Re: [Clamav-users] Problem compiling Clamav-milter in version 0.95
At 02:59 31-03-2009, Dave Wells wrote: Can anyone confirm that the issue I am seeing below is caused by the fact I am running: sendmail-8.12.11-4.RHEL3.6 sendmail-devel-8.12.11-4.RHEL3.6 sendmail-cf-8.12.11-4.RHEL3.6 rpm installs of sendmail on my system, will an upgrade to sendmail-8.13 fix this issue? Yes. The upgrade will fix your issue. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Sanesecurity.com download disabled
At 05:55 11-12-2008, Steve Basford wrote: My webhost disabled sanesecurity.com due to high cpu usage, they could only give me the following infomation which doesn't mean a lot to me, but does this sound high? As you are spawning processes on each hit, your scripts can cause high CPU usage ona busy server. As as result, I've had to disable the download URL Rotator script, as I'm guessing that's the script that's causing the problem (http://www.ljscripts.com/freescripts/) Can anyone recommend a free URL Rotator script other that the above one. URL rotator scripts are only useful if they don't consume a lot of resources. That's not the case because of the way the script works in your environment. I'm basically thinking that the problem is because I'm using a shared web host package... and should be using a dedicated server host, due to the number of users running the url script?? Such scripts are not suited for a shared server environment. There are several ways to distribute (web) load. You can use mod_rewrite, DNS round-robin, web proxies or load balancers. Most people go for DNS round-robin as it is the easier and cheaper solution. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How important are file extensions?
At 09:59 22-09-2008, Roberto Ullfig wrote: Somewhat off topic but does someone here know if there's a standard file extension that represents a null program. What I mean is that we rename some attachment suffixes to .txt but this causes some problems with some applications. We'd like to rename the attachments with another suffix, one that will never be used for an application (present or future). Does anyone know if a standard suffix has been created for just this purpose? File associations is a Microsoft concept. There are a few reserved names for devices but no standards for file extensions. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] bzip2 1.0.5 for CentOS
At 01:11 05-09-2008, Tilman Schmidt wrote: But even a manual yum update finds nothing to update. I cannot imagine Redhat/CentOS neglecting to provide a patch for that Why not? :-) The response was that this issue can only result in a crash of the bunzip2 process, which we do not consider to have any security impact. vulnerability, so I am probably doing something wrong. But what? You are not doing anything wrong. Get a newer version of bzip2. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] 0.9.33 and Snapshot clamdscan hang on Openbsd
At 02:18 09-07-2008, Tomasz Kojm wrote: Please have a look at the comment #12 on the bug page If you encourage people to build from ports, it's more difficult to get feedback from those users for release candidates. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam not terminating correctly
At 05:53 01-06-2008, Robert Blayzor wrote: I've been noticing a problem for quite some time now on our mirror server. (I posted this issue to the devel list, but there have been no responses). I'm noticing some buggy client behavior that seems it's from freshclam clients. Over time on our mirror we notice 1000's of connections can build up over time with clients stuck in a half-opened state. (or half- closed). As clam becomes more popular and traffic picks up on the That looks more like a buggy firewall somewhere in the path. You can either try and find a contact at the other end to debug or else wait and see whether anyone on the mailing list reported a related error when running freshclam. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter
At 09:03 17-04-2008, Jerry Ferguson wrote: I have a Clamav-milter problem. Can anyone help? Problem: clamav-milter loads and immediately terminates Hardware: Computer processor is AMD, sata raid 1 software: NetBSD 4.0 (I386 platform) [snip] _res is not supported for multi-threaded programs. That's why the process exits. Multi-thread programs such as milters should not access _res like that if you have BIND9 libs. Are you using the version in pkgsrc? it contains the required patch. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter
At 12:41 17-04-2008, Jerry Ferguson wrote: no, I downloaded and compiled from source which I have done since v 0.85 pkgsrc is version 92.1 which I will use for now. pkgsrc contains version 0.93. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] WARNING: Suspicious recipient address blocked
At 14:42 17-04-2008, Eric Rostetter wrote: I don't know the history of this expliot, etc. So I can't comment on whether the fix should stay or not. It would depend on the default settings for sendmail, how long the fix has been in sendmail, how widely available the patched sendmail is today, etc. Do you know which version of sendmail can be used with the milter? If the exploit is prior to that, then the fix may not be applicable. At 14:54 17-04-2008, Eric Rostetter wrote: Well, we disagree on that point. It is a security tool, and as such has an even greater burden to try to be as secure as possible. Even If you are using the milter as a security tool, you would have to do more filtering than what's currently implemented to prevent problems downstream. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory usage for clamd is huge
At 13:04 31-03-2008, Dennis Peterson wrote: How are able to determine that? There's nothing in the connection information or in the message that identifies the source OS, hardware, or MTA. Everything in a message can be spoofed as can the sending Passive OS fingerprinting. That only works if the source host is not behind a hardware firewall or if the message doesn't go through a relay. It can be used as an additional data point for content filtering or for policy enforcement to shed the load on the mail server. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Oddness
At 22:38 10-08-2007, Dennis Peterson wrote: Several times yesterday clamd stopped. My daemon watching script restarted it immediately, but I could not find a reason for the failures. This was happening on multiple servers so was all the more [snip] If anyone's interested the sending domain is my-management.co.uk. They're still blocked and there's been no further failures where before clamd was failing two to three times each hour. I'll work on it again on Monday. Could you capture the message from that domain? It might help in determining why it may have caused the clamd failure. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Missed Virus
At 11:55 08-08-2007, Jonathan Armitage wrote: Didn't I read somewhere recently that there have been a lot of new variants of this virus? It's not a virus, it's these greeting card messages with a link to download the malware. It's currently being identified as Email.Phishing.RB-1222. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problems with installation
At 03:55 03-08-2007, G.W. Haywood wrote: On Fri, 3 Aug 2007 SM wrote: Visa and Mastercard are insisting that I put a virus scanner on the [snip] This isn't meant as some sort of character assaination, it's just an observation of the facts from what I've read in your mail. Your reply quoted me as saying the above. That is incorrect as it wasn't my mail. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problems with installation
At 08:37 03-08-2007, Marshall Dudley wrote: G.W. Haywood wrote: Hi there, On Fri, 3 Aug 2007 SM wrote: There's no reason to believe that the Romanian mafia don't read this It would have been better to trim your reply instead of incorrectly attributing the above to me. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problems with installation
At 11:21 02-08-2007, Marshall Dudley wrote: I downloaded the old version and tried installing it, but it fails to: === clamav-0.54 depends on executable: unarj - not found It's not a good idea to run such an old version of ClamAV. Any ideas? Visa and Mastercard are insisting that I put a virus scanner on the server, and this is the only one I can find. They also insist that any upgrades have to go through a long process, which would probably take a month on the OS, and if I don't get this done in a few days, they may shut me down. Is there any other virus scanner out there I can install on FREEBSD to satisfy them? If they find out that you running such an old virus scanner and your server has security vulnerabilities, wouldn't they shut you down as well? Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problem with clamd.conf
At 17:04 21-02-2007, Graeme Nichols wrote: I suddenly started having the following problem today. The error message is pretty explicit but freshclam is being picky with my 'fix' The initial error follows: [EMAIL PROTECTED] etc]# freshclam ERROR: Parse error at line 44: Option AllowSupplementaryGroups requires boolean argument. ERROR: Parse error at line 44: Option AllowSupplementaryGroups requires boolean argument. ERROR: Can't parse the config file /etc/clamd.conf [EMAIL PROTECTED] etc]# I first commented out the 'AllowSupplementaryGroups and freshclam ran, sort of, but with the following output: AllowSupplementaryGroups yes http://wiki.clamav.net/Main/UpgradeNotes090 Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
New Zealand timezone was: [Clamav-users] Auto scan problems
At 01:20 17-02-2007, Steve Holdoway wrote: OK, I'm in Christchurch. What's my timezone come up as??? The time zone in your email was +1300 which is correct for New Zealand. The Standard Time zone for Christchurch is UTC + 1200. It's UTC + 1300 currently with DST. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] hit max-children limit
At 12:44 06-09-2006, [EMAIL PROTECTED] wrote: I do think that there is too much of a danger of denial of service attacks or mail failure due to the milter crashing if you scan your mail during the SMTP phase. I have regularly seen ISPs that can't accept mail because Are you going to accept, then bounce the mail if it contains a virus? That's not a good idea as the sender address may be forged. Regards, -sm ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] managed ClamAV relays?
At 22:24 21-08-2005, Dennis Peterson wrote: SM said: At 21:50 21-08-2005, Roger Rustad wrote: If I have, say, exchange.domain.com, I'm assuming that's cool, as any @domain.com mail will go to the mx record, and not the A record. Yes, mail to @domain won't go to exchange.domain as it is not listed as a MX. Regards, -sm Rubbish. Would you mind explaining that comment? Regards, -sm ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] managed ClamAV relays?
At 08:11 22-08-2005, Daniel J McDonald wrote: Probably he means, if a server is listening for port 25 on the outside, someone will connect to it and send it something. Spammers don't really care about MX records... Yes. Still, the question was about mail delivery to @domain and not about the above. Regards, -sm ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] managed ClamAV relays?
At 09:39 22-08-2005, Dennis Peterson wrote: Your claim is nonsense. MX records tell other systems where *you* would like mail addressed to you to go. Where they actually go depends entirely on the sending system. If you have a system on the Internet and port 25 is active, you will get connections. It is guaranteed. As I said before, the question was not about a system getting connections on port 25. I understand how MX records work. :) Thank you for the answer. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] managed ClamAV relays?
At 19:16 21-08-2005, Roger Rustad wrote: Not sure what happens after 5000 emails, but I'm gessing that it would just forward directly to my MTA. I'm assuming that my MX records would be something like: --MX record 0 pointed at whatever ISP is managing this box --MX record 0+ on my email servers Your email servers may receive viruses by email if you have a MX record pointing to them. Regards, -sm ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] managed ClamAV relays?
At 21:50 21-08-2005, Roger Rustad wrote: If I have, say, exchange.domain.com, I'm assuming that's cool, as any @domain.com mail will go to the mx record, and not the A record. Yes, mail to @domain won't go to exchange.domain as it is not listed as a MX. Regards, -sm ___ http://lurker.clamav.net/list/clamav-users.html