RE: [Clamav-users] List Down
Daniel J McDonald <> wrote: > No, merely slow. It only took 4 hours to be delivered to me. What do > you want? Back in the bad old days we only got mail once a month, > over a 1200 baud modem, in the snow, uphill both ways! And you're > complaining about a 4-hour delay? Young whippersnapper! ;-) You had a 1200 baud modem!? ;-D -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] FW: Virus W32.Erkez.B@mm getting through
Michael St. Laurent <> wrote: > The Norton Antivirus running on our mail server is catching the virus > "[EMAIL PROTECTED]" which appears to be getting past Clamav. Please disregard. The autoupdater was not working. Erkez is detected by Clamav as "Zafi". My mistake. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Virus W32.Erkez.B@mm getting through
The Norton Antivirus running on our mail server is catching the virus "[EMAIL PROTECTED]" which appears to be getting past Clamav. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] ClamAV 0.72 Released
Brian May <mailto:[EMAIL PROTECTED]> wrote: > ClamAV 0.72 is available for download. > Major bugfixes in this release include crashes with corrupted BinHex > messages and some Excel documents. > Protection against archive bombs (not fully functional since 0.70) was > improved and a number of other improvements were made. > > The ClamAV team (http://www.clamav.net/team.html) H... I went to the crash-hat repository and there are RPMs there with a timestamp from this morning but the filename is clamav-0.71-1.i386.rpm -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] clamd doesn't work
[snip] > I am looking for something like NAV Auto-protect, I need to > know how to make clam automatically scan incoming and outgoing mail > and delete the mail containing infected items. BTW I have installed > clam, libclam and clamd. Mailscanner will do what you want. It can be configured to run your command line antivirus scanner on incoming email and can also run SpamAssassin on it as well. It's OpenSource, highly configurable and has great free support on the mailing list. Commercial support is also available from the author. BTW, I am not connected with MailScanner in any way other than being a satisfied user. ;-D -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Worm.SomeFool.Q
Richard Humphrey <mailto:[EMAIL PROTECTED]> wrote: > I have been running ClamAv (keeping up with latest stable releases) > for several months now and it has been working great (i thought). > > Recent we noticed that we have been missing some expected emails > generated by our online order form (all Linux based). > > After looking through the logs, it appears ClamAV has caught them and > identified them as being infected with Worm.SomeFool.Q. > > The email that our online order form generates is plain text and I am > not sure why these are being caught. Anyone have any ideas on the > matter? Can you recover one of these messages? If so then you should go to the virus reporting page and submit it as a false positive. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Best way to scan e-mails without milter?
Kenneth Andresen <mailto:[EMAIL PROTECTED]> wrote: > I am running a linux mail server without the opportunity to install > milter. I have noticed a few ways to run ClamAV without, like using > Trashscan. This is however intended to be ran as single user and seems > not to be a good idea since we do have some medium mail volumes and > multiple users to take care of. > > What are in your experience the best way to run ClamAV mail scanner > when you can't reinstall sendmail? (I may modifying sendmail.mc) MailScanner. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] The Sasser worm
I know that Clamav has signatures in the database for the various species of the Sasser worm and when I check the sigtool database they are listed. What's the problem then you ask? There is not a single instance in our log files of it hitting our filter. We've got *plenty* of others being logged like Bagel, SomeFool, MyDoom, Gibe, Sober, BugBear, etc. No Sasser though. This worries me. :-( I feel like the guy in the UPS commercial who can't handle the fact that there isn't a problem. ;-D -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Recommendation RedHat replacement
Bora <mailto:[EMAIL PROTECTED]> wrote: > Sorry, this may not be appropriate to post here, but I know many of > you are using RH and are figuring new options as they are no longer > offering free download for RH 7, 8 and 9. > > So the question is do you recommend moving to? SuSE, Mandrake? I want > to use something similar so I don't have to learn new tools and admin > task. You have your facts confused. Free download of the OS is still available from Red Hat and security updates will continue to be available for at least 1.5 years longer from the Fedora Legacy Project at http://fedoralegacy.org -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Remove 0.68 before installing 0.70?
Ken Morley <mailto:[EMAIL PROTECTED]> wrote: > I've read herein that it's recommended that you uninstall ClamAV 0.68 > before you install 0.70. > > I apologize if this is a stupid question, but how do you uninstall > 0.68? I think I've read all of the documentation that comes with the > source and the clamdoc.pdf, but I don't see anything on > uninstallation. How did you install it? Was it an RPM file or did you install from source? -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] FW: Getting "functionality level = 1, required = 2" with 0.70
Michael St. Laurent <> wrote: > I have clamav-0.70 (the release version) installed but I'm seeing > "Current functionality level = 1, required = 2" in the log file. Nevermind, I found the problem. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Getting "functionality level = 1, required = 2" with 0.70
I have clamav-0.70 (the release version) installed but I'm seeing "Current functionality level = 1, required = 2" in the log file. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] How to submit email from Exchange Server?
Diego d'Ambra <mailto:[EMAIL PROTECTED]> wrote: >> Does a procedure exist for exporting an email from Exchange Server >> in a format that is useable by the team? > > You may take a look at Spamsource > (http://www.daesoft.com/SpamSource/index.htm). > > It allows you easy to "extract the original non Exchange formatted" > e-mail. Just use the "copy to clipboard" function then paste the text > to a Notepad file. > > (otherwise you're welcome to submit this .msg sample directly to me). Thank you Diego. ;-D -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] How to submit email from Exchange Server?
This morning I got a suspiscious email with executable attachments claiming to be a security update from Microsoft. This email made it past both clamav and Norton Antivirus. Thinking that this might be a sample of a new virus I wanted to submit it on the web page. However, since the mail is on an Exchange Server the only way I could figure out how to do this was to save it out as a .msg file. The last time I submitted a .msg file to the web page I was told that they were not useable and so instead of submitting this email I simply deleted it. Does a procedure exist for exporting an email from Exchange Server in a format that is useable by the team? -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Mail taking a *long* time to hit the list
Wow. I posted a message to the list at 9:23 AM (PDT) and as of 11:06 AM (PDT) it *still* hasn't posted. I wonder if this one will do any better? -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Mail taking a *long* time to hit the list
Antony Stone <mailto:[EMAIL PROTECTED]> wrote: > On Monday 03 May 2004 7:10 pm, Michael St. Laurent wrote: > >> Wow. I posted a message to the list at 9:23 AM (PDT) and as of >> 11:06 AM (PDT) it *still* hasn't posted. I wonder if this one will >> do any better? > > You mean the one saying: "According to http://sarc.com/ there are > several variants of the Sasser worm running around on the net. A > "sigtool -l | grep -i sasser" command reports "Worm.Sasser.A" but no > others. Does this one signature catch all the variants?" > > If so, it arrived here ages ago; I didn;t reply to it then because > the only answer I could think of was "We don't know until someone > sends us a variant which the signature doesn't match." I asked because it didn't arrive in my own mailbox until 12:19 PM, almost three hours after I had sent it. How curious that it arrived elsewhere more quickly. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Does the Sasser signature catch all variants?
According to http://sarc.com/ there are several variants of the Sasser worm running around on the net. A "sigtool -l | grep -i sasser" command reports "Worm.Sasser.A" but no others. Does this one signature catch all the variants? -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] FW: Source RPM for ClamAV-0.70-rc anyone?
Michael St. Laurent <> wrote: > Does anyone know where a Source RPM for ClamAV-0.70-rc might be found? Never mind, I managed to roll my own. ;-D -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Source RPM for ClamAV-0.70-rc anyone?
Does anyone know where a Source RPM for ClamAV-0.70-rc might be found? -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] [OT] UDP to port 1828 like crazy
I'm seeing tons of network activity all UDP traffic to port 1828. Is this an indication of a virus? -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Scanning LAN for virus activity?
I was reading about the String module for iptables in Linux Journal over the weekend and it occured to me that this could be used for scanning the LAN for the presence of an infected system. Does anyone know if such a tool exists? We're seeing *much* higher network activity lately than in the past and it makes me nervous. -- Michael St. Laurent Hartwell Corporation --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clam AV 0.67 e-smith RedHat 7.3 Packages
What you might want to try is to download the source rpm and rebuild it. That just might solve all your dependency issues. FreshClam <mailto:[EMAIL PROTECTED]> wrote: > Hi, I downloaded the Red Hat package from > http://crash.fce.vutbr.cz/crash-hat/1/clamav/. When I try installing > it on e-smith 6.0 with Red Hat 7.3, I get the following error: > > [EMAIL PROTECTED] src]# rpm -Uvh clamav-0.67-1.i386.rpm > error: failed dependencies: > libc.so.6(GLIBC_2.3) is needed by clamav-0.67-1 > libwrap.so.0 is needed by clamav-0.67-1 > > [EMAIL PROTECTED] src]# rpm -Uvh glibc-2.2.5-44.i386.rpm > error: failed dependencies: > glibc-common = 2.2.5-44 is needed by glibc-2.2.5-44 > [EMAIL PROTECTED] src]# rpm -Uvh glibc-common-2.2.5-44.i386.rpm > error: failed dependencies: > glibc-common = 2.2.5-43 is needed by glibc-2.2.5-43 > [EMAIL PROTECTED] src]# > > There are so many packages and library files needed to get this > working. Is there a single location or implementation guideline. I > read the manual but it does not cover the package in detail and does > not tell where to find all the needed files. > > Thanks for your help in advance, > New Fresh Clam User -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Couple of questions regarding ClamAV
Jesper Juhl <mailto:[EMAIL PROTECTED]> wrote: > With my setup it goes into a queue, but only if no scanner at all is > available. If clamd dies my setup falls back on using clamscan which > is slower and causes mail to queue up, but it's better than letting it > through unscanned. > > It has only happened once that clamd died, so I don't consider it a > huge problem, but just to be on the safe side I have setup a cron job > to monitor it every 5 minutes and start it up again if it should > happen again - so, that way I should only be relying on clamscan for > a maximum of 5min which is not a problem. And should both fail I'll > queue mail instead of letting it through unscanned (and yes, the size > of the queue is monitored so I > get an alert if it should ever build up). That's interesting. Would you be willing to share more details of your setup and how it all works? Is this MailScanner you're talking about? -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Virus listing
David Gregg <mailto:[EMAIL PROTECTED]> wrote: > Could not find in the archives... > > Does anybody know how/where to obtain a listing of all viruses that > ClamAV 'knows' about? If you have Ver. 0.67 or higher (0.67-1 or CVS) then "sigtool -l" will do the trick. Otherwise, I'm not certain. -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Can't get to submit page
Jesper Juhl <mailto:[EMAIL PROTECTED]> wrote: >> I cannot seem to get to the virus submit page at: >> >> http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi >> >> It cannot load the sendvirus.cgi file from www.nervous.it >> > Loads fine from here (Denmark). Are you sure it's not just a temporary > routing problem or similar? Could also be a DNS issue at your end and > lots of other things. Fact is I used the site to submit a few samples > just a few hours ago, and I just loaded the page to check - and it is > alive. So to me it seems like either a problem at your end or network > problems between you and the webserver. It was a temporary issue. All is well now. ;-D -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Can't get to submit page
I cannot seem to get to the virus submit page at: http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi It cannot load the sendvirus.cgi file from www.nervous.it -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clamdmail how with sendmail?
Oh, excellent! I've not looked at it as our Sun system has not been our email server for several years. > -Original Message- > From: Nigel Horne [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 17, 2004 12:36 PM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Re: clamdmail how with sendmail? > > > On Tuesday 17 Feb 2004 7:58 pm, Michael St. Laurent wrote: > > Actually, his problem is probably that the Solaris Sendmail is not > > Milter enabled. > > If you look through the INSTALL file as I mentioned, you'll > see that I cover exactly that point for Solaris (line 56 of > the most recent INSTALL file). > > -Nigel > > > -- > Nigel Horne. Arranger, Composer, Typesetter. > NJH Music, Barnsley, UK. ICQ#20252325 > [EMAIL PROTECTED] http://www.bandsman.co.uk > > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438> &op=click > > ___ > > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clamdmail how with sendmail?
Actually, his problem is probably that the Solaris Sendmail is not Milter enabled. > -Original Message- > From: Nigel Horne [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 17, 2004 10:40 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Re: clamdmail how with sendmail? > > > Grzegorz Staleñczyk <[EMAIL PROTECTED]> wrote: > > Because, my sendmail is from Solaris package and I can't > recompile it > > with milter :-(( > > Clamav-milter compiles fine under Solaris, but you must > follow the instructions in the INSTALL file. > > -Nigel > > -- > Nigel Horne. Arranger, Composer, Typesetter. > NJH Music, Barnsley, UK. ICQ#20252325 > [EMAIL PROTECTED] http://www.bandsman.co.uk > > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id56&alloc_id438> &op=click > > ___ > > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Re: clamdmail how with sendmail?
I agree. Look into using MailScanner. It will integrate with the Solaris sendmail. -Original Message- From: Chris Barnes [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 9:05 AM To: [EMAIL PROTECTED] Subject: [Clamav-users] Re: clamdmail how with sendmail? Grzegorz Staleñczyk <[EMAIL PROTECTED]> wrote: > Because, my sendmail is from Solaris package and I can't recompile it > with milter :-(( Definately look into using MailScanner. -- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Chris Barnes AOL IM: CNBarnes [EMAIL PROTECTED] Yahoo IM: chrisnbarnes Computer Systems Manager ph: 979-845-7801 Department of Physics fax: 979-845-2590 Texas A&M University --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Implementation Questions
Antony Stone <mailto:[EMAIL PROTECTED]> wrote: > I run MailScanner http://www.mailscanner.info as a wrapper to ClamAV > and SpamAssassin (it can also handle many other A-V engines, and does > further tests & checks of its own), and I find this a very good > solution to handling email. I recently moved to MailScanner as well after discovering that I would not be able to use the clamav-milter given the special circumstances involved here. Wow. I'm really, really happy with it. It has one of the best install scripts I've ever seen for unix. It took a while to get it configured because it is *very* configurable. -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: FW: [Clamav-users] Can't seem to get clamav-milter to scan ma il
Nigel Horne <mailto:[EMAIL PROTECTED]> wrote: > Can the proxy send the mail through clamdscan first to do the > scanning for you? I got it working through MailScanner. I just substituted the FWTK proxy for the sendmail.in process. -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
FW: [Clamav-users] Can't seem to get clamav-milter to scan mail
Michael St. Laurent <mailto:[EMAIL PROTECTED]> wrote: > Yep, I have sendmail-cf installed and the sendmail.cf file *seems* to > be correct. I have the following in the /etc/mail/sendmail.cf file: > > # Input mail filters > O InputMailFilters=clamav-milter > > and > > Xclamav-milter, > S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m > > That's what should be in there, yes? > > Any other things I should check? OK, I found the source of the problem (though not a solution for it) and so I'm passing the knowledge on to the list for safe keeping. ;-) The one piece of information that I failed to mention and that would probably have helped with diagnosis was the fact that I am using a proxy to receive SMTP mail before it is passed on to sendmail. Once the proxy is satisfied that the mail is legit it invokes sendmail and feeds the message to it on STDIN using a command such as: /usr/sbin/sendmail -L sm-mta -Am [EMAIL PROTECTED] Because Sendmail is not getting the message through SMTP, the milters are not being used. I have confirmed that this is true from several sources. Sendmail only runs milters against emails that are received through SMTP on port 25. Thus, even though everything seems to be configured correctly, it *does* *not* *work*. -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Building RPMS from tarball
Tarjei Knapstad <mailto:[EMAIL PROTECTED]> wrote: > There's also one in the "Binary packages" page, if you follow the link > to Fedora packages. It has binaries, an SRPM and the .spec file for > 0.66: > > http://crash.fce.vutbr.cz/crash-hat/1/clamav/ > > (I've installed these binary packages on our RH 8.0 server without > probs.) Were there any dependency issues to be solved? The .spec file looks like it requires the fedora user and group management packages to be installed. -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Access permissions [was .065 depracated]
Tomasz Papszun <mailto:[EMAIL PROTECTED]> wrote: > When using clamdscan (which is just an interface to clamd), one can > scan only these files which clamd has access to. > > So if clamd is run as unpriviliged user and mail files are owned by > someone else, clamdscam / clamd can't scan them. Nigel, Is it possible that this could be the cause of the problem I'm having with sendmail not appearing to contact clamav-milter or would it be logging an error message in that case? -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Building RPMS from tarball
Mailing Lists <mailto:[EMAIL PROTECTED]> wrote: > Not sure if this has been addressed before but I was wondering if it > is/would be possible to build rpms directly from the tarball. I can do > this currently with SpamAssassin by doing rpmbuild -ta and > it builds rpms for my system. Is this possible to do with clamav. I > am not sure but I think a spec file would need to be included in the > source. I think this would make things much, much easier for those of > us who use rpm based systems to keep up with current builds etc > instead of either finding or building rpms from scratch every time. > Anyway, just a thought. If this has been addressed before I apologize. I would like to second that request. Does anyone on the list have a .spec file that they would like to contribute? -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] SRPM for the 0.66 release available anywhere yet?
Does anyone know if a SRPM is available for the 0.66 release anywhere yet? -- Michael St. Laurent Hartwell Corporation --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Wait for next stable version or use CVS
> RPMs (works fine on Fedora 1 and RedHat 9 at least) are available at > https://www.olen.net/downloads/clamav-20040204-1.i386.rpm > https://www.olen.net/downloads/clamav-milter-20040204-1.i386.rpm > > SRPM: > https://www.olen.net/downloads/clamav-20040204-1.src.rpm I was just wondering if you had made RPMS for the 0.66-rc package or are you waiting for the final release? -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] all this "complaining" about 0.65 vs CVS ...
OpenMacNews <mailto:[EMAIL PROTECTED]> wrote: > i'm noticing a lot of displeasure with "0.65 not doing this, that or > the other ..." > > in my experience and opinion, this list -- and the great team and > product behind it -- is one of the most active/responsive opensource > products that i've seen [snip] Let me add my agreement as well. The Clamav team is doing a fantastic job! An earlier message that I posted may have communicated my frustration with clamav-milter, which we've had a great deal of trouble with. Just after I hit the send button I wished that I had softened my tone a bit as the intent of the message could very easily be misunderstood the way I sent it. Of course, by then it was too late. I hope nobody was troubled by it. -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav-milter runaway process problems
Nigel Horne <mailto:[EMAIL PROTECTED]> wrote: > On Monday 09 Feb 2004 5:06 pm, Michael St. Laurent wrote: > >> Feb 9 09:00:35 guardian clamav-milter[4661]: ClamAV version 'clamd / >> ClamAV version devel-20040204', clamav-milter version '0.66k' > > In that case clamav-milter has started and the issue is with > sendmail. Have you changed sendmail.mc to know about clamav-milter, > rebuilt sendmail.cf and restarted sendmail? That's what I was thinking as well except that I can't find a problem with that either. /etc/mail.sendmail.mc contains the lines: INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m')dnl define(`confINPUT_MAIL_FILTERS', `clamav-milter')dnl And the /etc/mail/sendmail.cf file has the lines: # Input mail filters O InputMailFilters=clamav-milter # Milter options #O Milter.LogLevel O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr} O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {ce rt_issuer} O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author} , {mail_mailer}, {mail_host}, {mail_addr} O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr} ## ## # # MAIL FILTER DEFINITIONS # ## ## Xclamav-milter, S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m This is on a Red Hat 9 system with the sendmail-8.12.8-9.90 package as well as the matching sendmail-cf and sendmail-devel packages. I started messaging the list because I ran out of things to check. If you can think of any that we've not covered yet I would really appreciate the help. -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Spam filter and clam-av
Claudio Alonso <mailto:[EMAIL PROTECTED]> wrote: >> The best open source spam filter (in my oppinion) is SpamAssassin >> (SA) > > Thanks Fajar, > I heard that, but I couldn't get SpamAssassin to compile on Digital > (Digital UNIX doesn't seem to provide the snprintf function which is > apparently needed by SpamAssassin). If you are interested in getting it to work there was an excellent article on the snprintf and related functions in this weeks issue of Linux Weekly News. If you are not a subscriber you will have to wait until Thursday to read the issue. The issue you want is the one dated Feb. 5th. http://www.lwn.net -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav-milter runaway process problems
Nigel Horne <mailto:[EMAIL PROTECTED]> wrote: >>>> To me that sounds like something is wrong! ;-) >>> >>> Yes, but not terminally. >> >> So, does this message help to determine why nothing is being scanned? > > Have you turned LogSyslog on yet? If so, look in /var/log/messages > and/or /var/log/maillog and see if that gives you any clues. If > nothing appears I'm stumped what's wrong with your config. Here's what I'm seeing in /var/log/messages when I start the services: Feb 9 09:00:28 guardian clamd[4643]: Daemon started. Feb 9 09:00:28 guardian clamd[4643]: Log file size limit disabled. Feb 9 09:00:28 guardian clamd[4643]: Running as user clamav (UID 100, GID 101) Feb 9 09:00:28 guardian clamd[4643]: Reading databases from /var/lib/clamav Feb 9 09:00:28 guardian clamd[4643]: Protecting against 20667 viruses. Feb 9 09:00:28 guardian clamd[4644]: Unix socket file /var/run/clamav/clamd.soc k Feb 9 09:00:28 guardian clamd[4644]: Setting connection queue length to 15 Feb 9 09:00:28 guardian clamd[4644]: Maximal number of threads: 100 Feb 9 09:00:28 guardian clamd[4644]: Archive: Archived file size limit set to 1 0485760 bytes. Feb 9 09:00:28 guardian clamd[4644]: Archive: Recursion level limit set to 5. Feb 9 09:00:28 guardian clamd[4644]: Archive: Files limit set to 1000. Feb 9 09:00:28 guardian clamd[4644]: Archive: Compression ratio limit set to 20 0. Feb 9 09:00:28 guardian clamd: clamd startup succeeded Feb 9 09:00:28 guardian clamd[4644]: Archive support enabled. Feb 9 09:00:28 guardian clamd[4644]: RAR support disabled. Feb 9 09:00:28 guardian clamd[4644]: Mail files support enabled. Feb 9 09:00:28 guardian clamd[4644]: OLE2 support disabled. Feb 9 09:00:28 guardian clamd[4644]: Self checking every 3600 seconds. Feb 9 09:00:28 guardian clamd[4644]: Timeout set to 180 seconds. Feb 9 09:00:28 guardian clamd[4644]: SelfCheck: Database status OK. Feb 9 09:00:35 guardian clamav-milter: clamav-milter startup succeeded In /var/log/maillog I see only: Feb 9 09:00:35 guardian clamav-milter[4661]: ClamAV version 'clamd / ClamAV version devel-20040204', clamav-milter version '0.66k' -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Can't seem to get clamav-milter to scan mail
Eduardo Kaftanski <mailto:[EMAIL PROTECTED]> wrote: > even if you r are running on fedora you need to > make sure the package sendmail-cf is installed. > > do a rpm -qi sendmail-cf to see if its installed. if its not, you > can get it in one of the CDs... Yep, I have sendmail-cf installed and the sendmail.cf file *seems* to be correct. I have the following in the /etc/mail/sendmail.cf file: # Input mail filters O InputMailFilters=clamav-milter and Xclamav-milter, S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m That's what should be in there, yes? Any other things I should check? -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav-milter runaway process problems
Nigel Horne <mailto:[EMAIL PROTECTED]> wrote: > On Friday 06 Feb 2004 5:28 pm, Michael St. Laurent wrote: > >> clamav-milter: (-q && !LogSysLog): warning - all interception message >> methods are off > > Best to add LogSyslog in clamav.conf while you're testing. Actually > there's no reason not to have that in permanently. > >> To me that sounds like something is wrong! ;-) > > Yes, but not terminally. So, does this message help to determine why nothing is being scanned? -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav-milter runaway process problems
Nigel Horne <mailto:[EMAIL PROTECTED]> wrote: > I can see nothing wrong here. So try this: enable debug and foreground > in clamav.conf. Restart clamav-milter by hand from the hash prompt (by > hand I mean not through a /etc/init.d script) and see if it shows up > any issues. > > I take it you're using a recent clamav-milter. I'm trying the above method to help diagnose the problem with my setup and I get the following when I start clamav-milter: clamav-milter: (-q && !LogSysLog): warning - all interception message methods are off To me that sounds like something is wrong! ;-) -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Can't seem to get clamav-milter to scan mail
Krištof Petr <mailto:[EMAIL PROTECTED]> wrote: > Michael St. Laurent wrote: > >> These instructions are: >> >> >>clamav-milter rpm package for Fedora Core 1 >>=== >> >> > [..] > > And are you running Fedora Core 1? No, Red Hat 9 actually. > If you do not, you need manually rebuild sendmail.cf config file > Old version of RH doesnt rebuld it on startup. > > cd /etc/mail > vi sendmail.mc > make clean > make > service sendmail restart Sorry, I forgot to mention that I did do that. I checked the sendmail.cf file to make sure it had the appropriate lines in it as well: # Input mail filters O InputMailFilters=clamav-milter and Xclamav-milter, S=local:/var/run/clamav/clamav-milter.sock,F=,T=S:4m;R:4m;E:10m > When emails goes through clamav-milter the header is added (by > default) > > X-Virus-Scanned: ClamAV version 'clamd / ClamAV version 20040204', > clamav-milter version '0.66k' > > You should see something on /var/log/clamav/clamd.log Yes, and since I'm seeing neither of these happening I concluded that something was not working correctly. ;-) -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Can't seem to get clamav-milter to scan mail
ault is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server machine. #MaxThreads 10 MaxThreads 100 # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. #ThreadTimeout 500 # Maximal depth the directories are scanned at. MaxDirectoryRecursion 15 # Follow a directory symlinks. # SECURITY HINT: You should have enabled directory recursion limit to # avoid potential problems. #FollowDirectorySymlinks # Follow regular file symlinks. #FollowFileSymlinks # Do internal checks (eg. check the integrity of the database structures) # By default clamd checks itself every 3600 seconds (1 hour). #SelfCheck 600 # Execute a command when virus is found. In the command string %v and %f will # be replaced by the virus name and the infected file name respectively. # # SECURITY WARNING: Make sure the virus event command cannot be exploited, # eg. by using some special file name when %f is used. # Always use a full path to the command. # Never delete/move files with this directive ! #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v" # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. #User clamav User clamav # Initialize the supplementary group access (for all groups in /etc/group # user is added in. clamd must be started by root). #AllowSupplementaryGroups # Don't fork into background. Useful in debugging. #Foreground # Enable debug messages in libclamav. #Debug ## ## Document scanning ## # This option enables scanning of Microsoft Office document macros. #ScanOLE2 ## ## Mail support ## # Uncomment this option if you are planning to scan mail files. #ScanMail ScanMail ## ## Archive support ## # Comment this line to disable scanning of the archives. ScanArchive # By default the built-in RAR unpacker is disabled by default because the code # terribly leaks, however it's probably a good idea to enable it. #ScanRAR # Options below protect your system against Denial of Service attacks # with archive bombs. # Files in archives larger than this limit won't be scanned. # Value of 0 disables the limit. # WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR # archives are decompressed to the memory. That's why never disable # this limit (but you may increase it of course!) ArchiveMaxFileSize 10M # Archives are scanned recursively - e.g. if Zip archive contains RAR file, # the RAR file will be decompressed, too (but only if recursion limit is set # at least to 1). With this option you may set the recursion level. # Value of 0 disables the limit. ArchiveMaxRecursion 5 # Number of files to be scanned within archive. # Value of 0 disables the limit. ArchiveMaxFiles 1000 # Mark potential archive bombs as viruses (0 disables the limit) ArchiveMaxCompressionRatio 200 # Use slower decompression algorithm which uses less memory. This option # affects bzip2 decompressor only. #ArchiveLimitMemoryUsage ## ## Clamuko settings ## WARNING: This is experimental software. It is very likely it will hang ## up your system !!! ## # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. #ClamukoScanOnLine # Set access mask for Clamuko. ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec # Set the include paths (all files in them will be scanned). You can have # multiple ClamukoIncludePath options, but each directory must be added # in a seperate option. All subdirectories are scanned, too. ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. #ClamukoExcludePath /home/guru # Limit the file size to be scanned (probably you don't want to scan your movie # files ;)) # Value of 0 disables the limit. 1 Mb should be fine. ClamukoMaxFileSize 1M # Enable archive support. It uses the limits from clamd section. # (This option doesn't depend on ScanArchive, you can have archive support # in clamd disabled). ClamukoScanArchive -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Can't seem to get clamav-milter to scan mail
I've installed the: https://www.olen.net/downloads/clamav-20040204-1.i386.rpm https://www.olen.net/downloads/clamav-milter-20040204-1.i386.rpm packages and followed the directions at: /usr/share/doc/clamav-milter-20040204/RPM-clamav-milter.txt These instructions are: clamav-milter rpm package for Fedora Core 1 === 1) Install clamav and clamav-milter rpm packages 2) Add services to apropriate levels: /sbin/chkconfig --level 2345 clamd on /sbin/chkconfig --level 2345 freshclam on /sbin/chkconfig --level 2345 clamav-milter on 3) Edit /etc/sysconfig/freshclam config and start freshclam to update DB: /sbin/service freshclam start 4) Start clamd daemon and clamav-milter: /sbin/service clamd start /sbin/service clamav-milter start 5) Add next line to /etc/mail/sendmail.mc: INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav/clamav-milter.sock, F=,T=S:4m;R:4m;E:10m') 6) Restart sendmail: /sbin/service sendmail restart 7) Good Luck! Unfortunately, I am *not* having good luck. None of the emails are actually being scanned by clamav. Does anyone have an idea what might be going wrong? -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] [Debug info] sig 11 crashes with clamav-milter on FreeBSD
Ryan <mailto:[EMAIL PROTECTED]> wrote: > OK. I tested and am now running the following: > > ttyp0 [EMAIL PROTECTED]:/etc/mail #> clamav-milter --version > ClamAV version devel-20040205, clamav-milter version 0.66k > > It seems to, thus far, be working perfectly... bouncing about a dozen > SCO worms every minute for the last hour or so without breaking a > sweat. Previously, it would have ground to a halt by now. Needless to > say, we'll still be monitoring it closely. ;-) H... OK, maybe it's time I tried it again. OK, it seems to be behaving itself so far. I'll report later after it's been running for a while. One question, I'm not seeing the X-Virus-Scanned header in the messages and a "ps -elf | grep clamav-milter" does not seem to indicate that it's running with the -n option. Shouldn't I be seeing that header if it is indeed working? I would like to test by sending myself the test signature. Could someone let me know the best way to do that? -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Clamav-milter runaway process problems
Mike Brodbelt <mailto:[EMAIL PROTECTED]> wrote: > Hi, > > I've made the odd bit of noise about this on the list before, but I'm > repeating myself because this particular problem is inordinately > painful for me... Me too. > Running Clamav and clamav-milter (now the 20040204 snapshot, but this > is > an ongoing issue) with sendmail 8.12.10, and I get regular problems > with ClamAV spawning huge numbers of child processes, and generally > falling over. > > To gove an example, I upgraded to the CVS snapshot this morning, with > clamav-milter 0.66k, and started the daemon at about 11:30:- So it's *still* doing this eh? > Feb 5 11:34:42 castor clamav-milter[790]: ClamAV version 'clamd / > ClamAV version devel-20040205', clamav-milter version '0 > .66k' > > The first problems showed up just over an hour later:- > > Feb 5 12:39:54 castor clamav-milter[10759]: hit max-children limit (5 >> = 5): waiting for some to exit > Feb 5 12:40:28 castor clamav-milter[11254]: hit max-children limit (5 >> = 5): waiting for some to exit > Feb 5 12:40:54 castor clamav-milter[10759]: ClamAv: private data not > NULL Feb 5 12:41:28 castor clamav-milter[11254]: ClamAv: private > data not NULL > > This carries on until I notice, and restart it. In an hour, it had got > to this:- > > Feb 5 13:23:42 castor clamav-milter[16550]: ClamAv: private data not > NULL Feb 5 13:23:43 castor clamav-milter[16567]: hit max-children > limit (136 >> = 5): waiting for some to exit > Feb 5 13:23:46 castor clamav-milter[16572]: hit max-children limit > (136 >> = 5): waiting for some to exit > > The number of processes grows beyond the max-children limit, though at > least some of them die, as the actual process count doesn't keep pace > with the logged number. Yep. > While it's in this state, messages aren't virus checked, as sendmail > just waits for the milter to time-out, and then gives up on it. I've > had these problems since I installed ClamAv, about 4 1/2 months ago. > They > used to result in it going belly up every 2-3 days, but they seem to > have got worse - I now rarely get more than a couple of hours "life" > out > of it. > > I'm happy to provide any more information if it would help, but I'm > seriously considering uninstalling it at this stage - it's only > working about half the time because of this, and it causes mail slow > downs the > rest of the time, while sendmail waits for the timeouts. Surely I > can't > be the only person experiencing this - I'm not running anything that > weird and wonderful? No, you're not the only person seeing this behaviour. I ran into the same problem a while back and had to give up on Clamav. I decided not to revisit the program until I had a good reason to believe that the problem was really fixed this time as I had heard several times from the list that it had been corrected but each time found that it was not. I blew about 60 hours trying to get it to work and my supervisor was getting really pissed at how much time I was using up. -- Michael St. Laurent Hartwell Corporation --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Wait for next stable version or use CVS
Are you using clamav-milter for the email scanning? > -Original Message- > From: Matthew Trent [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 03, 2004 8:21 AM > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] Wait for next stable version or use CVS > > > On Tuesday 03 February 2004 07:18 am, Cedric Foll wrote: > > Hi, > > > > I wonder if i have to wait for the next stable version or > use the last > > cvs. I've download the last cvs of clamav and i'm reading the > > changelog and found very interesting things there. > > Is the current CVS is stable for an use in production environment ? > > Is the next stable will done quicly ? > > > > Regards > > CVS is the only way to go. I'm running it with 10,000 users and over > half-a-million emails per day. Except for the huge memory > leak that crashed > everything this weekend, it's been really stable. ;-) > (Supposed to be fixed > now.) > -- > Matt > Systems Administrator > Local Access Communications > 360.330.5535 > > > --- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, > CA. http://www.eclipsecon.org/osdn > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] New web design
I just checked it out as well. *Nice*! -- "The United States is putting together a Constitution now for Iraq. Why don't we just give them ours? It's served us well for 200 years, and we don't appear to be using it anymore, so what the hell?" -- Jay Leno > I saw it right now, > > it look really nice! > > Congratulations! > > Pavel --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Zip issues
> many thanks for the info. The new stable release will be > available for a > few hours. ;-) Only for a few hours? Please let me know when that will be... I don't want to miss my chance! ;-) -- "The United States is putting together a Constitution now for Iraq. Why don't we just give them ours? It's served us well for 200 years, and we don't appear to be using it anymore, so what the hell?" -- Jay Leno --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: AW: [Clamav-users] Good News
> >Could a .spec file to create Red Hat RPMS be added? > > > There are several rpm packages. Look at mailing list archive. > My are on ftp://crash.fce.vutbr.cz/pub/linux/clamav/ > > The another is maintained by one fine guy, who's name I forget. > We decided work together to make one universal package, > but I accidentaly deleted my mbox and didnt recovery it still. Would you mind contributing your .spec file to the project then? -- "The United States is putting together a Constitution now for Iraq. Why don't we just give them ours? It's served us well for 200 years, and we don't appear to be using it anymore, so what the hell?" -- Jay Leno --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: AW: [Clamav-users] Good News
> > > > So, are we close to a new stable version? > > > > > > Yeah ! CVS clamd is the most stable version ever. > > > > Could a .spec file to create Red Hat RPMS be added? > > No problem. Do you have one ? No, sorry. I've seen several RPMs out on the net though so there must be some in existence. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: AW: [Clamav-users] Good News
> > So, are we close to a new stable version? > > Yeah ! CVS clamd is the most stable version ever. Could a .spec file to create Red Hat RPMS be added? --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Any resolution for defunct clamd procs. yet?
Does the 20030909 snapshot include the corrected code? > > Is there a fix for the defunct clamd processes that happen > when using the > > clamav-milter? Has it been fixed in CVS yet? > > Yes, it has been fixed in CVS. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Any resolution for defunct clamd procs. yet?
Is there a fix for the defunct clamd processes that happen when using the clamav-milter? Has it been fixed in CVS yet? -- "The United States is putting together a Constitution now for Iraq. Why don't we just give them ours? It's served us well for 200 years, and we don't appear to be using it anymore, so what the hell?" -- Jay Leno --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users