[Clamav-users] Virus Submission turnaround
All, I submitted a virus sample on Aug 6th in the morning to both the Clamav team and McAfee. The scary part was that Microsoft defender detected it as a virus / malware. It took McAfee between 24 and 36 hours to respond that is was in there dat file (released hours before the notice was sent to me). Today, the clamav team finally updated the defs (7 days later Update (daily: 9692))to support detecting this virus :( and incompletely at that ! As you see below, the original email file (106226. base 64 encoded) and the zip file extracted are detected. The executable is still not detected as a virus ! Why did it take so long ?? 106226.: Suspect.Bredozip-zippwd-1 FOUND UPSNR_32be958a.zip: Suspect.Bredozip-zippwd-1 FOUND UPSNR_32be958a.exe: OK --- SCAN SUMMARY --- Known viruses: 608668 Engine version: 0.95.2 Scanned directories: 5 Scanned files: 6 Infected files: 2 Data scanned: 0.04 MB Data read: 5.88 MB (ratio 0.01:1) Time: 11.062 sec (0 m 11 s) -- Ken Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Question about detection
All, recently I received an email with an attachment. The nature of the email indicated it was a virus / trojan. It had made it past both clamav and mcafee. Shortly after, mcafee started detecting it. I submitted it to clamav. During this course, I saved the email, the zip, and extracted the zip. Now, I scan all 3 items, the original email, the saved zip, and the extracted exe (from the zip). Only the email is detected as having a virus . Is this normal ? Is this expected ? I would expect all 3 to be detected. -- Ken Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Issue with Solaris 10 Sparc edition and .93
All, After building and installing the new .93 version I am having an issue with the milter. usually after starting up clam process (freshclam, clamd, and clamav-milter), the entry in the logs looks like this: X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on host After freshclam has updated the definitions the first time, the line looks like this: X-Virus-Scanned: ClamAV 0.93/6862/Mon Apr 21 07:26:20 2008 on host Now, it is never changing. it just shows the app version(s). I have also built it on RH5, and it is working as expected. I am at a loss at to where to start debugging. The fresh clam logs show it's updating the db, clamd -V shows: ClamAV 0.93/6979/Mon Apr 28 09:01:56 2008 And clamv-milter is detecting virus' Here is how I start the process' echo Starting freshclam freshclam -d -c 24 sleep 5 echo Starting clamd clamd STREAM sleep 2 echo Starting clamav-milter clamav-milter -lo --pidfile=/var/run/clamd/clamav-milter.pid --timeout=0 --max-children=50 --from --headers -p [EMAIL PROTECTED] .com -Q clamav /var/run/clamd/clmilter.sock Here is my configure options: ./configure --prefix=/usr/local/clamav \ --enable-milter \ --mandir=/usr/local/man \ --with-libgmp-prefix=/usr/local \ --with-libbz2-prefix=/usr/local Thanks for any help -- Ken Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav-milter in .90 source
Why is the version of the milter this: #define CM_VERSION devel-120207 -- Ken Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Compiling 0.90rc3 on Solaris 10 x86
If memory serves me, mv /usr/ccs/bin/ld /usr/ccs/bin/ld.sun This will cause you to use the gnu linker in place of the sun linker. - Ken On Tue, February 6, 2007 14:15, Jonathan Armitage wrote: I am trying to compile rc3 on a Dell PC running Solaris. After successfully running ./configure --with-user=exim --with-group=exim, the make fails with the following error: gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o options.o clamscan.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.so -lz -lbz2 -lpthread -lsocket -lnsl -Wl,--rpath -Wl,/usr/local/lib ../libclamav/.libs/libclamav.so: undefined reference to [EMAIL PROTECTED]' ../libclamav/.libs/libclamav.so: undefined reference to [EMAIL PROTECTED]' ../libclamav/.libs/libclamav.so: undefined reference to [EMAIL PROTECTED]' ../libclamav/.libs/libclamav.so: undefined reference to [EMAIL PROTECTED]' ../libclamav/.libs/libclamav.so: undefined reference to [EMAIL PROTECTED]' ../libclamav/.libs/libclamav.so: undefined reference to [EMAIL PROTECTED]' ../libclamav/.libs/libclamav.so: undefined reference to [EMAIL PROTECTED]' collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `clamscan' I have successfully compiled 0.88.7 and RC1 on this machine in the past. While I am by no means an expert, it seems to me that a library is missing or misplaced. Does anyone have a clue where I should look? Thanks, Jon ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 0.92rc2 not updated with new virus db?
On Fri, November 10, 2006 08:57, Christopher X. Candreva wrote: On Fri, 10 Nov 2006, zamri wrote: I use clamav 0.90rc2 and my friend uses clamav 0.88.5 (the latest stable). Just now, after I ran freshclam, i run clamdscan for a worm. His could detect it as worm and mine didn't. Why is that? It would be helpful to state what platform and what worm. IE, I have an open bug report of a particular worm not being found on the Solaris/Sparc platform. See https://wwws.clamav.net/bugzilla/show_bug.cgi?id=89 = Access Denied You are not authorized to access bug #89. Please press Back and try again. = == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 0.92rc2 not updated with new virus db?
On Fri, November 10, 2006 09:33, Christopher X. Candreva wrote: On Fri, 10 Nov 2006, Ken Jones wrote: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=89 Access Denied You are not authorized to access bug #89. I think the clam Bugzilla require you to have an account and be logged in to watch bugs. I do have an account I even have open reported bugs that I am working on with the developers :) (ok, I've reported and they are trying to fix) == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Building 90rc2 on Solaris 10
All, I have run into a problem building 90rc2 on Solaris 10 x86. The error is in clamav-milter/clamav-milter.c If I define SESSION, I get the following: clamav-milter.c: In function `main': clamav-milter.c:1287: error: invalid operands to binary != clamav-milter.c: In function `clamfi_eom': clamav-milter.c:3482: warning: passing arg 2 of `smfi_addrcpt' discards qualifiers from pointer target type clamav-milter.c:3523: warning: passing arg 2 of `smfi_addrcpt' discards qualifiers from pointer target type clamav-milter.c: In function `clamfi_free': clamav-milter.c:3780: error: structure has no member named `cmdSocket' If I don't define SESSION, it builds fine. Thanks -- Ken Jones [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] protection
On Tue, July 26, 2005 10:35, Bob Hutchinson wrote: On Tuesday 26 Jul 2005 13:03, Daniel J McDonald wrote: On Tue, 2005-07-26 at 15:55 +0400, Mad Unix wrote: How can I make sure that my clamav protection working correctly ? http://www.webmail.us/testvirus That sends 30 or so variations on the eicar virus to your mail system. There are two or three that should pass (I think it's 17 and 18, but it has been a while). If any others make it through, you've done something wrong. Just tried this, using clamv v 0.86.2, daily cvd v 993 It let test No 27 through, but nothing else I just went to the site (Tuesday morning, 11:30am eastern) and there are tests 1-26, but NO 27 .. What is test 27 that it let through ? While I was at it, I tested Kasperky AV against the same tests and it let No 27 through too. GPL is doing just fine here :-) -- - Bob Hutchinson Midwales dot com - ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav 0.86.1 and devel: MSCAB: libmscab error code: 8
On Thu, July 14, 2005 11:59, q# wrote: Hi, I've found in my squid log CAB[1] file which clamav can't unpack properly. Tested on stable (0.86.1) and devel (20050714). When cabextract'ed this file clamav finds trojan properly. I downloaded and extracted to my XP box. On there, with the latest McAfee, there is nothing detected in either the cab or uncompressed files. Upon moving to unix and scanning, clamscan detects Trojan.Clicker.Adpower-3. So, is it truely a trojan or a false positive ??? - Ken References 1. http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB -- best regards q# ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] undefined reference to `smfi_opensocket'
On Thu, June 2, 2005 08:08, Troy Ayers wrote: Damian Menscher wrote: On Wed, 1 Jun 2005, Troy Ayers wrote: When compiling the latest snapshot of clam I too get clamav-milter.c:1573: undefined reference to `smfi_opensocket' I just built 85f on a solaris 9 x86 box without trouble grabbed the CVS an hour ago .. I have sendmail 8.13.3 (with libmilter support of course) My current version of clamav-milter is .82c Debian linux kernel 2.4.22 What did I miss? Uhh, 0.82c? You sure this was a recent snapshot? 0.85e has been out for several days now, and anything 0.82 is months out-of-date. Something smells fishy. Damian Menscher 82c is what I'm using currently using...and I'm *trying* to update to .85e (I did say when compiling the latest snapshot...). If I could get.85e to build I'd be using it, and not posting questions to the list. Sorry if I sound terse, I thought my original post was clear on that point. -Troy ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] zlib library issues @ [./configure]
On Fri, May 20, 2005 11:57, Thomas A. wrote: [Error received @ ./configure ] checking for zlib installation... /usr checking for inflateEnd in -lz... no configure: error: Please install zlib and zlib-devel packages Check the file config.log after running ./configure and see what the exact failure is. From the above, it's looking for function inflateEnd in the lib This is where ./configure fails, any suggestions for remedy? I've tried --with-zlib=DIR to no avail. -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Re: Re: zlib library issues @ [./configure]
On Fri, May 20, 2005 12:27, Thomas A. wrote: Below is the contents of my config.log. Seems as if a lot of variables are not being set correctly... Still no apparent anwser. - Original Message - From: Ken Jones [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Subject: Re: [Clamav-users] zlib library issues @ [./configure] Date: Fri, 20 May 2005 12:04:26 -0500 (CDT) Here is the Core Tests section of my FC2 config. This is just the top of it as it goes on for a long time ... It appears there is something wrong with your development environment .. ## --- ## ## Core tests. ## ## --- ## configure:1530: checking build system type configure:1548: result: i686-pc-linux-gnu configure:1556: checking host system type configure:1570: result: i686-pc-linux-gnu configure:1578: checking target system type configure:1592: result: i686-pc-linux-gnu configure:1663: result: creating target.h - canonical system defines configure:1807: checking for a BSD-compatible install configure:1862: result: /usr/bin/install -c configure:1873: checking whether build environment is sane configure:1916: result: yes configure:1981: checking for gawk configure:1997: found /bin/gawk configure:2007: result: gawk configure:2017: checking whether make sets $(MAKE) configure:2037: result: yes configure:2218: checking for gawk configure:2244: result: gawk configure:2300: checking for gcc configure:2316: found /usr/bin/gcc configure:2326: result: gcc configure:2570: checking for C compiler version configure:2573: gcc --version /dev/null 5 gcc (GCC) 3.3.3 20040412 (Red Hat Linux 3.3.3-7) Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. configure:2576: $? = 0 configure:2578: gcc -v /dev/null 5 Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.3/specs On Fri, May 20, 2005 11:57, Thomas A. wrote: [Error received @ ./configure ] checking for zlib installation... /usr checking for inflateEnd in -lz... no configure: error: Please install zlib and zlib-devel packages Check the file config.log after running ./configure and see what the exact failure is. From the above, it's looking for function inflateEnd in the lib This is where ./configure fails, any suggestions for remedy? I've tried --with-zlib=DIR to no avail. -- Ken Jones [ START config.log contents ] This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Sober.P sidebar topic
On Tuesday 17 May 2005 8:58 pm, Dennis Peterson wrote: Anyone noticing any increase in failed login attempts via ssh? I have and the timing associates well with the recent outbreak. Last night we saw the first password ssh scans against our machine. Looks like scanning for default accounts with passwords set to password Ken Jones inter7.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam AV allows e-mail from www.webmail.us/testvirus through?
On Tue, 2005-05-17 at 09:05 -0400, Douglas Ward wrote: I have recently installed Clam AV 0.85 and have downloaded the latest updates through freshclam. We are running this software on a new e-mail gateway server built with Postfix and Mandrake LE2005. Please excuse my ignorance as I am very new to this product. My question is that with clamd running as a process and freshclam telling me that the latest updates are loaded the test viruses sent from webmail.us are being allowed through. I believe that clamav is working as numbers 1-3, 6-12, and 13 were all blocked but the rest of the 27 files were allowed through. Am I missing something? Shouldn't clamav have a better detection rate than that? Should I be restarting the clamd process every time freshclam updates? Everything starts properly with no errors in either clamd.log or freshclam.log. Shouldn't clamav be intercepting all virus messages passing through the gateway? There is no local delivery on this server - everything is relayed to four internal mail servers. I re-read the documentation, faq's, and mailling list archives and didn't see much of help. Any assistance anyone can provide would be most welcome. On my system, only #24 and #25 make it through ... both of which don't have a test virus in them :) -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: [Clamav-virusdb] Update (daily: 822)
Not complaining, but am I the only one on the Clamav-virusdb list that received the notice 3 times ? - Ken -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Next release date
Is there any time frame for the next release stable release? Thanks Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] New Virus?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You shouldn't be allowing .exe's anyway ... Its common knowledge that .exe .com .bat .pif .scr are all not normal file transmissions. I would never ever allow a file extension from the listed above to ever be accepted as a attachment to a e-mail ... It should automaticly be denied at the mailserver scan engine -- this is most commonly a default feature turned on by defualt. Well, I disagree. That was Microsofts take as well when virus started moving around via email but in some cases they ARE normal. Jeffrey Kroll :: IT Coordinator :: PBOA Risk Services 941.955.0793 :: 1800 Second St. Suite 910 :: Sarasota, FL 34236 Ethernet (n): something used to catch the etherbunny -Original Message- From: Jeffry Bilder [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 1:17 PM To: ClamAV users ML Subject: [Clamav-users] New Virus? Just seen a virus come through, I dont know what email it was attached with, but it appears to run an executable called pserv.exe. I dont know if there are any others that are included as well, but has anyone seen this yet? Is there a removal tool? Google has no info on this virus. Thanks! I checked on google ... a few pages of files with the name pserve.exe ... If you think it's a virus, then submit it at the clamav site. Why do you beleive it to be a virus ? - Jeff ___ http://lurker.clamav.net/list/clamav-users.html - -- Ken Jones -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFCTEwVhmzY3eSPw9ERAtTRAJ9ZgDY5N8whMzj8BmOes75UGFNm5QCfVyCZ RkB5U3KDlfyqad5hU9MYzhw= =l7lp -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clam seems to be missing a virus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 29 Mar 2005, Tomasz Kojm wrote: On Tue, 29 Mar 2005 09:01:44 -0600 (CST) Sam [EMAIL PROTECTED] wrote: I don't want to sound like I'm complaining...I'm just reporting this in case it's something that should be looked at, and am trying to help. Obviously your installation is somehow broken. Obviously? It's catching other viruses, and even catches this one at times. I'm not quite sure how it would be kind of broken. (Would that be like being kind of pregnant?) I would think it would either work, or not (assuming virus definitions are up to date, which apparently mine are per freshclam's results). Is there some sort of known issue that I cannot find where clam could sometimes catch and sometimes miss a virus? My server is not at all busy (it runs abouit 95%+ idle most of the time.) As best I can tell, milter is running all the time (I have nothing in place to restart it if it dies). I'm sorry if I'm being a pain. I love clam, and am just trying to help :) Sam -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 ___ http://lurker.clamav.net/list/clamav-users.html - -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFCSYEGhmzY3eSPw9ERAr8bAJ9yjw4ZZiizbrIOaQRid1XKuJU2OgCfeZPN BeAn3Ot10uD3kevd0dwpAKw= =bT+G -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ERROR
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes I have update something in that file You NEED TO READ the documentation. At the top of BOTH configuration files is the following: # Comment or remove the line below. Example if you comment out or remove the libe that says Example the error will go away. - - Ken I have attached modified file Amin - Original Message - From: Nigel Horne [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Monday, March 28, 2005 4:45 PM Subject: Re: [Clamav-users] ERROR On Monday 28 Mar 2005 14:42, Amin Thakkar wrote: I have installed success fully ClamV. I went to directory /usr/local/bin and I gave command freshclam -d or /usr/local/bin/freshclam --quiet ERROR: Please edit the example config file /usr/local/etc/freshclam.conf. ERROR: Please edit the example config file /usr/local/etc/clamd.conf. I take it that you DID follow the instructions and edit those example config files before posting here, didn't you... Amin -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html - -- Ken Jones -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFCSBNvhmzY3eSPw9ERAjqPAJ9q3zyJnSVskwdxWMC5KZvyt1BatgCeMOoE XIiweIvNzwLaXFo4N/S0JtE= =yaSY -END PGP SIGNATURE- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Report Phishing attacks?
Julian Mehnle wrote: I can't believe you still didn't get the point. This is NOT about removing ClamAV's capacity for detecting phishing attacks, little yellow rubber ducks in PNG images, or whatever else. This is about making it _optional_, for those people who don't want certain types of malware to be scanned for. ___ http://lurker.clamav.net/list/clamav-users.html And they're adding it. So why is the issue festering? I understand people want to post their views (as they should). But this topic in particular has and will end up in a never ending loop, that tends to be worse than Linux vs Windows debates. It died out once, and I hope it does so again, quickly ___ http://lurker.clamav.net/list/clamav-users.html I too have strong feelings on this subject, but it was hashed out a while back, and should be let to die here. AMEN ps: I still think that clamav is one of the finest open source projects going and this list is the most level headed ... subject above excepted :) -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] use of clamav-milter
Hi, What is the difference between using clamd only and clamd + clamav-milter with mailserver. What additional benefits do we get while using clamav-milter. Clamav-milter is a milter interface for sendmail. Although not the only way to interface clam with a host running sendmail, it is probably the most common. Read the documentation for a further description. Regards Nabin Limbu ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Latest virusdb update - mismatched signature count?
Received signal 14, wake up ClamAV update process started at Thu Mar 17 17:44:40 2005 main.cvd is up to date (version: 30, sigs: 31086, f-level: 4, builder: tkojm) daily.cvd updated (version: 767, sigs: 562, f-level: 4, builder: diego) Database updated (31648 signatures) from db.gb.clamav.net(IP:68.142.86.21) Clamd successfully notified about the update. -- Reading databases from /var/lib/clamav Database correctly reloaded (31647 viruses) So, why the difference between what freshclam thinks the number of signatures is, and what clamd thinks? One started counting at 0 and the other at 1 ?? Main.cvd - 31086 Daily.cvd - 562 -- 31648 Total Just a guess -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] setting up filtering
Hi all, Could anyone point me in the direction of good docs on how to set up filtering of incoming pop mail via a modem account. It would help us help you if we knew your setup. What OS, how you currently get your mail, etc. I appreciate any help. David ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] Two persistent problems with clamav
I have it working flawlessly on FreeBSD, too; so I know it works. :) I don't doubt at all that the problem is on my end. I just for the life of me can't figure out what it is. I've been doing this kind of thing for a long long time and it's just not apparent to me what the problem is. Normally, when I send out a question like this, I figure it out right after I hit the send button, but not so this time. find -X / -name libclamav.so.1 | xargs ls -la No luck there :( Here are the files in my lib dir -rw-r--r-- 1 root root 1583174 Feb 14 07:58 libclamav.a -rwxr-xr-x 1 root root 885 Feb 14 07:58 libclamav.la lrwxrwxrwx 1 root root 18 Feb 14 07:58 libclamav.so - libclamav.so.1.0.8 lrwxrwxrwx 1 root root 18 Feb 14 07:58 libclamav.so.1 - libclamav.so.1.0.8 -rwxr-xr-x 1 root root 789662 Oct 18 07:43 libclamav.so.1.0.4 -rwxr-xr-x 1 root root 887236 Feb 2 09:57 libclamav.so.1.0.6 -rwxr-xr-x 1 root root 889915 Feb 7 07:25 libclamav.so.1.0.7 -rwxr-xr-x 1 root root 890039 Feb 14 07:58 libclamav.so.1.0.8 have you as root tried: find -X / -name libclamav* -print /usr/local/lib//usr/local/lib/libclamav.so.1. That is what you call a careless cut and paste. It is really /usr/local/lib/libclamav.so.1 I would have expected *some* trace of an old lib somewhere. I can't find anything anywhere that has a version number of 0.81. Thanks fot the help! Jerry ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Graphical reporting tools
On Sunday 06 March 2005 11:08 am, Sam wrote: Hi I'm looking for something that's been written that will display the number of viruses/malware that Clam has stopped and pipe it to an html file I can provide to my customers. I found one by Vijay (AT ericavijay.net) but it doesn't seem to work with (possibly) the newer output to /var/log/messages (It appears to be grepping for something that's no longer therenot being a programmer however I cannot say for sure.) The install ran smoothly, but it shows 0 for viruses found, but cat/grep/word count in /var/log/messages indicates that there have been 627 hits on viruses found today so far.) Has anyone found a reporting tool that will do this and had good luck with it? QmailMrtg7 can graph the number of viruses in an mrtg format. Here is a link to our live qmailmrtg7 graphs. http://mail.inter7.com/qmailmrtg/ The software is available here: http://www.inter7.com/?page=qmailmrtg7 Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav Home Page Problem
When I go to the address http://www.clamav.net/ the latest version is still .82. If I click the download link, .83 is available. This could be a problem for someone not on the mailing list, and just checking the home page to ensure they have the latest version ... - Ken -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav Home Page Problem
On Tue, 22 Feb 2005 09:38:20 -0600 (CST) Ken Jones [EMAIL PROTECTED] wrote: When I go to the address http://www.clamav.net/ the latest version is still .82. No, it isn't. That's only a news on exploit detection in 0.82. Ok, I stand corrected ... but it might be nice, as that page also shows the latest dat revisions, to have a line indicating the latest stable release version ... For many , if not all, the releases since .74 they have always made it to that page. Just a suggestion :) - Ken -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Feb 22 16:53:47 CET 2005 ___ http://lurker.clamav.net/list/clamav-users.html -- Ken Jones ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] virus incident response?
John Madden wrote: I'm running postfix; I won't run qmail. Well, at least you have some redeeming points :) But, (getting into sermon mode once again), anyone who relies solely on only one point of detection for any type of mail content inspection, are literally bending over and begging for it. Every type of content detector, be it virus, spam or exploits, will at times lag. Fact of life. I run clamav as my inbound mail server (for a small company of about 30 users) and run McAfee on their desktops. A few months ago, a virus made it past BOTH scanners. Within 2-3 hours of the outbreak, both clam ,McAfee, and Norton had updated defs files ... both automatically installed. Short of delaying mail by hours, you can't catch 100%. User training is a major factor as well don't open attachments from strangers :) I do, and admit freely, only run Clam for virus detection these days, but I know there will be rare occasions that it misses something. However, most of this crap will fall prey to many other types of content inspection. Design a proper scanning|detection system, do not wholly rely on the individual components. And with regards to the update times, I previously ran several virii :) scanners on this system, and not one of them compared to Clam for detection rates or definition update speed over a prolonged period of time. Matt ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Erroneous installation is OUTDATED message?
I've been getting those messages too for about a week. I updated to the devel version on December 26th, after staying with 0.75 for too long. I do *not* have any old copies of either libclamav or freshclam anywhere; I've checked carefully with find and locate. clamscan -V reports ClamAV devel-20041226/702/Wed Feb 9 06:31:34 2005 You are running a copy between 80 and 81. .81 was released on Jan 26, and .82 on Feb 06 of this year. Is it likely I do need to update or is mine a false report too? I see the high levels of traffic and problems on this mailing list and I'm reluctant to install every latest tweak on what is a heavily used live system. (17,000 users) I prefer to live with known limitations until a solid stable release is identified. Graham ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Clamav Update Error
Hie All Could anybody please assist I recently installed a clamav 0.81 but when I run the command: /usr/local/bin/freshclam -v I get the following error : [EMAIL PROTECTED] root]# /usr/local/bin/freshclam -v ERROR: Please edit the example config file /usr/local/etc/freshclam.conf. Check the first few lines ... and remove the lines that state it's an example file ... -- cut -- # Comment or remove the line below. Example -- cut -- Current working dir is /usr/local/share/clamav Max retries == 3 ERROR: You must specify at least one database mirror. Freeing option list...done I have tried changing the mirror sites in the freshclam.conf by repacing the XY with my country code which is ZW. It still says the same even after changing this line. What else do I need to change. please help.. Gibson ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Upgrade ClamAV to 0.81
Hello All!! Recently I tried to update ClamAV database by using freshclam, and I recevied a warning message: *** WARNING: Your ClamAV installation is OUTDATED - please update immediately! *** WARNING: Local version: 0.80 Recommended version: 0.81 I want to know if I continue using version 0.80, Clam will work fine? Or I MUST to update Clam to it work fine? This question has been asked (and answered) many times. As the version increases, the needed functionality level also increases. By running an older engine, you will not be able to detect virus' that are using newer functionality of the engine for detection. So, clam will continue to function, but at a reduced level, not detecting all virus'. Thanks, -- Marcelo ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav 0.81
Hey guys, i run sendmail with clamav 0.81, and clamav-milter. i was wondering how do i set up to pass virus warning to the users, or one specific account where they can be later viewed? thanks. Ok here is what you want ... these are in addition to what you already have ... clamav-milter --from --headers -Q clamav Here is *MY* full command line for the milter ... clamav-milter -lo --from --max-children=5 --headers -p [EMAIL PROTECTED] -Q clamav /var/run/clamd/clmilter.sock the --from shows the receipent who the original mail appeared to come from. the --headers send alone the original headers, and the -Q is the user who receives the original message (Quarentine user) ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] unable to start clamav-milter, weird error.
Hello, I'm testing Clamav 0.81 for use with Sendmail 8.12 and update my current Clamav 0.80 installation, but I can't start clamav-milter. Wen I run clamav-milter like this: clamav-milter -D -d -e -H -o -N /var/run/clamav/clamav-milter.sock I get this error: Feb 3 19:04:58 probe clamav-milter[32666]: Starting ClamAV version 0.81, clamav-milter version 0.81b Feb 3 19:04:58 probe clamav-milter[32666]: ClamAv: Unable to bind to port /var/run/clamav/clamav-milter.sock: Address already in use clamd should use it's own sock not the same one as clamav-milter here is the entries from my directory: srwxrwxrwx 1 clamav clamav 0 Feb 2 09:31 clamd.sock srwxr-xr-x 1 clamav clamav 0 Feb 2 09:31 clmilter.sock Feb 3 19:04:58 probe clamav-milter[32666]: ClamAv: Unable to create listening socket on conn /var/run/clamav/clamav-milter.sock Feb 3 19:04:58 probe clamav-milter[32666]: Stopping ClamAV version 0.81, clamav-milter version 0.81b Sounds weird to me because clamd is running and the socket it's there: srwxrwxrwx1 clamav clamav 0 Feb 3 19:04 /var/run/clamav/clamav-milter.sock What I'm doing wrong?? BR, MatÃas. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] X-Virus-Status: and X-Virus-Scanned: Headers
I have just installed the nightly cvs and find that removal of the X-Virus-Status: header now functions (Thank you). Is there a reason not to also remove any X-Virus-Scanned: headers as well? or at least make it an option ?? Thanks -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter without clamd
Matthew Schumacher [EMAIL PROTECTED] writes: According to this, clamav-milter will update the database if there are no children running and if the database needs to be updated. At one time (sorry I do not remember which version), clamav-milter printed the database version in the X-Virus-Scanned header. Check out the CVS code ... it's back :) X-Virus-Scanned: ClamAV devel-20050202/697/Wed Feb 2 09:15:56 2005 on daf Might it not be a good idea to put this back in again? ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] RAR module failure
I might add a few things: On 1 Feb 2005, at 18:06, Ben Stuyts wrote: [aurora:/var/mail]169: clamscan NewPassword.rar NewPassword.rar: RAR module failure Check what version of RAR was used to create the archive. I beleive from the conversations this week, that Clamav supports through version 2 of RAR. and that support for RAR 3.0 archives is still being worked on. -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Perl script for sorting log virus entries - version 0.36
Made change to account for milter logging changes in ClamAV 0.81 Enjoy, Brett Options: -h Help -f Log file -l Log type - valid types are: amavis and milter - Defaults to milter -r Show recipients -s Show senders - Milter only -c Minimum virus count for unique hosts -v Minimum virus type count -m Email report to predefined values set in this perl script -V Version Thank You. In the heading you refer to version .36. The attached version if .35 and appears not to function on the new logs -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Delete delete X-Virus Headers
All, My understanding was that with version 81 that previous X-Virus headers would be removed by the milter. Here are the errors I am getting from the logs ... Jan 31 09:08:22 mail01 clamav-milter[11685]: Failed to delete X-Virus-Status header 1 Jan 31 09:08:22 mail01 clamav-milter[11685]: Failed to delete X-Virus-Status header 2 What do I need to correct in my installation to have the milter remove the old headers ... Thanks -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Strange date in headers
Tomasz Kojm wrote: On Fri, 28 Jan 2005 11:17:54 -0500 Jim Maul [EMAIL PROTECTED] wrote: Thats interesting. [EMAIL PROTECTED] clamav]# clamscan -V ClamAV 0.81/690/Fri Jan 28 07:09:45 2005 I didnt get to work until 9am today. What happened at 7:09am this morning?? Rather a simple puzzle... Not so simple I was looking for that exact header after upgrading to .81. Here is the header from my system .. X-Virus-Scanned: ClamAV version 0.81, clamav-milter version 0.81b on host.domain.com what am I missing to generate the db version ? Heh. Note to self: engage brain before typing. Virus db updates. -Jim ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Phishing Questions
From: http://www.infoworld.com/article/05/01/21/04FEphishing_1.html?source=NLC-WS2005-01-26 Phishers are employing increasingly sophisticated techniques, such as malicious code buried in images, keystroke-logging applications that download as soon as an e-mail is opened, and spoofed Web sites that look totally legitimate — right down to the “security” padlock in the browser. So I think that malicious code or keystroke-logging applications falls into the realm of clamav ... For a good read ... http://www.antiphishing.org/ -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Problem compiling clamav-0.80 - Solaris x86
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quoting Dennis Peterson [EMAIL PROTECTED]: James wrote: Let's try with a searchable subject... ;-) I am having the same issues too: Undefined first referenced symbol in file __eprintf strrcpy.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 make[2]: *** [libclamav.la] Error 1 make[2]: Leaving directory `/space/src/clamav-0.80/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/space/src/clamav-0.80' make: *** [all] Error 2 I am running Solaris 8 x86. I also have to disable bzip2 (otherwise I get the bzip compile errors) although I have the latest version of bzip2 installed and referenced out of /usr/bin and /usr/local/bin. Anyone have any new ideas? FYI, I can compile .80rc3... James Is it possible the build is referencing a lib file that itself references another missing lib? I recall having problems with this when migrating binaries between systems that had inconsistant library versions. Any more I just upgrade everything everywhere (Perl, Apache, Berkeley DB, pcre, openssl, openssh, blah blah blah, etc) at the same time and the problem's gone - rsync /usr/local can be your friend if you do it right. Perhaps... But my build environment is pretty stable. When making a new system, I start off with a clean install of Solaris 8, then have a reliable cpio of my latest /usr/local/. Most everything in there has been recently compiled and I usually don't run into many problems - other than getting stuff to compile on Solaris x86 is quite difficult sometimes... ;-) Try this environment ;) == Start == PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/etc:/opt/SUNWspro/bin:/usr/ccs/bin:/usr/dt/bin:/usr/local/ssl/bin:/usr/openwin/bin:$HOME/bin:. # LD_LIBRARY_PATH=/lib:/usr/lib:/opt/SUNWspro/lib:/opt/schily:/opt/schily/lib:/usr/ccs/lib:/usr/j2se/jre/lib:/usr/j2se/lib:/usr/java 1.2/lib:/usr/local/lib:/usr/local/mysql/lib:/usr/local/netpbm/lib:/usr/local/ssl/lib:/usr/openwin/lib:/usr/share/lib LD_LIBRARY_PATH=/lib:/usr/lib:/opt/SUNWspro/lib:/usr/ccs/lib:/usr/j2se/jre/lib:/usr/j2se/lib:/usr/java1.2/lib:/usr/local/lib:/usr/lo cal/mysql/lib:/usr/local/ssl/lib:/usr/openwin/lib:/usr/share/lib LDFLAGS=-R/usr/local/lib -R/usr/local/ssl/lib CPPFLAGS=-I/usr/local/include -I/usr/local/ssl/include LD_RUN_PATH=$LD_LIBRARY_PATH export PATH LD_LIBRARY_PATH LD_RUN_PATH LDFLAGS CPPFLAGS == END == It has more paths than you probably need, but should resolve the compiling problem ;) This mail sent through jkm.NET secure webmail server ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users - -- Ken Jones [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFBtvywhmzY3eSPw9ERAiuEAJ9Y6wK0wONWVNRKjseunM/v9wH6QQCgxNhB mCRC5GmiO/0OvhTKNwFeskY= =/WXc -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: Problem compiling clamav-0.80 - Solaris x86
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James wrote: Let's try with a searchable subject... ;-) I am having the same issues too: Undefined first referenced symbol in file __eprintf strrcpy.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 make[2]: *** [libclamav.la] Error 1 make[2]: Leaving directory `/space/src/clamav-0.80/libclamav' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/space/src/clamav-0.80' make: *** [all] Error 2 I am running Solaris 8 x86. I also have to disable bzip2 (otherwise I get the bzip compile errors) although I have the latest version of bzip2 installed CP from another site ... Apparently, you tried to link to a library which has been compiled with gcc to a program compiled with the Sun compiler. __eprintf is an internal function of the GCC compiler and is linked to every executable you compile with it (it is used for the assert() macro, for example). As the SUN compiler does not include that symbol, you get a linking error. Try compiling your program with the gcc compiler, that should work. I have the sun compiler and gcc installed, and have had no issued on 8x86 and 9x86. - -- Ken Jones [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFBt0PLhmzY3eSPw9ERAruYAJ0QCSqfyiM7OQGZbBHhmTTOG0V5pQCbBi6z Vk9i03oZI/5h0Q+xex1eIAw= =GY05 -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] detecting curl version in 0.80 build
Hi, Tiny thing, but I thought I'd flag it up. I was just building 0.80. the configure script relies on bc as part of the code to detect the curl version installed. Also, the BC shipped as part of the solaris environment is not compatable with the options used it creates a error, but does sucessfully detect the correct version of curl. -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] postmaster copy of virus message
I use clamav-milter 0.80j from the crashhat yum repository. Right now, all of the viruses I catch are sent to postmaster only. Tis works great, except they are always getting marked spam by spamassassin. I'd like to whitelist them, but they show up as being from the original sender, who is not the same every time. Is there a way I can set clamav-milter to rewrite the FROM header, so that I can whitelist the virus messages, or is there a way clamav-milter can send me a virus warning like clamav / amavis-new used to? Use the option --from with the email address you wish them to come from. -- Jeff Ramsey MIS Administrator Tubafor Mill, Inc. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] ClamAV should not try to detect phishing and other social engineering attacks
On Tue, 16 Nov 2004, Julian Mehnle wrote: Announcingple require machines as desperately as that to prevent themselves from falling for fraud attempts... ...then they're pretty much behaving in the manner humanity always has and always will. To those of you who argue that ClamAV should detect phishing attacks even though tools like SpamAssassin are designed and inherently better suited for doing that, I'd like to say that you will never really be able to abandon SpamAssassin Co. anyway. Anouncing a NEW phishing threat ... this is an excerpt from winXP news ... how to disable the Windows Scripting Host (WSH) to prevent an insidious new phishing technique that uses a script to redirect you to a fraudulent Web site when you log on to do online banking. So some of the phishing attacks now use scripts -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Good job ClamAV team!
Here Here ... An excellent product and a huge thanks to ALL who have contributed to it ! -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] ClamAV should not try to detect phishingandothersocial engineering attacks
I think the thing to remember here is that we are discussing scanning of email. If the email is malicious, then having clamav remove it is a good thing in my opinion. Spam (uce/ube) that poses no threat to the user, and is just an anoyance is what SA should be catching. Phising poses a threat to your users. The line between malware and virus' is a very grey one. Knowing two freinds that have responded to phising emails and what it took afterwards to correct the problem . they would beg you to remove the possability of this threat. Having cross-over of functionality can / is in many cases a good thing. The other day, a virus made it by clamav. It made it past McAfee on the users machine. By the time they opened the mail and it started spamming the network with email, clamav had updated their defs and it was stopped. It took a few more hours before McAfee had a new defs file out. In this case, multiple virus scanners was a good thing. Please don't think I am saying I want clamav to become a spam filter as well, but adding in the sigs for items like the phising mail I think is great. -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Using Clam-AV with a SMTP-Auth proxy
Hi, We are putting in place an in-line av scanner for a public domain using clamav. the ClamAV is running under sendmail 8.12 on the server Good idea. We have got everything working however we need to provide support for Authenticated SMTP. Is there any way to get sendmail to proxy the Authenticated SMTP to the final destination server? Well, this is a sendmail, not a clamav issue. That said sendmail has the ability to auth against many different mechimesims. You would need to look at what mechimesims are available on the remote server and see if sendmail supports it. Example: 1. User makes a connection to Clamav(sendmail)on port 25. connect to sendmail 2. The user then sends their auth details using ESMTP to the AV scanner system. 3. Sendmail on the ClamAV system would try this user password pair on the terminating MX server which holds the auth details for all users.(a different server) on a single server providing auth, not a bank of servers providing auth for different users. 4. If Sendmail recieves a positive response regaring the authentication from the terminating MX, Sendmail will add the IP address of the client into the local IP access list to allow the system to relay through the clam system. Once authorized, they can relay through this host. That is the point of authorization. Here is a link for using Cyrus SASL2 for sendmail auth. http://www.jonfullmer.com/smtpauth/ Thanks Dave __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email _ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] quarantine not working with clamav-milter
both clamd and clamav-milter are running as the clamav usersee my output from the ps command: clamav 30686 0.0 0.5 38740 1440 ?S09:58 0:00 /usr/sbin/clamav-milter --quiet --dont-wait --force-scan --dont-log-clean --server=localhost --quarantine --quarantine-dir=/var/spool/clamav --pidfile=/var/run/clamav/clamav-milter.pid local:/var/run/clamav/clamav-milter.sock clamav 30846 0.0 2.4 20112 6152 ?S10:00 0:04 /usr/sbin/clamd You haven't shown the directory /var/spool/clamav. I would change the perms of that dir (/var/spool/clamav) to 777 for testing. If, it does indeed write there, you will see both the user and group that is creating the file. If it doesn't, then you will have to look further. But in any event, after determining what the problem is, lock that directory back to the minimum set of perms to function :) -- Ken -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Issue with CVS / Nightly snapshot
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Having built the nightly snapshot / CVS, I have noticed that the header X-Virus-Scanned: does not show the clam version and database version any longer :( Is this a new feature / VCS attribute or can I get back without downgrading the clam version / database version. X-Virus-Scanned: ClamAV version devel-20041109, clamav-milter version 0.80q on host - - Ken - -- Ken Jones [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFBkQxGhmzY3eSPw9ERAhfvAJ0WHt8G1OiizrF0OBiV93Yec4DecwCeOsQv qM0ngRYSr4PrFmlcUmjOf+s= =IZpB -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter logs
Drat! In my logs I've noticed lots of messages like: -- Nov 9 13:45:25 mail clamd[4635]: /clamquar/041109/msg.FsV5ns: Unable to open file or directory ERROR -- check your quarantine dir /clamquar and ensure it as well as any sub directories have correct permissions. I would look in the clamd.conf file at specifically these settings: LogFile /var/adm/clamd/clamd.log TemporaryDirectory /tmp Check the perms on both of these directories to ensure your clam user has rw perms at a minimum ... Nov 9 13:45:27 mail clamd[4635]: /clamquar/041109/msg.W4MIYF: Worm.SomeFool.P FOUND Nov 9 13:45:27 mail clamav-milter[1021]: iA9JjOrO000967: /clamquar/041109/msg.W4MIYF: Worm.SomeFool.P Intercepted virus from Otherwise, things _seem_ to be running smoothly. Virii are being caught quarantined. Clamav-milter 0.80q, Linux kernel 2.4.22 clamd version: ClamAV devel-20041108 argument to clamav-miler is: --quarantine-dir=/clamquar -Clonq /var/run/clamd/clmilter.sock Is anyone else seeing similar messages? Does this indicate a problem? No, not seeing errors and 80q is working great on my systems. -Troy ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Problems with clamav-milter
After downloading and installing the nightly snapshot(11/7 - 11/8), I am experencing problems with the clamav-milter. during processing the first email, the milter dies and in the clamd log file the following error is logged. Any attempt to start the milter again produces the same error being logged. SESSION: Client disconnected without END It also generates an email message: == Subject: ClamAV Down This is an automatic message The clamd program cannot be contacted. Emails may not be being scanned, please check your servers. == After re-installing .80 release code, I need to re-boot before the milter will sucessfully start. I have tried this on both a Solaris 9 X86 and a Solaris 8 X86 box, both running .80 release just fine. If there are any other tests I can run, let me know. - Ken -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problems with clamav-milter
On Mon, 8 Nov 2004, Ken Jones wrote: After re-installing .80 release code, I need to re-boot before thepolitely milterimmediately will sucessfully start. I have tried this on both a Solaris 9 X86 and a Solaris 8 X86 box, both running .80 release just fine. Wow! I've not seen a unix proggie protected from a death by -9 in a long time. The only time we see problems like this is when you pull the IDE cable on a mounted filesystem (yes, we like to have fun) or some other catastrophic IO problem. Is 2.8/2.9 really so unstable that a reboot is required or am I missing something? I have always held solaris as being more stable than linux (our os of choice) for recovering from really fatal errors like that. Suppose it could also be a sol threading problem. Can you offer any additional information? The milter dies upon whatever the internal error is. clamd and freshclam both will politly die with a simple kill (-15) sent to them. At that point, if I re-install the release version of .80, I still am unable to start clamav-milter. It just dies immedatly until I reboot the system. All other functionality remains in the system (other than clamav-milter.) My guess is that a shared library is left in memory that has been altered or is otherwise corrupt (just a guess). In the past, I have been able to bring down clam gracefully, and install updated code, and restart without any issues and by no means a reboot ! Nigel Horne beleives he may have tracked down the issue and fixed it in 80q cvs version. I'm waiting to see that in cvs and will report back. - Ken -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Clamav and the CR Vulnerability
Hi all, I decided to run all of the tests located at testvirus.org against my mail server. As expected, tests 24 and 25 got through, no surprise there. However, test 17 also made it through. This test is described as follows : I sent it to my server as well, and it was caught. Clamav 80. What os are you using, how did you get / build / install clam ? -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Problem with X-Virus-Scanned email header
I noticed today that the X-Virus-Scanned header in the email message, using clamav-milter, didn't reflect the actual dat file in use. Below are the before and after, restarting clamd and clamav-milter on my system. Looking at the clamav log, it is regularly restarting do to changes in the dat file. X-Virus-Scanned: ClamAV 0.80/535/Mon Oct 18 09:56:59 2004 X-Virus-Scanned: ClamAV 0.80/573/Thu Nov 4 06:56:12 2004 From clamav.log: Thu Nov 4 09:14:36 2004 - SelfCheck: Database modification detected. Forcing reload. Thu Nov 4 09:14:36 2004 - Reading databases from /usr/local/clamav/share/clamav Thu Nov 4 09:14:36 2004 - Database correctly reloaded (26220 viruses) Thu Nov 4 09:46:32 2004 - SelfCheck: Database status OK. These are just the latest .. it's been reloading regularly. - Ken -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] recommended milter for spamassassin with clamav
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 31 Oct 2004, Dale Morin wrote: Does anyone have a recommended milter for spamassaassin to use with sendmail/clamav-milter/clamav? MIMEDefang works very well. Regards, Mike Lambert ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users I haven't tried MIMEDefang, but have been using spamass-milter, available at savannah.nongnu.org for a few years now. Works great for me. - -- Ken Jones [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFBhkN5hmzY3eSPw9ERAtTAAJ9zYNluEHk+ZrRAviQTAdc9rdLgBwCgvFsl z62Brh0JG/TIDk0zlBE7TyI= =6Y5c -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] configure failure: libmilter directory not found?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Trying to complete the installation of clamav. I want to configure the clamav-milter (./configure --enable-milter) for email scanning. However, during the configure, libmilter directory cannot be located. I can't find it either... What do I need to do? Tom [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users The libmilter it is complaining about is from the sendmail source. You need to specifically go into the sendmail source ./libmilter directory and do a make ; make install to install the necessare files. - -- Ken Jones [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (SunOS) iD8DBQFBhkwkhmzY3eSPw9ERApu7AKCSEfVwTzBfh+dt5Ml+r0Gfl8t5PwCg/AqI WRSC153+NV50VQZi+HmDpmU= =exyg -END PGP SIGNATURE- ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] New simscan 1.0.7 release available
simscan 1.0.7 is now available. http://www.inter7.com/simscan/ Simscan is a simple program that enables qmail-smtpd to reject viruses, spam and block attachments during the SMTP conversation so the email never makes it into your computers. It is completely open source and uses other open source components. Very efficient and written in C. Supports ClamaAV. ChangeLog http://www.inter7.com/simscan/ChangeLog New Features/Changes in this version: Support for SpamAssassin 3.0 and Trophie virus scanner. Support to enable/disable any feature on a per user, per domain and system wide level. Received headers can contain version information for spamassassin and virus scanner. Three spamassassin settings 1) pass modified email through to user 2) block spam 3) block spam over a high water mark. List of optional attachments to block from a control file. Updated permission settings for better portability. New logging to show ip, to/from users in smtp log file for any blocked virus. Many new debugging statements that can be enabled by an environment variable. -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] New simscan 1.0.7 release available
On Monday 01 November 2004 12:53 pm, hondaman wrote: Is this similar to qmail-scanner? Would it/does it take the place of qmail-scanner? Basicly yes. The difference is simscan is much more efficent with less features. If you just need to do virus scanning, spamassassin processing or attachment blocking, switch to simscan. One heavily loaded site reported a load of about 20 with qmail-scanner and a load of less than 1 after switching to simscan. Probably the main reason for the lower load is qmail-scanner is written in perl and simscan is written in C. Ken Jones inter7.com Ken Jones wrote: simscan 1.0.7 is now available. http://www.inter7.com/simscan/ Simscan is a simple program that enables qmail-smtpd to reject viruses, spam and block attachments during the SMTP conversation so the email never makes it into your computers. It is completely open source and uses other open source components. Very efficient and written in C. Supports ClamaAV. ChangeLog http://www.inter7.com/simscan/ChangeLog New Features/Changes in this version: Support for SpamAssassin 3.0 and Trophie virus scanner. Support to enable/disable any feature on a per user, per domain and system wide level. Received headers can contain version information for spamassassin and virus scanner. Three spamassassin settings 1) pass modified email through to user 2) block spam 3) block spam over a high water mark. List of optional attachments to block from a control file. Updated permission settings for better portability. New logging to show ip, to/from users in smtp log file for any blocked virus. Many new debugging statements that can be enabled by an environment variable. -- Ken Jones ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
RE: [Clamav-users] Upgrade from 75.1 to 80
[EMAIL PROTECTED] wrote: I havrecommendaded ver80 and now I'm not sure how to proceed. I've read the manual but I can't info on how to upgrade, is it best to remove the previous version or install over it.? This came from someone on the list, I've just made a few minor changes With ver 0.80 they changed clamav.conf to clamd.conf so either call the old .conf direct or copy /etc/backup.clamav.conf /etc/clamd.conf I would recomend going through the new clamd.conf and editing it. There are many options in clamav.conf that have been removed from the new version. Graham -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav on aix 5.2
Hi, I'm trying to upgrade from 0.75 to 0.80 on aix 5.2, using gcc 3.3.4 and gnu ld 2.15. configure script cannot find libmilter. # ./configure --enable-milter checking resolv.h usability... yes checking resolv.h presence... yes checking for resolv.h... yes checking whether setpgrp takes no argument... yes checking for __gmpz_init in -lgmp... yes checking for curl = 7.10.0... syntax error on line 1 stdin 7.12.2 checking for mi_stop in -lmilter... no checking for library containing strlcpy... no checking for mi_stop in -lmilter... no configure: error: Cannot find libmilter libmilter.a exists under both /usr/lib and /usr/local/lib. using LDFLAGS before configure did not work. any idea??? thanks After running configure, look through the config.log file. This file will show exactly the error encountered while trying to compile the milter. tayfun asker email: tasker_a_metu.edu.tr ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd/clamscan core on some files under IRIX
I'm running mimedefang/spamassassin/clamav on an IRIX 6.5 machine and have found that some files cause both clamd and clamscan to core. Since I'm still running this combo, I can't forward the message to the list, but it can be found at: ftp://ftp.heloc.com/pub/message.txt.gz Here is the last bit of output from clamscan when run on the file: LibClamAV debug: Mixed message part 25 is of type 3 LibClamAV debug: messageToFileblob LibClamAV debug: blobSetFilename: image.jpg LibClamAV debug: Saving attachment as /var/tmp//clamav-ee97fcadd47b2acf/image.jpgy023QP I would guess you have an extra / at the end of the following line in clamd.conf: clamd.conf: TemporaryDirectory /var/tmp If there is an extra / at the end remove it, and restart clamd Thanks. Rob ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] can't compile clamav 0.80
Hi I'v got next errors and warnings whe try configure clamav 0.80: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section Present But Cannot Be Compiled configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## checking for resolv.h... yes These are warnings that resolv.h can't be compiled by autoconf. They may still work when compiled in with the software. You should be able to ignore these. checking whether setpgrp takes no argument... no checking for __gmpz_init in -lgmp... yes checking for curl = 7.10.0... FAILED Looks like you don't have curl installed It's available here: http://curl.haxx.se/ configure: WARNING: curl-config was not found checking for mi_stop in -lmilter... no checking for library containing strlcpy... no checking for mi_stop in -lmilter... no configure: error: Cannot find libmilter libmilter is part of the sendmail source, but is not installed by default. In the source tree for sendmail change directory into libmilter and do a make install. This sould install the necessary files. OS: FreeBSD 5.2.1-RELEASE-p1 Sendmail 8.13.1 clamav 0.80 'configure' options: --disable-clamuko --enable-milter --disable-pthreads --sysconfdir=/usr/local/etc --with-dbdir=/var/clamav/db How can I solve this problems? -- Korchmenuk Nickolay 19 Oct 2004 10:06:33 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] What Just Happened??
I saw on my monitoring application just now that clamav was outdated and that i must update immediately. I was running 0.80rc3, and the moment I got this message i was inundated with users complaining that any jpeg attachment is flagged as a virus / comment 1. I upgraded to 0.80rc4 and the jpeg problem went away, but i still get the warning telling me to upgrade... is there a release i am missing ?? Yes, .80 has been released yesterday -- +--+ (0 Scott Ryan //\ Senior Unix/Linux Engineer V_/_ Telkom Internet - South Africa +--+ He who controls the past, controls the future, He who controls the present, controls the past. - George Orwell, 1984 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Problems Compiling on Solaris X86 Box
All, I have been having problems compiling on a Solaris 8 X86 box since the release of 80rc series. Undefined first referenced symbol in file BZ2_bzRead scanners.lo BZ2_bzReadOpen scanners.lo BZ2_bzReadClose scanners.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 I can unzip / untar / configure and compile 75.1 and earlier without trouble. With the 80 series, the above error occurs. Same environment settings Thanks -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Error building 0.80rc3 AND 0.80rc4 on Solaris 8 X86
I have been having many issues trying to configure and build rc3 and/or rc4 on a solaris 8 X86 box and a solars 9 sparc. rc2 and earlier all compile without issue. from the configure script, checking curl: ok=`echo ibase=16; if($hex_ver=$check_hex) $hex_ver else 0 | bc` returns: syntax error on line 1, teletype the output from configure: checking for curl = 7.10.0... syntax error on line 1, teletype 7.12.1 checking for gethostbyname_r... yes, and it takes 5 arguments This is an issue with the stock bc as shipped in solaris 8 and 9. In Building, I get the following error: Undefined first referenced symbol in file BZ2_bzRead scanners.lo BZ2_bzReadOpen scanners.lo BZ2_bzReadClose scanners.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 It reading the change log: Wed Apr 30 22:23:50 CEST 2003 - * libclamav: use bzReadOpen instead of BZ2_bzReadOpen under Solaris (patch by Hrvoje Habjanic hrvoje.habjanic*zg.hinet.hr) and I noticed that in clamav-config.h NOBZ2PREFIX is not defned. If I add a line #define NOBZ2PREFIX in clamav-config.h then compilation continues. Other than that, I'm also having issues with bind (resolv.h) but I beleive that is an issue on my system, not a larger issue :) -- Ken Jones [EMAIL PROTECTED] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Problems Building RC4
All, I am able to build thru RC2 without any problems. With RC3, there are issues, with RC4 there are others. Since RC3 is old, I am only addressing issues with RC4. This is on a Solaris X86 box System = SunOS Node = webserve Release = 5.8 KernelID = Generic_117351-05 Machine = i86pc BusType = unknown Serial = unknown Users = unknown OEM# = 0 Origin# = 1 NumCPU = 1 The resolv.h problem appeared in rc3/rc4 and the curl problem in rc4 only. The BZ2 issues appeared in rc4 as well. I built all versions with the same environment varables. no changes have occured on the system between all these builds. ( I went back and rebuilt from scratch all versions since 74.) Out of configure: checking zlib.h presence... yes checking for zlib.h... yes checking for bzReadOpen in -lbz2... no checking bzlib.h usability... yes checking bzlib.h presence... yes checking for bzlib.h... yes checking for dn_expand in -lresolv... yes checking resolv.h usability... no checking resolv.h presence... yes configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section Present But Cannot Be Compiled configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## checking for resolv.h... yes checking whether setpgrp takes no argument... yes checking for __gmpz_init in -lgmp... yes checking for curl = 7.10.0... syntax error on line 1, teletype 7.12.1 checking for mi_stop in -lmilter... yes Out of make: Undefined first referenced symbol in file BZ2_bzRead scanners.lo BZ2_bzReadOpen scanners.lo BZ2_bzReadClose scanners.lo ld: fatal: Symbol referencing errors. No output written to .libs/libclamav.so.1.0.4 -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter parameters
Why not use something like this in your start-up script: # Local clamav-milter config CLAMAV_FLAGS= test -f /etc/sysconfig/clamav-milter . /etc/sysconfig/clamav-milter start() { echo -n Starting clamav-milter: daemon clamav-milter ${CLAMAV_FLAGS} RETVAL=$? echo test $RETVAL -eq 0 touch /var/lock/subsys/clamav-milter return $RETVAL This is out of the file path to clamav/contrib/init/RedHat/clamav-milter - Ken I would like to see clamav-milter be able to read its parameters from a file (clamd.conf or a separate file would be fine). The command line I am using is just too long to manage easily. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter installation
Pete, In order to work with sendmail, you will seen to rebuild your sendmail.cf file. Also, in addition to having sendmail compiled with milter support, you will need the lib files for the sendmail milter. You can get these by getting the 13.1 code and building / installing juse the milter from the source. As for the cf file, you need to add (and correct) the following line to your sendmail.mc file. INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamd/clmilter.sock, F=, T=S:4m;R:4m') You will need to change the location of the sock file to match your system. I would just grab the source clamav from the nightly cvs and go from there. Good luck - Ken Hello all, I have Sendmail 8-13-1 running on Slackware 10. I've installed ClamAV 0.80rc3 via a slackware package : clamav-0.80rc3-i686-1jto.tgz I got this package from here : http://webpages.charter.net/jay_scott_raymond/linux/slackages/slack100.html It went in ok, and I've edited my clamd.conf the little bit I had to. I've since realised that I might need 'clamav-milter' to get sendmail to 'converse' with clamAV. The trouble is, the package I've installed didn't have clamav-milter with it. At least, as far as I can see. I have two main questions if I may : 1) Without this 'clamav-milter', the running clamd process won't touch any email at all will it ? 2) If the above is correct, should I just remove this package and build it normally, including any clamav-milter options that may be present ? When I originally installed it, I simply used : # installpkg clamav-0.80rc3-i686-1jto.tgz I have followed links to other pages, like the following : http://bilbos-stekkie.com/clamav/, It looks helpful, but the packages there have an older version of Sendmail than I have. I'd like to get my mail scanned using my version of Sendmail. (BTW, I've checked my version of Sendmail's docs, and it *does* have milter support built in.) Thanks for your time and any information you might have. Regards, Pete. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter installation
Pete, First: http://www.clamav.net/snapshot/clamav-devel-latest.tar.gz This is where you can get the nightly CVS snapshot. as for the error: 451 4.0.0 /etc/mail/sendmail.cf: line 1679: Xclmilter: local socket name /tmp/clamd unsafe: World writable directory it means the permissions on the directory /tmp/clamd allow anyone write permissions. Here are the permissions on my box: /var/run: drwxr-xr-x 15 root root 4096 Oct 5 13:17 run /var/run/clamd: drwxr-xr-x 2 clamav clamav 4096 Oct 5 08:02 clamd Note the clamd directory is owned by the user that all my clamav products run as and only that user has write permission in that directory. - Ken On Fri, 8 Oct 2004 09:06:40 -0500 (CDT), you wrote: Pete, In order to work with sendmail, you will seen to rebuild your sendmail.cf file. Also, in addition to having sendmail compiled with milter support, you will need the lib files for the sendmail milter. You can get these by getting the 13.1 code and building / installing juse the milter from the source. As for the cf file, you need to add (and correct) the following line to your sendmail.mc file. INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamd/clmilter.sock, F=, T=S:4m;R:4m') You will need to change the location of the sock file to match your system. I would just grab the source clamav from the nightly cvs and go from there. Good luck - Ken Hi Ken, First of all, thanks for the speedy reply. I have visited the 'libmilter' directory in my sendmail 13.1 directory, and built/installed the libs. Hopefully. I didn't get any error messages. :/ I'd already got those 'milter-lines' in my sendmail.mc file, but just commented out, as I'd had a go earlier, but failed. I think things are definitely moving in the right direction, although I could be wrong. I am confused though as to where to describe the path of the 'clmilter.sock'. I looked in my /etc/clamd.conf file, and found the local socket was : /tmp/clamd There is no /var/run/clamd directory on my box. Do I have to make it myself ? I added the '/tmp/clamd' in to the line instead of the /var/run ... but got this error : 451 4.0.0 /etc/mail/sendmail.cf: line 1679: Xclmilter: local socket name /tmp/clamd unsafe: World writable directory Hey, at least it's not the same error as before. :) I think perhaps I'm in over my head here. :/ I'm not used to using CVS, so I don't know what else to do. Thanks for your input anyway. I'll keep bashing away. Regards, Pete. ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter - user notification
Reading the manual and loking at the man page ... --from=EMAIL-a EMAILError messages come from here. The command line I use hasn't changed from 74, 75.1, and now 80rc3.clamav-milter -lo -p [EMAIL PROTECTED] -Q clamav /var/run/clamd/clmilter.sock Ok, how will this resolve my issue ? With 74, and 75.1, both of them presented the apparent user that send the virus. In 80.x, it is replaced my MAILER-DAEMON. If I understand correctly, the --from allows me to set this to another fixed address, not that of the apparent sender ??? Thanks for your help - Ken As a result of user pressure the --from argument was added, and has been in place since 0.75k. -Nigel On Wednesday 29 Sep 2004 19:55, Ken Jones wrote: I guess a better way of putting it is this. Here is a copy of what my inbox looks like: With 80RC3: [EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k [EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k With 75.1 [EMAIL PROTECTED] 8:50 Virus intercepted 1.6 k [EMAIL PROTECTED] 8:50 Virus intercepted 1.6 k With 75.1, the From address in the in-box showed the apparent sender. I find this usefull as in some cases it *IS* the real sender and they don't know they have a virus. As for the -o option, in setting it up, I understood it to scan outgoing mail as well. The servers I have this installed on are gateways for ALL smtp mail traffic and if one of my users gets a virus, I wanted it to be trapped before leaving my network. - Ken On Wednesday 29 Sep 2004 01:46, Ken Jones wrote: All, I just upgraded from 75.1 to 80rc3. Prior to the upgrade, all virus were quarentined and sent to the user clamav. A notification was sent to the original receipent and the postmaster. The message sent to postmaster and the original receipent, appeared to arrive from the original sender, not mailer-daemon and the subject was Virus intercepted. Now, after the upgrade, the message sent to the original receipent and postmaster arrive from MAILER-DAEMON. how do I fix this, as in some cases, the mail is expected, although without virus and knowing the original sender can be useful. my clamav-milter startup line is: clamav-milter -lo -p [EMAIL PROTECTED] -Q clamav /var/run/clamd/clmilter.sock It's likely that the messages you want are in the sendmail output queue waiting to be scanned, you have enabled the -o option after all. Can I ask, why have you enabled the -o option? -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav-milter - user notification
I guess a better way of putting it is this. Here is a copy of what my inbox looks like: With 80RC3: [EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k [EMAIL PROTECTED] 9:00 Virus intercepted 1.5 k With 75.1 [EMAIL PROTECTED] 8:50 Virus intercepted 1.6 k [EMAIL PROTECTED] 8:50 Virus intercepted 1.6 k With 75.1, the From address in the in-box showed the apparent sender. I find this usefull as in some cases it *IS* the real sender and they don't know they have a virus. As for the -o option, in setting it up, I understood it to scan outgoing mail as well. The servers I have this installed on are gateways for ALL smtp mail traffic and if one of my users gets a virus, I wanted it to be trapped before leaving my network. - Ken On Wednesday 29 Sep 2004 01:46, Ken Jones wrote: All, I just upgraded from 75.1 to 80rc3. Prior to the upgrade, all virus were quarentined and sent to the user clamav. A notification was sent to the original receipent and the postmaster. The message sent to postmaster and the original receipent, appeared to arrive from the original sender, not mailer-daemon and the subject was Virus intercepted. Now, after the upgrade, the message sent to the original receipent and postmaster arrive from MAILER-DAEMON. how do I fix this, as in some cases, the mail is expected, although without virus and knowing the original sender can be useful. my clamav-milter startup line is: clamav-milter -lo -p [EMAIL PROTECTED] -Q clamav /var/run/clamd/clmilter.sock It's likely that the messages you want are in the sendmail output queue waiting to be scanned, you have enabled the -o option after all. Can I ask, why have you enabled the -o option? -Nigel -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 [EMAIL PROTECTED] http://www.bandsman.co.uk --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users -- Ken Jones [EMAIL PROTECTED] (630) 548-1627 (Home) (630) 263-3574 (Cell) https://www.kenandlori.com Y! : [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] AIM: ptownjones ICQ: 9807841 --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] clamav-milter - user notification
All, I just upgraded from 75.1 to 80rc3. Prior to the upgrade, all virus were quarentined and sent to the user clamav. A notification was sent to the original receipent and the postmaster. The message sent to postmaster and the original receipent, appeared to arrive from the original sender, not mailer-daemon and the subject was Virus intercepted. Now, after the upgrade, the message sent to the original receipent and postmaster arrive from MAILER-DAEMON. how do I fix this, as in some cases, the mail is expected, although without virus and knowing the original sender can be useful. my clamav-milter startup line is: clamav-milter -lo -p [EMAIL PROTECTED] -Q clamav /var/run/clamd/clmilter.sock -- Ken Jones [EMAIL PROTECTED] --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] blocking attachments
On Tuesday 25 May 2004 11:12 am, Ken Jones wrote: Is it possible to configure clamav to block certain types of attachements even if they do not have a virus? Thanks, Ken Jones Thanks for all the input. We are using qmail, qscanq and clamav. We picked qscanq since it is very efficent. Looks like the most logical place for attachment blocking would be in qscanq since it already breaks out attachments (using ripmime). Thanks again, Ken Jones --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] blocking attachments
Is it possible to configure clamav to block certain types of attachements even if they do not have a virus? Thanks, Ken Jones --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] support for logging to stdout
I've written a patch to version 0.65 to support logging to stdout for use with daemontools/multilog. Is there already a patch for this type of thing? If not, where could I submit my patch for consideration in the next release? It's a fairly simple patch with about 11 new lines of code. Ken Jones inter7.com --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users