[Clamav-users] Clamd socket stops responding during databas reload

2009-08-05 Thread Sergey Yudin 
Hello, All !

I am using latest stable Clamav 0.95.2 on OpenBSD 4.5
built from source with options:
./configure \
--prefix=/opt \
--sysconfdir=/etc/clamav \
--datadir=/var/db \
--localstatedir=/var/run \
--enable-bigstack \
--enable-clamdtop \
--with-user=proxy \
--with-group=proxy \
--with-libbz2-prefix=/usr/local \

When clamd reloads new database it stops responding requests via local
socket. For example DansGuardian reports Exception whist reading ClamD
socket: Can't read from socket

Is there any workaround for this issue ?

Regards
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Worm.Plexus.B

2005-02-25 Thread Sergey Yudin 
  ===
  ClamAV Virus Database
  -
  --- Result: 
  This virus is already recognized by ClamAV 0.83/722/Thu Feb 24
  00:32:10 2005 as  Worm.Plexus.B . Be careful when submitting samples
  and remember to run freshclam! ===
  
  strange thing
 
 That's quite an old worm (its signature is now in main.cvd and not
 daily.cvd). If I remember correctly, the signature requires UPX
 decompression so you may be running some old (= 0.7x) clamscan/clamd
 _binary_. freshclam's output doesn't report any warning so it's
 definitely 0.83, just make sure you've not mixed old packages (in
 /usr/bin and /usr/local/bin for example). Anyway that's a problem with
 your local configuration and not ClamAV.

thank you Tomasz, I've compiled and installed /usr/local/bin/upx. I'll wait for 
another 
Plexus ;) What else clamav tries to use for unpacking ? unzip unrar upx 
un_WHAT_ELSE ? 

With best regards...

___
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Worm.Plexus.B

2005-02-25 Thread Sergey Yudin 
  thank you Tomasz, I've compiled and installed /usr/local/bin/upx. I'll
 
 ???
 
 ClamAV has built-in UPX unpacker.

then I dont undestand why clamav make Plexus pass. I have only one copy of 
clamav. Just 
only in /usr/local/bin/clamav. May be you wish to look at that Emails with 
Plexus 
samples. If you do - I'll send it of cause

With best regards...

___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] Worm.Plexus.B

2005-02-24 Thread Sergey Yudin 
I've got
===
ClamAV update process started at Thu Feb 24 13:06:27 2005
main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
daily.cvd is up to date (version: 722, sigs: 2007, f-level: 4, builder: ccordes)
===

today i've got 2 viruses, missed by clamav missed. But KAV caught them. I 
wanted to 
submit these viruses and got:

===
ClamAV Virus Database

Result: 
This virus is already recognized by ClamAV 0.83/722/Thu Feb 24 00:32:10 2005 as 
Worm.Plexus.B . Be careful when submitting samples and remember to run 
freshclam!
===

strange thing

With best regards...


___
http://lurker.clamav.net/list/clamav-users.html

[Clamav-users] aliases.db Permission denied

2005-02-15 Thread Sergey Yudin 
Please can someone tell me, what these errors means ? 
Does clamav try to rehash aliases.db ? 

==
 
Feb 15 13:49:17 mail.crit astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav): Cannot 
open hash database /etc/mail/aliases.db: Permission denied 

Feb 15 13:49:17 mail.crit astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav): 
collect: Cannot write ./dfj1F8nHog003469 (bfcommit, uid=121, gid=25): 
Permission denied 

Feb 15 13:49:17 mail.alert astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav): 
queueup: cannot create queue file ./qfj1F8nHog003469, euid=121, fd=-1, fp=0x0: 
Permission denied 
==
 

with best regards... 


___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users

Re: [Clamav-users] Re: aliases.db Permission denied

2005-02-15 Thread Sergey Yudin 
?? Please can someone tell me, what these errors means ?
?? Does clamav try to rehash aliases.db ?
??
?? 
==
?? Feb 15 13:49:17 mail.crit astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav): Cannot
?? open hash database /etc/mail/aliases.db: Permission denied
??
?? Feb 15 13:49:17 mail.crit astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav):
?? collect: Cannot write ./dfj1F8nHog003469 (bfcommit, uid=121, gid=25): 
Permission denied
??
?? Feb 15 13:49:17 mail.alert astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav):
?? queueup: cannot create queue file ./qfj1F8nHog003469, euid=121, fd=-1, 
fp=0x0:
?? Permission denied
?? 
==
RB It means you have a wrong sendmail configuration and probably a full
RB file system in top of that.
RB As already pointed out, it has nothing to do with clamav, but the
RB SYSERR(clamav) part means you are running sendmail as user clamav...
RB which is probably not what you wanted to do.
Hello Rene!
let me post more logs
=Beginning of the citation==
Feb 15 13:49:15 mail.info astra sendmail[3467]: NOQUEUE: connect from 
srv.rasprodaga.ru
[83.222.5.53]
Feb 15 13:49:15 mail.info astra sendmail[3467]: j1F8nFvV003467: dns 
53.5.222.83.in-addr.arpa.
= srv.rasprodaga.ru
Feb 15 13:49:15 mail.info astra sendmail[3467]: j1F8nFvV003467: Milter 
(spfmilter): init
success to negotiate
Feb 15 13:49:15 mail.info astra sendmail[3467]: j1F8nFvV003467: Milter 
(clamav): init success
to negotiate
Feb 15 13:49:15 mail.info astra sendmail[3467]: j1F8nFvV003467: Milter: 
connect to filters
Feb 15 13:49:17 mail.info astra sendmail[3467]: j1F8nFvV003467: from=, 
size=42859, class=0,
nrcpts=1, [EMAIL PROTECTED],
proto=SMTP, daemon=MTA, relay=srv.rasprodaga.ru [83.222.5.53]
Feb 15 13:49:17 mail.info astra sendmail[3467]: j1F8nFvV003467: Milter add: 
header: Received-SPF:
none (astra.ufa.iib.ru: [EMAIL PROTECTED] does not designate permitted sender
hosts) receiver=astra.ufa.iib.ru; client-ip=83.222.5.53; helo=srv.rasprodaga.ru;
envelope-from=; x-software=spfmilter 0.95 
http://www.acme.com/software/spfmilter/ with libspf2;
Feb 15 13:49:17 mail.info astra sendmail[3467]: j1F8nFvV003467: Milter add: 
header: X-Virus-Scanned:
ClamAV version 0.83, clamav-milter version 0.83 on astra.ufa.iib.ru
Feb 15 13:49:17 mail.info astra sendmail[3467]: j1F8nFvV003467: Milter add: 
header: X-Virus-Status:
Infected with Worm.SomeFool.P
=== Here Clamav is reporting a virus
Can you explain how clavav sends EMAIL ? via smtp:25 or running 
/usr/sbin/sendmail -t ?
by the way
sendmail has atrributes:
# ls -l /usr/sbin/sendmail
-r-xr-sr-x  1 root  smmsp  562348 Feb 11 22:03 /usr/sbin/sendmail
Press any key to continue...
Feb 15 13:49:17 mail.info astra sendmail[3469]: NOQUEUE: connect from [EMAIL 
PROTECTED]
Feb 15 13:49:17 mail.crit astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav): Cannot open
hash database /etc/mail/aliases.db: Permission denied
Feb 15 13:49:17 mail.info astra sendmail[3469]: j1F8nHog003469: alias postmaster 
= root
Feb 15 13:49:17 mail.info astra sendmail[3469]: j1F8nHog003469: alias root = 
sergey
Feb 15 13:49:17 mail.crit astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav): collect:
Cannot write ./dfj1F8nHog003469 (bfcommit, uid=121, gid=25): Permission denied
Feb 15 13:49:17 mail.info astra sendmail[3469]: j1F8nHog003469: from=clamav, 
size=447,
class=0, nrcpts=2, [EMAIL PROTECTED]
Feb 15 13:49:17 mail.debug astra sendmail[3469]: j1F8nHog003469:   0: fl=0x2, 
mode=1: FIFO:
dev=0/0, ino=0, nlink=0, u/gid=0/0, size=0
Feb 15 13:49:17 mail.debug astra sendmail[3469]: j1F8nHog003469:   1: fl=0x1, 
mode=20666: CHR:
dev=131/131072, ino=4499, nlink=1, u/gid=0/0, size=0
Feb 15 13:49:17 mail.debug astra sendmail[3469]: j1F8nHog003469:   2: fl=0x1, 
mode=20666: CHR:
dev=131/131072, ino=4499, nlink=1, u/gid=0/0, size=0
Feb 15 13:49:17 mail.debug astra sendmail[3469]: j1F8nHog003469:   3: fl=0x2, 
mode=140666:
SOCK [0]-[[UNIX: /var/run/log]]
Feb 15 13:49:17 mail.debug astra sendmail[3469]: j1F8nHog003469:   4: fl=0x1, 
mode=20666: CHR:
dev=131/131072, ino=4499, nlink=1, u/gid=0/0, size=0
Feb 15 13:49:17 mail.alert astra sendmail[3469]: j1F8nHog003469: 
SYSERR(clamav): queueup:
cannot create queue file ./qfj1F8nHog003469, euid=121, fd=-1, fp=0x0: 
Permission denied
Feb 15 13:49:17 mail.info astra sendmail[3467]: j1F8nFvV003467: Milter: data, 
reject=554
5.7.1 virus Worm.SomeFool.P detected by ClamAV - http://www.clamav.net
=The end of the citation
With best regards... 

___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users