RE: [Clamav-users] Secondary relayhost option?
On Mon, 2005-07-11 at 10:09 +0700, Saran Toochinda wrote: Hi, I have set up postfix as a gateway mail relay on a linux box at our office. This gateway only connect to the internet during office hours and has no DNS record anywhere. Initially I configure it to send mail directly to the internet without using any intermediate host. It's work fine for most of our client's mail servers. However, some of them refuse our mail because it can't find reverse DNS records of our mail gateway. So I have to use relayhost for these client's (using transport_maps). I used to use 'MDaemon' mail server on W2K machine, it has a nice option saying that 'delivery undelivered mail to this host if it can't directly send for any reason'. If you do not have DNS entries for your mail server because your host addresses change then contact your ISP about using one of their mail servers. If you have a static address for the mail server I would suggest that you put an entry in DNS. It does not need to be a MX record (if it only sends mail) and it does not need to say anything other than host123.abc.com. The mail relay server simply needs to announce the name to the systems it connects. Set the host name in the postfix main.cf file to be the same as the DNS record. myhostname = host123.abc.com # You MUST specify $myhostname at the start of the text. That is an # RFC requirement. Postfix itself does not care. # smtpd_banner = $myhostname MAILRELAY NO UCE ESMTP John ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Clamav 0.86 for REDHAT 9
However, have you tried just downloading http://crash.fce.vutbr.cz/crash-hat/1/clamav/clamav-0.86.1-1.i386.rpm and installing that? What is the problem really? -Jim You can also install apt and then configure it to install ClamAv from the dag repository or just get the RH9 package from dag and install. http://dag.wieers.com/packages/clamav/ http://dag.wieers.com/home-made/apt/ ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] ClamAV on Exchange 200x
Depending on your active directory structure it is relatively simple to grab the exchange users so your mail relay can make this decision before passing the mail on to the exchange server. You may need to work on the script a little to pull aliases and mail forward info. Check out this link: http://www-personal.umich.edu/~malth/gaptuning/postfix/ John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bart Silverstrim Sent: Monday, June 20, 2005 5:50 AM To: ClamAV users ML Subject: Re: [Clamav-users] ClamAV on Exchange 200x On Jun 17, 2005, at 3:01 PM, Patrick Andry wrote: Does Exchange 2000 still accept mail for non-existent users, as it does for 5.5? Unless there's a feature/setting I'm missing, yes it does. ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Re: How to Filter Spam Mails
hai Does any one know how to filter mails using clamAV milter using with sendmail I don't want to use spamassassin it will only mark as junk I don't want to send it to users i want to move it to a perticular mail box thanks Look at the following document on integrating amavis-new. Amavis-new gives you control of how the mail is processed and what to do with it after spam, viruses are detected. http://www.ijs.si/software/amavisd/README.milter.txt http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Use of ClamAV 0.83 on Red Enterprise Linux 3
Am I missing anything important? Thanks in advance... Edward W. Ray CISSP, MCSE 2003+Security, P.E. GCIA, GCIH NetSec Design Consulting I would install postfix and remove sendmail (use apt or yum) get the apt rpm from dag it will make things much easier. ftp://rpmfind.net/linux/dag/redhat/el3/en/i386/dag/RPMS/apt-0.5.15cnc6-3.1.e l3.dag.i386.rpm Then install Amavisd, spamassassin, razor from dag apt-get update apt-cache search amavis apt-get install amavisd clamd spamassassin razor download and compile dcc http://flakshack.com/anti-spam/wiki/index.php?page=Installing+DCC You can install most of this from RPMS on DAG using apt and it works without much needing to be done. For detailed configuration help on some of this check out http://www.flakshack.com/anti-spam/wiki/index.php. Modify postfix: #vi /etc/postfix/main.cf Read and uncomment the basic postfix config items(mydomain, mynetworks) Add the following line: content_filter=smtp-amavis:[127.0.0.1]:10024 #vi /etc/postfix/aliases Set the alias for root. #vi /etc/postfix/master.cf #ADD THE FOLLOWING smtp-amavis unix - - n - 3 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes Restart postfix: service postfix restart Turn on the applications: #chkconfig amavisd on #chkconfig clamd on #chkconfig postfix on #vi /etc/mail/spamassassin/local.cf report_safe 0 use_bayes 1 bayes_path /var/amavisd/.spamassassin/bayes skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 0 dns_available yes header LOCAL_RCVD Received =~ /.*\(\S+\.domain\.com\s+\[.*\]\)/ describe LOCAL_RCVD Received from local machine score LOCAL_RCVD -50 #vi /etc/amavis.conf Modify how you want to handle spam, virus mail $mydomain = 'yourdomain.com' $virus_admin = [EMAIL PROTECTED]; # notifications recip. $spam_admin = [EMAIL PROTECTED]; # notifications recip. $mailfrom_notify_admin = [EMAIL PROTECTED]; # notifications sender $mailfrom_notify_recip = [EMAIL PROTECTED]; # notifications sender $mailfrom_notify_spamadmin = [EMAIL PROTECTED]; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_BOUNCE; $final_bad_header_destiny = D_BOUNCE; Restart everything and test. ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Using ClamAv with IDS Solution
I have a IDS system (snort) monitoring all connectivity on the inside and outside of my firewall. Has anyone captured a data stream using Snort or tcpdump and processed it through ClamAv? John ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Clamav Install RH7.3
On 28 Feb 2005 10:50:05 -0500 in [EMAIL PROTECTED] Stoffel Bester [EMAIL PROTECTED] wrote: I get libgcc1-3.2.2-3 gcc-cpp-3.2.2-3 Then you need to install the gcc-3.2.2-5 package for RH 7.3, it will be on the CDs or you can have a look at rpmfind.net or similar sites for it. FYI, my RH 9 box gives the following list: gcc-c++-3.2.2-5 gcc-3.2.2-5 compat-gcc-c++-7.3-2.96.118 libgcc-3.2.2-5 gcc-g77-3.2.2-5 compat-gcc-7.3-2.96.118 gcc-objc-3.2.2-5 gcc-java-3.2.2-5 Most of the extras you may not need, but sometimes they're useful if building source from other places. -- Brian Morrison You may want to try the following: Install the apt application for the 7.3 distro from www.freshrpms.net. (http://ftp.freshrpms.net/pub/freshrpms/redhat/7.3/apt/apt-0.5.5cnc5-fr0.rh7 3.2.i386.rpm) Run the following: apt-get update Check to see what packages are available: apt-cache search gcc Install the packages make sure these were listed in the output above: apt-get install gcc gcc-c++ compat-gcc-c++ gcc-g77 compat-gcc gcc-objc gcc-java While your at it you may want to run the following to see what packages are out of date on your system: apt-get upgrade Last you could look on this site and see if they have what you need (http://dag.wieers.com/home-made/apt/, http://apt.sw.be/). Edit the /etc/apt-sources.list to include the dag repository and use the apt-cache search command to search the packages (clamav, amavis-new...) John Gallagher ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] No announcement of 0.83 on clamav-announce ML
Your right 99.% of the people using computers are not Unix Admins. But they sure have an impact on the amount of traffic generated by infected systems sending email. While I agree that you should not hold up any code just so you can do a release across the board. In the long run we all benefit when the software is easy to install and maintain for all types of users. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Grau Sent: Wednesday, February 16, 2005 6:35 AM To: ClamAV users ML Subject: Re: [Clamav-users] No announcement of 0.83 on clamav-announce ML Piggy-backing: Maybe they could stick a broom up their bum and sweep the floor at the same time, too. Dayum, guy - this stuff is free. Get off your butt and build your own binaries - hell, it takes maybe 10 minutes, is repeatable, and you get all the credit. Don't even suggest they put my Solaris source builds in limbo until all the weenies have their little rpm's all bundled up, ribboned, bowed, and ready for a point and click install. This is not rocket science - rocket science is loud and makes smoke trails. Y'all are giving Unix a bad name. dp I'll second that. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Phishing Questions
The more tools that you have the likelihood of filtering it out increases. Just because I run ClamAv on the mail exchanger does not mean I do not run AV on our Exchange server and all of our desktop machines. Firewalls can do IDS functions, AV applications for the desktop are now including Anti Spam functions, by default outlook now has Junk Mail options. My point is that most people layer these things together to provide a comprehensive solution. If ClamAv processes the message first and kills it before passing it on the anti spam application. Why would this be a bad thing? John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BitFuzzy Sent: Thursday, January 27, 2005 9:36 AM To: ClamAV users ML Subject: Re: [Clamav-users] Phishing Questions You know, this gets old real quick! Back when this debate first started (around November or so) I never thought it would stop. In November I decided to do 2 things 1 log what virus's were being caught, where they were going, and what virus was detected. Out of 446 detected viruses, 167 were phishing attempts. How can stopping 167 attempts to defraud be looked at as a bad thing regardless of what stopped it. ClamAV detects them, and I for one am very happy that it does. Keep up the great work guys!! ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] /root/clamav-0.80: Access denied. ERROR whiletesting clamav
ads nat wrote: Does this error means that everything is O.K. OR I have to do something to get rid of this error. If I have to get rid of this error, Please guide me how it can be done. All the error means is that user/group clamav has no read/write access to that file/directory. It does not mean there is a problem with the file itself. That is what the access denied error is telling you. If you want to scan files in directories which the clamav user/group does not have permissions for, use clamscan as a user with relevant permissions. Matt [EMAIL PROTECTED] root]# clamdscan -l scan.txt /root/clamav-0.80/test /root/clamav-0.80/test: Access denied. ERROR I have the same issue, I can NOT run clamscan with out the -d option and giving the directory of the data base. clamscan -l scan.txt -r /tmp/clamav-0.80 -d /var/lib/clamav/ Shortly after installing the application I did the test and it worked perfectly. For what ever reason it looks like it has some variable inserted in front of the true path (like it thinks it is in a chroot jail). I would have to test but I think it stopped after I edited /etc/clamd.conf and /etc/freshclam.conf files and entered the following line: DatabaseDirectory /var/lib/clamav I know the application is working and so is freshclam: #freshclam ClamAV update process started at Fri Dec 3 11:05:57 2004 main.cvd is up to date (version: 28, sigs: 26630, f-level: 3, builder: tomek) daily.cvd is up to date (version: 614, sigs: 1293, f-level: 3, builder: tomek) # John Gallagher __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] /root/clamav-0.80: Access denied. ERRORwhiletesting clamav
John Gallagher wrote: I have the same issue, I can NOT run clamscan with out the -d option and giving the directory of the data base. The issue you are having is due to changing the location of the database dir from that which clam was compiled with. clamscan -l scan.txt -r /tmp/clamav-0.80 -d /var/lib/clamav/ Shortly after installing the application I did the test and it worked perfectly. For what ever reason it looks like it has some variable inserted in front of the true path (like it thinks it is in a chroot jail). I would have to test but I think it stopped after I edited /etc/clamd.conf and/etc/freshclam.conf files and entered the following line: DatabaseDirectory /var/lib/clamav I know the application is working and so is freshclam: Freshclam and clamd both find the database path from their respective config files. Clamscan relies upon the compiled database path. Matt ++ Thanks! I was following a howto doc which told me to place the database in /var/lib/clamav/ and then change the conf files. I suspect others have done it exactly the same way. I made the following changes and it fixed the problem: locate cvd |grep clam /var/lib/clamav/main.cvd /var/lib/clamav/daily.cvd /usr/local/share/clamav/main.cvd /usr/local/share/clamav/daily.cvd #cd /usr/local/share #mv clamav clamav.old # ln -s /var/lib/clamav/ clamav #chown clamav:clamav clamav # clamscan -r /tmp /tmp/clamd.log: OK /tmp/scan.txt: OK /tmp/kde-jgallagh/ksycocastamp: OK /tmp/kde-jgallagh/ksycoca: OK /tmp/kde-root/ksycocastamp: OK /tmp/kde-root/ksycoca: OK /tmp/mcop-jgallagh/secret-cookie: OK /tmp/ksocket-root/KSMserver__0: OK /tmp/mcop-root/secret-cookie: OK /tmp/mcop-root/Arts_MidiManager: OK /tmp/mcop-root/Arts_SoundServerV2: OK /tmp/mcop-root/Arts_SoundServer: OK /tmp/mcop-root/Arts_SimpleSoundServer: OK /tmp/mcop-root/Arts_PlayObjectFactory: OK /tmp/mcop-root/Arts_AudioManager: OK /tmp/.X0-lock: OK [EMAIL PROTECTED]: OK [EMAIL PROTECTED]: OK --- SCAN SUMMARY --- Known viruses: 27923 Scanned directories: 22 Scanned files: 18 Infected files: 0 Data scanned: 1.06 MB I/O buffer size: 131072 bytes Time: 1.247 sec (0 m 1 s) # ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users