[clamav-users] Using OnAccess scanning with Selinux

2018-12-14 Thread Rob Fulton 

Hi,

I'm trying to run clamav with ScanOnAccess on the / mount on a box 
running selinux. I've enabled antivirus_can_scan_system in selinux but 
shortly after startup clamav stops scanning reporting the following :


ERROR: ScanOnAccess: Internal error (failed to read data) ... Permission 
denied


Initially I was getting no AVC events but discovered selinux dontaudit 
rules, on disabling these and making the antivirus context permissive, I 
can see a whole load of policy denials around access to /etc/shadow and 
/var/log/audit/audit.log. I'd like to avoid writing a whole load of 
custom policies around these individual files, I might be a constant 
task as the so gets updated


Has anybody successfully run ScanOnAccess across the whole file system 
whilst having selinux enabled?


Is there a way to tell clamav to continue after encountering a 
Permission Denied? Currently it appears clamav stops it's scanning and 
my box eventually grinds to a halt, I guess as the fanotify queue 
continues to build


Any other suggestions on how to run the two together?

Regards

Rob

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] (no subject)

2017-12-06 Thread Rob Sterenborg 
> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
> permissions!).
> ERROR: Problem with internal logger (UpdateLogFile =
> /var/log/clamav/freshclam.log).

I expect you solved this already?

> WARNING: getpatch: Can't download daily-24011.cdiff from db.local.clamav.net

Whenever I see this and freshclam cannot resolve it by itself, what I usually 
do is just remove all signature files (or move them elsewhere) and re-run 
freshclam. Then it will download all signature files again and be fully 
updated. I don't know if there's another/better solution; it just works for me.


--
Rob

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] checking for OpenSSL installation... /usr

2016-05-20 Thread Rob Sterenborg 
You also installed the accompanying development OpenSSL package?


--
Rob


-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
bondo vine
Sent: Friday, 20 May 2016 13:18
To: clamav-users@lists.clamav.net
Subject: [clamav-users] checking for OpenSSL installation... /usr

Hello There,

First timer here so please excuse my novice-ness.

I am trying to configure ClamVA on OEL 6.7 but keep hitting the aforementioned 
issue. Although openssl exists on the machine and in the PATH, it still 
complains. Not sure if I am missing something obvious here.

Appreciate any feedback.
Cheers
VK
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] can I check for CreditCards but NOT check for SSNs?

2016-05-04 Thread Rob McKennon 

Well, I feel dumb now... not sure why I didn't try that before.

Thanx Mickey!

Rob.


On 05/04/2016 06:00 PM, Mickey Sola wrote:

Hi Rob,

Just tested this, and it seems setting both "StructuredSSNFormatNormal" and
"StructuredSSNFormatStripped" to "no" in clamd.conf should give you the
behaviour you want.

Let me know if that works for you.

Cheers,
Mickey

On Wed, May 4, 2016 at 5:41 PM, Rob McKennon <rmcken...@monetra.com> wrote:


Hello!

We are getting some false positive results with
Heuristics.Structured.SSN.   Is there a way to disable the SSN check, but
keep the CreditCard check?
For now I have just increased the SSN count to 1000 to get around this.
Setting it to 0 did not disable it  :(

Rob.


StructuredDataDetection yes

StructuredMinCreditCardCount 1
StructuredMinSSNCount 1000

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] can I check for CreditCards but NOT check for SSNs?

2016-05-04 Thread Rob McKennon 

Hello!

We are getting some false positive results with 
Heuristics.Structured.SSN.   Is there a way to disable the SSN check, 
but keep the CreditCard check?
For now I have just increased the SSN count to 1000 to get around this.  
Setting it to 0 did not disable it  :(


Rob.


StructuredDataDetection yes

StructuredMinCreditCardCount 1
StructuredMinSSNCount 1000

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Structured.CreditCardNumber bounce

2016-04-01 Thread Rob McKennon 

On 04/01/2016 11:40 AM, Bowie Bailey wrote:

On 4/1/2016 11:16 AM, Rob McKennon wrote:

On 04/01/2016 11:01 AM, Vladislav Kurz wrote:

On Friday 01 of April 2016 Rob McKennon <rmcken...@monetra.com> wrote:


Hello,

 One of the reasons we use clamav is to not accept emails with 
credit

card numbers.  And it works great to bounce the message back to the
sender.  However, according to PCI, sending the original message back
with the same credit card numbers they sent us, is just as bad as them
sending it to us in the first place.

 Is there a way to tell clamav to send the bounce message with the
"INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT 
include

the original email?

Hi,

this is not setting of clamav itself. It should be configurable in 
SMTP server
or its antivirus interface like Amavis. Clamav just decides if the 
file is

infected or not. It is the SMTP server that decides what is sent back.


Ah, ok.

Thank you for pointing me in the right direction!


On the other hand, you shouldn't be sending bounce messages at all 
(assuming you are using the correct terminology).  It is much better 
to reject unwanted emails.


Bounce - Your MTA accepts the message, determines that it's not 
wanted, and sends a message back to the sender.


Reject - Your MTA determines that the message is not wanted before 
accepting it from the sending server and returns an error to the 
sending server.  It is then up to the sending server to determine what 
to do with the message.


Once your MTA accepts the message, you have no reliable information 
about the sender of the message.  Any bounce message you send is not 
guaranteed to go back to the real sender of the message.  This can 
turn your server into a source of bounceback spam.  It is much better 
to simply reject the message and let the sender deal with it.  
Legitimate messages will still have a bounce message sent from the 
sending server and you don't have to worry about your server sending a 
pile of bounce messages to an innocent third party whose email address 
is being used by a spambot.


Thanx!  Guess I used the term bounce incorrectly.  After looking at my 
amavisd.conf file, I realized I have:

$final_virus_destiny  = D_REJECT;

So it is properly configured, just not behaving the way we want it to yet.


Rob.



___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Structured.CreditCardNumber bounce

2016-04-01 Thread Rob McKennon 

On 04/01/2016 11:01 AM, Vladislav Kurz wrote:

On Friday 01 of April 2016 Rob McKennon <rmcken...@monetra.com> wrote:


Hello,

 One of the reasons we use clamav is to not accept emails with credit
card numbers.  And it works great to bounce the message back to the
sender.  However, according to PCI, sending the original message back
with the same credit card numbers they sent us, is just as bad as them
sending it to us in the first place.

 Is there a way to tell clamav to send the bounce message with the
"INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include
the original email?

Hi,

this is not setting of clamav itself. It should be configurable in SMTP server
or its antivirus interface like Amavis. Clamav just decides if the file is
infected or not. It is the SMTP server that decides what is sent back.


Ah, ok.

Thank you for pointing me in the right direction!

Rob


___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] Structured.CreditCardNumber bounce

2016-04-01 Thread Rob McKennon 

Hello,

   One of the reasons we use clamav is to not accept emails with credit 
card numbers.  And it works great to bounce the message back to the 
sender.  However, according to PCI, sending the original message back 
with the same credit card numbers they sent us, is just as bad as them 
sending it to us in the first place.


   Is there a way to tell clamav to send the bounce message with the 
"INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include 
the original email?



Thank you,

Rob McKennon
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] No supported database files found

2016-03-09 Thread Rob Sterenborg 
So there *is* a clamav user in /etc/passwd, which has /var/lib/clamav as home 
directory. It is probably configured by apt-get. I don't know where clamd.conf5 
comes from: the file is usually called clamd.conf.

Install from source or from apt-get, not both, so remove either one. If you 
remove the apt package, the clamav user will probably be removed and have to be 
created afterwards.

If you're new to all this I suggest you use the package from apt-get and go 
from there.



-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
farbod emami
Sent: Wednesday, 9 March 2016 17:19
To: ClamAV users ML 
Subject: Re: [clamav-users] No supported database files found

hi
I have done both: compiling manually and by apt-grt install and I even install 
the graphic panel.
I do not have any clamd.conf but clamd.conf5 which there is not any 
DatabaseOwner entry in it !
in my passwd, I just have "clamav:x*::/var/lib/clamav:/bin/false"


 

On Wednesday, March 9, 2016 7:37 PM, Matus UHLAR - fantomas 
 wrote:
 

 On 09.03.16 14:54, farbod emami wrote:
>I encountered this error when running the " sudo clamscan -r " command
>LibClamAV Error: cli_loaddbdir(): No supported database files found in 
>/usr/local/share/clamav
>ERROR: Can't open file or directory

did you compile clamav manually?

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot. 
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


   
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] No supported database files found

2016-03-09 Thread Rob Sterenborg 
I don't know what username you need to use.
- Check your freshclam.conf for the DatabaseOwner to know which username you 
need.
- Check your /etc/passwd file to make sure this username does not exist.
- If it doesn't exist, check if another username exist that has almost the same 
name and was meant for you to use.
- If still can't find such username, create it.
- If such username does exist, modify your freshclam.conf and/or clamd.conf to 
use this username.
- chown the directory and set permissions accordingly.

This is basic *nix stuff, not really ClamAV related..


--
Rob


-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
farbod emami
Sent: Wednesday, 9 March 2016 16:34
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] No supported database files found

Dear Rob, I have created the clamav directory with mkdir command, but its owner 
is "roort" ,Do I must change its owner to "clamav " ? as I have not any user by 
this name in my system
 

On Wednesday, March 9, 2016 7:59 PM, Rob Sterenborg 
<r.sterenb...@netmatch.nl> wrote:
 

 You skipped my first step: "make sure the directory exists". This means: if it 
doesn't exist, create it and set the owner/group to the user clamav runs as and 
permissions accordingly. When you've done that, run freshclam again.


--
Rob


-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
farbod emami
Sent: Wednesday, 9 March 2016 16:17
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] No supported database files found

Dear Rob, hi.
there is no /usr/local/share/clamav directory exist!freshclamcommand did not 
work:ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf

 

    On Wednesday, March 9, 2016 6:36 PM, Benny Pedersen <m...@junc.eu> wrote:
 

 On 9. mar. 2016 15.56.30 farbod emami <shilat_i...@yahoo.com> wrote:

> please help

Run freshclam

If it fails, what settings are shown in clamconf

Dont post clamconf here, if need more help pastebin it and share link to it 
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


  
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


  
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] No supported database files found

2016-03-09 Thread Rob Sterenborg 
You skipped my first step: "make sure the directory exists". This means: if it 
doesn't exist, create it and set the owner/group to the user clamav runs as and 
permissions accordingly. When you've done that, run freshclam again.


--
Rob


-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
farbod emami
Sent: Wednesday, 9 March 2016 16:17
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] No supported database files found

Dear Rob, hi.
there is no /usr/local/share/clamav directory exist!freshclamcommand did not 
work:ERROR: Can't open/parse the config file /usr/local/etc/freshclam.conf

 

On Wednesday, March 9, 2016 6:36 PM, Benny Pedersen <m...@junc.eu> wrote:
 

 On 9. mar. 2016 15.56.30 farbod emami <shilat_i...@yahoo.com> wrote:

> please help

Run freshclam

If it fails, what settings are shown in clamconf

Dont post clamconf here, if need more help pastebin it and share link to it 
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


   
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] No supported database files found

2016-03-09 Thread Rob Sterenborg 
- Make sure directory /usr/local/share/clamav exists.
- Start freshclam to update your virus definition databases.


--
Rob


-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
farbod emami
Sent: Wednesday, 9 March 2016 15:55
To: clamav-users@lists.clamav.net
Subject: [clamav-users] No supported database files found

Dear sir, hi
I encountered this error when running the " sudo clamscan -r " command 
LibClamAV Error: cli_loaddbdir(): No supported database files found in 
/usr/local/share/clamav
ERROR: Can't open file or directory

--- SCAN SUMMARY ---
Known viruses: 0
Engine version: 0.99.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.002 sec (0 m 0 s)

please help
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'

2013-09-25 Thread Rob Sterenborg (lists) 

On 09/25/2013 07:47 PM, Shawn Webb wrote:

Hey Francis,

Can you add the --disable-silent-rules option to your configure script and
re-run make? It'd be helpful to see what's being passed to the compiler.


I didn't do this, but..


Here's a small patch that might help. Can you give this a try and let me
know how it goes? http://ix.io/8fk


This seems to solve the problem for me; no more compile error.


--
Rob

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'

2013-09-24 Thread Rob Sterenborg (lists) 

On 09/24/2013 03:51 PM, Shawn Webb wrote:

On Mon, Sep 23, 2013 at 5:04 PM, Dennis Peterson denni...@inetnw.comwrote:


On 9/23/13 1:59:42PM, Shawn Webb wrote:



Maybe this time I'll actually attach the patch. ;)

  I believe the list server  discourages attachments.


dp



Did the patch not go through?


No it didn't.

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Re: [clamav-users] Compiler error: 7z/Types.h:58: redefinition of `Byte'

2013-09-23 Thread Rob Sterenborg (lists) 

On 09/23/2013 05:45 PM, Shawn Webb wrote:

This is due to a change I had made in November 2012 to how the zlib linking
checks are done in the configure script. If you have a few extra moments,
can you apply the below-pasted patchfile and re-run configure? If your
compile works with just this patch (and without the changes you made to
zconf.h), we will better know how to proceed from here. The diff is in
unified diff format. If you need me to convert the diff from unified to
traditional, let me know.

Thanks,

Shawn

The patch:

  diff --git a/configure b/configure
index 0158088..4109375 100755

[..snip..]

As it's just a few lines I applied the patch manually because of 
wrapping. I believe I did it right, but I get the same error:


  CC libclamav_la-pe.lo
  CC libclamav_la-pe_icons.lo
  CC libclamav_la-disasm.lo
  CC libclamav_la-upx.lo
In file included from 7z/LzmaDec.h:7,
 from lzma_iface.h:26,
 from upx.c:59:
7z/Types.h:58: error: redefinition of typedef 'Byte'
/usr/local/zlib/include/zconf.h:368: error: previous declaration of 
'Byte' was here

make[4]: *** [libclamav_la-upx.lo] Error 1
make[4]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/local/src/clamav/clamav-0.98/libclamav'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/clamav/clamav-0.98'
make: *** [all] Error 2

This is on CentOS 5.5.

However, I'm using --with-zlib=/usr/local/zlib which contains 
zlib-1.2.8. When I use --with-zlib=/usr or not use --with-zlib=... at 
all (configure will then find /usr which contains zlib-1.2.3), then 
clamav will compile successfully. Other software compiles and works just 
fine when using zlib from /usr/local/zlib.


CentOS 5 zlib = 1.2.3-7  (mine is)
CentOS 6 zlib = 1.2.3-29 (according to the CentOS packages website)


--
Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] vscan-clamav

2013-05-16 Thread Rob Sterenborg (lists) 

On 16-05-13 14:06, jens s wrote:

Dear

If I do understand you I'll have to make a cronjob with clamscan
command in  it wich will scann my whole system specifying the folders
I want it to scan.


That would be clamdscan (notice the d in between) instead.

- Clamscan is the standalone command line scanner which loads the 
database every time it is called.


- Clamdscan just tells clamd to scan something and what to scan. Check 
'man clamscan' and 'man clamdscan' for differences between the two.

(Of course clamdscan will only work if clamd is started.)


Because i've been looking into the clamd.conf file but there is no
option  to specify the folders it has to scan.


Which is why clamdscan is used, instead of clamscan.


--
Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] What is the maximum file size ClamAV supports ??

2012-09-14 Thread Rob MacGregor 
On Fri, Sep 14, 2012 at 10:05 AM, Siranjeevi siranjee...@gmail.com wrote:
 Hi All,

 I have tried to scan the file which is of 75 MB file.. I need to know
 whether it is scanned or not. Because Data Scanned is coming as 0.00 MB.
 Please help me in this regard. I have to proceed further.
---SNIP---
 What is the maximum file size ClamAV supports ?? Please reply with the
 maximum file size limit. I couldn't found this information in google.

You can however find the information in the man page ;)

Look for --max-filesize and --max-scansize

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Detection of Win32 Trojan / Dorifel

2012-08-22 Thread Rob Sterenborg (lists) 
On 08/22/2012 08:51 PM, Alain Zidouemba wrote:
 Look for the signature: WIN.Worm.Dorifel

Great, thanks a bunch!


--
Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Detection of Win32 Trojan / Dorifel

2012-08-21 Thread Rob Sterenborg (lists) 
On 08/20/2012 02:43 PM, Joel Esler wrote:
 On Aug 20, 2012, at 7:46 AM, Birgelen, Jeroen van 
 jeroen.van.birge...@ordina.nl wrote:
 
 LS,

 I would kindly like to request some information on whether ClamAV is 
 detecting the Dorifel Trojan/virus which is currently spreading (at least in 
 The Netherlands), since two weeks or so.

 At the moment, according to an overview on the website of virustotal.com, 
 most major anti-virus tools can detect the virus, unfortunately ClamAV 
 cannot (yet). If I'm correct, the specific virus has been submitted to your 
 Anti Virus database.

 Any information would be much appreciated.

 Kind regards,
 Jeroen
 
 
 I'll take a look this morning, thanks for emailing.

I'd like to know if there's any news on this.
TIA..


--
Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Clamav update problem

2012-08-13 Thread Rob Sterenborg (lists) 
On Mon, 2012-08-13 at 13:53 +0400, Ильяс Досхожаев wrote:
 i updated clamav to last   0.97.5 on debian , nevertheless it show error
 #freshclam 
 ClamAV update process started at Mon Aug 13 15:49:41 2012
 WARNING: Your ClamAV installation is OUTDATED!
 WARNING: Local version: 0.97.3 Recommended version: 0.97.5
 DON'T PANIC! Read http://www.clamav.net/support/faq
 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: 
 sven)
 WARNING: Can't download daily.cvd from 10.2.3.21
 Trying again in 5 secs...
 ...
 
 Is it ok?

Well, yes and no. Read the text:
- Freshclam says that ClamAV is version 0.97.3 instead of your new
0.97.5. Make sure you're running the binaries from 0.97.5 (you clearly
don't).
- Freshclam says main.cvd is up to date, so that should be fine.
Although freshclam can't download daily.cvd from some mirror, it will be
trying other mirrors for that.


--
Rob


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Can't download v0.97.5 source code

2012-07-26 Thread Rob Sterenborg (Lists) 
On Thu, 2012-07-26 at 15:35 -0400, Ruiyuan Jiang wrote:
 Hi, 
 
 I could not download the ClamAV v0.97.5 source code since yesterday. Does 
 anyone know what happened?

When I try to download I'm redirected to SourceForge and I can download
0.97.5 just fine.

http://sourceforge.net/projects/clamav/files/clamav/0.97.5/clamav-0.97.5.tar.gz/download

Direct download link:
http://downloads.sourceforge.net/project/clamav/clamav/0.97.5/clamav-0.97.5.tar.gz?r=http%3A%2F%2Fwww.clamav.net%2Flang%2Fen%2Fdownload%2Fsources%2Fts=134997use_mirror=kent


--
Rob


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] 10 years of ClamAV

2012-06-20 Thread Rob Sterenborg 
 Dear ClamAV Users,
 
 This year, ClamAV celebrates its 10th anniversary. The first release
 was
 on May 8, 2002, and included the basic command line scanner clamscan
 and database update tool freshclam. With your help, the project that
 started as a hobby has become a complete antivirus solution and one of
 the most popular Open Source security tools. Today, ClamAV has more
 than
 2 million active installations and scans hundreds of millions of files
 every day.
 
 We are incredibly proud of this project and of the development work we
 have been able to do since joining Sourcefire via acquisition in 2007.
 We've had the opportunity to build out the bytecode engine and logical
 signatures, and implement dozens of other major improvements that make
 ClamAV a powerful tool.
 
 While we are incredibly proud of this, it is time for us to make a
 change. ClamAV is now mature software and we are confident that
 Sourcefire will successfully continue its development, move it forward
 and maintain the integrity of its infrastructure. Matt Watchinski, who
 has headed Sourcefire's Vulnerability Research Team (VRTT) for 10
 years,
 will continue to lead this project. Joel Esler, the company's Open
 Source community manager, will also be your main point of contact and
 advocate.
 
 We cannot fully express how grateful we are to all of the people,
 organizations and companies that have supported us and who will
 continue
 to support the project. This includes all the individuals who have
 contributed virus signatures and the developers who have contributed
 code to ClamAV throughout the years, the public mirrors that host our
 virus databases worldwide, the entities that hosted our web site,
 nameservers and build farm; the developers and package maintainers who
 have integrated ClamAV into various Open Source products and
 distributions and, of course, the Open Source community as a whole.
 
 Finally, we would like to thank all who have trusted ClamAV for
 scanning
 and protecting some of the most valuable data on their networks.
 
 Sincerely,
 
 Tomasz Kojm tomasz.k...@gmail.com (twitter: @tkojm)
 Luca Gibelli l...@gibelli.it (twitter: @nervous)
 Alberto Wu a...@digitalfuture.it
 Edwin Török ed...@etorok.net

Congratulations on your 10 year anniversary, and thanks for making the
product as good as it is now!
Good luck with anything you start working on!


--
Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] clamd network mode

2012-04-18 Thread Rob Sterenborg (Lists) 
On Wed, 2012-04-18 at 12:13 -0500, Tom Goerger wrote:
 Hi,
 
 We're running clamav on our mta servers right now, each in local mode.
  We're experiencing some high loads causing mail delays on these servers,

I can imagine if you're using clamscan.

 and are trying to offload some of their resources.  It seems from some of
 the language in the clamd conf file that there's a way to use clamd in a
 network fashion.  Is this just a matter of changing the socket being used
 to point to the external box?  Or are there other variables that need to be
 set to accomplish this?

You have to configure clamd using clamd.conf and then start clamd. Clamd
can use a socket or an IP:port connection, that's up to you. Personally,
I find clamd.conf descriptive enough to be able to find out how to
configure it.
After starting clamd, you can use clamdscan instead of clamscan for
scanning (the file(s) in) your email.


--
Rob


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Untit Testing

2012-02-06 Thread Rob Sterenborg (Lists) 
On Mon, 2012-02-06 at 11:39 -0800, Reynolds, David C. wrote:
 I've recently installed .97.3 on an SGI Origin 3000 running TRIX
 v6.5.28 using gcc 3.2.1. (I did need to make some source file
 modifications).   I was able to run clamscan against a directory
 seemingly without error.
  
 However, I would like to run some tests which would indicate
 catching an infected file without actually putting an infected
 file on our system.  This is a totally Trusted Irix environment. 
  
 I've had problems trying to build the check package as
 recommended in the ClamAV documentation in this IRIXS environment.
  Any suggestions as to how run some unit tests that would indicate
 that an infected file would actually be found?

You could use the Eicar test file. It's not a virus and meant to check
if a/your virusscanner is working.

http://www.eicar.org/86-0-Intended-use.html


--
Rob


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] How can I have clamd reject items that can't be scanned?

2011-11-09 Thread Rob Sterenborg (lists) 
On Wed, 2011-11-09 at 10:31 +0100, Per Jessen wrote:
 Peter Bradeen wrote:
 
  I see that there are ways to limit the level of archive that will be
  scanned as well as the size of the entities to be scanned.  Is there a
  way for CLAMAV to then flag them as not allowed?  Seem that if you
  can't scan it, it should be rejected.
 
 It's not about not being able to scan, it's about not wanting to scan. 
 Regardless, clamav doesn't reject or approve mails, that's for your MTA
 to do. 

If you use ClamAV as milter, it's up to ClamAV to tell the MTA what to
do so I guess there's a task for ClamAV too..


--
Rob


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] problem with internet browser

2011-04-10 Thread Rob MacGregor 
On Sun, Apr 10, 2011 at 18:08, rexer rexer...@gmail.com wrote:
 My problem is cant access www.clamwin.com/ error 404 is found please help

Works for me. You could always use
http://www.downforeveryoneorjustme.com/ to check a site:

http://www.downforeveryoneorjustme.com/www.clamwin.com

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] No debian woody support anymore?

2010-04-23 Thread Rob Sterenborg 
 OK, how's this then. 9.5.3 (IIRC) came out about the time the notice

OK, how's this then. If you used freshclam, everytime you updated the 
signatures you got a message about ClamAV being outdated. The gap between 0.94 
and now it quite big. The people who *chose* to ignore it are to blame. If 
you're stupid enough *not* to upgrade your virusscanner while it's for free 
(that's probably why you chose ClamAV in the first place), it's your fault. If 
you're running a mailserver and got bitten because you don't know how to 
upgrade, then IMO you shouldn't be running a mailserver because of lack of 
knowledge about the system. I can't help that, you can't help that, SourceFire 
can't help that. They can help themselves however by learning how to do things 
and that won't be helped by keeping a hand over their heads, preventing from 
'bad things to happen'.. (IMO, running an outdated virusscanner *is* a Bad 
Thing(tm).) Or, if people do *not* (want to) learn about their system, they 
should buy an appliance with support contract that takes care of this.

Disclaimer: by you and your I don't mean specifically *you*.

Everytime a posting pops up asking why their ClamAV doesn't work anymore, the 
thread gets hijacked by rants like these. This is not helping the OP want way 
OT. If you'd just stay in the already polluted threads and post your rants 
there, the list would be cleaner.


-- Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] No debian woody support anymore?

2010-04-23 Thread Rob Sterenborg 
Erwan David wrote:

 Message of freshclam did not specify that older versions would stop.
 It was the same message as for minor upgrades. This did not give the
 information that something different than usual was planned.

It still means you should upgrade and the message was ignored long enough that 
ClamAV stopped working. The fact that there is no *immediate* need to upgrade 
when the message is first seen, does not mean you can wait that long.

The OP use(s|d) an EOL Debian and an EOL ClamAV. If the OP upgrades ClamAV to a 
more recent version then he's back in business, even with an EOL Debian. Simple 
as that.


-- Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

2010-04-22 Thread Rob MacGregor 
On Thu, Apr 22, 2010 at 07:16, Thomas Herzog thomas.her...@leoni.com wrote:

 Thanks for your reply, just to get this right.
 The virus is detected by the binaries clamdscan or clamscan, but not by the
 deamon called through amavis - see the attachment of my first post.

Then you have a problem with the way Amavis is calling ClamAV.  The
few lines in that log file aren't sufficient to identify the cause of
the problem.

Amongst other things, check that you don't have multiple copies of
ClamAV installed and that Amavis isn't running one while you're
manually running a different one.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

2010-04-21 Thread Rob Sterenborg 
  In the interest of eliminating any further waste of my time or
  computer resources, I am now instigating a kill filter on this
  thread.
 
 +1

+1

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] No debian woody support anymore?

2010-04-21 Thread Rob Sterenborg 
 After the last signature update, clam av stopped working on our woody
 installation.

Your ClamAV is probably EOL. Please upgrade.
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/

If your distro does not have a recent ClamAV package, you should be able to 
build it from source. (I saw a post here mentioning that the build even 
succeeds on a distro as old as RH7.2.)

 Is there no more support for this Debian Release?

Debian Woody (Debian 3.0) is also pretty old and EOL'ed..


--
Rob

___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-daemon didn't recognise attached virus

2010-04-21 Thread Rob MacGregor 
On Wed, Apr 21, 2010 at 16:02, Thomas Herzog thomas.her...@leoni.com wrote:

 Hello,
 We're running clamav 0.95.3 with amavisd-new-2.6.1and postfix 2.5.5.

 Sending a message with a virus attached clamav-daemon didn't find it. -

http://www.clamav.net/lang/en/sendvirus/

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] illegal or not, make a valid argument (was no subject)

2010-04-21 Thread Rob MacGregor 
On Wed, Apr 21, 2010 at 17:26, Christopher X. Candreva
ch...@westnet.com wrote:

 Let me drive this home. In the state of New York, until recently if the
 government wanted to use eminant domain to take your property, all they had
 to do was take out an ad in the paper. They do not need to track down the
 owner of the building or land, just take out an ad. If you don't read the
 paper that day, the first you hear that your building was being knocked down
 may be when the wrecking ball shows up.

The last I checked the legal notification requirements in the UK
aren't terribly different.  All that is required is reasonable effort
to notify and while I'm not a lawyer I'm pretty confident that the
ClamAV's teams efforts would be described as reasonable (based upon
dealings with real lawyers).

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] The EOL tweets

2010-04-19 Thread Rob MacGregor 
On Mon, Apr 19, 2010 at 17:34, Paul Reading
paul.read...@cp-lighting.co.uk wrote:
 Sorry to but-in.. I have just wasted a day trying to get my companies mail
 working again. We have an Apple xServe and knew nothing about clamav until
 we stopped receiving our email this morning. I don't know how you could have
 communicated with us on this one but perhaps it would have been better if
 you had somehow got Apple to update their customers by software update so
 that the un-initiated would not have needed to worry about this.

It's entirely possible that the ClamAV team didn't know that Apple had
taken the decisions to:

1) Install ClamAV on xServe
2) Not keep people even vaguely up to date

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Empy queue

2010-04-18 Thread Rob MacGregor 
On Sun, Apr 18, 2010 at 10:59, _beb_ s...@me.com wrote:
 Hi everyone,
 I didn't know about the update, and it has been such a mess.
 It's okay, now. Emails in/out going.
 The thing is: what about the thousands of emails still in the 
 /var/spool/qscan/working/new and /var/spool/qscan/tmp directories?
 Is there a way to reinject all of them as new emails?

It sounds like the answer would be specific to QMail, it's probably
best to check it's documentation/lists.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav-0.96 compile error

2010-04-07 Thread Rob MacGregor 
On Wed, Apr 7, 2010 at 11:31, Jan Kratochvíl kratoch...@rcd.cz wrote:
 Hi,

 make fails Clamav 0.96 on system RedHat kernel 2.2.27-rc2 #10

 gcc version egcs-2.91.66
---SNIP---
 This problem is new in Clamav 0.96,
 clamav-0.95.3 does compile an run with these settings.

Kernel 2.2.27-rc2 was released in January 2005 - just over 5 years
ago.  GCC egcs-2.91.66 is even older (I've seen bug reports from
1999).  I'm guessing you're running RedHat 7 (the last version
released with a 2.2 kernel) or older, making your base OS potentially
10 years old.

I think it may be time for an upgrade to your OS - you'll run into
many similar problems with other packages that assume you've got a
vaguely recent set of packages or kernel.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] infos

2010-03-24 Thread Rob MacGregor 
On Wed, Mar 24, 2010 at 15:33, Del Monte Paolo paolo.delmo...@eng.it wrote:
 Hi Alain,
 Yes I think that's a good solution. I supposed that this is not possible
 dues to the different platform between linux and hpux on itanium
 architecture.

They are signature files, there's nothing architecture specific about them.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Clamav not working in OS X 10.6.2 server

2010-01-26 Thread Rob Jennings 
I work for a school district and our new xserves have just been updated to the 
10.6 server operating system. The problem I am experiencing on all 4 of these 
servers which are in different schools is the same. The log files are filling 
up with error messages like this1/21/10 4:39:43 
PMorg.clamav.freshclam[56]nonblock_connect: connect timing out (30 secs)1/21/10 
4:39:43 PMorg.clamav.freshclam[56]Can't connect to port 80 of host 
database.clamav.net (IP: 130.59.10.36)1/21/10 4:39:43 
PMorg.clamav.freshclam[56]Trying host database.clamav.net 
(193.1.193.64)...1/21/10 4:40:13 PMorg.clamav.freshclam[56]nonblock_connect: 
connect timing out (30 secs)1/21/10 4:40:13 PMorg.clamav.freshclam[56]Can't 
connect to port 80 of host database.clamav.net (IP: 193.1.193.64)1/21/10 
4:40:13 PMorg.clamav.freshclam[56]WARNING: getpatch: Can't download 
daily-9451.cdiff from database.clamav.net1/21/10 4:40:13 
PMorg.clamav.freshclam[56]WARNING: Incremental update failed, trying to 
download daily.cvd1/21/10 4:40:44 PMorg.clamav.freshclam[56]nonblock_connect: 
connect timing out (30 secs)1/21/10 4:40:44 PMorg.clamav.freshclam[56]Can't 
connect to port 80 of host database.clamav.net (IP: 130.59.10.36)1/21/10 
4:40:44 PMorg.clamav.freshclam[56]Trying host database.clamav.net 
(193.1.193.64)...1/21/10 4:41:14 PMorg.clamav.freshclam[56]nonblock_connect: 
connect timing out (30 secs)1/21/10 4:41:14 PMorg.clamav.freshclam[56]Can't 
connect to port 80 of host database.clamav.net (IP: 193.1.193.64)1/21/10 
4:41:14 PMorg.clamav.freshclam[56]WARNING: Can't download daily.cvd from 
database.clamav.net1/21/10 4:41:14 PMorg.clamav.freshclam[56]Trying again in 5 
secs...1/21/10 4:41:19 PMorg.clamav.freshclam[56]ClamAV update process started 
at Thu Jan 21 16:41:19 20101/21/10 4:41:24 PMorg.clamav.freshclam[56]WARNING: 
Your ClamAV installation is OUTDATED!1/21/10 4:41:24 
PMorg.clamav.freshclam[56]WARNING: Local version: 0.95.2 Recommended version: 
0.95.31/21/10 4:41:24 PMorg.clamav.freshclam[56]DON'T PANIC! Read 
http://www.clamav.net/support/faqThis keeps on going for pages. After a while 
it seems to slow down the server and it will lock up and I have to restart the 
server. I don't use the mail service on the server because the state handles 
our email. I have read that the current version of clamav on the server is 
incompatible with 10.6 server. So can this be fixed or can clamav be turned off 
or removed. Any help or suggestions would be greatly appreciated. Thanks, Rob 
Jennings. ___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamdscan setup

2009-12-06 Thread Rob MacGregor 
On Sun, Dec 6, 2009 at 06:27, Mark Gregory mgreg...@agama.com.au wrote:

 I would like to setup a scheduled task for clamdscan to do scans every
 couple of hours.

 I would appreciate an example config file for clamdscan that would
 include setting a log file and scanning the entire c: drive

 And moving bad files to a quarantine folder.

You'll need to configure clamd that way, since clamdscan uses clamd
(the hint is in the name).

The man page for clamd.conf will give you what you want, but key lines
would included:

LogFile c:\example\log.file.txt

Note that clamd isn't a full AV product and doesn't include
quarantining.  For that you'll want clamscan.  Again the man page
tells you what you want, but something like:

clamscan -l=c:\example\log.file.txt --move c:\quarantine\ c:\


-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamdscan setup

2009-12-06 Thread Rob MacGregor 
On Sun, Dec 6, 2009 at 09:41, Mark Gregory mgreg...@agama.com.au wrote:
 Hi Rob,

 Thank you for the information.

 I should mention that I have clamd running as a service under windows
 server 2003. From my reading and I may be confusing things, I thought I
 had to use clamdscan in this scenario.

 What is the key difference between clamdscan and clamscan?

I'm pretty sure the documentation covers it, but in summary:

clamscan - stand alone, runs as the user running it, does not use any
of clamd's configuration

clamdscan - an interface to clamd, clamd does all the work

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] clamav databases

2009-09-09 Thread Rob MacGregor 
On Wed, Sep 9, 2009 at 07:00, Wongwongcla...@telkom.net wrote:
 Dear List,

 I installed Simscan with ClamAV. But I found error.

 configure: error: Unable to find your clamav databases, specify
 --enable-clamavdb-path

 Would you tell me where the clamav database placed (by default)?

That depends on how you installed ClamAV (and possibly on the version)
- did you install it from source?  What version did you install?  What
OS did you install it on?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Freshclam error

2009-08-24 Thread Rob MacGregor 
On Mon, Aug 24, 2009 at 17:55, Scott Mohnkernmohnk...@gmail.com wrote:
 Thanks for catching that, I'd accidentally set the clamav group number to
 441.  However, after correcting.  I'm still seeing the problem:
 o...@zambezi:/var# ls -alt | grep clamav
 drwxrwxrwx  2 clamav clamav  4096 2009-08-21 10:02 clamav

 r...@zambezi:/var# freshclam
 ClamAV update process started at Mon Aug 24 12:54:47 2009
 WARNING: Your ClamAV installation is OUTDATED!
 WARNING: Local version: 0.94.2 Recommended version: 0.95.2
 DON'T PANIC! Read http://www.clamav.net/support/faq
 ERROR: getfile: Can't create new file
 /var/clamav/clamav-37cffbcbac17f3fecf92527459691294 in /var/clamav
 Hint: The database directory must be writable for UID 441 or GID 204

What do the following show:

ls -lnd /var/clamav
id clamav

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Freshclam error

2009-08-24 Thread Rob MacGregor 
On Mon, Aug 24, 2009 at 18:17, Scott Mohnkernmohnk...@gmail.com wrote:
 r...@zambezi:/var# ls -lnd /var/clamav
 drwxrwxrwx 2 441 204 4096 2009-08-21 10:02 /var/clamav
 r...@zambezi:/var# id clamav
 uid=441(clamav) gid=204(clamav) groups=204(clamav)

Try changing it to 770 instead of 777.  If that doesn't work, what
other kernel modules do you have loaded (apparmour etc)?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] I have trouble with freshclam

2009-06-23 Thread Rob MacGregor 
On Tue, Jun 23, 2009 at 21:41, Александр Тягливыйtysa...@gmail.com wrote:
 I upgrade to 0.95.2, but when I have started freshclam:

 Can't open/parse the config file /usr/etc/freshclam.conf

How did you upgrade - from a binary package, from a source install - how?

Did you check the contents of the file - the error message does
include the fact that it's also about the contents, not just the file
permissions.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Problems with clamdscan : access denied

2009-04-02 Thread Rob MacGregor 
On Thu, Apr 2, 2009 at 14:47, Dale Patterson gcaharchiv...@gmail.com wrote:
 As for using clamscan, the reason I installed clamav is to work with another
 piece of software which apparently uses clamdscan in its call.

That does, but that doesn't mean that you can *only* use clamdscan.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Problems with clamdscan : access denied

2009-04-01 Thread Rob MacGregor 
On Wed, Apr 1, 2009 at 18:59, Dale Patterson gcaharchiv...@gmail.com wrote:
---SNIP---
 When I invoke clamdscan [filename or folder] I get
 dpatt...@quarantine:~$ clamdscan po.conf
 /home/dpatters/po.conf: Access denied. ERROR

 This happens on all directories except /tmp.  My directories are world
 readable and executable, as are the files.  The clamd user is clamav.

So, the user clamav  almost certainly doesn't have access to the file.
 Have you considered using clamscan (as a user with access to the
file) instead?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Updating clamav

2009-03-14 Thread Rob MacGregor 
On Sat, Mar 14, 2009 at 22:38, David Jewell cobba...@gmail.com wrote:
 Hi,

 I am trying to update my clamav install from 0.93 to 0.94.2 on an
 Ubuntu based server. Running the make  make check I am have been
 meet with a series of errors. Some I have fixed by installing/updating
 some libs but I  am still at a loss as to why the make check is not
 successful. Following is output from the make  make check.

Looks like you don't have the bzip2 headers or libraries installed.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] please remove

2009-02-19 Thread Rob MacGregor 
On Thu, Feb 19, 2009 at 13:43, Eric J. Wisti clam...@wisti.com wrote:

 The ONLY way to prevent reading unsubscribe messages (which annoy me
 too), is to remove all users from the mailing list now.

Sadly I agree with Eric.  I've seen this same problem on lists with
the unsubscribe link at the bottom of every list email - you can't do
anything about stupidity I'm afraid.

I'll now go back to watching the thread spiral out of control ;)

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Your ClamAV installation is OUTDATED

2009-02-15 Thread Rob MacGregor 
On Sun, Feb 15, 2009 at 11:45, chen f...@webologix.com wrote:

 clamscan --version
 ClamAV 0.93/6688/Wed Apr  9 16:40:38 2008

Then you haven't removed your old version of ClamAV.  How did you install 0.93?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] New to Clamav

2009-02-05 Thread Rob MacGregor 
On Thu, Feb 5, 2009 at 15:52, Madhuri Somavarapu
madhurisomavar...@yahoo.com wrote:
 How can we invoke  clamd from java if not the API?

 The app that uses clamd will be deployed on the same unix machine. Will I 
 have problem with firewall even then? Should I ask admin to open the port so 
 that users access the app?

Maybe - as the administrator what (if any) firewall rules they have in
place for the loopback interface.

 If the virus is found will it delete the file other than response? If not how 
 should I take care of it myself?

It (clamd) won't do anything, that's entirely up to you to handle in
any way you chose.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] No clmilter.sock

2009-01-02 Thread Rob MacGregor 
On Fri, Jan 2, 2009 at 07:14, Rem P Roberti remeg...@comcast.net wrote:
 I have just installed clamav on my FreeBSD 7.1RC2 system as per the
 Wheldon Whipple instructions
 (http://www.technoids.org/clamav-milter.html#2).  I double checked
 everything (I think!), but clmilter.sock never showed up in
 /var/run/clamav.  The only files in that directory are clamd.pid,
 freshclam.pid, and clamd.sock.  What happened to clmilter.sock?

The instructions there look like they're very out of date.  A quick
look at the freshports.org change entries suggests that there is a
separate script to start the milter - look in /usr/local/etc/rc.d/.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] How to test ClamAV?

2008-12-05 Thread Rob 
On Fri, Dec 05, 2008 at 03:06:41PM -0800, Aleksey Tsalolikhin wrote:
 Ok, so how do I test ClamAV?
 
 So where do people get viruses to test ClamAV with?

Are you wanting to see that ClamAV is properly configured in your 
environment or are you ensuring it finds the viruses that you test it 
with?

If you're looking to test your configuration, the easiest is with the 
EICAR test file. You can find out more about it at 
http://www.eicar.org/anti_virus_test_file.htm

ClamAV should report the following when the file is scanned:
clamdscan ~/eicar.com
eicar.com: Eicar-Test-Signature FOUND


Rob


___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Why is ClamAV signature file so unpopular?

2008-11-28 Thread Rob MacGregor 
On Fri, Nov 28, 2008 at 15:12, Paul Kosinski [EMAIL PROTECTED] wrote:
 When I go to the download page for ClamAV at SourceForge,
 I observe that the signature file (clamav-0.*.*.tar.gz.sig)
 is downloaded less than 10% of the time that the source code
 (clamav-0.*.*.tar.gz) is downloaded. I find this strange,
 especially for anti-malware software, whose users presumably
 think about security more than the average SourceForge visitor.

Some of that may be down to things like FreeBSD, where the package
maintainer fingerprints the download when they prepare the
package/port and it is that fingerprint that is checked when you
install.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
Mark Twain  - It usually takes me more than three weeks to prepare a
good impromptu speech.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

2008-11-16 Thread Rob MacGregor 
On Sun, Nov 16, 2008 at 15:31, Jerry [EMAIL PROTECTED] wrote:
---SNIP---
 In any case, FreeBSD-5.5 is quite old and I believe no longer
 supported, although I might be wrong about that.

FreeBSD 5.5, the last in the FreeBSD 5.x series, reached EOL in March 2008.


-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

2008-11-12 Thread Rob MacGregor 
On Wed, Nov 12, 2008 at 13:43, Juergen Dankoweit
[EMAIL PROTECTED] wrote:

 Yes. The reason is, that FBSD 6 or 7 does not run anymore on my hardware
 (SCSI problems).

Did you report those so that they can be looked into?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Clamav 0.94.1 not working under FreeBSD 5.5

2008-11-12 Thread Rob MacGregor 
On Wed, Nov 12, 2008 at 12:53, Juergen Dankoweit
[EMAIL PROTECTED] wrote:
 Hello to the list,

 on my FreeBSD system I have strange problems with clamav:
 During detection a virus clamav blocks the whole mail traffic for ever.
 Only a restart of postfix, amavis and clamav solves this until the next
 virus.

 With clamav 0.93.3 there are no problems but it is too outdated.

 Because the ports tree is unupgradable I must use the original source
 from the web site. I compile clamav with the following options:
 ./configure --disable-clamuko --disable-ipv6

Is there a good reason you can't upgrade to at least FreeBSD 6, or
even better FreeBSD 7?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Maximum file size

2008-10-13 Thread Rob MacGregor 
On Mon, Oct 13, 2008 at 16:10, Sam Smith [EMAIL PROTECTED] wrote:
 Hello there!

 I am running ClamAV engine ver 0.93.1

That's an old version, you should update.

 When trying to scan Outlook PST files I receive this error:

 archive.pst: Value too large for defined data type

 The file size is close to 6 GB. Is this more than the maximum size
 allowed by the program?
---SNIP---
 Any help on increasing the limit would be much appreciated.

Have a look in the clamd.conf file, under the Limits section.  At a
rough guess the MaxScanSize and MaxFileSize will be relevant to you.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

[Clamav-users] Updating OS X Server version of clamav

2008-09-28 Thread Rob Lewis 
Is there an explanation anywhere of how to update the version that's  
included with OS X Server (Tiger)? 
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] trying upgrade clamav 0.93 to 0.94 on i386 FreeBSD

2008-09-23 Thread Rob MacGregor 
On Tue, Sep 23, 2008 at 08:37, Sam Lin [EMAIL PROTECTED] wrote:

 Hello list,

 i try pkg_add -r clamav and it's show me the package are the same
 Fetching 
 ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/clamav.tbz
 pkg_add: package 'clamav-0.93.3' or its older version already installed

 then i try use ports to compile clamav 0.94 on my i386 FreeBSD 6.1-
 STABLE and have some error message:

FreeBSD 6.1 is no longer supported by the ports system - if you want
to continue using the ports you need to upgrade to 6.3 or 7.0 (6.4 and
7.1 are due for release next month), or track RELENG_7 or RELENG_6.  I
would advise that 7.x is a better choice as 6.x is the legacy release.

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] trying upgrade clamav 0.93 to 0.94 on i386 FreeBSD

2008-09-23 Thread Rob MacGregor 
On Tue, Sep 23, 2008 at 14:30,  [EMAIL PROTECTED] wrote:

 Or you can just delete --enable-gethostbyname_r from the CONFIGURE_ARGS
 section of the port Makefile and everything will work fine.  I would
 advise that you stick with 6.3 as it has a longer support cycle than
 anything so far in the 7.x cycle.

Right now the EOL for 6.3 is based upon it being the last 6.x.
However, 6.4 is scheduled to be released next month, at which point
the EOL for 6.3 will be 12 months from it's release - January 2009, a
month before 7.0 (February 2009).  Details of how the EOL process
works can be found at http://www.freebsd.org/security/#sup

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (senza oggetto)

2008-08-09 Thread Rob MacGregor 
2008/8/9 [EMAIL PROTECTED] [EMAIL PROTECTED]:
 Salve,
 cliccando su Virus Database Update Report la finestra che si apre riporta il 
 seguente messaggio:
  Warning: Current functionality level = 31, recommendet = 33.
 Vorrei sapere cosa vuol dire e come posso ovviare.

http://www.clamav.net/support/faq/
http://wiki.clamav.net/Main/FAQ#What_does_WARNING_Current_functi

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] simplest replacement for ancient amavis-perl

2008-08-07 Thread Rob MacGregor 
On Thu, Aug 7, 2008 at 16:40, David F. Skoll [EMAIL PROTECTED] wrote:

 I recommend MIMEDefang.  (Of course, I'm the author, so I would
 recommend it...)

I use both amavisd-new and MIMEDefang.  Of those I'd recommend MD over
amavisd-new. It's easy to customise the heck out of (I don't know perl
and I can manage) and just works.

The MD mailing list is also pretty helpful for those times when you
discover that you're not so much in over your head, but you no longer
know which way up is supposed to be ;)

-- 
Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] unsubscribe

2008-07-07 Thread Rob MacGregor 
On Mon, Jul 7, 2008 at 18:22, Don Singh [EMAIL PROTECTED] wrote:
 please unsubscribe me from this mailing list.

How to do this was included in the welcome email you received when you
signed up and is in the headers of every list email (a standard
location):

List-Id: ClamAV users ML clamav-users.lists.clamav.net
List-Unsubscribe:
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users,
mailto:[EMAIL PROTECTED]
List-Post: mailto:clamav-users@lists.clamav.net
List-Help: mailto:[EMAIL PROTECTED]
List-Subscribe: http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users,
mailto:[EMAIL PROTECTED]

-- 
Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] (no subject)

2008-06-02 Thread Rob MacGregor 
On Mon, Jun 2, 2008 at 9:18 PM, alex liveti [EMAIL PROTECTED] wrote:
 Hi there? is not a viros is just a pape work just  to take look at correcy 
 and send it bac to
 please just test can i send t.

You may want to read the reply to your post yesterday.

-- 
Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] 0.93.1RC1

2008-05-28 Thread Rob MacGregor 
On Wed, May 28, 2008 at 3:08 PM, Nigel Horne [EMAIL PROTECTED] wrote:
 Dear All,

 As you may have seen, the first release candidate of 0.93.1 was
 published earlier this week.

 0.93.1 http://downloads.sourceforge.net/clamav/clamav-0.93.1rc1.tar.gz
 is a maintenance release with bug fixes for issues raised with 0.93 for
 example portability
 problems and other issues discovered by our internal auditing process.
 It also features improved
 handling of PDF, CAB, RTF, OLE2 and HTML files.

 We welcome any feedback and bugs on this RC prior to the release
 of 0.93.1, which is currently scheduled for 6th June. It doesn't matter
 if you don't have a test environment, you can still help us for example by
 downloading the release candidate and checking it compiles on your
 system even if you don't
 install it; we particularly welcome reports on platform compatibility.

Compiles on FreeBSD 6.3 and 7.0.

I was able to give it a quick test on 7.0 and freshclam, clamscan,
clamd and clamdscan all work.

-- 
Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] I can´t upgrade clamav

2008-05-12 Thread Rob MacGregor 
On Mon, May 12, 2008 at 1:55 PM, Emilio Campos
[EMAIL PROTECTED] wrote:
 i am clamav 0.92 versión in a SMTP system, i can´t update clamav because
  this is a close project in the client instalations, i would like to know
  what can append with those  clamav if i dont upgrade with new version of
  new clamav?

If nothing else, at some point you'll stop getting signature updates
and will then start letting malware through.

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] WARNING: Suspicious recipient address blocked

2008-04-14 Thread Rob MacGregor 
On Mon, Apr 14, 2008 at 11:09 AM, Bas van Rooijen
[EMAIL PROTECTED] wrote:

  ClamAV is rejecting messages where the recipient address contains a | (pipe 
 character)..

  Why is this? Is | a virus now?

  Can this behaviour be disabled?

  Are you planning on blocking other random characters from appearing in the 
 recipient adres?

Are you certain that clamav is behind this?  What other software are
you using with your mailserver and exactly what is the error message?

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAv-Milter Configuration Troubles

2008-04-11 Thread Rob MacGregor 
On Fri, Apr 11, 2008 at 7:00 PM, James Kosin [EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-

 James Kosin wrote:
  | Everyone,
  |
  | I've got clamav-milter using a .sock file and would like to change it to
  | use the IP socket address interface to clamd.
  | Any ideas on what I have to do?  If I just change clamav-milter options
  | to use --external and remove the local socket file from the options,
  | clamav-milter complains.  I want it to use the local machine's IP
  | 127.0.0.1 with clamd running.  Anyone have a good configuration to
  | share, the documentation is a bit sparse in this area.
  |
  | James
  Hey... anyone out there???

A quick read of the clamav-milter man page suggests you missed the
--server option:

--server=HOSTNAME/ADDRESS, -s HOSTNAME/ADDRESS
  IP  address  or  hostname of server(s) running clamd (when using
  TCPsocket and --external).  ...

-- 
Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] I hate people who do this but...

2008-04-06 Thread Rob MacGregor 
On Sun, Apr 6, 2008 at 8:35 PM, Christopher Burkhart
[EMAIL PROTECTED] wrote:
 How do I get off this list?

  I have searched the archives and I have not found a way to delete my
  self, may have just missed.

You mean the information that lurks in the header of every posting:

List-Id: ClamAV users ML clamav-users.lists.clamav.net
List-Unsubscribe:
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users,
mailto:[EMAIL PROTECTED]
List-Post: mailto:clamav-users@lists.clamav.net
List-Help: mailto:[EMAIL PROTECTED]
List-Subscribe: http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users,
mailto:[EMAIL PROTECTED]

And the Visit subscriptions page button that's found from the URL at
the bottom of every posting:

http://lurker.clamav.net/list/clamav-users.html

;-)

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Integrating ClamAV in Squid 2.6

2008-03-26 Thread Rob MacGregor 
On Wed, Mar 26, 2008 at 2:45 PM, Dennis Peterson [EMAIL PROTECTED] wrote:
  You learned from that answer that as distributed it can be statically
  linked to libclamav? I shall read it again and again until I find that
  elusive factoid.

No, you asked if HAVP had to be rebuild when you upgraded clamav, not
whether or not it could be statically linked.  The response:

  Well - have a look and find out for yourself. It supports both linking
  against libclamav and merely calling clamd like clamdscan does. So yes
  and no are the answer.

gave you the full answer:

Link against libclamav - yes you have to rebuild
Call clamd - no you don't

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Integrating ClamAV in Squid 2.6

2008-03-26 Thread Rob MacGregor 
On Wed, Mar 26, 2008 at 3:18 PM, Dennis Peterson [EMAIL PROTECTED] wrote:

  And I wonder still if as delivered it can be built statically.
  Obviously if it is only dynamically linked it will not survive a
  ClamAV upgrade. At no time did I mention using clamd as a option. It
  was such a simple question.

Yes it was a very simple question:

 So does this have to be rebuilt each time ClamAV has an upgrade?

  A simple answer might have been it [ can
  | cannot ] be linked statically. The answer to my question was rtfm
  which I attempted to do, mind you. The answer to the question I did
  not ask was use clamd. I can use clamd now without this product.

Until today you made no mention of static linking in this thread, if
you had you may have had different answers ;)

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamd.conf question.

2008-03-24 Thread Rob MacGregor 
On Mon, Mar 24, 2008 at 9:03 PM, Erik P. Olsen [EMAIL PROTECTED] wrote:
 Hi,

  I am new on clamav and I have a few questions on some of the items in the
  clamd.conf file:

  1. LocalSocket must be specified, it says, but what is it used for and what
  would it normally be?

  2. TCPAddr. Again, I don't know what it is used for and what INADDR_ANY is.

These are used by other applications (such as clamav-milter, clamdscan
etc) to connect to clamd.

  3. DetectPUA. What sort of applications is detected with this setting?

Potentially Unwanted Applications:

http://www.clamav.org/2007/09/03/detection-of-potentially-unwanted-applications/

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] freshclam GMP3 vs GMP4

2008-03-14 Thread Rob MacGregor 
On Fri, Mar 14, 2008 at 11:34 AM, Andy Smith [EMAIL PROTECTED] wrote:
 Hi list,

   I was trying to resolving the NO SUPPORT FOR DIGITAL SIGNATURES error 
 from freshclam, I am running FreeBSD 6.1.
  In the ports collection the package I found was GMP4, the clam FAQ says I 
 need GMP3. Well I tried putting on GMP4 as,
  first its the current release, and second I didnt have the option of 
 installing V3 from ports. I re-built clamav from source and
  installed, but still the same error. Does anyone know if freshclam can work 
 with GMP4 or not and if so how?

Have you tried installing ClamAV from ports, so that it handles this for you?

-- 
Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Scan All incoming attactment

2008-03-12 Thread Rob MacGregor 
On Wed, Mar 12, 2008 at 7:11 AM, Tarak Ranjan [EMAIL PROTECTED] wrote:
  No, i just want to be specific on on clamAV, is there any plugin or
  parameter in clamAV to do the Attachment scanning.

ClamAV is just a virus scanner - if you want to integrate it into your
mail server you need to use something to provide that integration - as
others have told you.

-- 
 Please keep list traffic on the list.

Rob MacGregor
 Whoever fights monsters should see to it that in the process he
 doesn't become a monster. Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Snedmail clamav timeout before data read, where=mail

2008-02-05 Thread Rob MacGregor 
On Feb 5, 2008 5:43 PM, Pawel Rutkowski [EMAIL PROTECTED] wrote:
 Hello,

 Sometimes i have problem to send email from my sendmail. Ehlo command
 ok, mail from: command hangup.
 When kill all sendmail process and start again daemon work propertly. It is
 possible to clamav problem ? Errors from sendmail logs below:

Version of Sendmail?  Version of ClamAV?  Operating System?  Which
milter are you using?  Are there any other log entries?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamd doesn't create pid and socket file, no error output.

2008-02-04 Thread Rob MacGregor 
On Feb 4, 2008 9:51 PM, David Liang [EMAIL PROTECTED] wrote:
 It runs OK before. But this Saturday, it stop work. When I restarted
 clamd, The clamd seems run normally, but no pid, and socket files created
 in /var/run/clamdav/, no error message output to log files. Does anybody
 know why?

With so little information, nobody will be able to help you.  Maybe if
you provided details such as the version of clamav, what OS you're
using, whether there is anything in the log files and other such
information.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav Update Database

2008-01-25 Thread Rob MacGregor 
On Jan 25, 2008 12:53 PM, Clovis Tristao [EMAIL PROTECTED] wrote:
 Hi All,

 I'm using Clamav in Server Fedora Core.
 Please, How I up to date clamav databases automatically and I receive
 e-mails saying that the system was brought up to date?

Take a look at OnUpdateExecute in freshclam.conf

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] clamav rpm package

2008-01-23 Thread Rob MacGregor 
On Jan 23, 2008 5:58 PM, Andrea Bencini [EMAIL PROTECTED] wrote:
 clamav-0.92-6.fc8.i386.rpm  and clamav-0.91.2-3.fc8.i386.rpm packages
 haven't clamd.conf and freshclam.conf files.
 clamav-0.92-33.fc8.i386.rpm package has clamd.conf and freshclam.conf files.
 Why are there these differences?

Try asking the person who created the packages.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAV vs. Wildlist

2008-01-18 Thread Rob MacGregor 
On Jan 18, 2008 1:42 PM, Brandon Perry [EMAIL PROTECTED] wrote:
 Hrm, why is clamdscan faster than clamscan?

Lack of startup time overhead (as clamd is already running), though
I'd expect that to be fairly static and probably largely irrelevant
for large (multi GB) scans.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] problem installing clamav 0.92

2008-01-11 Thread Rob MacGregor 
On Jan 11, 2008 8:50 AM, SINDELAR Stefan [EMAIL PROTECTED] wrote:
 Morning everyone,

 I have problems to install clamav 0.92 on Solaris 8 with GCC 3.4.6.
 Below you can see the messages while configure and install it:

 ./configure --enable-milter
 configure: WARNING: Unable to determine FPU endianess, some features may
 not be available in this build
---SNIP---
 Has anyone an idea to get rid of the configure-Warning message?

Search the list archive - there was a thread about this just the other day.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clamav virus signature update

2008-01-06 Thread Rob MacGregor 
On Jan 6, 2008 8:42 AM, Alessandro Volturno [EMAIL PROTECTED] wrote:
 Hello guys,

 I'm using Clamav 0.92 installed from the Debian Volatile repository.
 on a Debian testing distro kernel 2.6.22-3-686 kept daily updated.
---SNIP---
 Build: ClamAV 0.92/5385/Sun Jan  6 02:13:06 2008

 Signatures: 148100
 (20 Aug 2007)

That looks to be about a little old.

 Current working dir is /var/lib/clamav/

So, where is ClamTK looking for the signatures?  I suspect there's a
mis-match between where ClamAV is storing the signatures and where
ClamTK is looking for them.

It's also possible that you have a mis-match between the clamd and
freshclam configurations.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Failure to detect first time

2008-01-04 Thread Rob MacGregor 
On Jan 4, 2008 3:20 PM, Phil Chambers [EMAIL PROTECTED] wrote:
---SNIP---
 So, clamscan detects the signature but clamdscan does not!  Note that some
 examples of this signature do get detected by clamd.)

File permissions problem (assuming you're not running clamd as root)?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)

2008-01-03 Thread Rob MacGregor 
On Jan 3, 2008 3:09 PM, Bowie Bailey [EMAIL PROTECTED] wrote:
 Then this may be something that could use some explanation.

 Exactly what temp dir setting are you referring to and why should it be
 changed?

If the environment variable TMPDIR is defined then well behaved
programs will use that instead of /tmp (as mentioned in David's
initial post with this subject) for temporary files.

Using this means that you break assumptions about temporary files
appearing in /tmp, which complicates an attackers life.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)

2008-01-03 Thread Rob MacGregor 
On Jan 3, 2008 4:09 PM, Dennis Peterson [EMAIL PROTECTED] wrote:
 The success of this requires a bit of serendipity as well. If for reasons of
 convenience the new TMPDIR is globally writeable then nothing has been 
 accomplished
 which is why a global TMPDIR declaration is pointless.

Well, yes and no.  Let's take the following case:

1) You're using software which creates then executes a temporary file
as .progname.day-of-month
2) The attacker knows this and has a remote attack to populate this
file in /tmp to give themselves root access
3) You've globally defined TMPDIR to be /tmp/42/
4) Attack fails

Ok, it doesn't help against a local attacker (and then you're in
trouble anyway), but against any remote attack making assumptions
about the location of temporary files it has some value.

Besides, I made no statement about global declarations ;)

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Clam bugs/vulns (was Re: Tomasz, you're an id iot, and you don't even know it)

2008-01-03 Thread Rob MacGregor 
On Jan 3, 2008 6:08 PM, Mark [EMAIL PROTECTED] wrote:

 a): Clamav were to run as root (and consequently run
 ..progname.day-of-month as root too), which is plain stupid.

There's lots of stupid people out there ;)

 Also, where does the idea come from that a symlink will magically bring
 the attacker root access? If .progname.day-of-month were a symlink, then
 please, anyone, show me to what sort of file this symlink could point to
 that would suddenly allow the attacker to gain root-access?

It's not magic, but it's possible.  Plenty of effective attacks, in
the real world, have used this approach as part of a chain that
results in gaining root access.

 Also, on FreeBSD, we set /tmp +t, which means items in /tmp can be renamed
 or deleted only by the item's owner.

I think that's been standard on all unix type systems for a long time now.

 In short, I fail to see what the fuss is all about. O_EXCL should have
 been there, but it's a minor bug -- especially since the TS initially
 failed to realize there was randomness, after all (though it could be
 improved upon). I see no realistic possibilities for exploits. But I'm of
 course open to hearing how someone thinks a realistic attack could be
 mounted with it.

A minor vulnerability here, a minor vulnerability there and pretty
soon you're talking something bigger ;)  As David said, attackers are
creative - they're also often very persistent and highly skilled.  At
the end of the day there would be real money behind an exploit that
could give any form of remote access to a host running ClamAV.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] How to find infected file

2007-12-24 Thread Rob Sterenborg 
I usually don't post but I just can't resist this insulting troll..

 wasn't provided with your question.  I suspect that you ran 'clamscan'
 and you were rewarded with a _very_ large list of file names, to each
 of which was appended the four characters : OK, and at the end of

[...snip things about grep, editor and pager...]

To make a really long story short; you mean something like:

$ clamscan /home/username | grep -v : OK | less

Of course, the OP would probably see a # instead of $ because he's
logged in as root, not as a mortal user like he should, considering his
experience.

However, I'm not familiar with a clam.conf/clamscan.conf/whatever.conf
file and I'm quite sure that it doesn't exist. There is of course the
clamd.conf file that the OP might want to locate (hint) if he were using
clamdscan instead of clamscan (OP: mind the little difference). But,
then the OP would need an up-to-date locate database (hint).

Ah wel, since it's almost Christmas eve (and before the OP starts
trolling and top-posting again) these are the lines to find clamd.conf:

(I haven't seen a recent distro that lacks these..)
# updatedb
# locate clamd.conf

OP:
- Don't tell us that you can't find updatedb, locate, grep and/or less.
In that case, please go seek help elsewhere. This list is about ClamAV,
not about learning to use Linux.
- You need to cleanup your act if you want help. It's you who's
insulting people that try to help you. If you can't use the help given,
it might be you who's not competent enough to perform basic tasks. This
would be your problem, not ours.
- If you don't want to learn how to work with *nix and it's apps, please
delete your Linux partition and stick with Windows as that would then be
best for all of us (including you).

 Compliments of the season to all.

Perhaps a bit early, but, merry Christmas to everyone!


Grts,
Rob
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAV Vulnerability

2007-11-20 Thread Rob MacGregor 
On Nov 20, 2007 4:20 PM, tBB [EMAIL PROTECTED] wrote:
 David F. Skoll wrote:

  Tomasz Kojm wrote:
 
  This is getting boring!
 
  I'm sorry you find it so.  I actually find this to be exciting reading:
 
  http://www.securityfocus.com/cgi-bin/index.cgi?o=0l=30c=12op=display_listvendor=Clam%20Anti-Virusversion=title=CVE=

 Oh, then I'm sure you will find this an interesting reading too:

 http://search.securityfocus.com/swsearch?sbm=%2Fmetaname=alldocquery=roaring+penguin+software+vulnerabil%2Ax=0y=0

Five vulnerabilities of which only 3 are for MIMEDefang, one this
year, one in 2004 and one in 2002 compared to the 2 pages of hits for
Clam - I don't think that was the comparison you were hoping for ;)

Either way, yes, like every product there are vulnerabilities in both.
 David's original comment about ClamAV's vulnerability history doesn't
appear too far from the mark, regardless of the obviously high
emotions on either side.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Error message appended to subject line

2007-11-13 Thread Rob MacGregor 
On Nov 13, 2007 10:42 AM, Tony Baker [EMAIL PROTECTED] wrote:

 Apologies if I have sent this to the wrong list, but the message
 started occurring after an upgrade of ClamAV.

 I have also upgraded spamassassin and amavis-new, but the messages
 started after upgrading ClamAV.

---SNIP---
 Do you think I should be trying the amavis or spamassassin lists then??

As you're probably using amavis for calling clamav I'd suggest you try
the amavis list.  Be sure to provide details that you've missed on
this thread, like actual version numbers and how you're calling clamav
from amavis ;)

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] How quickly do I need to upgrade when a new version is released and when do warnings appear

2007-11-07 Thread Rob MacGregor 
On Nov 7, 2007 10:30 AM, Sandeep Sachdev [EMAIL PROTECTED] wrote:
 Hi,

 I'm new to using clam and I've got a few questions I was hoping I could get 
 answered.I had a quick look around the FAQ, documentation and mail list 
 archives but didn't find information on these questions.

 1. When a new binary is released. How quickly will I need to update to it 
 before I might be unprotected from the latest viruses. Is it usually a matter 
 or days/weeks/months?

I assume you mean version, rather than binary.  In theory the answer
is that you're already behind on protection so you need to upgrade as
soon as possible.

 2.How quickly will clamscan or clamdscan warn me that I am using an older 
 binary. I'm assuming something will be output when i run clamscan or 
 clamdscan. Is this assumption correct? Does this only occur once the virus 
 database contains virus signatures that aren't supported with the older 
 binary.

Freshclam will warn you when your installed version is out of date.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Please help - Freshclam not updating.

2007-10-31 Thread Rob MacGregor 
On 10/31/07, Milton Calnek [EMAIL PROTECTED] wrote:
 Hello all,

 About a month or so ago, freshclam stopped working for me.  At first I
 thought it might be a short outage, unfortunately that was not the case.

 First freshclams's query for current.cvd.clamav.net fails, but the query
 works when done from the command line.

 It also seems to fail getting info on db.ca.clamav.net, I'm not sure of
 the query involved for the db... but from the command line I can get
 address records.

 I have also tried using db.us.clamav.net and a couple of European
 mirrors too.

 This gateway server uses an internal server that queries root name
 servers and other authoritative name servers.

 I have also tried using my ISP's name server.

 With all combinations, I get more or less the same result.

 Any suggestions?

Two things,

1) You may be able to go standard DNS lookups, but can you lookup TXT
records?  Is DNS over TCP supported by your DNS server (many
organisations block it in the mistaken belief that it improves
security and breaks nothing)

2) See the last post in the thread titled ClamAV patch download not
working in South Africa

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Recent viruses

2007-10-25 Thread Rob MacGregor 
On 10/25/07, Gomes, Rich [EMAIL PROTECTED] wrote:
 Dennis,
 Thanks for the reply. I understand all of what you are saying, having 
 worked as a sysadmin for many years now. My issue is that even with most 
 vendors using different naming conventions, they are usually 
 cross-reference in any technical info that is out there. I can't find any 
 data on these messages and would like to know what other malware names they 
 match up to so I can present it to management. At this point I can't even 
 give a risk assessment.

The trouble is, that takes time, time that has to be paid for (or donated free).

One option would be to submit the viruses to the likes of VirusTotal,
to see what the other vendor's call it.  You, and others, could then
create a comparison page that allowed you to search for a virus
signature name and see what other products call it.  Somebody else
used to manage a page like this, but I don't know if it's still being
done.

Not perfect I know, but right now I suspect it's the only way.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] (no subject)

2007-10-23 Thread Rob MacGregor 
On 10/23/07, oboltus [EMAIL PROTECTED] wrote:

  Yes - the solution of course will depend on your mail server, which
  you make no mention of.

 OS - Linux RedHat 7.3
 MTA - sendmail

Then you have a range of options, including clamav-milter, MIMEDefang
and amavisd-new, to name but a few.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] (no subject)

2007-10-23 Thread Rob MacGregor 
On 10/23/07, oboltus [EMAIL PROTECTED] wrote:

  Could You set an example of practical realization with use clamav-milter?

See the documentation/man page/google.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] (no subject)

2007-10-16 Thread Rob MacGregor 
On 10/16/07, oboltus [EMAIL PROTECTED] wrote:
 Hello!
 I address with a question, the answer on which could not find in FAQ. whether 
 can clamav check on viruses outcoming mail? If yes, as it to realize?
 thank you in advance.

Yes - the solution of course will depend on your mail server, which
you make no mention of.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] outdated version?

2007-10-15 Thread Rob MacGregor 
On 10/15/07, zbigniew szalbot [EMAIL PROTECTED] wrote:
 Hello,

 In my log I read:

 Oct 15 12:57:17 lists freshclam[733]: Received signal: wake up
 Oct 15 12:57:17 lists freshclam[733]: ClamAV update process started at
 Mon Oct 15 12:57:17 2007
 Oct 15 12:57:17 lists freshclam[733]: Your ClamAV installation is OUTDATED!
 Oct 15 12:57:17 lists freshclam[733]: Local version: 0.90.3 Recommended
 version: 0.91.2

 However,

 $ clamd -V
 ClamAV 0.91.2/4540/Sun Oct 14 03:43:55 2007

 $ pkg_info -Ix clamav
 clamav-0.91.2   Command line virus scanner written entirely in C

 Why would I be getting information that the local version is 0.90.3?

Because you previously installed from source and now you're using the
port/package.  You'd already know that if you'd taken the time to
search the list archive ;)

Remove the old versions from your system.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Does clamav protect against rootkits?

2007-10-14 Thread Rob MacGregor 
On 10/14/07, Aniruddha [EMAIL PROTECTED] wrote:
 Thanks for the answers, does anyone know this for sure?

Quoting the ClamAV home page:

...designed especially for e-mail scanning on mail gateways.

So no, it's not designed to detect rootkits.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Some question on freshclam

2007-10-12 Thread Rob MacGregor 
On 10/12/07, Pieter [EMAIL PROTECTED] wrote:
 Hi,

 I saw indeed that this info is shown upon running freshclam. However I do
 not want to trigger an update to the servers. I only want this info. Just
 running freshclam will add more load to your pattern file servers which is
 not needed in this case. Hence the request ...

No, freshclam will check DNS to see whether an update is required.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Logging to /var/spool/mail/root

2007-09-24 Thread Rob MacGregor 
On 9/24/07, McGlynn, Sean (DOB) [EMAIL PROTECTED] wrote:
 Hello,

 The /var/spool/mail/root log files on our servers are logging every file
 that clamav scans, causing the files to become huge.  I don't see what
 in our clamd.conf configuration files would be causing this.  Our
 configuration file follows - any help would be appreciated.

How are you calling clamav - if it's from cron then remember to
redirect the output or, as you're finding, root will get mailed with
the output.

Otherwise - how about some detail?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Logging to /var/spool/mail/root

2007-09-24 Thread Rob MacGregor 
On 9/24/07, McGlynn, Sean (DOB) [EMAIL PROTECTED] wrote:
 Rob,

 Thank you for your reply.

 So to be clear, cron is calling a script (below).  I assume even though
 cron is calling a script, rather than the individual commands in the
 script, your same suggestion applies?  If so, would it be a matter of
 adding 1/dev/null to the end of each line?  I'm somewhat new to Linux,
 so forgive my elementary queries.  Thank you.

The easiest approach is to append the following to the line in cron
(so you can run the script interactively and see the output):

/dev/null 2/dev/null

Alternatively, replace your script with the following:


#!/bin/sh
PARTITIONS=/ /_admin /bin /boot /etc /lib /mnt /opt /sbin /srv /tmp /usr /var

for PARTITION in ${PARTITIONS}
do
clamscan -r --move=/var/log/clam/infected -l
/var/log/clam/dailyclamscan ${PARTITION} /dev/null 21
done


Much easier to change where the output is directed now :)

If you simply want to scan all disk partitions replace the second line with:

PARTITIONS=`df -lP | grep ^/`

That will list all the mounted disk partitions that are local to the
host in question.

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] ClamAV for Redhat Linux

2007-09-21 Thread Rob MacGregor 
On 9/21/07, DBS Labs [EMAIL PROTECTED] wrote:

 Is anyone using this software on a Redhat EL4 server and having success?  I 
 am having all types of problems.

(Darn, my crystal ball is broken)

And those problems would be...?

-- 
 Please keep list traffic on the list.

Rob MacGregor
  Whoever fights monsters should see to it that in the process he
doesn't become a monster.  Friedrich Nietzsche
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

  1   2   3   4   >