from:"Steve Lenti"

Re: [Clamav-users] clamav and procmail

2004-09-14 Thread Steve Lenti

On Tue, 14 Sep 2004 15:51:41 -0400, Bart Silverstrim
<[EMAIL PROTECTED]> wrote:
> Hello,
> 
> I'm trying to integrate a clamav with a simple sitewide procmail recipe
> to run clamscan-procfilter then take action if the headers contain the
> virus tag (X-CLAMAV).  The first part of the recipe in the script makes
> sense...
> *
> #   :0fw: virus1.lock
> #
> #   |/usr/local/bin/clamscan-procfilter.pl
> #
> *
> 
> But the second one just rewrites the subject, as I understand it.
> 
> #   :0fw: virus2.lock
> #
> #   * ^X-CLAMAV
> #
> #   |/usr/bin/formail -i "Subject: [CLAMAV VIRUS ALERT]"
> #
> 
> 
> What I would like for procmail to do is not just rewrite the subject,
> but also change the recipient so the recipient never sees the virus
> message and instead another user (like [EMAIL PROTECTED])
> would get the email and attachment, and that will keep the end user
> from having to ever create filter rules.
> 
> Is there a way to do this?  Thanks!

man procmailex

-Steve


---
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Newbie: Clamav and Sendmail milter config

2004-08-24 Thread Steve Lenti

On Tue, 24 Aug 2004 11:04:57 -0400, Randall Perry <[EMAIL PROTECTED]> wrote:
> on 8/24/04 9:59 AM, Dennis Peterson at [EMAIL PROTECTED] wrote:
> 
> > The J-Chkmilter permits disabling scanning based on
> > IP/Net/Domain for such things as trusted servers - we handle a lot of
> > machine generated mail that need not be scanned, for example, and that is
> > mapped out of the filtering process.
> 
> This is a little off topic, but I'm interested in using Spamassassin, but
> would like to limit scanning to users who have opted-in to spam checking. Is
> there a filter that can check mail by username or group association?
> 

I use a procmail recipe for this.  Works great.
-- 
Steve Lenti | [EMAIL PROTECTED]

> SELECT * FROM users WHERE clue > 0;
0 rows returned


---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Re: qmail dot files

2004-07-30 Thread Steve Lenti

On Fri, 30 Jul 2004 22:35:10 -0400, Jason <[EMAIL PROTECTED]> wrote:
> Thanks to all for your replies. In summary my need was:
> 
> > What I ultimately need to do is take the delivery, check it for a virus,
> > and take an action. This needs to be configurable by account and
> > maintainable by an inexperienced admin that can follow directions.
> > Updates should be easily performed and the entire system should be
> > installable without ever having compiled anything. If no work has been
> > done in this area I am happy to embark on it and even make more in doing
> > so however I would be remiss if I did not look for existing works.
> 
> The suggestion of Trog  was an excellent pointer,
> 
> > OdeiaVir will probably do what you want.
> >
> > http://odeiavir.sourceforge.net/
> 
> OdeiaVir will do exactly what I need by using clamscan or clamdscan as a
> config option. To take some load off the systems I took an hour and
> added native clamd support and tested as many variation I could think of.
> 
> It appears that native clamd support is up and running just fine. For
> those that are interested I have posted the modifications at
> http://www.brvenik.com/odeiavir/odeiavir-0.4.4.jrb.tgz until I can
> locate the active maintainer ( if one exists ) and get the patch rolled
> into the sources.
> 
> To use simply add
> 
> |/usr/bin/odeiavir
> 

So, what is the real difference from using a product not so mature as
using procmail.  I have used procmail with virtual domains without a
problem.  Also you can make procmail domain wide instead of letting
users edit thier own without a problem.  Procmail can easily be used
in a standard setup and can be deployable without much effort.
-Steve


-- 
Steve Lenti | [EMAIL PROTECTED]

> SELECT * FROM users WHERE clue > 0;
0 rows returned


---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] qmail dot files

2004-07-29 Thread Steve Lenti

On Thu, 29 Jul 2004 09:59:58 -0400, Jason <[EMAIL PROTECTED]> wrote:
> Hi list,
> 
> I have searched far and wide, a rare case where google comes up
> relatively short. Has anyone attempted to use clam with .qmail or
> ..qmail-default files instead of patching qmail with QMAILQUEUE and using
> qmail-scanner?
> 
> I am looking at doing this work if it has not been done before, if it
> has or will not work please share you thoughts as to why.
> 

The best way to do this would be using procmail.  dot-qmail files
aren't really a great way to filter, they are more for delivery.

The newest version of netqmail comes pre-patched with QMAILQUEUE.  I
really like qmail-scanner because of the other functions it provides
as well as a way to handle viruses.
-Steve


---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] malformed error

2004-07-27 Thread Steve Lenti

On Mon, 26 Jul 2004 15:28:07 -0700 (PDT), "Âhris" mckeever
<[EMAIL PROTECTED]> wrote:
> --- ïhris mckeever <[EMAIL PROTECTED]> wrote:
> > I get this when running qmail-scanner 1.22 and
> > clamscan .75 -
> > command line clamscan works fine, same cl
> > arguements...
> >
> > I have upgraded to .75, I have removed the .cvd
> > files
> > and manually ran freshclam (I am not sure why the
> > error calls virus.db - thinking it is a
> > temp file created)
> >
> > There is at least 150MB of free memory
> >
> >
> > LibClamAV Error: readdb(): Malformed pattern line
> > 21327 (file
> >
> /var/spool/qmailscan/tmp/prupref-mailgate109085904848026536/clamav-
> >
> > 08a702a225a402a3/viruses.db).
> > LibClamAV Error: cli_calloc(): Can't allocate memory
> > (8 bytes).
> >
> > anyone have any ideas?
> 
> I switched qmail-scanner over to use clamdscan rather
> than clamscan - it now finds the virii that were
> getting through -
> 
> so - 2 items
> 
> 1 - anyone have an idea why clamscan itself would
> die??
> 2 - is there a way to ensure that clamd doesnt die (or
> starts itself again if so)
> 

clamscan is dying because you aren't allocating enough memory using
the softlimit function.  Take a look at the qmail-scanner FAQ.  The
reason clamdscan is working it because it takes less memory to run
then clamscan.

I don't have many problems with clamd dying... but you could setup
daemontools to monitor it and restart if it dies.
-Steve

-- 
Steve Lenti | [EMAIL PROTECTED]

> SELECT * FROM users WHERE clue > 0;
0 rows returned


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] libbz2?

2004-07-20 Thread Steve Lenti

On Tue, 20 Jul 2004 15:35:32 -0500, A.R.S. KA9QLQ Alvin Koffman
<[EMAIL PROTECTED]> wrote:
> Where can I get libbz2? Here's rom my atempt
> 
> [EMAIL PROTECTED] Download]# [EMAIL PROTECTED] clam]# rpm -ivh *.rpm
> warning: clamav-0.74-1mdk.i586.rpm: V3 DSA signature: NOKEY, key ID d535d889
> error: Failed dependencies:
> devel(libbz2) is needed by libclamav1-devel-0.74-1mdk
> devel(libgmp) is needed by libclamav1-devel-0.74-1mdk
> I went to mdk 10 by the way
> Thanks
> Alvin
> 

A little Google never hurts...

http://rpm.pbone.net/index.php3/stat/4/idpl/85211/com/libbz2-devel-1.0.1-7cl.i386.rpm.html

-- 
Steve Lenti | [EMAIL PROTECTED]


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Mail::ClamAV build problems

2004-07-20 Thread Steve Lenti

On Tue, 20 Jul 2004 16:36:48 -0400, Bowie Bailey <[EMAIL PROTECTED]> wrote:
> >
> > It looks like it can't find clamav shared library.  Is the location of
> this
> > library in your /etc/ld.so.conf?  Also, try re-running ldconfig or add the
> > path to your LD_LIBRARY_PATH environment variable.
> 
> The library is in /usr/local/lib.  Running ldconfig or adding the path to
> /etc/ld.so.conf didn't help.  Adding it to LD_LIBRARY_PATH worked.
> 
> How do I make this permanent so I don't run into the same problem again when
> I
> update Mail::ClamAV?  I can add the LD_LIBRARY_PATH setting to my .bashrc,
> but
> is there a better way?
> 

When you added the path to your /etc/ld.so.conf did you re-run
ldconfig?  You could also check to make sure it's getting loaded by
running ldconfig -v | grep libclamav.
-- 
Steve Lenti | [EMAIL PROTECTED]


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Mail::ClamAV build problems

2004-07-20 Thread Steve Lenti

On Tue, 20 Jul 2004 14:23:29 -0400, Bowie Bailey <[EMAIL PROTECTED]> wrote:
> Fedora Core 2
> Perl 5.8.3
> ClamAV 0.74
> Mail-ClamAV-0.11
> 
> I am having problems getting Mail::ClamAV past the test stage.  Make runs
> with no errors, but as soon as I run 'make test', I get the errors shown
> below.  Can anyone give me a hand with this?
> 
> $ make test
> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e"
> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
> t/Mail-ClamAVNOK 1# Failed test (t/Mail-ClamAV.t at line 8)
> # Tried to use 'Mail::ClamAV'.
> # Error:  Had problems bootstrapping Inline module 'Mail::ClamAV'
> #
> # Can't load
> '/home/bowieb/Mail-ClamAV-0.11/blib/arch/auto/Mail/ClamAV/ClamAV.so' for
> module Mail::ClamAV: libclamav.so.1: cannot open shared object file: No such
> file or directory at
> /usr/lib/perl5/5.8.3/i386-linux-thread-multi/DynaLoader.pm line 229.
> #  at /usr/lib/perl5/site_perl/5.8.3/Inline.pm line 500
> #
> #
> #  at /home/bowieb/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 154
> # BEGIN failed--compilation aborted at
> /home/bowieb/Mail-ClamAV-0.11/blib/lib/Mail/ClamAV.pm line 442.
> # Compilation failed in require at (eval 1) line 2.
> "all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line
> 10
> Can't continue after import errors at t/Mail-ClamAV.t line 10
> # Looks like you planned 11 tests but only ran 1.
> t/Mail-ClamAVdubious
> Test returned status 11 (wstat 2816, 0xb00)
> Scalar found where operator expected at (eval 153) line 1, near "'int'
> $__val"
> (Missing operator before   $__val?)
> DIED. FAILED tests 1-11
> Failed 11/11 tests, 0.00% okay
> Failed Test Stat Wstat Total Fail  Failed  List of Failed
> 
> ---
> t/Mail-ClamAV.t   11  281611   21 190.91%  1-11
> Failed 1/1 test scripts, 0.00% okay. 11/11 subtests failed, 0.00% okay.
> make: *** [test_dynamic] Error 2
> 
> I appreciate any help.
> 
> Bowie

It looks like it can't find clamav shared library.  Is the location of
this library in your /etc/ld.so.conf?  Also, try re-running ldconfig
or add the path to your LD_LIBRARY_PATH environment variable.


-- 
Steve Lenti | [EMAIL PROTECTED] | ph: 505.362.3828


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Unusual clamav file in var/mail/

2004-07-20 Thread Steve Lenti

On Tue, 20 Jul 2004 12:11:28 +0100, Richard Saddington
<[EMAIL PROTECTED]> wrote:
> Hi,
> 
> I am running a FreeBSD server with spamassassin and clamav 0.73
> installed, and using procmail to filter mail delivered to local users.
> Any mail tagged by spamassassin or detected by clamav is delivered to a
> a spam mailbox. My procmail recipe is pretty much the standard
> installations and looks like this:
> 
--snip

This should be a mail file of some sort.  Do you have freshclam
running on a crontab?  Also, does clamav report the viruses it finds
to the clamav user automatically?  Just more the file, you should be
able to figure out where its coming from.
-- 
Steve Lenti | [EMAIL PROTECTED]


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Clamdscan Error 2

2004-07-19 Thread Steve Lenti

have you tried installing from source??

On Mon, 19 Jul 2004 07:38:56 -0500, John Fleming <[EMAIL PROTECTED]> wrote:
> 
> - Original Message -
> From: "John Fleming" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, July 18, 2004 10:14 PM
> Subject: [Clamav-users] Clamdscan Error 2
> 
> > ClamAV (clamd) was working fine until I updated Debian unstable today.
> Now
> > I'm getting the following header added to ALL emails:
> >
> > X-Virus-Status: Failed
> > X-Virus-Report: /usr/bin/clamdscan error 2
> >
> > I deleted my clamav log and restarted clamav.  The new log starts out as
> > usual, but the first email to come in results in the ERROR lines at the
> > bottom.  I don't know what's going on here, i.e. whether this is something
> I
> > should be able to diagnose and treat, or whether there is a problem with
> the
> > Debian package, and I should just wait for it to get fixed.  Anyone else
> > seeing this and/or have any ideas?  Thanks - John
> >
> > [EMAIL PROTECTED]:/var/log/clamav# cat clamav.log
> > Sun Jul 18 21:57:27 2004 -> +++ Started at Sun Jul 18 21:57:27 2004
> > Sun Jul 18 21:57:27 2004 -> clamd daemon 0.74 (OS: linux-gnu, ARCH: i386,
> > CPU: i386)
> > Sun Jul 18 21:57:27 2004 -> Log file size limit disabled.
> > Sun Jul 18 21:57:27 2004 -> Running as user clamav (UID 114, GID 114)
> > Sun Jul 18 21:57:27 2004 -> Reading databases from /var/lib/clamav/
> > Sun Jul 18 21:57:28 2004 -> Protecting against 22797 viruses.
> > Sun Jul 18 21:57:28 2004 -> Unix socket file /var/run/clamav/clamd.ctl
> > Sun Jul 18 21:57:28 2004 -> Setting connection queue length to 15
> > Sun Jul 18 21:57:28 2004 -> Archive: Archived file size limit set to
> > 10485760 bytes.
> > Sun Jul 18 21:57:28 2004 -> Archive: Recursion level limit set to 5.
> > Sun Jul 18 21:57:28 2004 -> Archive: Files limit set to 1000.
> > Sun Jul 18 21:57:28 2004 -> WARNING: USING HARDCODED LIMIT: Archive:
> > Compression ratio limit set to 200.
> > Sun Jul 18 21:57:28 2004 -> Archive support enabled.
> > Sun Jul 18 21:57:28 2004 -> RAR support disabled.
> > Sun Jul 18 21:57:28 2004 -> Mail files support enabled.
> > Sun Jul 18 21:57:28 2004 -> OLE2 support disabled.
> > Sun Jul 18 21:57:28 2004 -> Self checking every 3600 seconds.
> > Sun Jul 18 22:00:52 2004 -> ERROR: ScanStream: accept timeout.
> > Sun Jul 18 22:02:00 2004 -> ERROR: ScanStream: accept timeout.
> > Sun Jul 18 22:02:27 2004 -> ERROR: ScanStream: accept timeout.
> > Sun Jul 18 22:06:01 2004 -> ERROR: ScanStream: accept timeout.
> > Sun Jul 18 22:06:36 2004 -> ERROR: ScanStream: accept timeout.
> > Sun Jul 18 22:07:10 2004 -> ERROR: ScanStream: accept timeout.
> > [EMAIL PROTECTED]:/var/log/clamav#
> 
> Only one response on this thread so far.  I removed clamav (no --purge) and
> reinstalled.  I also deleted the virus databases and reran freshclam to get
> fresh files.  Now I get clamd error 127 instead of error 2.  I tried to run
> dpk-reconfigure clamav-daemon, but it said: "clamav-daemon is broken or not
> fully installed".  I guess I have to assume the package is broken, given
> this message and the fact that it broke when I upgraded clamav via apt-get.
> Is there a place to report this besides here?  Thanks - John
> 
> 
> 
> 
> ---
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> ___
> Clamav-users mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/clamav-users
> 


-- 
Steve Lenti | [EMAIL PROTECTED]


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Bagle Varient

2004-07-16 Thread Steve Lenti

On Fri, 16 Jul 2004 08:39:16 -0500, Vernon A. Fort
<[EMAIL PROTECTED]> wrote:
> I have email messages that are being detected as Worm.Bagle.Gen-zippwd
> but when I unzip, clamav detects the binary as Bagle.AF.  I cannot
> submit a sample because its already detected.
> 
> If someone wants a few sample email messages, let me know where to send
> them.
> 

I might be way off base here, but isnt the virus you are talking about
a "Zipped" Bagel generation virus?  Which would explain why its being
detected as Worm.Bagle.Gen-zippwd right?

--
Steve Lenti | [EMAIL PROTECTED]


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Segmentation Fault in clamav-milter

2004-07-08 Thread Steve Lenti

Robert Schmidt wrote:
This is happening pretty frequently, 2 or 3 times per day. I upgraded
from .70 to .74 to see if it made any difference. It didn't.
Feel free to ask for more info. I'm open to suggestions.
[EMAIL PROTECTED] clamav]# /usr/sbin/clamav-milter --version
ClamAV version 0.74, clamav-milter version 0.74a
running Fedora Core 1 with dag rpms:
[EMAIL PROTECTED] clamav]# rpm -qa|grep clam
clamav-0.74-1.1.fc1.dag
clamav-milter-0.74-1.1.fc1.dag
clamav-db-0.74-1.1.fc1.dag
clamd-0.74-1.1.fc1.dag
Here's what I got from the core dump:
--snip
I haven't been following this thread close so bare with me with my 
question.  Did you just recently upgrade your kernel?  If you did try 
moving the /lib/tls directory to some other location.  I had a similar 
problem with a RedHat server about a week ago after I installed a new 
kernel.

--
Steve
[EMAIL PROTECTED]
Common sense and a sense of humor are the same thing, moving at
different speeds.  A sense of humor is just common sense, dancing.
-- Clive James
---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgraded kernel causing problems

2004-07-07 Thread Steve Lenti

This one time, at band camp, Steve Lenti wrote:
> I am currently running a RH9 system with 2.4.21 kernel.  I have upgraded the
> kernel to 2.4.26, but clamav will not work.  I have recompiled under the new
> kernel but for some reason I cannot get clamdscan or clamscan to work.  I
> keep getting "Segmentation fault" in the log file.  Is there anything
> specific that needs to be enabled in 2.4.26 for clamAV to work?

Disregard this problem.  It is a RedHat issue when going to a custom
kernel.  The quick fix is to mv /lib/tls away.  I'm not too sure why
this is ut it fixes the problems with clamav.  I realized that clamav
couldn't be the problem after a noticed both dig and nslookup were no
longer working.

After moving /lib/tls to a different location everthing started working.

Thanks for the time on this.
--
STEVE
[EMAIL PROTECTED]

---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgraded kernel causing problems

2004-07-07 Thread Steve Lenti

So is this officially considered a bug since I haven't seen any kind of
response in the last few days?  Should I submit a bug report?

--
Steve
[EMAIL PROTECTED]

Hindsight is an exact science.

This one time, at band camp, Steve Lenti wrote:
> I am currently running a RH9 system with 2.4.21 kernel.  I have upgraded the
> kernel to 2.4.26, but clamav will not work.  I have recompiled under the new
> kernel but for some reason I cannot get clamdscan or clamscan to work.  I
> keep getting "Segmentation fault" in the log file.  Is there anything
> specific that needs to be enabled in 2.4.26 for clamAV to work?



> TIA


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] Upgraded kernel causing problems

2004-07-05 Thread Steve Lenti

 
This one time, at band camp, Brian Bruns wrote:
> On Sunday, July 04, 2004 4:22 PM [EST], Steve Lenti wrote:

> > -Original Message-
> > Seen on the list last week:

> >  It turned out the latest version of ClamAV (0.74) and development
> >  versions since devel-20040622 contain a bug regarding handling of
> >  stream scanning in TCP mode. The bug results in clamdscan hanging
> >  when scanning data on stdin ("clamdscan -"). The bug does _not_
> >  affect scanning files given to clamdscan directly on command line.

> >  The bug was reported today by Piotr Gackiewicz.

> >  A fix will be available tomorrow in CVS.

> > Maybe this is the thing causing your problem?

> > --

> > I wasn't using clamd in TCP mode initially I just configured it
> > that way to see if clamd would respond to PING.  The other strange
> > thing is that it was working fine in my previous kernel 2.4.21, but
> > only started doing weird things when I upgraded the kernel to
> > 2.4.26.

> > With that said... the fix tomorrow might solve the problem anyways.
> > I will try it and report back.

> This sounds an awful lot like the bug one of the ClamAV For Windows
> users are experiencing:

> http://forums.sosdg.org/viewtopic.php?t=54


> The fix has been put in CVS?  Or are we still waiting on the fix?


Just an update  I have tried to install clamav from the latest build
and the same exact problem exists.  I find it so strange that as soon as
I boot into my older kernel it works fine.  I'm not getting any other
errors in any of my logs so I don't think I forgot any modules.  Does
anyone else have clamav running on 2.4.26 linux kernel?

--
Steve
[EMAIL PROTECTED]

'I believe in getting into hot water; it keeps you clean."
-- G. K. Chesterton



---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Upgraded kernel causing problems

2004-07-04 Thread Steve Lenti



-Original Message-
Seen on the list last week:

 It turned out the latest version of ClamAV (0.74) and development
 versions since devel-20040622 contain a bug regarding handling of
 stream scanning in TCP mode. The bug results in clamdscan hanging when
 scanning data on stdin ("clamdscan -"). The bug does _not_ affect
 scanning files given to clamdscan directly on command line.

 The bug was reported today by Piotr Gackiewicz.

 A fix will be available tomorrow in CVS.

Maybe this is the thing causing your problem?

-- 

I wasn't using clamd in TCP mode initially I just configured it that way to
see if clamd would respond to PING.  The other strange thing is that it was
working fine in my previous kernel 2.4.21, but only started doing weird
things when I upgraded the kernel to 2.4.26. 

With that said... the fix tomorrow might solve the problem anyways.  I will
try it and report back.
--
STEVE
[EMAIL PROTECTED]



---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Upgraded kernel causing problems

2004-07-04 Thread Steve Lenti

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Kojm
Sent: Sunday, July 04, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Upgraded kernel causing problems

On Sun, 4 Jul 2004 10:05:05 -0600
"Steve Lenti" <[EMAIL PROTECTED]> wrote:

> I have started clamd in TCP mode and connected to it using telnet, but
> as soon as I get connected clamd seg faults.  Could this be a
> threading issue? Should I try the latest CVS version?

I don't know. Please enable Debug and Foreground in clamav.conf and run
clamd in the debug mode (clamd --debug) - this will allow clamd to drop
a core file (or even a few files) in its current working directory. Then
try running gdb on those files and post bactraces here.

[EMAIL PROTECTED] clamav-0.74]# clamd --debug
LibClamAV debug: Loading databases from /usr/local/share/clamav
LibClamAV debug: Loading /usr/local/share/clamav/daily.cvd
LibClamAV debug: /usr/local/share/clamav/daily.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 23df7fdeae3057b2caf652dfb6c71369
LibClamAV debug: Decoded signature: 23df7fdeae3057b2caf652dfb6c71369
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-43fa045d13a579ed/COPYING
LibClamAV debug: Unpacking /tmp/clamav-43fa045d13a579ed/viruses.db2
LibClamAV debug: Loading databases from /tmp/clamav-43fa045d13a579ed
LibClamAV debug: Loading /tmp/clamav-43fa045d13a579ed/viruses.db2
LibClamAV debug: Initializing trie.
LibClamAV debug: Loading /usr/local/share/clamav/main.cvd
LibClamAV debug: /usr/local/share/clamav/main.cvd: CVD file detected
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 2afa38b2ececc44e99e396f97e94adef
LibClamAV debug: Decoded signature: 2afa38b2ececc44e99e396f97e94adef
LibClamAV debug: Digital signature is correct.
LibClamAV debug: in cli_untgz()
LibClamAV debug: Unpacking /tmp/clamav-4393f8fed6c12dae/COPYING
LibClamAV debug: Unpacking /tmp/clamav-4393f8fed6c12dae/viruses.db
LibClamAV debug: Loading databases from /tmp/clamav-4393f8fed6c12dae
LibClamAV debug: Loading /tmp/clamav-4393f8fed6c12dae/viruses.db
Segmentation fault

[EMAIL PROTECTED] clamav-0.74]# gdb clamd core.29871
Core was generated by `clamd --debug'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libclamav.so.1...done.
Loaded symbols for /usr/local/lib/libclamav.so.1
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libbz2.so.1...done.
Loaded symbols for /usr/lib/libbz2.so.1
Reading symbols from /usr/lib/libgmp.so.3...done.
Loaded symbols for /usr/lib/libgmp.so.3
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x in ?? ()
(gdb) bt
#0  0x in ?? ()
#1  0x40092dec in start_thread () from /lib/tls/libpthread.so.0
#2  0x4017ae8a in clone () from /lib/tls/libc.so.6

I hope this helps.
--
STEVE
[EMAIL PROTECTED]

---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

RE: [Clamav-users] Upgraded kernel causing problems

2004-07-04 Thread Steve Lenti



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Kojm
Sent: Sunday, July 04, 2004 4:29 AM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Upgraded kernel causing problems

On Sun, 4 Jul 2004 00:18:18 -0600
"Steve Lenti" <[EMAIL PROTECTED]> wrote:

> I am currently running a RH9 system with 2.4.21 kernel.  I have
> upgraded the kernel to 2.4.26, but clamav will not work.  I have
> recompiled under the new kernel but for some reason I cannot get
> clamdscan or clamscan to work.  I keep getting "Segmentation fault" in
> the log file.  Is there anything specific that needs to be enabled in
> 2.4.26 for clamAV to work?

Which version of ClamAV ?


The newest stable version 0.74.  I have also got a little more info.  In my
previous message I said that I can't run either clamscan or clamdscan, but
in fact clamscan works fine.

I have started clamd in TCP mode and connected to it using telnet, but as
soon as I get connected clamd seg faults.  Could this be a threading issue?
Should I try the latest CVS version?
--
STEVE
[EMAIL PROTECTED]



---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] Upgraded kernel causing problems

2004-07-03 Thread Steve Lenti









I am currently running a RH9 system with 2.4.21
kernel.  I have upgraded the kernel to 2.4.26, but clamav will not
work.  I have recompiled under the new kernel but for some reason I cannot
get clamdscan or clamscan to work.  I keep getting “Segmentation
fault” in the log file.  Is there anything specific that needs to be
enabled in 2.4.26 for clamAV to work?

 

TIA

--

Steve

[EMAIL PROTECTED]

Re: [Clamav-users] ClamAV upgrade

2004-07-02 Thread Steve Lenti

 
This one time, at band camp, Daniel J McDonald wrote:
> On Fri, 2004-07-02 at 12:06, Tony Chang wrote:
> > I was wondering if there were any particular issues I should be
> > concerned with when upgrading clam from 0.65 on FreeBSD 4.8 to 0.74.

> Make certain that either the old libraries/binaries are deleted or
> overwritten.  Lots of folks have problems because the binaries have
> ended up in different parts of the search path and sometimes an old one
> pops up instead of the current one.

> >   Is
> > this a relatively pain free process?  I will be making backups of
> > everything, but this will be the first time I've done anything with clam
> > in a production environment, so I'd still like any advice anyone is
> > willing to provide.

> If it were me, I'd do a make uninstall for 0.65 first, then a make
> install for 0.74.  Since I've got an RPM based system now, it does that
> for me, but when building form source that's the cleanest way to make
> certain you don't have any 0.65 flotsam lying about.

> Always run freshclam after the upgrade before you start the mail daemon!

I just upgraded a few days ago and ran into this exact problem.  I was
using an old version of freshclam which was in /usr/bin.  I deleted all
the bins in /usr/bin, compiled the new version for /usr/local and it was
up and working in a few mins.

--
Steve
[EMAIL PROTECTED]

Do infants have as much fun in infancy as adults do in adultery?



---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] MD5 checksum always wrong

2004-07-01 Thread Steve Lenti

 
This one time, at band camp, Jo Mills wrote:
> On Wed, Jun 30, 2004 at 01:49:02PM -0600, Steve Lenti wrote:
> 

> > I have tried adjusting the DatabaseMirror setting in the freshclam.conf
> > but it always uses these same 2 addresses.  I'm thinking that somehow
> > one of the sources didn't get updated correctly, but how do I force
> > freshclam to obtain the updates from another server.

> > TIA,
> > Steve 

> 

> Steve,

> If you look at the clamav site and the mirrors page

>http://www.clamav.net/mirrors.html

> you will see lots of possible sites.  If you then specify one of these
> in your freshclam.conf then I believe you will use that site.


Thanks for the reply but as stated in the original email I have already
tried adjusting the setting to different mirrors but freshclam always
uses the two that I specified before.

--
Steve
[EMAIL PROTECTED]

Paul's Law:
In America, it's not how much an item costs, it's how much you
save.



---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

[Clamav-users] MD5 checksum always wrong

2004-06-30 Thread Steve Lenti

For the last few days I have been getting a freshclam error when trying
to update.  I downloaded the newest version, compiled, and installed but
am still having the same problems.  The error I am getting is as
follows:

Checking for new database - started at Wed Jun 30 14:50:14 2004
Calculating MD5(viruses.db)... 038b0d2e79bda7688eca397c6f34bd1e
Connecting to www.mat.uni.torun.pl
Connecting to www.konarski.edu.pl
Reading md5 sum of database from www.konarski.edu.pl : OK
Opening /dev/urandom.
Generated temporary name ./74fdc0ab5f5b00d2
Downloading database from www.mat.uni.torun.pl  done
Calculating MD5(./74fdc0ab5f5b00d2)... 9a26fda427d7bbc917fa5210f20d78c0
ERROR: The checksum of downloaded database isn't ok. Please check it
yourself or try again.
Freeing option list... done
Memory freed. Exit code: 54

I have tried adjusting the DatabaseMirror setting in the freshclam.conf
but it always uses these same 2 addresses.  I'm thinking that somehow
one of the sources didn't get updated correctly, but how do I force
freshclam to obtain the updates from another server.

TIA,
Steve 

[EMAIL PROTECTED]


---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Re: [Clamav-users] clamav and procmail

Re: [Clamav-users] Newbie: Clamav and Sendmail milter config

Re: [Clamav-users] Re: qmail dot files

Re: [Clamav-users] qmail dot files

Re: [Clamav-users] malformed error

Re: [Clamav-users] libbz2?

Re: [Clamav-users] Mail::ClamAV build problems

Re: [Clamav-users] Mail::ClamAV build problems

Re: [Clamav-users] Unusual clamav file in var/mail/

Re: [Clamav-users] Clamdscan Error 2

Re: [Clamav-users] Bagle Varient

Re: [Clamav-users] Segmentation Fault in clamav-milter

Re: [Clamav-users] Upgraded kernel causing problems

Re: [Clamav-users] Upgraded kernel causing problems

Re: [Clamav-users] Upgraded kernel causing problems

RE: [Clamav-users] Upgraded kernel causing problems

RE: [Clamav-users] Upgraded kernel causing problems

RE: [Clamav-users] Upgraded kernel causing problems

[Clamav-users] Upgraded kernel causing problems

Re: [Clamav-users] ClamAV upgrade

Re: [Clamav-users] MD5 checksum always wrong

[Clamav-users] MD5 checksum always wrong

22 matches

Site Navigation

Mail list logo

Footer information