Re: [Clamav-users] restrict scan to local file systems
For the sake of another example, if a sysadmin has 1000 machines which all mount back and forth on various directories and they want to scan every file on every machine once a day, the most efficient way is to have every machine scan all of their local files. This is a contrived situation of course, but shows where a local file system only scan would be incredibly useful as an admin could push install clamav on every system and push the same config cron job to every machine. If this simply doesn't exist as I suspect, just confirm and I will get to work on a script. If I missed something in the docs you are welcome to play the if you read the man page card, but please read the whole question before you do. Thanks! What OS are you using? You could make your scan script a little smarter and look for network mount points. ymmv... EXCLUDE=`grep -Ev ext3|/proc|/sys|/dev/|sunrpc /etc/mtab | cut -d -f2 | sed -e s/^/--exclude / | xargs echo` -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Which ste of RPMs to install on Centos5?
I've used the rpms from atrpms and rpmforge. Both installed with yum. I liked atrpms package because it's 1 or 2 packages, but I'm more comfortable with rpmforge as a general rule. Both are enabled on my systems. You can find the instructions to install the respective repos on their web sites. Mark Piekos wrote: I have tried downloading RPMs from the Centos 5 mirrors and installing with yum localinstall. Following the error messages about dependencies I have then tried to install each of the listed dependencies in turn. Evenyually I get: Error: Missing dependency: fedora-usermgmt is needed by package clamav-filesystem I'd by really grateful for any advice about what RPMs I should install for Centos 5 and where I can get them. (I am downloading el5 RPMs from Centos mirrors at the moment) Many thanks in advance, Kind regards, Mark. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Please help - Freshclam not updating.
Luca Gibelli wrote: Hello Todd, Check to make sure that your local iptables firewall and any firewall between you and the DNS server does not block TCP port 53 (which is what the fallback proto/port is if the DNS answer is more than 512 bytes). we put a lot of effort in keeping the size of the RR records under 512 bytes, because TCP queries put too much load on the authoritative DNS servers for clamav.net . I read that off the FAQ and changed it a couple of weeks ago. Still no luck. Thanks for the tip all the same. With no other options, this smells like selinux. I second that. Yah... I'm a die hard RedHat fan... but I haven't had time to explore selinux, so when I build a system, I turn it off. This system was built in May, freshclam ran well from then till around the end of September. I used the rpm from rpmforge until a day or two ago. And now I'm using the rpm from ATrpms. Here's something I just noticed... I did a packet sniff (once on internal interface and once on the external interface) while running a freshclam. I did not observe any queries directed to ns1.clamav.net. During the internal sniff, I looked for dns queries as well... I didn't see any for clamav.net. What else can I check out? -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] LibClamAV Errors: TNEF
That depends on your mailer/helper apps. So what is your mta? How does it invoke clamav? Steve West wrote: Hi Nigel, Thanks for the relpy! Just wondering if you or anyone else can respond to my other question based on the log entries, what happens to these messages when clamav encounters the TNEF errors? Are the email messages not scanned, skipped or classified as viruses and deleted? thx again, SW Nigel Horne wrote: Steve West wrote: clamd daemon 0.91.2 Hi, Just wondering if I should be worried about seeing a ton of the following messages in the clamav log file: No you should not be worried. Quite the opposite, it demonstrates that ClamAV is doing its job and blocking attempted DOS's from breaking into your network. SW ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Please help - Freshclam not updating.
Hello all, About a month or so ago, freshclam stopped working for me. At first I thought it might be a short outage, unfortunately that was not the case. First freshclams's query for current.cvd.clamav.net fails, but the query works when done from the command line. It also seems to fail getting info on db.ca.clamav.net, I'm not sure of the query involved for the db... but from the command line I can get address records. I have also tried using db.us.clamav.net and a couple of European mirrors too. This gateway server uses an internal server that queries root name servers and other authoritative name servers. I have also tried using my ISP's name server. With all combinations, I get more or less the same result. Any suggestions? [EMAIL PROTECTED] ~]# host -t txt current.cvd.clamav.net current.cvd.clamav.net descriptive text 0.91.2:44:4641:1193798066:1 [EMAIL PROTECTED] ~]# host db.ca.clamav.net db.ca.clamav.net has address 24.215.0.24 db.ca.clamav.net has address 67.15.61.160 db.ca.clamav.net has address 205.139.192.213 db.ca.clamav.net has address 209.139.239.158 [EMAIL PROTECTED] ~]# freshclam ClamAV update process started at Wed Oct 31 02:42:03 2007 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): ERROR: Can't get information about db.ca.clamav.net: Temporary DNS error WARNING: Can't read main.cvd header from db.ca.clamav.net (IP: ) LibClamAV Error: Database Directory: /var/lib/clamav not locked Trying again in 5 secs... ClamAV update process started at Wed Oct 31 02:42:08 2007 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): ERROR: Can't get information about db.ca.clamav.net: Temporary DNS error WARNING: Can't read main.cvd header from db.ca.clamav.net (IP: ) LibClamAV Error: Database Directory: /var/lib/clamav not locked Trying again in 5 secs... ClamAV update process started at Wed Oct 31 02:42:13 2007 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): ERROR: Can't get information about db.ca.clamav.net: Temporary DNS error WARNING: Can't read main.cvd header from db.ca.clamav.net (IP: ) LibClamAV Error: Database Directory: /var/lib/clamav not locked Giving up on db.ca.clamav.net... Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ClamAV patch download not working in South Africa
I'm having a similar trouble with my clamav. I'm using the rpm from rpmforge. Andrea Wachter wrote: Hi, In our organisation we are using a customized Linux server in 40+ locations around the world. It is using ClamAV for virus checking. Yesterday, our office in South Africa reported that they were not able to download the new daily-.cdiff file for more than a day. They are running version clamav-0.91.2, the same as the other offices. Since the setup is identical to the other locations, the problem can't be a bug in the software setup. Could you confirm whether the local server db.za.clamav.net had a problem yesterday ? Is that problem solved now ? Thanks, Bye, Andrea The e-mail message from Cron Daemon says: ERROR: getpatch: Can't download daily-4580.cdiff from db.za.clamav.net ERROR: getpatch: Can't download daily-4580.cdiff from db.za.clamav.net ERROR: getpatch: Can't download daily-4580.cdiff from db.za.clamav.net ERROR: Can't download daily.cvd from db.za.clamav.net The logfile shows the following: rsa:/var/log/clamav$tail freshclam.log ERROR: getpatch: Can't download daily-4580.cdiff from db.local.clamav.net Ignoring mirror 130.59.10.34 (due to previous errors) Ignoring mirror 193.1.193.64 (due to previous errors) ERROR: getpatch: Can't download daily-4580.cdiff from db.local.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Ignoring mirror 193.1.193.64 (due to previous errors) Ignoring mirror 130.59.10.34 (due to previous errors) ERROR: Can't download daily.cvd from db.local.clamav.net Giving up on db.local.clamav.net... Update failed. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html