be better to look into compressing the databases somehow. Having a run-time decompresser to extract the information from the database as the application needed them. Just some random ideas, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDb15HkNLDmnu1kSkRAxpqAJsEfMUcc/99jDlzhqOSIiaq8U+uJwCfQAJX UWOfrGKvy/6zkU7/nStFvVg= =g3cB -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem: clamd dead but subsys locked
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Nauman wrote: Hi All, i Have Been experiencing this Problem , a couple of times , but this time its STUCK . I wanna trace out this problem , if any one of you could HELP , it would be so nice of you in advance . I have searched on this on google as well , but No solution found . I had clamAV running perfectly with Sendmail 8.13 and MIMEDefang ( ALL Latest Version) I have builded this Mail Server on Fedora Core 3. Few Days Back i Installed its Web Viewer ( OPENWEBMAIL ) and that too was working fine until Today i just switched on the machine and found this error, i re-compiled my sendmail.cf , and even my sendmail making sure that there is nothing extra then MILTER Support in the devtool/Site/site.m4 file . I m using MIMEDefang's user - defang as the user in clamd.conf which is as follows : ** clamd.conf LogSyslog User defang PidFile /var/spool/MIMEDefang/clamd.pid LocalSocket /var/spool/MIMEDefang/clamd.sock MaxThreads 5 MaxDirectoryRecursion 15 ScanMail FollowDirectorySymlinks FollowFileSymlinks StreamMaxLength 15M ScanArchive ArchiveMaxFileSize 15M ArchiveMaxRecursion 5 ArchiveMaxFiles 1500 * And My Sendmail.mc file looks like this : define(`confMILTER_LOG_LEVEL',`1')dnl INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m') *** The Machine Was Runing - and every thing was perfect : how can i trace this PROBLEM -- ANY HELP ? Further more - if Any of You are Using SMTP AUTH - can i know which way is the best to Apply !! Regard, Nauman ___ http://lurker.clamav.net/list/clamav-users.html Nauman, (1) Be careful about the user setting in ClamAV. (a) Check the permissions on your antivirus databases for clamav? (b) If needed, change the user for freshclam.conf. (c) Restart all applications after fixing the problem. Good Luck, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDb2XwkNLDmnu1kSkRA4UUAJ0ViuV6YjRSktzQDvFXRsx8tI8VBwCfaRiw E2AmEORcILQIcmraz+sRRcE= =bv2V -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] INFO: clamav-0.87.1 pacakges for FC-4
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Tomasz Kojm wrote: On Mon, 07 Nov 2005 09:01:43 -0500 James Kosin [EMAIL PROTECTED] wrote: Maybe it would be better to look into compressing the databases somehow. Having a run-time decompresser to extract the information from the database as the application needed them. The databases are already compressed. -- ___ http://lurker.clamav.net/list/clamav-users.html Ok, remove foot from mouth and apologize. Sorry, it was too early in the morning for me to properly comment. I'm better now that I've had my cup of coffee... James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDb3c2kNLDmnu1kSkRAzMcAJ9fzrDLC5I75ljLxLmhJbOf3Ps9WgCfRALG hytEaoyFfXcKXscEIz8ZEu0= =C14Q -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] INFO: clamav-0.87.1 pacakges for FC-4
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Krištof Petr wrote: James Kosin wrote: The only problem I see with the change is that users who don't already have a database loaded on their system will need to download and install the db package first before installing the main clamav packages. Unless maybe you force the freshclam to download the updates before starting the other services... but, this also takes up bandwidth and resources. I like to give freedom to user to choose his way. a) He can install clamav-db and then this sub-package will be upgraded each time via yum when new packages are released, even the virus db is actual by freshclam. This is the vaste of bandwith what Im talking about. b) He can install the main packages only, then updated virus db manualy and start freshclan to keep data actual. I will try to improve main package's post-install script to get up-to-date db from net after intial installation. Regs Petr ___ http://lurker.clamav.net/list/clamav-users.html Petr, You could test for the existence of the file and run freshclam if the file does not exist. I think the directory still needs to be part of the install if not present; I'm not sure how freshclam will respond. If you need any help; I can try a few test builds of the packages I've created from your original ones for FC1 long ago. I've had to do a few modifications myself; because I have the installation running as a split user. Clamd running as root for samba-vscan / etc and freshclam running as clamav. This causes it's own problems, that I've worked out to some degree. Thanks, James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDb3mlkNLDmnu1kSkRA+tfAJ9f07lEpQTXsfVu494mumMk3tmhwwCghI0c AmVvtDfHcEvoB9sCO9fmR6w= =Do6A -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] main.cvd corrupt?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 See Kar Leong wrote: Dear All, I'm using clamav with qmail-scanner, I found out my qmail not sending email today, and in the qmail-scanner log file, there is some error log. Fri, 21 Oct 2005 10:29:40 +0800:3251: --output of clamscan was: LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: MD5 verification error ERROR: MD5 verification error -- 21/10/2005 10:29:40:3251: error_condition: X-Qmail-Scanner-1.20: clamscan: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50 I run freshclam at that time but it display a normal output. ClamAV update process started at Fri Oct 21 10:29:52 2005 main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 1145, sigs: 1175, f-level: 6, builder: diego) I need to remove the main.cvd and update again to solve the problem, the output is. ClamAV update process started at Fri Oct 21 10:30:51 2005 Downloading main.cvd [*] ERROR: Verification: MD5 verification error Trying again in 5 secs... ClamAV update process started at Fri Oct 21 10:31:40 2005 Downloading main.cvd [*] ERROR: Verification: MD5 verification error Trying again in 5 secs... ClamAV update process started at Fri Oct 21 10:32:11 2005 Downloading main.cvd [*] main.cvd updated (version: 34, sigs: 39625, f-level: 5, builder: tkojm) daily.cvd is up to date (version: 1145, sigs: 1175, f-level: 6, builder: diego) Database updated (40800 signatures) from database.clamav.net (IP: 203.16.234.78) Is anyone face this problem before? or is it my hardware to old? PII,128MB,4GB HDD. Regards, karleong ___ http://lurker.clamav.net/list/clamav-users.html What version of ClamAV are you running? James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDWN9okNLDmnu1kSkRAwMEAJ99oWta2KVYmRJBkTiEcSaHOoGBRwCcDw4C SahsXojfIk+TvUJf/neegs4= =xZgM -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAntivirus NOT detecting viruses
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Stephen Cheboi wrote: | Hi there, | I have clamantivirus installed in my server, but recently a virus | [EMAIL PROTECTED] infected some pcs on my network. | I have gone through the clamav.conf file and everything looks fine. | How can i change this file to enable scanning of e-amail files | before sending to user mailboxes. | Will appreciate any assistance. | | Thank you. | Stephen | | ___ | http://lurker.clamav.net/list/clamav-users.html Look at setting up clamav-milter. James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPTYMkNLDmnu1kSkRAylkAJ9oZo2xKNLxLi30bkvj+w7eHhtruwCfauy2 Y30FKJZRj9tC/m1cgCHT3rU= =m1OZ -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Elizabeth Schwartz wrote: |Mine's doing the same. Solaris 9, clamav 0.87, blastwave build. I took a |look with truss and it seems to be looping doing this over and over and over |(I don't se any values changing here): | | |/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0 |/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0 |/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0 |/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 |/2: fstat64(7, 0xFEEFBD00) = 0 |/2: fcntl(7, F_SETFD, 0x0001) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 208 |/2: stat(/opt/csw/share/clamav/main.cvd, 0xFEEFBDF8) = 0 |/2: stat(/opt/csw/share/clamav/daily.cvd, 0xFEEFBDF8) = 0 |/2: getdents64(7, 0x0196E678, 8192) = 0 |/2: close(7) = 0 |/2: open(/opt/csw/share/clamav, O_RDONLY|O_NDELAY|O_LARGEFILE) = 7 | |my clamav-milter flags: | |-q -lo --timeout 0 /opt/csw/share/clamav/clmilter.sock |--sendmail-cf=/opt/csw/et |c/mail/sendmail.cf |___ |http://lurker.clamav.net/list/clamav-users.html What version of the kernel are you running? If you kill clamav-milter does the usage go down? I'm using Fedora FC1 with no problems. CLAMAV_FLAGS= --quiet \ ~--dont-wait \ ~--timeout=0 \ ~--force-scan \ ~--dont-log-clean \ ~--server=localhost \ ~--sign - --signature-file=/etc/mail/clamav/clamav-signature \ ~--pidfile=/var/run/clamav/clamav-milter.pid \ ~local:/var/run/clamav/clamav-milter.sock \ ~ I have heard some of the newer kernels having problems with CPU usage But that may be fixed with the latest 2.6.13 or 14 releases. James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOxGdkNLDmnu1kSkRAwK8AJ0dqF2wj08y+pu6J7Iuzf8pSAyKZACfSTy6 f4J+ft+qPryqdvvrly9hna4= =n73s -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav-milter CPU usage
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Brian Riffle wrote: | | | Interesting... looks to me like the watchdog thread is stuck in a | tight loop. It's *supposed* to do that check when: - the milter | goes idle - there are no free servers available - once every | readTimeout-1 seconds | | Any chance you put ReadTimeout=0 or ReadTimeout=1 in your | clamd.conf? The milter only makes sure it's non-negative, not | that it's greater than 1. (This is probably a bug, though I | haven't thought about it enough to be sure, so I'll leave that to | Nigel.) | | | I am running Redhat EL3 with kernel 2.4.213.32.0.1. I just changed | the ReadTimeout =5 (was at 0) and that seems to have done the | trick.. | | The config file says that 0 disables the timeout, so I had it | there. Thank you for your help.. And thanks Elizabeth for being so | quick with the trace.. I had just started it when you had posted | it. Mine had the same loop.. | | Thanks, Brian | Maybe it needs to check that ReadTimeout - 1 is non negative. I bet if it is negative, it is suppose to not-timeout and non-negative delays (waits) that many seconds before timing out. James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOxQnkNLDmnu1kSkRAyGOAJ9P4QhW24uPhzTEzVWn5ho1mWI0XgCfX7l3 BBHFuBkrFX5xnAOVXZRQNqw= =xtjD -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Issues with ClamAV and RedHat Enterprise 2
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 David Shows wrote: | Morning all, | | My version of ClamAV .85 has become outdated and I need to upgrade. |Unfortunately I get error messages when I try to use RPM to upgrade because |of incompatibilities with zlib packages. I have not tried to ignore the |issues and force an install, but running out of ideas. | | Anyone upgrade with RedHat yet and solve the RPM issues? Would like to |know how you solved them. | |Thanks much, | |David Shows |MegaGate Broadband | | | Depends, If you have the latest RPMS from RedHat that fix the major important security issues, than most likely you can ignore the error and force the issue or compile the source with the flag that skips the ZLib version check. RedHat has a tendency to just patch the security vulnerability and just increment the package number without changing the major version number of the package. If you don't have the latest from RedHat, then please update to the latest and again ignore the problem and force the issue. It would be interesting to find out where you are getting the clamav RPMs for this version of RedHat. James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDOWS5kNLDmnu1kSkRAx1OAJ9iMCzjJ6uUl2kWzNXy/pOT/m/BBACeJ5D9 hNoi+OQ1XnZHC4lyI4lyhJE= =aDin -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter nscd problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Apostolos Papayanakis wrote: |Last month I started getting 10-20 random clamav-milter segfaults |each day. The load is a few tens of thousand scans daily. | |The very same clamav-milter segfaults can also be induced |persistently by clmilter_watch. That was a surprize to me, because |clmilter_watch is only a health monitoring utility for the clamav-milter |daemon (see http://www.itg.uiuc.edu/itg_software/clmilter_watch). | |On a completely quiet system when tested with clmilter_watch, the |segfaults happen only when using nscd (name service cache daemon) which |comes as a part of glibc (v2.3.5). This means that if I just pkill nscd |then the problem vanishes, but if I have nscd running, restart clamav-milter, |then probe it with clmilter_watch, clamav-milter segfaults immediately. | |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_eoh |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_envbody: 4756 bytes |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_eom |Aug 8 22:07:30 alpha clamav-milter[13116]: j78RCJ7TXH930484: clean message from |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_close |Aug 8 22:07:30 alpha clamav-milter[13116]: Segmentation fault :-( Bye.. | |I have enabled debug code and modes and then tried to strace the |problem, with limited results. It seems that clamav-milter segfaults right |after reading from the nscd socket a hostname resolution result (for |localhost.localdomain), and before anything else. It maybe a glibc problem |as there was a glibc upgrade last month indeed. | |Here are the command lines used: | |/usr/sbin/clamav-milter --debug --max-children 150 --force-scan - --timeout=0 --quiet --local inet:33100 |/noc/scripts/nst/clmilter_watch -L /dev/null -s 43210 -t 5 # monitor of clamav-milter | |Here are the options from /etc/clamd.conf | |LogClean |LogSyslog |LogVerbose |PidFile /var/run/clamav/clamd.pid |TemporaryDirectory /var/tmp |LocalSocket /var/run/clamav/clamd.sock |FixStaleSocket |StreamMaxLength 20M |MaxThreads 150 |User clamav |Foreground |Debug |DetectBrokenExecutables |ScanRAR | |I am currently in the process of testing with a previous version of |glibc, just in case I have hit a new bug, but this will take time. Does any |body else have another hint? | I had a simular problem. That seemed to be fixed with the latest ZLib libraries: ~http://www.zlib.net I would get errors from clamav-milter looking something like the following: ~Aug 5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter (clmilter): local socket name /var/run/clamav/clamav-milter.sock unsafe ~Aug 5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter (clmilter): to error state (1) What platform are you using? Debian, Redhat, Fedora, Gentoo? Good Luck, James Kosin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+KxAkNLDmnu1kSkRAnLNAJ0VFBCueEfieCuHzn7H6xRGN4avmACeNbAC o72K07OSDcrXwzzHv7X8EpU= =QVey -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: clamav-users Digest, Vol 10, Issue 26
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dawson wrote: | My problem is probably very simple for all the | experts out there but has stumped me | | my freshclam.og is in /var/log | | I set the ownership to clamav | | It gets reset to root and then prevents the | program from running. You can see what happens: | | [EMAIL PROTECTED] public_html]# freshclam | ERROR: Can't open /var/log/freshclam.log in append mode (check | permissions!). | ERROR: Problem with internal logger. | [EMAIL PROTECTED] public_html]# ls -la /var/log/freshclam.log | -rw--- 1 root root 2528 Jul 25 12:51 /var/log/freshclam.log | [EMAIL PROTECTED] public_html]# chown clamav.clamav /var/log/freshclam.log | [EMAIL PROTECTED] public_html]# freshclam | ClamAV update process started at Fri Jul 29 11:39:35 2005 | WARNING: Your ClamAV installation is OUTDATED! | WARNING: Local version: 0.86.1 Recommended version: 0.86.2 | DON'T PANIC! Read http://www.clamav.net/faq.html | main.cvd is up to date (version: 33, sigs: 36102, f-level: 5, | builder: tkojm) | Downloading daily.cvd [*] | daily.cvd updated (version: 997, sigs: 1055, f-level: 5, builder: | arnaud) | Database updated (37157 signatures) from db.us.clamav.net (IP: | 38.136.139.7) | | How can I fix this? | ___ | http://lurker.clamav.net/list/clamav-users.html | Are you using an RPM to update clamav? Does clamd run as root (for samba-vscan module)? Did you recently update to clamav 0.86.1, and not checked your logfiles? Sorry for all the questions; but, clamav has evolved over the past few versions where the permissions of the logfiles / directories / etc has changed. And many of them can cause problems if the RPMs have not been setup to handle the change properly. One version I packaged, did that on me and I quickly got a new one out. Since I've even changed the spec file a bit to handle my special case of needing to run clamd as root... and keep everything else running as clamav user for database updates and such. I've now gotten in the habit of checking these things more now James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6pUwkNLDmnu1kSkRAv7rAJwIcX+/n50MIbyUNJUyNqYUAPTUDwCfR611 ugGpUEE28IH/rGuQ5LbCXEo= =PH9F -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html