Re: [Clamav-users] Newbie question
I have installed Clamav 0.75-1 with enabled milter for sendmail on my RH8 box. I have read the install paper which comes with clamav source but I don't know how to start clamd before sendmail and also do I have to start it or do I need to start only clamav-milter as daemon. I allready have configured mc file for sendmail to scan messages for viruses. Regards, Sasa Stupar name your rc scripts accordingly. timo :x! www.sternmarsch-berlin.de | www.montags-gegen-2010.de ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] a beginner's question
Thank you so much for your response, but boy, now I am confused. Are you saying I should be using amavis not clamav? This is the 2nd response with an amavis url in it. amavis/amavisd-new is used as kind of 'glue' between your MTA and clamav (e.g.). ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] GMP-Devel - Where?
On Jim's suggestion, I went looking for GMP-Devel. It does not appear to be available anywhere in non-RPM format. I also searched the list archives and didn't see any clear answers. If I built GMP from source, is -devel included? Yes, when building from source, the header files are saved so that you can compile other things with the same library. The load the -devel answer applies to RPM based Linux distributions. I don't know what the solution is for FreeBSD. http://www.freebsd.org/cgi/ports.cgi?query=gmpstype=all or pkgsrc.netbsd.org... ;) -- mit vorzüglichster Hochachtung/best regards, Timo Schöler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamav 0.8 rc2 installation tentative on Mac OS X
Hi there. I'm trying to install clamav on an Apple XServer with Mac OS X 10.3.5 (and all updates today). My first try is with september 2003 dev tools installer. A second try with XCode Tools 1.5 gave the same result. The third gave better result but... Here are the results for my 2 first tries. When I ./configure somewhere in the log I get the following warning; snip I have had the best luck with clamav by installing it via Fink; while not necessarily the most cutting edge release, it does tend to stay somewhat close to the latest release and the installation is largely automated (and updates are largely automated as well). Bonus: Fink has lots and lot and lots of other ported software to install and use too :-) -Bart an even better solution would be www.pkgsrc.org -- this is the package source code collection of NetBSD. i) it's oriented on the BSD way of life ii) it's surely much more up-to-date iii) works like a charm for me on NetBSD, Darwin/Mac OS X, Solaris, and IRIX. NB: you'll need an UFS partition as HFS+ doesn't support differenciating upper/lower case the way needed. -- mit vorzueglichster Hochachtung/best regards, Timo Schöler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] stats
hi there im keen to start a web based stats page on virus es caught etc ... i seem to remember a thread where one of you guys were developing such a thing can you please advise Hi, http://mail.limelyte.net/admin/virus/ ?? It uses qsla as the backend to write to a mysql database, but any backend could be written. nice tool -- but you forgot the URL: http://sourceforge.net/projects/qsla regards, timo --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav and pictures
Every day I have received about 30 email's with pictures which have strange names( for example sevwqwso.gif, iwhfetsn.gif, qfwecqtf.jpg) and nonexistent's senders ([EMAIL PROTECTED], [EMAIL PROTECTED]). Clamav don't find any viruses in this email's . Can Clamav find viruses in pictures? It is possible that these pictures are linked to URLs so that if you click on them from you are taken to a site which downloads a virus. ClamAV has experimental code to handle this called FOLLOWURLS. Being experimental it is only in the test version available from snapshot and CVS, and is not compiled in or enabled by default. To enable it you need to defined FOLLOWURLS in mbox.c (about line 447) and either run clamscan with --mail-follow-urls or if you're using clamd you will need to enable MailFollowURLs. -Nigel it's clearly a big advantage using a MUA that features disabling of parsing HTML-formatted emails (if you don't discard them at the MTA ;)... make use of it! ClamAV would be nice as kind of 'backup security', but this doesn't make an unsensible user (his/her MTA) harmless in any way... timo :x! --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] kernel: Out of Memory:Killed process xxxxx (clamd).
A few people (out of the thousands who run ClamAV) have reported memory leaks in stable versions of clamd. However, none of those people have submitted a report from a memory debugging tool to show where the leak occurs on their systems, despite being asked to by the development team. None of the development team have seen such a leak. I tried to help out with valgrind as you suggested - but within 10 mins it took 1.5Gb of RAM on my workstation (I wasn't going to put it up on production now was I? :-) and - well - I turned it off. I really don't have the equipment to handle running 1.5Gb debugging processes... One of the downsides of valgrind - it doesn't free any memory at runtime (to check for double-free()s). I've not seen tools where one can switch this off yet (but I've only used valgrind on Linux and purify on Solaris machines). Until one of the people complaining produces a useful report, nothing can be done. It is just as likely a leak in a system library than in clamd. Could be: but I've seen it on Rh8 and Fedora-Core2 - quite different Linux systems as far as libraries/etc go. From the different posts here I bet there are library issues in BSD, as that OS is number one when it comes to leakage complains. I don't know current Solaris releases, but Sol7 actually was a PITA. With Linux being my development platform, I see no runtime leaks there. I hope someone else can help out - there is a problem that needs solving there. All of the team members are aware of that. But as trog already wrote: Until someone comes up with either a mail that triggers the leak or some mem debugger's output, we're stuck. Running valgrind on a production server is a no-no, as you already observed. For quite a while (6 weeks) I collected each and every mail on one of my MXes. I checked them offline for leaks using a shell wrapper, which checked clams memory usage between each feeded mail, but found really nothing. I'll start that grabber again once I upgraded disk space on another MX here. Thomas hi, running NetBSD 2.0 BETA (as of 20040909) i have not the smallest problem (clamd w/amavisd-new, SA, dspam, and razor) regarding to 'extraordinary memory usage'. neither on a i386 MP system (uptime approx. 30 days, 50k messages/day) nor on my private mail-gw (Sun Ultra 1, same OS). -- mit vorzueglichster Hochachtung/best regards, Timo Schoeler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] freshclam unable to notify clamd in chroot
Hello, I've chrooted both freshclam and clamd to the same root and user. Everything is working well except freshclam complains it is unable to notify clamd of updates. I've been trying different things, and have been unable to get this resolved. This is the message from the logs: ERROR: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock The /var/run/clamav is within the chrooted environment. I've checked, double checked, and triple checked the permissions (since they are the same user, it should not be a problem). I've checked /proc/pid of both freshclam and clamd to make sure they are in the same root. I've tried running freshclam from the cron (chrooting in the cron) and as a daemon. I am running Debian/Woody, and clam 0.75-1. Again, the only thing that does not work are the notifications. The databases are updating normally, etc... I suppose clamd rechecks the database at at a preset interval anyways... I'd appreciate any feedback. Thanks. Dan which OS are you running (uname etc.)? timo :x! Auf zum großen Sternmarsch auf Berlin am 3. Oktober 2004! www.sternmarsch-berlin.de | www.montags-gegen-2010.de --- This SF.Net email is sponsored by: thawte's Crypto Challenge Vl Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam Camcorder. More prizes in the weekly Lunch Hour Challenge. Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
OT: Linux/Sun (was: Re: [Clamav-users] SuSE 9.1 RPM of ClamAV 0.75.1)
Hi @all, I do not want to bring up the discussion whether it's needed or not... But for those who need/want it, there's a RPM available for SuSE 9.1 at http://www.izzysoft.de/ftp/local/linux/tool/clamav75.rpm (contains v0.75.1 built for i386). Worked fine for me - so feel free to grab and install ;) Regards, Izzy. -- Itzchak Rehberg http://www.qumran.org/homes/izzy/ http://www.izzysoft.de/ We have joy, we have fun, we boot Linux on our SUN... Never! flame A wanna-be-OS that is too stupid to use my Sun's (P)MMU? ROTFL /flame :x! timo --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Clamav under an SMP environment
Anyone running ClamAv in an SMP server? yes. Sun Ultra 80 Dual CPU/Solaris 9 in testing environment, NetBSD-2.0_BETA/i386 Dual PIII in production use. runs fine :) Any exploits (good news) that you can share about running it under such a system? I have an SMP box, and I am running ClamAv devel, but I can see that it's one of the highest CPU hogs ;) no problem. the NetBSD box has very low load even processing large amount of email (approx. 50k messages a day). cheers - wash +-- +-+ Odhiambo Washington . WANANCHI ONLINE LTD (Nairobi, KE) | wash at wananchi dot com . 1ere Etage, Loita Hse, Loita St., | GSM: (+254) 722 743 223 . # 10286, 00100 NAIROBI | GSM: (+254) 733 744 121 . (+254) 020 313 985 - 9 | +- +--+ Oh My God! They killed init! You Bastards! --from a /. post -- mit vorzueglichster Hochachtung/best regards, Timo Schoeler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Memory
I am using freebsd, postfix, amavisd-new, spamassassin and clamav (all latest version)in a server pentium iv with 512 RAM. Top shows that I have only 41M free and I think that 221M inact is very high Mem: 119M Active, 221M Inact, 93M Wired, 19M Cache, 60M Buf, 41M Free Is it normal? hi, can you give a 'uname -a' of that machine? also, maybe a post from matt dillon (FreeBSD) [1] could be informative on this (depends on the release you use ;). HTH [1] -- http://mail.nl.linux.org/linux-mm/2000-05/msg00419.html -- mit vorzueglichster Hochachtung/best regards, Timo Schoeler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: RES: [Clamav-users] Memory
Uname -a FreeBSD Machine.dominio.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 -Mensagem original- De: Timo Schöler [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 9 de setembro de 2004 13:47 Para: Erick Dantas Rotole Cc: [EMAIL PROTECTED] Assunto: Re: [Clamav-users] Memory I am using freebsd, postfix, amavisd-new, spamassassin and clamav (all latest version)in a server pentium iv with 512 RAM. Top shows that I have only 41M free and I think that 221M inact is very high Mem: 119M Active, 221M Inact, 93M Wired, 19M Cache, 60M Buf, 41M Free Is it normal? hi, can you give a 'uname -a' of that machine? also, maybe a post from matt dillon (FreeBSD) [1] could be informative on this (depends on the release you use ;). HTH [1] -- http://mail.nl.linux.org/linux-mm/2000-05/msg00419.html hi, (please avoid top-posting -- thx! ;) i have (unfortunately ;) a x86 machine running NetBSD 2.0_BETA (i'm a SPARCy boy mosty); it gives me load averages: 0.09, 0.16, 0.16 21:02:14 57 processes: 1 runnable, 55 sleeping, 1 on processor CPU0 states: 0.0% user, 0.0% nice, 0.3% system, 0.0% interrupt, 99.7% idle CPU1 states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Memory: 130M Act, 63M Inact, 3928K Wired, 11M Exec, 89M File, 6208K Free ^^ Swap: 129M Total, 129M Used, 5K Free uname -a: NetBSD dreyfus.es43-bln.macfinity.net 2.0_BETA NetBSD 2.0_BETA (GENERIC.MP) #0: Mon Aug 16 05:58:45 UTC 2004 [EMAIL PROTECTED]:/autobuild/netbsd-2-0/i386/OBJ/autobuild/ netbsd-2-0/src/sys/arch/i386/compile/GENERIC.MP i386 this machine runs nearly the same apps like yours, additionaly it's my main build machine (i.e. it builds NetBSD-current every night, the machine has a higher load for a few hours and even swaps a lot as can seen above). the '63M inact' is surely used for i/o buffers -- you may turn a few knobs via sysctl variables. i'd recommend to contact the appropriate FreeBSD mailing list because it's OS related, not ClamAV related. -- mit vorzueglichster Hochachtung/best regards, Timo Schoeler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Distribution
Doug Hardie wrote: I have a cron job that scans the clamd.log file every day and counts the specific virusus found. While the numbers tend to vary a bit from day to day the relative ratios between the various viruses found tend to stay the same - except for Worm.Zafi.B. One day it will find 1100 of them and the next day 8. It is never consistent. I am not seeing any significant number of viruses slipping through. It seems to be some sort of distribution issue with that virus itself. The others all seemed to come on strong at first and then die down to residual annoyances. But not this one. It keeps coming back in volume periodically. Any ideas what makes this one so different from the rest? perhaps this may be interesting stuff for you: http://www.cs.berkeley.edu/~nweaver/sapphire/ HTH, -- mit vorzueglichster Hochachtung/best regards, Timo Schoeler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus Distribution
Thus spake Doug Hardie sometime Today... On Sep 8, 2004, at 12:16, Timo Schöler wrote: Doug Hardie wrote: I have a cron job that scans the clamd.log file every day and counts the specific virusus found. While the numbers tend to vary a bit from day to day the relative ratios between the various viruses found tend to stay the same - except for Worm.Zafi.B. One day it will find 1100 of them and the next day 8. It is never consistent. I am not seeing any significant number of viruses slipping through. It seems to be some sort of distribution issue with that virus itself. The others all seemed to come on strong at first and then die down to residual annoyances. But not this one. It keeps coming back in volume periodically. Any ideas what makes this one so different from the rest? perhaps this may be interesting stuff for you: http://www.cs.berkeley.edu/~nweaver/sapphire/ Thanks but I would expect from that that the worm activity would tend to die down to a relatively constant nuisance level. However, its not doing that every couple days I get another flood of them. there may be several reasons: i) changing network behaviour (route flaps, etc.) ii) changing effectiveness of virus filters et al. iii) built-in automatisms in worm/virus itself NB: it is not always best to spread a virus/worm at the highest available speed (depends on number of infected hosts, bandwidth available to the hosts, etc.). i'm sure i missed another point i didn't think of now ;) -- mit vorzueglichster Hochachtung/best regards, Timo Schoeler //macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin | Germany Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19 PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idP47alloc_id808op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: AW: [Clamav-users] uncompressing/scanning Mac archives (i.e. .sit, .sitx, and .hqx)
after having clamav up and running for a while -- it's great! thanks to all who develop || support it -- there's still another topic in status 'wip': how to uncompress .sit, .sitx, and .hqx files (usually sent/received by Mac users)? Seems that amavisd-new (an interface between MTA and virus scanner/content filters) supports .hqx files. I don't know about .sit and .sitx though - maybe not. thanks for your fast reply; i didn't state it here, but i do have clamd running glued together with amavisd-new. afaik amavisd-new doesn't support native hqx expansion, furthermore it relies on external apps regarding unpackung archives of server types either. thus, a dedicated hqx (sit/sitx) would be necessary to scan those files (AFAICS)... rgds, :x! This life is a test. It is only a test. Had this been an actual life, you would have received further instructions as to what to do and where to go. --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] uncompressing/scanning Mac archives (i.e. .sit, .sitx, and .hqx)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, after having clamav up and running for a while -- it's great! thanks to all who develop || support it -- there's still another topic in status 'wip': how to uncompress .sit, .sitx, and .hqx files (usually sent/received by Mac users)? i asked google, but it doesn't get an answer :( any hints? tia regards, Timo 'eCLIpser' Schöler :x! This life is a test. It is only a test. Had this been an actual life, you would have received further instructions as to what to do and where to go. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFA0thFyTIwDcKFkvsRAvPcAJ9yH8vNf1DdKHtGkO1lpl9V6Mgf7wCfVFt6 G6utrVASOuKOKJukuwZXWys= =MmLg -END PGP SIGNATURE- --- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users