RE: [Clamav-users] List Down

[Michael St. Laurent]

Daniel J McDonald <> wrote:
> No, merely slow.  It only took 4 hours to be delivered to me.  What do
> you want?  Back in the bad old days we only got mail once a month,
> over a 1200 baud modem, in the snow, uphill both ways!  And you're
> complaining about a 4-hour delay?  Young whippersnapper! ;-)

You had a 1200 baud modem!?  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FW: Virus W32.Erkez.B@mm getting through

[Michael St. Laurent]

Michael St. Laurent <> wrote:
> The Norton Antivirus running on our mail server is catching the virus
> "[EMAIL PROTECTED]" which appears to be getting past Clamav. 

Please disregard.  The autoupdater was not working.  Erkez is detected by
Clamav as "Zafi".  My mistake.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Virus W32.Erkez.B@mm getting through

[Michael St. Laurent]

The Norton Antivirus running on our mail server is catching the virus
"[EMAIL PROTECTED]" which appears to be getting past Clamav.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] ClamAV 0.72 Released

[Michael St. Laurent]

Brian May <mailto:[EMAIL PROTECTED]> wrote:
> ClamAV 0.72 is available for download.
> Major bugfixes in this release include crashes with corrupted BinHex
> messages and some Excel documents.
> Protection against archive bombs (not fully functional since 0.70) was
> improved and a number of other improvements were made.
> 
> The ClamAV team (http://www.clamav.net/team.html)

H... I went to the crash-hat repository and there are RPMs there with a
timestamp from this morning but the filename is clamav-0.71-1.i386.rpm

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] clamd doesn't work

[Michael St. Laurent]

[snip]
> I am looking for something like NAV Auto-protect, I need to
> know how to make clam automatically scan incoming and outgoing mail
> and delete the mail containing infected items. BTW I have installed
> clam, libclam and clamd.

Mailscanner will do what you want.  It can be configured to run your command
line antivirus scanner on incoming email and can also run SpamAssassin on it
as well.  It's OpenSource, highly configurable and has great free support on
the mailing list.  Commercial support is also available from the author.

BTW, I am not connected with MailScanner in any way other than being a
satisfied user.  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Worm.SomeFool.Q

[Michael St. Laurent]

Richard Humphrey <mailto:[EMAIL PROTECTED]> wrote:
> I have been running ClamAv (keeping up with latest stable releases)
> for several months now and it has been working great (i thought).
> 
> Recent we noticed that we have been missing some expected emails
> generated by our online order form (all Linux based).
> 
> After looking through the logs, it appears ClamAV has caught them and
> identified them as being infected with Worm.SomeFool.Q.
> 
> The email that our online order form generates is plain text and I am
> not sure why these are being caught. Anyone have any ideas on the
> matter? 

Can you recover one of these messages?  If so then you should go to the
virus reporting page and submit it as a false positive.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Best way to scan e-mails without milter?

[Michael St. Laurent]

Kenneth Andresen <mailto:[EMAIL PROTECTED]> wrote:
> I am running a linux mail server without the opportunity to install
> milter. I have noticed a few ways to run ClamAV without, like using
> Trashscan. This is however intended to be ran as single user and seems
> not to be a good idea since we do have some medium mail volumes and
> multiple users to take care of.
> 
> What are in your experience the best way to run ClamAV mail scanner
> when you can't reinstall sendmail? (I may modifying sendmail.mc)

MailScanner.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] The Sasser worm

[Michael St. Laurent]

I know that Clamav has signatures in the database for the various species of
the Sasser worm and when I check the sigtool database they are listed.

What's the problem then you ask?  There is not a single instance in our log
files of it hitting our filter.  We've got *plenty* of others being logged
like Bagel, SomeFool, MyDoom, Gibe, Sober, BugBear, etc.  No Sasser though.

This worries me.  :-(  I feel like the guy in the UPS commercial who can't
handle the fact that there isn't a problem.  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Recommendation RedHat replacement

[Michael St. Laurent]

Bora <mailto:[EMAIL PROTECTED]> wrote:
> Sorry, this may not be appropriate to post here, but I know many of
> you are using RH and are figuring new options as they are no longer
> offering free download for RH 7, 8 and 9.
> 
> So the question is do you recommend moving to? SuSE, Mandrake? I want
> to use something similar so I don't have to learn new tools and admin
> task. 

You have your facts confused.  Free download of the OS is still available
from Red Hat and security updates will continue to be available for at least
1.5 years longer from the Fedora Legacy Project at http://fedoralegacy.org

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Remove 0.68 before installing 0.70?

[Michael St. Laurent]

Ken Morley <mailto:[EMAIL PROTECTED]> wrote:
> I've read herein that it's recommended that you uninstall ClamAV 0.68
> before you install 0.70.
> 
> I apologize if this is a stupid question, but how do you uninstall
> 0.68?  I think I've read all of the documentation that comes with the
> source and the clamdoc.pdf, but I don't see anything on
> uninstallation. 

How did you install it?  Was it an RPM file or did you install from source?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FW: Getting "functionality level = 1, required = 2" with 0.70

[Michael St. Laurent]

Michael St. Laurent <> wrote:
> I have clamav-0.70 (the release version) installed but I'm seeing
> "Current functionality level = 1, required = 2" in the log file. 

  Nevermind, I found the problem.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Getting "functionality level = 1, required = 2" with 0.70

[Michael St. Laurent]

I have clamav-0.70 (the release version) installed but I'm seeing "Current
functionality level = 1, required = 2" in the log file.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] How to submit email from Exchange Server?

[Michael St. Laurent]

Diego d'Ambra <mailto:[EMAIL PROTECTED]> wrote:
>> Does a procedure exist for exporting an email from Exchange Server
>> in a format that is useable by the team?
> 
> You may take a look at Spamsource
> (http://www.daesoft.com/SpamSource/index.htm).
> 
> It allows you easy to "extract the original non Exchange formatted"
> e-mail. Just use the "copy to clipboard" function then paste the text
> to a Notepad file.
> 
> (otherwise you're welcome to submit this .msg sample directly to me).

Thank you Diego.  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] How to submit email from Exchange Server?

[Michael St. Laurent]

This morning I got a suspiscious email with executable attachments claiming
to be a security update from Microsoft.  This email made it past both clamav
and Norton Antivirus.  Thinking that this might be a sample of a new virus I
wanted to submit it on the web page.  However, since the mail is on an
Exchange Server the only way I could figure out how to do this was to save
it out as a .msg file.  The last time I submitted a .msg file to the web
page I was told that they were not useable and so instead of submitting this
email I simply deleted it.

Does a procedure exist for exporting an email from Exchange Server in a
format that is useable by the team?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Mail taking a *long* time to hit the list

[Michael St. Laurent]

Wow.  I posted a message to the list at 9:23 AM (PDT) and as of 11:06 AM
(PDT) it *still* hasn't posted.  I wonder if this one will do any better?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Mail taking a *long* time to hit the list

[Michael St. Laurent]

Antony Stone <mailto:[EMAIL PROTECTED]> wrote:
> On Monday 03 May 2004 7:10 pm, Michael St. Laurent wrote:
> 
>> Wow.  I posted a message to the list at 9:23 AM (PDT) and as of
>> 11:06 AM (PDT) it *still* hasn't posted.  I wonder if this one will
>> do any better? 
> 
> You mean the one saying: "According to http://sarc.com/ there are
> several variants of the Sasser worm running around on the net.  A
> "sigtool -l | grep -i sasser" command reports "Worm.Sasser.A" but no
> others.  Does this one signature catch all the variants?"
> 
> If so, it arrived here ages ago; I didn;t reply to it then because
> the only answer I could think of was "We don't know until someone
> sends us a variant which the signature doesn't match."

I asked because it didn't arrive in my own mailbox until 12:19 PM, almost
three hours after I had sent it.  How curious that it arrived elsewhere more
quickly.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Does the Sasser signature catch all variants?

[Michael St. Laurent]

According to http://sarc.com/ there are several variants of the Sasser worm
running around on the net.  A "sigtool -l | grep -i sasser" command reports
"Worm.Sasser.A" but no others.  Does this one signature catch all the
variants?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] FW: Source RPM for ClamAV-0.70-rc anyone?

[Michael St. Laurent]

Michael St. Laurent <> wrote:
> Does anyone know where a Source RPM for ClamAV-0.70-rc might be found?

Never mind, I managed to roll my own.  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Source RPM for ClamAV-0.70-rc anyone?

[Michael St. Laurent]

Does anyone know where a Source RPM for ClamAV-0.70-rc might be found?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] [OT] UDP to port 1828 like crazy

[Michael St. Laurent]

I'm seeing tons of network activity all UDP traffic to port 1828.  Is this
an indication of a virus?

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Scanning LAN for virus activity?

[Michael St. Laurent]

I was reading about the String module for iptables in Linux Journal over the
weekend and it occured to me that this could be used for scanning the LAN
for the presence of an infected system.

Does anyone know if such a tool exists?  We're seeing *much* higher network
activity lately than in the past and it makes me nervous.

-- 
Michael St. Laurent
Hartwell Corporation


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clam AV 0.67 e-smith RedHat 7.3 Packages

[Michael St. Laurent]

What you might want to try is to download the source rpm and rebuild it.
That just might solve all your dependency issues.

FreshClam <mailto:[EMAIL PROTECTED]> wrote:
> Hi, I downloaded the Red Hat package from
> http://crash.fce.vutbr.cz/crash-hat/1/clamav/. When I try installing
> it on e-smith 6.0 with Red Hat 7.3, I get the following error:
> 
> [EMAIL PROTECTED] src]# rpm -Uvh clamav-0.67-1.i386.rpm
> error: failed dependencies:
> libc.so.6(GLIBC_2.3)   is needed by clamav-0.67-1
> libwrap.so.0   is needed by clamav-0.67-1
> 
> [EMAIL PROTECTED] src]# rpm -Uvh glibc-2.2.5-44.i386.rpm
> error: failed dependencies:
> glibc-common = 2.2.5-44 is needed by glibc-2.2.5-44
> [EMAIL PROTECTED] src]# rpm -Uvh glibc-common-2.2.5-44.i386.rpm
> error: failed dependencies:
> glibc-common = 2.2.5-43 is needed by glibc-2.2.5-43
> [EMAIL PROTECTED] src]#
> 
> There are so many packages and library files needed to get this
> working. Is there a single location or implementation guideline. I
> read the manual but it does not cover the package in detail and does
> not tell where to find all the needed files.
> 
> Thanks for your help in advance,
> New Fresh Clam User

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Couple of questions regarding ClamAV

[Michael St. Laurent]

Jesper Juhl <mailto:[EMAIL PROTECTED]> wrote:
> With my setup it goes into a queue, but only if no scanner at all is
> available. If clamd dies my setup falls back on using clamscan which
> is slower and causes mail to queue up, but it's better than letting it
> through unscanned.
> 
> It has only happened once that clamd died, so I don't consider it a
> huge problem, but just to be on the safe side I have setup a cron job
> to monitor it every 5 minutes and start it up again if it should
> happen again - so, that way I should only be relying on clamscan for
> a maximum of 5min which is not a problem. And should both fail I'll
> queue mail instead of letting it through unscanned (and yes, the size
> of the queue is monitored so I 
> get an alert if it should ever build up).

That's interesting.  Would you be willing to share more details of your
setup and how it all works?  Is this MailScanner you're talking about?

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Virus listing

[Michael St. Laurent]

David Gregg <mailto:[EMAIL PROTECTED]> wrote:
> Could not find in the archives...
> 
> Does anybody know how/where to obtain a listing of all viruses that
> ClamAV 'knows' about?

If you have Ver. 0.67 or higher (0.67-1 or CVS) then "sigtool -l" will do
the trick.  Otherwise, I'm not certain.


-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Can't get to submit page

[Michael St. Laurent]

Jesper Juhl <mailto:[EMAIL PROTECTED]> wrote:
>> I cannot seem to get to the virus submit page at:
>> 
>> http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi
>> 
>> It cannot load the sendvirus.cgi file from www.nervous.it
>> 
> Loads fine from here (Denmark). Are you sure it's not just a temporary
> routing problem or similar? Could also be a DNS issue at your end and
> lots of other things. Fact is I used the site to submit a few samples
> just a few hours ago, and I just loaded the page to check - and it is
> alive. So to me it seems like either a problem at your end or network
> problems between you and the webserver.

It was a temporary issue.  All is well now.  ;-D

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Can't get to submit page

[Michael St. Laurent]

I cannot seem to get to the virus submit page at:

http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi

It cannot load the sendvirus.cgi file from www.nervous.it

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: clamdmail how with sendmail?

[Michael St. Laurent]

Oh, excellent!  I've not looked at it as our Sun system has not been our
email server for several years.

> -Original Message-
> From: Nigel Horne [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, February 17, 2004 12:36 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Re: clamdmail how with sendmail?
> 
> 
> On Tuesday 17 Feb 2004 7:58 pm, Michael St. Laurent wrote:
> > Actually, his problem is probably that the Solaris Sendmail is not 
> > Milter enabled.
> 
> If you look through the INSTALL file as I mentioned, you'll 
> see that I cover exactly that point for Solaris (line 56 of 
> the most recent INSTALL file).
> 
> -Nigel
> 
> 
> -- 
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK.  ICQ#20252325
> [EMAIL PROTECTED] http://www.bandsman.co.uk
> 
> 
> 
> ---
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now! 
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438> &op=click
> 
> ___
> 
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: clamdmail how with sendmail?

[Michael St. Laurent]

Actually, his problem is probably that the Solaris Sendmail is not Milter
enabled.

> -Original Message-
> From: Nigel Horne [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, February 17, 2004 10:40 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Re: clamdmail how with sendmail?
> 
> 
> Grzegorz Staleñczyk <[EMAIL PROTECTED]> wrote:
> > Because, my sendmail is from Solaris package and I can't 
> recompile it 
> > with milter :-((
> 
> Clamav-milter compiles fine under Solaris, but you must 
> follow the instructions in the INSTALL file.
> 
> -Nigel
> 
> -- 
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK.  ICQ#20252325
> [EMAIL PROTECTED] http://www.bandsman.co.uk
> 
> 
> 
> ---
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now! 
> http://ads.osdn.com/?ad_id56&alloc_id438> &op=click
> 
> ___
> 
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Re: clamdmail how with sendmail?

[Michael St. Laurent]

I agree.  Look into using MailScanner.  It will integrate with the Solaris
sendmail.

-Original Message-
From: Chris Barnes [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 17, 2004 9:05 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] Re: clamdmail how with sendmail?


Grzegorz Staleñczyk <[EMAIL PROTECTED]> wrote:
> Because, my sendmail is from Solaris package and I can't recompile it 
> with milter :-((

Definately look into using MailScanner.


--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes AOL IM: CNBarnes
[EMAIL PROTECTED]  Yahoo IM: chrisnbarnes
Computer Systems Manager ph: 979-845-7801
Department of Physics   fax: 979-845-2590
Texas A&M University





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Implementation Questions

[Michael St. Laurent]

Antony Stone <mailto:[EMAIL PROTECTED]> wrote:
> I run MailScanner http://www.mailscanner.info as a wrapper to ClamAV
> and SpamAssassin (it can also handle many other A-V engines, and does
> further tests & checks of its own), and I find this a very good
> solution to handling email.

I recently moved to MailScanner as well after discovering that I would not
be able to use the clamav-milter given the special circumstances involved
here.

Wow.  I'm really, really happy with it.  It has one of the best install
scripts I've ever seen for unix.  It took a while to get it configured
because it is *very* configurable.

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: FW: [Clamav-users] Can't seem to get clamav-milter to scan ma il

[Michael St. Laurent]

Nigel Horne <mailto:[EMAIL PROTECTED]> wrote:
> Can the proxy send the mail through clamdscan first to do the
> scanning for you? 

I got it working through MailScanner.  I just substituted the FWTK proxy for
the sendmail.in process.

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

FW: [Clamav-users] Can't seem to get clamav-milter to scan mail

[Michael St. Laurent]

Michael St. Laurent <mailto:[EMAIL PROTECTED]> wrote:
> Yep, I have sendmail-cf installed and the sendmail.cf file *seems* to
> be correct.  I have the following in the /etc/mail/sendmail.cf file:
> 
> # Input mail filters
> O InputMailFilters=clamav-milter
> 
> and
> 
> Xclamav-milter,
> S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m
> 
> That's what should be in there, yes?
> 
> Any other things I should check?

OK, I found the source of the problem (though not a solution for it) and so
I'm passing the knowledge on to the list for safe keeping.  ;-)

The one piece of information that I failed to mention and that would
probably have helped with diagnosis was the fact that I am using a proxy to
receive SMTP mail before it is passed on to sendmail.  Once the proxy is
satisfied that the mail is legit it invokes sendmail and feeds the message
to it on STDIN using a command such as:
 
/usr/sbin/sendmail -L sm-mta -Am [EMAIL PROTECTED]
 
Because Sendmail is not getting the message through SMTP, the milters are
not being used.  I have confirmed that this is true from several sources.
Sendmail only runs milters against emails that are received through SMTP on
port 25.  Thus, even though everything seems to be configured correctly, it
*does* *not* *work*.

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Building RPMS from tarball

[Michael St. Laurent]

Tarjei Knapstad <mailto:[EMAIL PROTECTED]> wrote:
> There's also one in the "Binary packages" page, if you follow the link
> to Fedora packages. It has binaries, an SRPM and the .spec file for
> 0.66:
> 
> http://crash.fce.vutbr.cz/crash-hat/1/clamav/
> 
> (I've installed these binary packages on our RH 8.0 server without
> probs.)

Were there any dependency issues to be solved?  The .spec file looks like it
requires the fedora user and group management packages to be installed.

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Access permissions [was .065 depracated]

[Michael St. Laurent]

Tomasz Papszun <mailto:[EMAIL PROTECTED]> wrote:
> When using clamdscan (which is just an interface to clamd), one can
> scan only these files which clamd has access to.
> 
> So if clamd is run as unpriviliged user and mail files are owned by
> someone else, clamdscam / clamd can't scan them.

Nigel,

Is it possible that this could be the cause of the problem I'm having with
sendmail not appearing to contact clamav-milter or would it be logging an
error message in that case?

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Building RPMS from tarball

[Michael St. Laurent]

Mailing Lists <mailto:[EMAIL PROTECTED]> wrote:
> Not sure if this has been addressed before but I was wondering if it
> is/would be possible to build rpms directly from the tarball. I can do
> this currently with SpamAssassin by doing rpmbuild -ta  and
> it builds rpms for my system. Is this possible to do with clamav. I
> am not sure but I think a spec file would need to be included in the
> source. I think this would make things much, much easier for those of
> us who use rpm based systems to keep up with current builds etc
> instead of either finding or building rpms from scratch every time.
> Anyway, just a thought. If this has been addressed before I apologize.

I would like to second that request.  Does anyone on the list have a .spec
file that they would like to contribute?

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] SRPM for the 0.66 release available anywhere yet?

[Michael St. Laurent]

Does anyone know if a SRPM is available for the 0.66 release anywhere yet?

-- 
Michael St. Laurent
Hartwell Corporation


---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Wait for next stable version or use CVS

[Michael St. Laurent]

> RPMs (works fine on Fedora 1 and RedHat 9 at least) are available at
> https://www.olen.net/downloads/clamav-20040204-1.i386.rpm
> https://www.olen.net/downloads/clamav-milter-20040204-1.i386.rpm
> 
> SRPM:
> https://www.olen.net/downloads/clamav-20040204-1.src.rpm

I was just wondering if you had made RPMS for the 0.66-rc package or are you
waiting for the final release?

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] all this "complaining" about 0.65 vs CVS ...

[Michael St. Laurent]

OpenMacNews <mailto:[EMAIL PROTECTED]> wrote:
> i'm noticing a lot of displeasure with "0.65 not doing this, that or
> the other ..." 
> 
> in my experience and opinion, this list -- and the great team and
> product behind it -- is one of the most active/responsive opensource
> products that i've seen 

[snip]

Let me add my agreement as well.  The Clamav team is doing a fantastic job!

An earlier message that I posted may have communicated my frustration with
clamav-milter, which we've had a great deal of trouble with.  Just after I
hit the send button I wished that I had softened my tone a bit as the intent
of the message could very easily be misunderstood the way I sent it.  Of
course, by then it was too late.

I hope nobody was troubled by it.

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clamav-milter runaway process problems

[Michael St. Laurent]

Nigel Horne <mailto:[EMAIL PROTECTED]> wrote:
> On Monday 09 Feb 2004 5:06 pm, Michael St. Laurent wrote:
> 
>> Feb  9 09:00:35 guardian clamav-milter[4661]: ClamAV version 'clamd /
>> ClamAV version devel-20040204', clamav-milter version '0.66k'
> 
> In that case clamav-milter has started and the issue is with
> sendmail. Have you changed sendmail.mc to know about clamav-milter,
> rebuilt sendmail.cf and restarted sendmail?

That's what I was thinking as well except that I can't find a problem with
that either.

/etc/mail.sendmail.mc contains the lines:

INPUT_MAIL_FILTER(`clamav-milter',
`S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m')dnl
define(`confINPUT_MAIL_FILTERS', `clamav-milter')dnl

And the /etc/mail/sendmail.cf file has the lines:

# Input mail filters
O InputMailFilters=clamav-milter

# Milter options
#O Milter.LogLevel
O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject},
{ce
rt_issuer}
O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf},
{auth_author}
, {mail_mailer}, {mail_host}, {mail_addr}
O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}

##
##
#
#   MAIL FILTER DEFINITIONS
#
##
##

Xclamav-milter,
S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m


This is on a Red Hat 9 system with the sendmail-8.12.8-9.90 package as well
as the matching sendmail-cf and sendmail-devel packages.

I started messaging the list because I ran out of things to check.  If you
can think of any that we've not covered yet I would really appreciate the
help.

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Spam filter and clam-av

[Michael St. Laurent]

Claudio Alonso <mailto:[EMAIL PROTECTED]> wrote:
>> The best open source spam filter (in my oppinion) is SpamAssassin
>> (SA) 
> 
> Thanks Fajar,
> I heard that, but I couldn't get SpamAssassin to compile on Digital
> (Digital UNIX doesn't seem to provide the snprintf function which is
> apparently needed by SpamAssassin). 

If you are interested in getting it to work there was an excellent article
on the snprintf and related functions in this weeks issue of Linux Weekly
News.  If you are not a subscriber you will have to wait until Thursday to
read the issue.  The issue you want is the one dated Feb. 5th.

http://www.lwn.net

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clamav-milter runaway process problems

[Michael St. Laurent]

Nigel Horne <mailto:[EMAIL PROTECTED]> wrote:
>>>> To me that sounds like something is wrong!  ;-)
>>> 
>>> Yes, but not terminally.
>> 
>> So, does this message help to determine why nothing is being scanned?
> 
> Have you turned LogSyslog on yet? If so, look in /var/log/messages
> and/or /var/log/maillog and see if that gives you any clues. If
> nothing appears I'm stumped what's wrong with your config.

Here's what I'm seeing in /var/log/messages when I start the services:

Feb  9 09:00:28 guardian clamd[4643]: Daemon started.
Feb  9 09:00:28 guardian clamd[4643]: Log file size limit disabled.
Feb  9 09:00:28 guardian clamd[4643]: Running as user clamav (UID 100, GID
101)
Feb  9 09:00:28 guardian clamd[4643]: Reading databases from /var/lib/clamav
Feb  9 09:00:28 guardian clamd[4643]: Protecting against 20667 viruses.
Feb  9 09:00:28 guardian clamd[4644]: Unix socket file
/var/run/clamav/clamd.soc
k
Feb  9 09:00:28 guardian clamd[4644]: Setting connection queue length to 15
Feb  9 09:00:28 guardian clamd[4644]: Maximal number of threads: 100
Feb  9 09:00:28 guardian clamd[4644]: Archive: Archived file size limit set
to 1
0485760 bytes.
Feb  9 09:00:28 guardian clamd[4644]: Archive: Recursion level limit set to
5.
Feb  9 09:00:28 guardian clamd[4644]: Archive: Files limit set to 1000.
Feb  9 09:00:28 guardian clamd[4644]: Archive: Compression ratio limit set
to 20
0.
Feb  9 09:00:28 guardian clamd: clamd startup succeeded
Feb  9 09:00:28 guardian clamd[4644]: Archive support enabled.
Feb  9 09:00:28 guardian clamd[4644]: RAR support disabled.
Feb  9 09:00:28 guardian clamd[4644]: Mail files support enabled.
Feb  9 09:00:28 guardian clamd[4644]: OLE2 support disabled.
Feb  9 09:00:28 guardian clamd[4644]: Self checking every 3600 seconds.
Feb  9 09:00:28 guardian clamd[4644]: Timeout set to 180 seconds.
Feb  9 09:00:28 guardian clamd[4644]: SelfCheck: Database status OK.
Feb  9 09:00:35 guardian clamav-milter: clamav-milter startup succeeded

In /var/log/maillog I see only:

Feb  9 09:00:35 guardian clamav-milter[4661]: ClamAV version 'clamd / ClamAV
version devel-20040204', clamav-milter version '0.66k'


-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Can't seem to get clamav-milter to scan mail

[Michael St. Laurent]

Eduardo Kaftanski <mailto:[EMAIL PROTECTED]> wrote:
> even if you r are running on fedora you need to
> make sure the package sendmail-cf is installed.
> 
> do a rpm -qi sendmail-cf to see if its installed. if its not, you
> can get it in one of the CDs...

Yep, I have sendmail-cf installed and the sendmail.cf file *seems* to be
correct.  I have the following in the /etc/mail/sendmail.cf file:

# Input mail filters
O InputMailFilters=clamav-milter

and

Xclamav-milter,
S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m

That's what should be in there, yes?

Any other things I should check?

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clamav-milter runaway process problems

[Michael St. Laurent]

Nigel Horne <mailto:[EMAIL PROTECTED]> wrote:
> On Friday 06 Feb 2004 5:28 pm, Michael St. Laurent wrote:
> 
>> clamav-milter: (-q && !LogSysLog): warning - all interception message
>> methods are off
> 
> Best to add LogSyslog in clamav.conf while you're testing. Actually
> there's no reason not to have that in permanently.
> 
>> To me that sounds like something is wrong!  ;-)
> 
> Yes, but not terminally.

So, does this message help to determine why nothing is being scanned?

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clamav-milter runaway process problems

[Michael St. Laurent]

Nigel Horne <mailto:[EMAIL PROTECTED]> wrote:
> I can see nothing wrong here. So try this: enable debug and foreground
> in clamav.conf. Restart clamav-milter by hand from the hash prompt (by
> hand I mean not through a /etc/init.d script) and see if it shows up
> any issues. 
> 
> I take it you're using a recent clamav-milter.

I'm trying the above method to help diagnose the problem with my setup and I
get the following when I start clamav-milter:

clamav-milter: (-q && !LogSysLog): warning - all interception message
methods are off

To me that sounds like something is wrong!  ;-)

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Can't seem to get clamav-milter to scan mail

[Michael St. Laurent]

Krištof Petr <mailto:[EMAIL PROTECTED]> wrote:
> Michael St. Laurent wrote:
> 
>> These instructions are:
>> 
>> 
>>clamav-milter rpm package for Fedora Core 1
>>===
>> 
>> 
> [..]
> 
> And are you running Fedora Core 1?

No, Red Hat 9 actually.

> If you do not, you need manually rebuild sendmail.cf config file
> Old version of RH doesnt rebuld it on startup.
> 
> cd /etc/mail
> vi sendmail.mc
> make clean
> make
> service sendmail restart

Sorry, I forgot to mention that I did do that.  I checked the sendmail.cf
file to make sure it had the appropriate lines in it as well:

# Input mail filters
O InputMailFilters=clamav-milter

and

Xclamav-milter,
S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m

> When emails goes through clamav-milter the header is added (by
> default) 
> 
> X-Virus-Scanned: ClamAV version 'clamd / ClamAV version 20040204',
> clamav-milter version '0.66k'
> 
> You should see something on /var/log/clamav/clamd.log

Yes, and since I'm seeing neither of these happening I concluded that
something was not working correctly.  ;-)

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Can't seem to get clamav-milter to scan mail

[Michael St. Laurent]

ault is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
#MaxThreads 10
MaxThreads 100

# Thread (scanner - single task) will be stopped after this time (seconds).
# Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase
the
# timeout instead of disabling it.
#ThreadTimeout 500

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Follow a directory symlinks.
# SECURITY HINT: You should have enabled directory recursion limit to
# avoid potential problems.
#FollowDirectorySymlinks

# Follow regular file symlinks.
#FollowFileSymlinks

# Do internal checks (eg. check the integrity of the database structures)
# By default clamd checks itself every 3600 seconds (1 hour).
#SelfCheck 600

# Execute a command when virus is found. In the command string %v and %f
will
# be replaced by the virus name and the infected file name respectively.
#
# SECURITY WARNING: Make sure the virus event command cannot be exploited,
#   eg. by using some special file name when %f is used.
#   Always use a full path to the command.
#   Never delete/move files with this directive !
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v"

# Run as selected user (clamd must be started by root).
# By default it doesn't drop privileges.
#User clamav
User clamav

# Initialize the supplementary group access (for all groups in /etc/group
# user is added in. clamd must be started by root).
#AllowSupplementaryGroups

# Don't fork into background. Useful in debugging.
#Foreground

# Enable debug messages in libclamav.
#Debug

##
## Document scanning
##

# This option enables scanning of Microsoft Office document macros.
#ScanOLE2

##
## Mail support
##

# Uncomment this option if you are planning to scan mail files.
#ScanMail
ScanMail

##
## Archive support
##


# Comment this line to disable scanning of the archives.
ScanArchive


# By default the built-in RAR unpacker is disabled by default because the
code
# terribly leaks, however it's probably a good idea to enable it.
#ScanRAR


# Options below protect your system against Denial of Service attacks
# with archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one) in
RAR
#  archives are decompressed to the memory. That's why never disable
#  this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M

# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
# the RAR file will be decompressed, too (but only if recursion limit is set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.
ArchiveMaxRecursion 5

# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000

# Mark potential archive bombs as viruses (0 disables the limit)
ArchiveMaxCompressionRatio 200

# Use slower decompression algorithm which uses less memory. This option
# affects bzip2 decompressor only.
#ArchiveLimitMemoryUsage

##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##  up your system !!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
#ClamukoScanOnLine

# Set access mask for Clamuko.
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath options, but each directory must be added
# in a seperate option. All subdirectories are scanned, too.
ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
#ClamukoExcludePath /home/guru

# Limit the file size to be scanned (probably you don't want to scan your
movie
# files ;))
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 1M

# Enable archive support. It uses the limits from clamd section.
# (This option doesn't depend on ScanArchive, you can have archive support
# in clamd disabled).
ClamukoScanArchive

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Can't seem to get clamav-milter to scan mail

[Michael St. Laurent]

I've installed the:

https://www.olen.net/downloads/clamav-20040204-1.i386.rpm
https://www.olen.net/downloads/clamav-milter-20040204-1.i386.rpm

packages and followed the directions at:

/usr/share/doc/clamav-milter-20040204/RPM-clamav-milter.txt

These instructions are:


clamav-milter rpm package for Fedora Core 1
===

1) Install clamav and clamav-milter rpm packages

2) Add services to apropriate levels:

/sbin/chkconfig --level 2345 clamd on
/sbin/chkconfig --level 2345 freshclam on
/sbin/chkconfig --level 2345 clamav-milter on

3) Edit /etc/sysconfig/freshclam config and start freshclam to update DB:

/sbin/service freshclam start

4) Start clamd daemon and clamav-milter:

/sbin/service clamd start
/sbin/service clamav-milter start

5) Add next line to /etc/mail/sendmail.mc:

INPUT_MAIL_FILTER(`clamav-milter',
`S=local:/var/run/clamav/clamav-milter.sock,
F=,T=S:4m;R:4m;E:10m')

6) Restart sendmail:
/sbin/service sendmail restart

7) Good Luck!


Unfortunately, I am *not* having good luck.  None of the emails are actually
being scanned by clamav.

Does anyone have an idea what might be going wrong?

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD

[Michael St. Laurent]

Ryan <mailto:[EMAIL PROTECTED]> wrote:
> OK. I tested and am now running the following:
> 
> ttyp0 [EMAIL PROTECTED]:/etc/mail #> clamav-milter --version
> ClamAV version devel-20040205, clamav-milter version 0.66k
> 
> It seems to, thus far, be working perfectly... bouncing about a dozen
> SCO worms every minute for the last hour or so without breaking a
> sweat. Previously, it would have ground to a halt by now. Needless to
> say, we'll still be monitoring it closely. ;-)

H... OK, maybe it's time I tried it again.

OK, it seems to be behaving itself so far.  I'll report later after it's
been running for a while.

One question, I'm not seeing the X-Virus-Scanned header in the messages and
a "ps -elf | grep clamav-milter" does not seem to indicate that it's running
with the -n option.  Shouldn't I be seeing that header if it is indeed
working?

I would like to test by sending myself the test signature.  Could someone
let me know the best way to do that?

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Clamav-milter runaway process problems

[Michael St. Laurent]

Mike Brodbelt <mailto:[EMAIL PROTECTED]> wrote:
> Hi,
> 
> I've made the odd bit of noise about this on the list before, but I'm
> repeating myself because this particular problem is inordinately
> painful for me...

Me too.

> Running Clamav and clamav-milter (now the 20040204 snapshot, but this
> is 
> an ongoing issue) with sendmail 8.12.10, and I get regular problems
> with ClamAV spawning huge numbers of child processes, and generally
> falling over. 
> 
> To gove an example, I upgraded to the CVS snapshot this morning, with
> clamav-milter 0.66k, and started the daemon at about 11:30:-

So it's *still* doing this eh?

> Feb  5 11:34:42 castor clamav-milter[790]: ClamAV version 'clamd /
> ClamAV version devel-20040205', clamav-milter version '0
> .66k'
> 
> The first problems showed up just over an hour later:-
> 
> Feb  5 12:39:54 castor clamav-milter[10759]: hit max-children limit (5
>> = 5): waiting for some to exit
> Feb  5 12:40:28 castor clamav-milter[11254]: hit max-children limit (5
>> = 5): waiting for some to exit
> Feb  5 12:40:54 castor clamav-milter[10759]: ClamAv: private data not
> NULL Feb  5 12:41:28 castor clamav-milter[11254]: ClamAv: private
> data not NULL 
> 
> This carries on until I notice, and restart it. In an hour, it had got
> to this:-
> 
> Feb  5 13:23:42 castor clamav-milter[16550]: ClamAv: private data not
> NULL Feb  5 13:23:43 castor clamav-milter[16567]: hit max-children
> limit (136 
>> = 5): waiting for some to exit
> Feb  5 13:23:46 castor clamav-milter[16572]: hit max-children limit
> (136 
>> = 5): waiting for some to exit
> 
> The number of processes grows beyond the max-children limit, though at
> least some of them die, as the actual process count doesn't keep pace
> with the logged number.

Yep.

> While it's in this state, messages aren't virus checked, as sendmail
> just waits for the milter to time-out, and then gives up on it. I've
> had these problems since I installed ClamAv, about 4 1/2 months ago.
> They 
> used to result in it going belly up every 2-3 days, but they seem to
> have got worse - I now rarely get more than a couple of hours "life"
> out 
> of it.
> 
> I'm happy to provide any more information if it would help, but I'm
> seriously considering uninstalling it at this stage - it's only
> working about half the time because of this, and it causes mail slow
> downs the 
> rest of the time, while sendmail waits for the timeouts. Surely I
> can't 
> be the only person experiencing this - I'm not running anything that
> weird and wonderful?

No, you're not the only person seeing this behaviour.  I ran into the same
problem a while back and had to give up on Clamav.  I decided not to revisit
the program until I had a good reason to believe that the problem was really
fixed this time as I had heard several times from the list that it had been
corrected but each time found that it was not.  I blew about 60 hours trying
to get it to work and my supervisor was getting really pissed at how much
time I was using up.

-- 
Michael St. Laurent
Hartwell Corporation


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Wait for next stable version or use CVS

[Michael St. Laurent]

Are you using clamav-milter for the email scanning?

> -Original Message-
> From: Matthew Trent [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, February 03, 2004 8:21 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] Wait for next stable version or use CVS
> 
> 
> On Tuesday 03 February 2004 07:18 am, Cedric Foll wrote:
> > Hi,
> >
> > I wonder if i have to wait for the next stable version or 
> use the last 
> > cvs. I've download the last cvs of clamav and i'm reading the 
> > changelog and found very interesting things there.
> > Is the current CVS is stable for an use in production environment ?
> > Is the next stable will done quicly ?
> >
> > Regards
> 
> CVS is the only way to go. I'm running it with 10,000 users and over 
> half-a-million emails per day. Except for the huge memory 
> leak that crashed 
> everything this weekend, it's been really stable. ;-) 
> (Supposed to be fixed 
> now.)
> -- 
> Matt
> Systems Administrator
> Local Access Communications
> 360.330.5535
> 
> 
> ---
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration 
> See the breadth of Eclipse activity. February 3-5 in Anaheim, 
> CA. http://www.eclipsecon.org/osdn 
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] New web design

[Michael St. Laurent]

I just checked it out as well.  *Nice*!

-- 
"The United States is putting together a Constitution now for Iraq. Why
don't we just give them ours? It's served us well for 200 years, and we
don't appear to be using it anymore, so what the hell?"  -- Jay Leno


> I saw it right now,
> 
> it look really nice!
> 
> Congratulations!
> 
> Pavel


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Zip issues

[Michael St. Laurent]

> many thanks for the info. The new stable release will be 
> available for a
> few hours.

;-)  Only for a few hours?  Please let me know when that will be... I don't
want to miss my chance!  ;-)

-- 
"The United States is putting together a Constitution now for Iraq. Why
don't we just give them ours? It's served us well for 200 years, and we
don't appear to be using it anymore, so what the hell?"  -- Jay Leno



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: AW: [Clamav-users] Good News

[Michael St. Laurent]

> >Could a .spec file to create Red Hat RPMS be added?
> >
> There are several rpm packages. Look at mailing list archive.
> My are on ftp://crash.fce.vutbr.cz/pub/linux/clamav/
> 
> The another is maintained by one fine guy, who's name I forget.
> We decided work together to make one universal package,
> but I accidentaly deleted my mbox and didnt recovery it still.

Would you mind contributing your .spec file to the project then?

-- 
"The United States is putting together a Constitution now for Iraq. Why
don't we just give them ours? It's served us well for 200 years, and we
don't appear to be using it anymore, so what the hell?"  -- Jay Leno



---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: AW: [Clamav-users] Good News

[Michael St. Laurent]

> > > > So, are we close to a new stable version?
> > >  
> > > Yeah ! CVS clamd is the most stable version ever.
> > 
> > Could a .spec file to create Red Hat RPMS be added?
> 
> No problem. Do you have one ?

No, sorry.  I've seen several RPMs out on the net though so there must be
some in existence.


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: AW: [Clamav-users] Good News

[Michael St. Laurent]

> > So, are we close to a new stable version?
>  
> Yeah ! CVS clamd is the most stable version ever.

Could a .spec file to create Red Hat RPMS be added?


---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Any resolution for defunct clamd procs. yet?

[Michael St. Laurent]

Does the 20030909 snapshot include the corrected code?

> > Is there a fix for the defunct clamd processes that happen 
> when using the
> > clamav-milter?  Has it been fixed in CVS yet?
> 
> Yes, it has been fixed in CVS.


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Any resolution for defunct clamd procs. yet?

[Michael St. Laurent]

Is there a fix for the defunct clamd processes that happen when using the
clamav-milter?  Has it been fixed in CVS yet?

-- 
"The United States is putting together a Constitution now for Iraq. Why
don't we just give them ours? It's served us well for 200 years, and we
don't appear to be using it anymore, so what the hell?"  -- Jay Leno


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users