[Clamav-users] Outdated warning even though it is up to date.
I noticed this morning that my systems all report that my clamav is outdate even though it running the current version 0.96.3. Here is the freshclam message: Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Mon Sep 20 11:28:17 2010 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 771 Software version from DNS: 0.96.3 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.96.1 Recommended version: 0.96.3 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd version from DNS: 52 main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven) daily.cvd version from DNS: 11982 daily.cld is up to date (version: 11982, sigs: 130644, f-level: 53, builder: guitar) bytecode.cvd version from DNS: 52 bytecode.cld is up to date (version: 52, sigs: 10, f-level: 53, builder: edwin) SubmitDetectionStats: Not enough recent data for submission Why is reporting this even though it is current, at least what I see> http://sourceforge.net/projects/clamav/ http://www.clamav.net/lang/en/ Thank you ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav 0.95.3 in qmail
Hi, I use qmail scanner with the st patch that allows to configure quarantine and delete spam messages at specified settings with my qmail installation. Qmail scanner supports clamav and other anti-virus scanners: qmail scanner: http://qmail-scanner.sourceforge.net/ qmail scanner st patch: http://toribio.apollinare.org/qmail-scanner/ I hope this helps, Frank HI Guys, I need small clarification in clamav integration with qmail. Please tell me, what variables & variables parameter needs to be configured in qmail service directory for clamav. Thanks & Regards, P. Murugan Get your world in your inbox! Mail, widgets, documents, spreadsheets, organizer and much more with your Sifymail WIYI id! Log on to http://www.sify.com ** DISCLAIMER ** Information contained and transmitted by this E-MAIL is proprietary to Sify Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at ad...@sifycorp.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] SubmitDetectionStats Error
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-j1lLga8n22sDa9MUXOxj" I've seen this in the last three freshclam runs: ERROR: SubmitDetectionStats: Remote server reported temporary failure: under maintenance Curious as to whether anyone else sees the same As of 16-Nov-2009 2120UTC I still getting this: daily.cld is up to date (version: 10029, sigs: 105549, f-level: 44, builder: ccordes) ERROR: SubmitDetectionStats: Incorrect answer from server I wonder what is happening to the Stats Server? Frank -- KeyID 0xE372A7DA98E6705C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Attachment converted: Frank's MacBook Pro:signature 8252.asc (/ ) (0F5A3B5E) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] All quiet on the virus front?
Hello, Ever since about 10-Nov-2009 1810UTC I haven't gotten any virus hits on my mail server and I'm checking if anyone seen the same thing. Before that time, I used to get about 1000 virus hits per day so are the virus writers/spammers gone away or this is the quiet before the storm? I still get spam but none with any viruses for the last day. Here is my current freshclam message: Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Wed Nov 11 08:41:18PST 2009 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 900 Software version from DNS: 0.95.3 main.cvd version from DNS: 51 main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) daily.cvd version from DNS: 10014 daily.cld is up to date (version: 10014, sigs: 104315, f-level: 44, builder: ccordes) SubmitDetectionStats: Not enough recent data for submission Thank you for your input, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] question about Clamav anti virus for old mac OS 9.2
Hi Julie, I don't think clamav existed when Mac OS 8(1997) & 9 (1999) where out and clamav can't really be compiled on Mac OS 8 or 9 since Mac didn't have gcc for the Mac OS at that time. Can someone at clamav correct me if I'm wrong on the first release of clamav. You can use install 10.4.11 along with your older Mac classic environment (if space on your hard drive allows) and then install Developer Tools on 10.4.11 and then compile clamav on the 10.4.11 side and then scan the entire disk the from the 10.4.11 environment. You can boot to either older classic (8.6 or 9.2) or 10.4.11 as needed. Remember 10.4.11 will very slow on the G3 systems so be patient. You can't use 10.4.11 with Mac 8.6 as the classic environment (use 8.6 applications while running 10.4.11) but with Mac 9.2 you can. I have a Mac Mini PPC that I run Mac 10.4.11 and 9.2 on. Also you can try clamXav, which is a graphical interface for clamav. http://www.clamxav.com/ I hope this helps. Frank >Hi there. I did read the archives and couldn't find anything about my >query. > >We have two older macs, a G3 running OS 8.6 and a G4 running 9.2. I believe >we have a microsoft word virus that I would like to get rid of. Is there a >version of Clamav that will work on these old operating systems? I've found >the list of downloads of various versions from 0.70 to 0.95.2 and had a >quick look at some of the info/notes for the versions, but it doesn't say >what operating system they are suitable for. > >If someone could please advise me, I would be more grateful. > >Thanks > >Julie in the antique Mac office, Northumberland > >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Interesting issue with freshclam.
Sorry, I didn't want to install this on a production server, which first showed this problem, but the other two servers I installed clamav-0.95rc2 didn't exhibit this issue. Opened bug ID 1510. Thank you, Frank >On Wed Mar 25 2009 23:31:39 GMT+0100 (CET) >fchan wrote: >> I installed clamav 0.95 on a RHEL 5.1 running linux >> 2.6.18-128.1.1.el5xen and I was doing freshclam -v and noticed there >> is missing information: >> >> [fc...@s1 fchan]# freshclam -v >> ClamAV update process started at Wed Mar 25 15:21:15 2009 >> main.cld is up to date (version: 50, sigs: 500667, f-level: 38, >>builder: sven) >> daily.cld is up to date (version: 9168, sigs: 33870, f-level: 41, >>builder: neo) >> >> Normally it should look like this from my other system: >> >> [fc...@s3 fchan]# freshclam -v >> Current working dir is /var/lib/clamav >> Max retries == 5 >> ClamAV update process started at Wed Mar 25 15:27:48 2009 >> Using IPv6 aware code >> Querying current.cvd.clamav.net >> TTL: 793 >> Software version from DNS: 0.95 >> main.cvd version from DNS: 50 >> main.cld is up to date (version: 50, sigs: 500667, f-level: 38, >>builder: sven) >> daily.cvd version from DNS: 9168 >> daily.cld is up to date (version: 9168, sigs: 33870, f-level: 41, >>builder: neo) >> >> What happened? > >We didn't notice this problem and no one reported it for release >candidates... that's exactly what happened :-) > >Please open a bug report at http://bugs.clamav.net so we can fix the >verbose mode in the next release. > >-- >oo. Tomasz Kojm > (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg > \..._ 0DCA5A08407D5288279DB43454822DC8985A444B >//\ /\ Wed Mar 25 23:52:19 CET 2009 >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Interesting issue with freshclam.
I installed clamav 0.95 on a RHEL 5.1 running linux 2.6.18-128.1.1.el5xen and I was doing freshclam -v and noticed there is missing information: [fc...@s1 fchan]# freshclam -v ClamAV update process started at Wed Mar 25 15:21:15 2009 main.cld is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven) daily.cld is up to date (version: 9168, sigs: 33870, f-level: 41, builder: neo) Normally it should look like this from my other system: [fc...@s3 fchan]# freshclam -v Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Wed Mar 25 15:27:48 2009 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 793 Software version from DNS: 0.95 main.cvd version from DNS: 50 main.cld is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven) daily.cvd version from DNS: 9168 daily.cld is up to date (version: 9168, sigs: 33870, f-level: 41, builder: neo) What happened? Thank you, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] WARNING: Can't get information about user qscand .
Hi, Can you send us the log messages of this error and the configuration of your system. We can't help you with more information. From the subject of having "qscand" so it appears that you have qmailscanner running and that is what I'm running too. Again you need to send us the log messages for this problem so we can help. Thank you, Frank >Hi, > >since upgrading to 95.0 I'm getting this error when running freshclam; and >the same error (only with ERROR not WARNING) when running clamd. > >I'm using the same config file as I did in 94.02 and qscand is a valid >user... > >I've had to revert back to 94.02 for the time being, but any help to get >this up and running would be great. > >Thanks for your help > >M >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Strange message from LibClamAV when running clamscan.
Thank you Edwin for helping with this. I opened Bug 1498. Frank On 2009-03-24 22:09, fchan wrote: This is what I get for command line date +%s: [fc...@s3 fchan]# date +%s 1237925239 Thank you, Frank ÊÊ That is correct, please open a bugreport. --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Strange message from LibClamAV when running clamscan.
This is what I get for command line date +%s: [fc...@s3 fchan]# date +%s 1237925239 Thank you, Frank >On 2009-03-24 20:55, fchan wrote: >> I got this message after updating from 0.94.2 to 0.95. >> >> [fc...@s3 fchan]# freshclam -v >> Current working dir is /var/lib/clamav >> Max retries == 5 >> ClamAV update process started at Tue Mar 24 11:37:35 2009 >> Using IPv6 aware code >> Querying current.cvd.clamav.net >> TTL: 884 >> Software version from DNS: 0.95 >> main.cvd version from DNS: 50 >> main.cld is up to date (version: 50, sigs: 500667, f-level: 38, >>builder: sven) >> daily.cvd version from DNS: 9160 >> daily.cld is up to date (version: 9160, sigs: 33348, f-level: 41, >> builder: ccordes) >> [fc...@s3 fchan]# >> [fc...@s3 fchan]# clamscan -r -i & >> [1] 10168 >> [fc...@s3 fchan]# LibClamAV Warning: >> ** >> LibClamAV Warning: *** The virus database is older than 7 days! *** >> LibClamAV Warning: *** Please update it as soon as possible.*** >> LibClamAV Warning: ** >> >> I'm linux 2.4.29 on these systems with this message. Why does >> LibClamAV warn about virus database is older than 7 days when >> freshclam -v shows that CVD is version 9160 and is up to date, which >> is the current version at this moment when I sent this message. > >What does this command print: >$ date +%s >1237921932 > >Best regards, >--Edwin >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Strange message from LibClamAV when running clamscan.
I got this message after updating from 0.94.2 to 0.95. [fc...@s3 fchan]# freshclam -v Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Tue Mar 24 11:37:35 2009 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 884 Software version from DNS: 0.95 main.cvd version from DNS: 50 main.cld is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven) daily.cvd version from DNS: 9160 daily.cld is up to date (version: 9160, sigs: 33348, f-level: 41, builder: ccordes) [fc...@s3 fchan]# [fc...@s3 fchan]# clamscan -r -i & [1] 10168 [fc...@s3 fchan]# LibClamAV Warning: ** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible.*** LibClamAV Warning: ** I'm linux 2.4.29 on these systems with this message. Why does LibClamAV warn about virus database is older than 7 days when freshclam -v shows that CVD is version 9160 and is up to date, which is the current version at this moment when I sent this message. Thank you, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Functionality level message with virus definition update version 9081.
Thank you Nigel. I hope your arm is much better now. I think any urgent news should be posted via Twitter or similar ways and emailed as an backup method of communicating to the clamav users. Frank Dennis Peterson wrote: Luca Gibelli wrote: ÊÊ You can safely ignore this temporary warning. It should go away in a matter of minutes. Best regards Sounds like a good thing to twitter. ÊÊ Good idea. I've done that. dp -Nigel -- Nigel Horne, nigel.ho...@sourcefire.com Director of Product Management (ClamAV), Sourcefire, http://www.sourcefire.com +44 1226 241048, +1 301 518 7944 or +1 706 705 4022 FAX: +44 870 705 9334 ICQ: 20252325 ClamAV is a registered trademark of Sourcefire Inc. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Functionality level message gone. Thank you!
I did an freshclam -v and got version 9082 and the Functionality level message is gone. Thank you clamav team! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Functionality level message with virus definition update version 9081.
I was doing a freshclam -v and got the current version 9081 of the virus definitions but I got this: freshclam -v Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Mon Mar 9 11:30:47 2009 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 885 Software version from DNS: 0.94.2 main.cvd version from DNS: 50 main.cld is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven) daily.cvd version from DNS: 9081 daily.cld is up to date (version: 9081, sigs: 14358, f-level: 39, builder: ccordes) WARNING: Current functionality level = 38, recommended = 39 Please check if ClamAV tools are linked against the proper version of libclamav DON'T PANIC! Read http://www.clamav.net/support/faq Here is my ldd `which freshclam`: ldd `which freshclam` linux-gate.so.1 => (0x00c88000) libclamav.so.5 => /usr/lib/libclamav.so.5 (0x003b1000) libclamunrar_iface.so.5 => /usr/lib/libclamunrar_iface.so.5 (0x00206000) libbz2.so.1 => /usr/lib/libbz2.so.1 (0x04aac000) libgmp.so.3 => /usr/lib/sse2/libgmp.so.3 (0x0069d000) libclamunrar.so.5 => /usr/lib/libclamunrar.so.5 (0x00354000) libz.so.1 => /usr/lib/libz.so.1 (0x0039c000) libresolv.so.2 => /lib/libresolv.so.2 (0x0011a000) libpthread.so.0 => /lib/i686/nosegneg/libpthread.so.0 (0x00383000) libc.so.6 => /lib/i686/nosegneg/libc.so.6 (0x0020b000) /lib/ld-linux.so.2 (0x001e8000) Correct me if I'm wrong but isn't libclamav.so.5 the current version? What happened? Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] All quiet on the virus front?
I'm checking that the last virus definition update was on Friday March 6, 2009 at 0500 version 9080. Also I noticed that my mail server hasn't received and virus/malware for the last 12 hours. Are the virus/malware writers taking a break or a calm before the next big storm? Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Injury
Hi Nigel, Get well soon. By the way that is why American football players wear those pads and protectors for American Tackle Football. I played in my high school football team and it is not fun having several 100KG people sitting on top of you feeling like squashed bug. That where protection helps alot but still got several good sprains and bruises. Again get well soon and get some rest, Frank >Folks, > >On Saturday I broke my left collar bone while playing American Football >with some neighbourhood children. The good news is that I will still be >able to work and reply to emails and phone calls, the bad news is that >because I'm left-handed and I've lost the use of my left arm, it will >take me longer than usual to respond to correspondence. > >Please bear with me during these difficult times as I try to juggle work >with medical needs. > >Regards, > >-Nigel >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] WARNING: DNS record is older than 3 hours. (freshclam.log)
Hi aCaB, I still get this today Wednesday February 11, 2009. I did this earlier here is what I got from freshclam -v: Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Wed Feb 11 13:44:39 2009 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 900 WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. Falling back to HTTP mode. If-Modified-Since: Wed, 22 Oct 2008 22:03:26 GMT Reading CVD header (main.cvd): Trying host db.us.clamav.net (168.143.19.95)... Connected to db.us.clamav.net (IP: 168.143.19.95). Trying to retrieve CVD header of http://db.us.clamav.net/main.cvd OK (IMS) main.cld is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven) If-Modified-Since: Wed, 11 Feb 2009 16:40:45 GMT Reading CVD header (daily.cvd): Connected to db.us.clamav.net (IP: 168.143.19.95). Trying to retrieve CVD header of http://db.us.clamav.net/daily.cvd OK (IMS) daily.cld is up to date (version: 8980, sigs: 75705, f-level: 38, builder: ccordes) Viewing my logs this happens occasionally since Monday February 9,2009 but it is not happening at this moment. Thank you, Frank >aCaB wrote: >> Confirmed, >> we're working on it. > >DNS issues should be gone by now. > >Cheers, >-acab >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Best Practice Webinar
Thank you for those who have signed up but missed it. >Folks, > >Edwin's Webinar given last week on the topic of best practice and common >pitfalls in ClamAV is now >available for download from >http://www.sourcefire.com/resources/CAV-webcast-access. > >The presentation covers common pitfalls in the deployment of ClamAV, >such as permissions, resource limits and build issues. It then >recommends best practices for logging, scan limits, SMP systems, usage of >PUA, setting up freshclam, using ClamAV on more hosts on your network and >submitting detection statistics, followed by an overview of the engine >configuration flags found in 0.94.1. > >Finally the presentation describes a recommended upgrade procedure, >showing best practices to avoid common >pitfalls: reviewing configuration changes, testing the new version >before deployment and restarting the daemons. > >The presentation slides will be available soon from www.clamav.net. I >will make an announcement when they are. > >We are always interested in topics for talks, and we are also open to >volunteers from the open source community who >wish to give a talk. Contact me either by email or by phone. > >-Nigel >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Missing daily 8727 & 8728
Nothing serious but I noticed that daily 8727 & 8728 are missing from the virus db list. http://lurker.clamav.net/list/clamav-virusdb.en.html Any idea what happened? Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamav upgrade
Hi, Here is good repository for clamav rpm which I got from clamav.net: http://packages.sw.be/clamav/ This is source page at clamav.net: http://www.clamav.net/download/packages/packages-linux Regards, Frank >Hi, > >I want to upgrade my clamav installation on FC6. Please tell me if there are >any 0.94 rpms available. > > >Thanks, > >Femitha Majeed >-- >View this message in context: >http://www.nabble.com/clamav-upgrade-tp20084128p20084128.html >Sent from the clamav-users mailing list archive at Nabble.com. > >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] ClamXav will not open
Please this support forum for ClamXav: http://www.markallan.co.uk/BB/ I use clamXav for awhile now and I never saw this error before. My guess you no Developer tools on your system which can give you this type error since clamXav needs this to compile clamav. Developer Tools with Xcode which comes with every installation CD/DVD or Mac OS X CD/DVD. If you have other question about clamXav post your question to the support forum at clamXav. Frank >Hello, > >I cannot get ClamXav to work anymore >This is what I get when I try to open the app >Can someone advise what I have done wrong or what is missing > >Last login: Sun Sep 28 17:09:02 on ttyp2 >/Applications/Utilities/ClamXav/ClamXav.app/Contents/MacOS/ClamXav; exit >Welcome to Darwin! >g5:~ MRowe$ /Applications/Utilities/ClamXav/ClamXav.app/Contents/ >MacOS/ClamXav; exit >dyld: Library not loaded: /usr/lib/libxslt.1.dylib >Referenced from: /usr/lib/libexslt.0.dylib >Reason: image not found >Trace/BPT trap >logout >[Process completed] > > >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Virus not detected on Linux/MacOSX
These are great suggestions for clamscan. I think mine message was geared towards clamdscan which I use to scan mail messages. I worry about people sending large files and clamdscan doesn't scan them so I scan them manually and adjust clamscan accordingly. Also I need to know what max-filesize to set to for my mail server. Frank --- Tilman Schmidt <[EMAIL PROTECTED]> schrieb am Fr, 26.9.2008: Von: Tilman Schmidt <[EMAIL PROTECTED]> Betreff: Re: [Clamav-users] Virus not detected on Linux/MacOSX An: "ClamAV users ML" Datum: Freitag, 26. September 2008, 13:37 Moray Henderson (ICT) schrieb: > ./clamscan/.libs/clamscan file.exe > Linux Wally 2.6.18-53.1.6.el5 #1 SMP Wed Jan 23 11:28:47 EST 2008 > x86_64 x86_64 x86_64 GNU/Linux > MD5(file.exe)= e7e7dc7981a4089cdcb42d32247dc6e0 > ClamAV 0.94/8284/Thu Sep 18 18:54:57 2008 > file.exe: OK > > --- SCAN SUMMARY --- > Known viruses: 428321 > Engine version: 0.94 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.00 MB > Time: 0.869 sec (0 m 0 s) Suggestion: Change "file.exe: OK" to "file.exe: not scanned - exceeds max-filesize" Change "Scanned files: 1" to "Scanned files: 0" and add a new count to the summary "Not scanned: 1". I'd like to support that suggestion. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/mlÊI support that suggestion, too.It is one step into the right direction for all kind of Opensource:Userfriendliness, "EgoLess Programming".Very old basics of good software. ÊÊ __ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verfgt ber einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Virus not detected on Linux/MacOSX
The sytanx should be: clamscan --max-filesiz=#n Below is the exerpt from the man file: --max-filesize=#n Extract and scan at most #n kilobytes from each archive. You may pass the value in megabyte in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB) Again on either side, clamscan or clamdscan, it should say something that a file was not scanned for any reason. Here is a sample message if the file was too large: The file "the file name" is too large to be scanned. Please consider increasing max-filesize setting. Please read http://lurker.clamav.net/message/20080313.165458.ac80f65a.en.html (or some other warning about DoS and other information about increasing max-filesize). I get these messages from spamassassin running out of child processes and I used that as my sample for this type of message. Frank >On 9/22/08, Eric Rostetter <[EMAIL PROTECTED]> wrote: >> Quoting fchan <[EMAIL PROTECTED]>: >> >> > Remember not everyone that uses clamav is not an expert so for >> >> >> They don't have to be an expert, they just have to read and configure >> the configuration file for their needs. >> >> >> > someone that is new to clamav thinks that every file that went >> > through clamav would be scanned for malware would be incorrect and >> > they have a possibility of opening an infected file. I think a >> >> >> Yes, but they should have read the configuration file, and change it >> to meet their needs. If they didn't, well, that is their fault. >> >> >> > message or warning that a file that was too large passed through >> > clamav without being scanned would be nice so one can take >> > appropriate action. That is my opinion. >> >> >> First, it is not too large to pass through clamav, the user decided >> they didn't want it to pass through, or the user was negligent in >> configuring it. > >I'm using clamscan directly not clamdscan > >How can I change the default behavior without have to specify >--max-filesize parameter at command line ? > >> >> Second, I would support such an output only when using the scanner >> in "debug" mode... Would be very useful when debugging, to see such >> a message. In normal mode, I see no reason to force this on the author >> against their will. Even in debug mode, it is up to the author, but >> I do think it would be useful in debug mode... >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Virus not detected on Linux/MacOSX
Remember not everyone that uses clamav is not an expert so for someone that is new to clamav thinks that every file that went through clamav would be scanned for malware would be incorrect and they have a possibility of opening an infected file. I think a message or warning that a file that was too large passed through clamav without being scanned would be nice so one can take appropriate action. That is my opinion. Frank >On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote: >> Alexandre Biancalana wrote: >> > On 9/19/08, Dennis Peterson <[EMAIL PROTECTED]> wrote: >> >> fchan wrote: >> >> > I read your links and I understand possible DoS and other issues but >> >> > to repeat Alexandre's idea, why is there no error message for file >> >> > that are too large to notify the admin so they can adjust clamd.conf >> >> > or other action. Right now this infected file passes through like if >> >> > it was not infected which would be dangerous under certain >>conditions. >> >> > IMHO this file shouldn't pass through clamav without any >>error message. >> >> > >> >> > Frank >> >> >> >> >> >> What would the error message say? There was no error in my view. The >> >> file was larger than what the OP was willing to test so it was not >> >> tested (if I understand it correctly). As such it is accepted at risk. >> >> It is the OP's job to decide what else to do with files that are >> >> accepted at risk. That may require yet another milter or other process >> >> spawned by procmail, for example. >> > >> > Could not be an error message, just a warning, a informative message, >> > saying that the file was not scanned and not that the file is >> > clean >> > >> > In this case I'm using clamav on a file server to scan user >>files not emails... >> >> >> Doesn't matter - if you tell clamav to ignore certain files you are then >> obliged to use another method to test those files or ignore them. It >> would be rather trivial to write a script that finds large files and >> takes an action on them, but if you're going to scan them, then why >> prevent clamav from scanning them in the first place? > >Forget... my point was just to have a more intuitive and clear message >saying exactly what happened instead say that the file clean if it's >not. >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Virus not detected on Linux/MacOSX
I read your links and I understand possible DoS and other issues but to repeat Alexandre's idea, why is there no error message for file that are too large to notify the admin so they can adjust clamd.conf or other action. Right now this infected file passes through like if it was not infected which would be dangerous under certain conditions. IMHO this file shouldn't pass through clamav without any error message. Frank >On Fri, 19 Sep 2008 10:51:52 -0300 >"Alexandre Biancalana" <[EMAIL PROTECTED]> wrote: > >> Right ! This is detect now, but the correct behavior would not be >> display a error message like "File too big, not scanned!" ?? > >Some discussions on this topic: > >http://lurker.clamav.net/message/20080129.163022.5183157e.en.html >http://lurker.clamav.net/message/20080313.165458.ac80f65a.en.html > >-- >oo. Tomasz Kojm <[EMAIL PROTECTED]> > (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg > \..._ 0DCA5A08407D5288279DB43454822DC8985A444B >//\ /\ Fri Sep 19 15:57:33 CEST 2008 >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] bzip2 1.0.5 and clamav 0.94
I have RedHat ES 5.1 and I have support with RedHat so I have logged a trouble ticket for this issue and this is their latest reply: 16-SEP-2008 02:03:47Shailendra Suhas Bandodkar Greetings, Thanks for the update. I consulted the security response team. They say that they have reviewed this issue and work on fixing this issue is already in progress. Updates are expected to be released soon, probably during the next week. I would request you to wait for a while until the fix is released. Thanks for your patience Best regards Shailendra Remember that CentOS is related to RedHat ES minus the support so if they fix this on the RedHat ES side they will fix it on the CentOS side. However since you have CentOS you can get bzip2 from http://www.bzip.org/ and install it manually if your wish. Regards, Frank ldconfig: yes I remembered that afterwards. ;-) clamav 0.94 plus patch is running on SuSE 10.3 ok now for the last 14 days. Which announcement do you mean? I do not read this mailing list regularly... I did not find anything on the website. For the future one suggestion: can you please put things like patches or needed upgrades of packages like bzip2 (see below) onto the website also? So that is easier to find such things. E.g. the section with "Production quality releases" at http://www.clamav.net/download/sources is missing any hint about a patch or upgrade of bzip2. Probably it is not good to release clamav, if the release needs patching afterwards... Best regards Markus Original-Nachricht Datum: Fri, 05 Sep 2008 09:24:16 +0300 Von: "Trk Edwin" <[EMAIL PROTECTED]> An: ClamAV users ML Betreff: Re: [Clamav-users] bzip2 1.0.5 and clamav 0.94 On 2008-09-05 00:49, Markus Egg wrote: > Original-Nachricht >ÊÊ >> Datum: Thu, 04 Sep 2008 23:30:54 +0200 >> Von: "Markus Egg" <[EMAIL PROTECTED]> >> An: ClamAV users ML >> Betreff: Re: [Clamav-users] bzip2 1.0.5 and clamav 0.94 >> > >ÊÊ >> Original-Nachricht >> >>> Datum: Thu, 04 Sep 2008 13:00:31 +0300 >>> Von: "Trk Edwin" <[EMAIL PROTECTED]> >>> An: ClamAV users ML >>> Betreff: Re: [Clamav-users] bzip2 1.0.5 and clamav 0.94 >>>ÊÊ >>> Hi, >>> >>> There is a patch for the bzip2 problem here: >>> https://wwws.clamav.net/bugzilla/attachment.cgi?id=801 >>> >>> Please let me know if it works. >>> >>> Best regards, >>> --Edwin >>>ÊÊ >> Yes it works on SuSE 10.3 also. >> >> Can you put it onto the Clamav-Website...it is quite an effort to find out >> how to get a correct configure!! >> >> best regards >> Markus >> > > Configure works but freshclam fails :( > > "freshclam: error while loading shared libraries: libclamav.so.5: cannot open shared object file: No such file or directory" > > I will go back to 0.93.3 and wait till all these nasty issues are solved... > :-( You need to run ldconfig as the release announcement says. --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal fr Modem und ISDN: http://www.gmx.net/de/go/smartsurfer ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Clamd does not work
Check if /tmp/clamd.socket is there. If so remove it before you start clamd which can hinder clamd from starting. I hope this helps. Frank FreeBSD 5.4-RELEASE-patched-p8 ClamAV 0.94 from ports Clamd does not work. When starting, i get this in logs: However, clamd is not running and is not in processes list ("ps ax | grep clamd" shows nothing). There are no errors and warnings of any kind. How can i find out what is wrong? ÊÊ kzc> You can always run it with "Foreground yes" and see what it dumps kzc> out on the console. Thanks. On the console i get: [skipped] HTML support enabled. Self checking every 1800 seconds. Bus error What is "Bus error" and how can i deal with it? ÊÊ TE> Bus error can mean different things depending on your architecture, such TE> as unaligned memory reference, stack overrun, etc. TE> For i386 it can't be unaligned references, so we need some further data TE> here. TE> 1. Try running clamd under strace (strace clamd) TE> 2. Run clamd from gdb (gdb clamd, then type run, when it stops with an TE> error type backtrace) strace clamd : execve(0xbfbfe7d0, [0xbfbfecb4], [/* 0 vars */]PIOCWSTOP: Input/output error Listening daemon: PID: 47273 Limits: Global size limit set to 104857600 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 16. Limits: Files limit set to 1. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Mail files support enabled. OLE2 support enabled. PDF support disabled. HTML support enabled. Self checking every 1800 seconds. gdb clamd : (gdb) run Starting program: /usr/local/sbin/clamd (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...Listening daemon: PID: 47697 Limits: Global size limit set to 104857600 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 16. Limits: Files limit set to 1. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Mail files support enabled. OLE2 support enabled. PDF support disabled. HTML support enabled. Self checking every 1800 seconds. Program received signal SIGBUS, Bus error. [Switching to Thread 100197 (LWP 100197)] 0x28141268 in _pthread_sigmask (how=3, set=0xbfbfeb50, oset=0x0) at /usr/src/lib/libthr/thread/thr_sig.c:60 60 error = sigprocmask(how, set, oset); gdb backtrace : A lot of lines like #0 0x28141268 in _pthread_sigmask (how=3, set=0xbfbfeb50, oset=0x0) at /usr/src/lib/libthr/thread/thr_sig.c:60 #1 0x281a5a1a in sigprocmask () from /usr/lib/libpthread.so.1 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] bzip2 1.0.5 for CentOS
Actually I sent them a service ticket about updating bzip2 to version 1.0.5. Below is what I got recently from RedHat support: --- | Case Information | --- Case Title : bzip2 should be updated to version 1.0.5 Case Number : 1855016 Case Open Date : 02-SEP-2008 Problem Type : Last Update Comment as of 05-SEP-2008 05:19:14 :Ê Greetings, Thanks for the update. I have forwarded your queries to our Security Alert team. I shall get back to once i have an update. Best regards Shailendra --- Thank you for your latest interaction with Red Hat Support. If you wish to reach Red Hat, please go to http://support.redhat.com/ for phone and web contact information appropriate to your region and support contract. Red Hat Global Support Services is working a case associated to this email address as the primary point of contact. For tracking purposes, the case has been assigned a number of "1855016" and has the title "bzip2 should be updated to version 1.0.5". More information related to this specific case is attached to this message. If any of this is in error, please notify us immediately by calling our support line at the number specific to your region see https://www.redhat.com/support/service/GSS_phone.html The purpose of this email is to notify you that a Red Hat associate is presently working on this case and has updated the case with the following information.You may continue to follow the progress and read any notes logged to the case at http://support.redhat.com. If you update the case via the web portal (such as adding a note or adding an attachment), the case status will stay in the "Waiting on Red Hat" status, or you may change it to "Closed". If left in "Waiting on Red Hat", the case will stay in this status while it is worked until changed by Red Hat to "Waiting on Customer", If more information is needed from you, or "Pending Closure" or "Closed" depending on the situation. Note: Please do not reply to this email. If you wish to reach Red Hat, please go to http://support.redhat.com for phone and web contact information appropriate to your region and support contract. Thank you so much and have a great day. Frank Red Hat Global Support Services SM wrote: At 01:11 05-09-2008, Tilman Schmidt wrote: ÊÊ But even a manual "yum update" finds nothing to update. I cannot imagine Redhat/CentOS neglecting to provide a patch for that Why not? :-) The response was that "this issue can only result in a crash of the bunzip2 process, which we do not consider to have any security impact." ÊÊ vulnerability, so I am probably doing something wrong. But what? You are not doing anything wrong. Get a newer version of bzip2. Regards, -sm ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ÊÊ More info can be found here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1372 https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html redhat didn't patch it. Their latest version appears to be from 2005 - per the date on the file. -- Roberto Ullfig - [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] bzip2 1.0.5 and clamav 0.94
Hello Edwin, Below is output for nm /usr/lib/libbz2.a|grep bzDecompress: 195c T BZ2_bzDecompress 1ad4 T BZ2_bzDecompressEnd 0954 T BZ2_bzDecompressInit Here is the output for nm -D /usr/lib/libbz2.so*|grep bzDecompress: b960 T BZ2_bzDecompress bb00 T BZ2_bzDecompressEnd aab0 T BZ2_bzDecompressInit b960 T BZ2_bzDecompress bb00 T BZ2_bzDecompressEnd aab0 T BZ2_bzDecompressInit Thank you, Frank On 2008-09-02 23:10, Trk Edwin wrote: Send me your config.log (off-list, this list strips attachments). ÊÊ Thanks for the config.log. There are 2 problems here: - configure thinks bzip2 is bugged, but in fact it cannot link (I opened bb #1158) - seems like the symbol names are not what configure expects (it should be either bzDecompress or BZ2_bzDecompress' /tmp/ccEYOTll.o(.text+0x61):/home/fchan/clamav-0.94/conftest.c:123: undefined reference to `BZ2_bzDecompress' /tmp/ccEYOTll.o(.text+0x7d):/home/fchan/clamav-0.94/conftest.c:121: undefined reference to `BZ2_bzDecompressEnd' Can you show us the output of these commands: - nm /usr/lib/libbz2.a|grep bzDecompress - nm -D /usr/lib/libbz2.so*|grep bzDecompress Thanks, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] No viruses detected since 1711GMT August 29, 2008?
Hello, Thank you for the suggestion and I just sent myself clam.zip test file and clamav detected this correctly. I could be the systems that have been sending virus infected email messages to my mail server have been evacuated because of Tropical Storm Gustav;) Or it could calm before the storm. Again thank you for the suggestion, Frank >fchan wrote: >> Hello, >> Maybe it is just my mail server, but I noticed that I haven't >> detected any virus infected email message since 1711 GMT August 29, >> 2008 > > >Send yourself a test file. There are several in the ClamAV distribution. > >dp >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] No viruses detected since 1711GMT August 29,2008?
Hello, Maybe it is just my mail server, but I noticed that I haven't detected any virus infected email message since 1711 GMT August 29, 2008 so I'm checking if any seen this also. Before this time I got at least 10 virus infected messages per hour so this sudden "quiet" period is a little strange. I see nothing wrong or unusual in clamd.log, freshclam.log and mail logs. I'm running RedHat ES 5 with clamav 0.93.3 with daily.cld is up to date (version: 8118). Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Just checking
Hi Ken, Yes, is has been quiet on this list since August 1, 2008. Must be nothing to say on the list now. Regards, Frank >Just checking out this new mail server I want to make sure this is getting >posted. Haven't seen any traffic for last couple days. > >Thanks, > >Ken >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Large increase in mail viruses?
Hi, I don't know if your seeing this also but since Monday July 28, 2008 I seen double and more in viruses caught by clamav in my mail server. My daily average has been about 100 viruses for our mail server for the last 8 months but since Monday July 28, 2008 my daily average has increased from 200 to 300 and still increasing. The two "popular" viruses on my mail server are Email.Phishing.Bank-42 and Email.PornTeaser-1. I'm checking if anyone else seen this increase or they are just have "fun" with my mail server. Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Date in the past when updating via freshclam.
Hi, On several of my systems to I got this message when updating via freshclam: Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Mon Jul 28 15:47:20 2008 Querying current.cvd.clamav.net TTL: 819 WARNING: DNS record is older than 3 hours. WARNING: Invalid DNS reply. Falling back to HTTP mode. Assuming modification time in the past If-Modified-Since: Mon, 27 Dec 2004 03:52:10 GMT Reading CVD header (main.cvd): Connected to db.us.clamav.net (IP: 168.143.19.95). Trying to retrieve CVD header of http://db.us.clamav.net/main.cvd OK main.cld is up to date (version: 47, sigs: 312304, f-level: 31, builder: sven) Assuming modification time in the past If-Modified-Since: Mon, 27 Dec 2004 03:52:10 GMT Reading CVD header (daily.cvd): Connected to db.us.clamav.net (IP: 168.143.19.95). Trying to retrieve CVD header of http://db.us.clamav.net/daily.cvd OK daily.cld is up to date (version: 7870, sigs: 64633, f-level: 33, builder: neo) I don't know if anyone else seen this and what is causing this. Most importantly, what is the solution to this. Regards, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] -bash: ./configure: No such file or directory
Hi Don, The configure command is for building & compiling from source (raw code) so that's why you didn't see the configure command when you installed from RPM. RPM's are pre-compiled binary packages that will install or update from the rpm file to your system without configure. To verify your installation of clamav is correct you can do a search either freshclam or clamscan. If you do find these two, then you can run this according to the location of these executables freshclam --version (ie /usr/bin/freshclam --version) to tell what version of freshclam you are running. If you don't find these executables then rpm installation is incorrect and you need to re-install from RPM again. Here are some link to rpm command: http://www.linux.org/docs/ldp/howto/RPM-HOWTO/index.html http://www.cyberciti.biz/howto/question/linux/linux-rpm-cheat-sheet.php http://linux.about.com/od/commands/l/blcmdl8_rpm.htm I hope this helps, Frank >Hello, >I am following step by step the installation of clam av and am on this >page: >http://www.clamav.net/doc/latest/html/node11.html > >I am assuming that I had to rpm -Uvh the package first but after that >there is no "configure" file that belongs to the clamav installed >directories? > >I am using clamav-0.90.3-1.el4.rf.i386.rpm > >[FOLLOWIN FIRST LINE OF INSTRUCTION FROM LINK ABOVE]: >[EMAIL PROTECTED] don]# ./configure --prefix=/home/don/clamav >--disable-clamav >-bash: ./configure: No such file or directory > >[SEARCHED FOR "CONFIGURE"]: >[EMAIL PROTECTED] clamav-0.90.3]# locate configure >/opt/nessus/lib/nessus/plugins/twiki_configure_cmd_exec.nasl >/opt/sc3/admin/nasl/selinux_configured.audit >/opt/sc3/admin/nasl/twiki_configure_cmd_exec.nasl >/opt/sc3/support/manual/programs/configure.html.en >/opt/sc3/support/manual/programs/configure.html.ko.euc-kr >/opt/sc3/support/manual/programs/configure.html >/var/www/manual/programs/configure.html >/var/www/manual/programs/configure.html.ko.euc-kr >/var/www/manual/programs/configure.html.en >/var/www/manual/mod/mod_python/inst-configure.html >/usr/local/gmp-4.2.2/macos/configure >/usr/local/gmp-4.2.2/configure.in >/usr/local/gmp-4.2.2/configure >/usr/bin/foomatic-configure >/usr/share/icons/crystalsvg/22x22/actions/configure.png >/usr/share/icons/crystalsvg/16x16/actions/configure.png >/usr/share/icons/crystalsvg/16x16/actions/configure_shortcuts.png >/usr/share/icons/crystalsvg/16x16/actions/configure_toolbars.png >/usr/share/icons/crystalsvg/32x32/actions/configure.png >/usr/share/icons/Bluecurve/48x48/actions/configure.png >/usr/share/icons/Bluecurve/48x48/actions/configure_shortcuts.png >/usr/share/icons/Bluecurve/48x48/actions/configure_toolbars.png >/usr/share/icons/Bluecurve/16x16/actions/configure.png >/usr/share/icons/Bluecurve/16x16/actions/configure_shortcuts.png >/usr/share/icons/Bluecurve/16x16/actions/configure_toolbars.png >/usr/share/icons/Bluecurve/32x32/actions/configure.png >/usr/share/icons/Bluecurve/32x32/actions/configure_shortcuts.png >/usr/share/icons/Bluecurve/32x32/actions/configure_toolbars.png >/usr/share/icons/Bluecurve/24x24/actions/configure.png >/usr/share/icons/Bluecurve/24x24/actions/configure_shortcuts.png >/usr/share/icons/Bluecurve/24x24/actions/configure_toolbars.png >/usr/share/icons/Bluecurve/20x20/actions/configure.png >/usr/share/icons/Bluecurve/20x20/actions/configure_shortcuts.png >/usr/share/icons/Bluecurve/20x20/actions/configure_toolbars.png >/usr/share/icons/Bluecurve/64x64/actions/configure.png >/usr/share/icons/Bluecurve/64x64/actions/configure_shortcuts.png >/usr/share/icons/Bluecurve/64x64/actions/configure_toolbars.png >/usr/share/doc/elinks-0.9.2/manual-0.82-en/links-configure-charset.html >/usr/share/doc/elinks-0.9.2/manual-0.82-en/links-configure-colour.html >/usr/share/doc/elinks-0.9.2/manual-0.82-en/links-configure-extns.html >/usr/share/doc/elinks-0.9.2/manual-0.82-en/links-configure.html >/usr/share/doc/elinks-0.9.2/manual-0.82-en/links-configure-other.html >/usr/share/doc/elinks-0.9.2/manual-0.82-en/links-configure-file.html >/usr/share/doc/samba-3.0.25b/LDAP/smbldap-tools-0.9.2/configure.pl >/usr/share/cups/templates/be/printer-configured.tmpl >/usr/share/cups/templates/printer-configured.tmpl >/usr/share/cups/templates/fr/printer-configured.tmpl >/usr/share/cups/templates/es/printer-configured.tmpl >/usr/share/cups/templates/de/printer-configured.tmpl >/usr/share/man/man1/foomatic-configure.1.gz >/usr/share/info/configure.info.gz > > >Can anyone help as I am not able to move forward from this point and >there is no other documentation that I can find that is helping either. > >Thanks, >Don > > >This message contains information which may be confidential and >privileged. Unless you are the intended addressee (or authorized to >receive for the intended addressee), you may not use, copy or >disclose to anyone the message or any information contained in the >message. If you have received the message in error, please advise >the sender by e-mail then delete the
Re: [Clamav-users] Frequency of virus attacks
Well, it appears that your lucky that you haven't been "discovered" by spammers and botnets so they don't spam you with viruses and spam. How about how many plain spam messages you get? The more "popular" you are the more spam and viruses you will get. I get an average of 150 messages with an viruses a day on my mail server. The most I got was 432 viruses just few days ago but once in a while I get none per day and I do wonder if clamav works at all. Just sit tight and you may become popular and the viruses will come. Frank >Since I installed ClamAV on my mail server, I did not get one single mail with >virus attached. Other spam mail is filtered out by DSpam. When I send some >test mail to my own address and attach some test virus, it is detected by >ClamAV. Is this the expected behaviour? I would have expected to get some >real viruses sooner or later. So I get the impression that real attacks are >not so frequently as expected, or am I just lucky? >Eggert >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] List Archives?
Hi, Here is a mail-archive.com which archive clamav-user list: http://www.mail-archive.com/clamav-users@lists.clamav.net/ One the bottom of the support page there are others: http://www.clamav.org/support/ml Regards, Frank >Second question about RPM locations has been answered, thanks. > http://packages.sw.be/clamav/ >Could the maintainers of 'www.clamav.net' please update their >pages to point to this new location? Thanks! > >If this list is intended to have an archive, then could someone >please check out the malfunction? Thanks. > >- Charles > >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] successfull upgrade from 0.92 to 0.93
Hi, I updated from clamav-0.92.1 to 0.93 on RedHat Linux ES 5, Linux 2.4 and Macintosh OS 10.4.11. I had need to tweak the clamd.conf file because of obsolete ArchiveFileSize, ArchiveMaxFiles, etc. and for the Macintosh 10.4.11 I need to remove the old clamav/lib file before it will compile correctly (thank you Trk Edwin for your help with this). Otherwise I had no issues with clamav-0.93. Maybe it is just me but I noticed that clamav-0.93 scans faster than 0.92.1. Regards, Frank Hello. I see stream of problems that people have with upgrading clamav to 0.93. Just FYI i successfully upgraded from 0.92 to 0.93 on FreeBSD 6.x. Running in production environment from previous Friday (18 april) with no problems. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] US-CERT alert regarding ClamAV
If you have problems compiling clamav-0.92 and newer is because of gcc bug PR28045 and below is the line from my previous configure error: checking for gcc bug PR28045... configure: error: your compiler has gcc PR28045 bug, use a different compiler, see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045 This part of clamav-0.92 and new fix of a bug. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613 And in short we need to get gcc4.1.1 or newer to get this work on Macintosh 10.4.11 and xcode 2.5 which only has an gcc 4.0.1. However Apple hasn't released gcc 4.1.1 or newer for the Mac 10.4.11 so we are left to use this an workaround for this an Japanese clamav user found this and here is the workaround: export CFLAGS='-g' "-g" means debug mode building. Then configure and make as you have done before. When you are compiling clamav-0.93 you may run into this error during make: ld: warning can't open dynamic library: /usr/local/clamXav/lib/libclamunrar.4.dylib referenced from: ../libclamunrar_iface/.libs/libclamunrar_iface.dylib (checking for undefined symbols may be affected) (No such file or directory, errno = 2) ld: Undefined symbols: _ppm_constructor referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _ppm_destructor referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _rar_init_filters referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _rar_unpack referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _rarvm_free referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib /usr/libexec/gcc/i686-apple-darwin8/4.0.1/libtool: internal link edit command failed make[3]: *** [libclamav.la] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 And Trk Edwin said to move or delete the old clamav/lib directory and after that it the compile worked for me. I hope this helps. Frank John Rudd wrote: Nigel Horne wrote: Roberto Ullfig wrote: Nigel Horne wrote: A vulnerability was identified by Secunia in 0.92.1 relating to the PE module. We immediately disabled this module about a month ago. Since then we have been working on, and produced, a fix which is included in 0.93. 0.93 is due for release very soon, and all users are advised to update to this release with immediate effect. 0.93RC1 does not include the fix. Regards, By disabling the module do you mean to say that 0.92.1 is not vulnerable? Why does CERT say otherwise? As soon as we found out about the vulnerability we issued a "dconf" update to switch off the affected module, upack. All 0.92.1 users are advised to upgrade to 0.93 immediately. Oh, and, while we're on the subject, what about 0.88.6? is that version vulnerable? (don't tell me to upgrade -- I haven't been able to get newer versions to compile on Mac OS X 10.4.x) er.. Sorry, I'm using 0.91.2, not 0.88.6, on my Macs. (using 0.92.1 on my Solaris boxes) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problems compiling clamav 0.93 on a Macintosh 10.4.11.
Thank you Edwin! That worked. Frank >fchan wrote: >> Hi, >> I just download clamav 0.93 and attempted to compiled this on my >> Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo. >> Here is my error message I got: >> >> Extracting >> /Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a >> (cd .libs/libclamav.lax/liblzma.a && ar x >> /Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a) >> gcc -dynamiclib -o .libs/libclamav.4.0.1.dylib .libs/matcher-ac.o >> .libs/matcher-bm.o .libs/matcher.o .libs/md5.o .libs/others.o >> .libs/readdb.o .libs/cvd.o .libs/dsig.o .libs/str.o .libs/scanners.o >> .libs/textdet.o .libs/filetypes.o .libs/rtf.o .libs/blob.o >> .libs/mbox.o .libs/message.o .libs/table.o .libs/text.o >> .libs/ole2_extract.o .libs/vba_extract.o .libs/msexpand.o .libs/pe.o >> .libs/upx.o .libs/htmlnorm.o .libs/chmunpack.o .libs/rebuildpe.o >> .libs/petite.o .libs/wwunpack.o .libs/unsp.o .libs/aspack.o >> .libs/packlibs.o .libs/fsg.o .libs/mew.o .libs/upack.o .libs/line.o >> .libs/untar.o .libs/unzip.o .libs/inflate64.o .libs/special.o >> .libs/binhex.o .libs/is_tar.o .libs/tnef.o .libs/autoit.o >> .libs/strlcpy.o .libs/regcomp.o .libs/regerror.o .libs/regexec.o >> .libs/regfree.o .libs/unarj.o .libs/bzlib.o .libs/nulsft.o >> .libs/infblock.o .libs/pdf.o .libs/spin.o .libs/yc.o .libs/elf.o >> .libs/sis.o .libs/uuencode.o .libs/phishcheck.o >> .libs/phish_domaincheck_db.o .libs/phish_whitelist.o >> .libs/regex_list.o .libs/mspack.o .libs/cab.o .libs/entconv.o >> .libs/hashtab.o .libs/dconf.o .libs/lzma_iface.o .libs/explode.o >> .libs/textnorm.o .libs/libclamav.lax/liblzma.a/LzmaStateDecode.o >> -lz -lbz2 /usr/local/lib/libgmp.dylib /usr/lib/libiconv.dylib >> ../libclamunrar_iface/.libs/libclamunrar_iface.dylib >> /usr/local/clamXav/lib/libclamunrar.dylib -install_name >> /usr/local/clamXav/lib/libclamav.4.dylib -compatibility_version 5 >> -current_version 5.1 -Wl,-single_module >> ld: warning can't open dynamic library: >> /usr/local/clamXav/lib/libclamunrar.4.dylib referenced from: >> ../libclamunrar_iface/.libs/libclamunrar_iface.dylib (checking for >> undefined symbols may be affected) (No such file or directory, errno >> = 2) >> ld: Undefined symbols: >> _ppm_constructor referenced from libclamunrar expected to be defined >> in /usr/local/clamXav/lib/libclamunrar.4.dylib >> _ppm_destructor referenced from libclamunrar expected to be defined >> in /usr/local/clamXav/lib/libclamunrar.4.dylib >> _rar_init_filters referenced from libclamunrar expected to be defined >> in /usr/local/clamXav/lib/libclamunrar.4.dylib >> _rar_unpack referenced from libclamunrar expected to be defined in >> /usr/local/clamXav/lib/libclamunrar.4.dylib >> _rarvm_free referenced from libclamunrar expected to be defined in >> /usr/local/clamXav/lib/libclamunrar.4.dylib >> /usr/libexec/gcc/i686-apple-darwin8/4.0.1/libtool: internal link edit >> command failed >> make[3]: *** [libclamav.la] Error 1 >> make[2]: *** [all-recursive] Error 1 >> make[1]: *** [all-recursive] Error 1 >> make: *** [all] Error 2 >> >> It appears the ../libclamunrar_iface/.libs/libclamunrar_iface.dylib >> is incorrectly defined so that >> /usr/local/clamXav/lib/libclamunrar.4.dylib in the prefix directory. >> Correct me if I'm wrong. > >Can you remove old libclam* files from /usr/local/clamXav/lib and try >again please? >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Problems compiling clamav 0.93 on a Macintosh 10.4.11.
Hi, I just download clamav 0.93 and attempted to compiled this on my Apple Macintosh 10.4.11 on a Apple MacBook Pro Core2 Duo. Here is my error message I got: Extracting /Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a (cd .libs/libclamav.lax/liblzma.a && ar x /Applications/Utilities/clamav/clamav-0.93/libclamav/lzma/.libs/liblzma.a) gcc -dynamiclib -o .libs/libclamav.4.0.1.dylib .libs/matcher-ac.o .libs/matcher-bm.o .libs/matcher.o .libs/md5.o .libs/others.o .libs/readdb.o .libs/cvd.o .libs/dsig.o .libs/str.o .libs/scanners.o .libs/textdet.o .libs/filetypes.o .libs/rtf.o .libs/blob.o .libs/mbox.o .libs/message.o .libs/table.o .libs/text.o .libs/ole2_extract.o .libs/vba_extract.o .libs/msexpand.o .libs/pe.o .libs/upx.o .libs/htmlnorm.o .libs/chmunpack.o .libs/rebuildpe.o .libs/petite.o .libs/wwunpack.o .libs/unsp.o .libs/aspack.o .libs/packlibs.o .libs/fsg.o .libs/mew.o .libs/upack.o .libs/line.o .libs/untar.o .libs/unzip.o .libs/inflate64.o .libs/special.o .libs/binhex.o .libs/is_tar.o .libs/tnef.o .libs/autoit.o .libs/strlcpy.o .libs/regcomp.o .libs/regerror.o .libs/regexec.o .libs/regfree.o .libs/unarj.o .libs/bzlib.o .libs/nulsft.o .libs/infblock.o .libs/pdf.o .libs/spin.o .libs/yc.o .libs/elf.o .libs/sis.o .libs/uuencode.o .libs/phishcheck.o .libs/phish_domaincheck_db.o .libs/phish_whitelist.o .libs/regex_list.o .libs/mspack.o .libs/cab.o .libs/entconv.o .libs/hashtab.o .libs/dconf.o .libs/lzma_iface.o .libs/explode.o .libs/textnorm.o .libs/libclamav.lax/liblzma.a/LzmaStateDecode.o -lz -lbz2 /usr/local/lib/libgmp.dylib /usr/lib/libiconv.dylib ../libclamunrar_iface/.libs/libclamunrar_iface.dylib /usr/local/clamXav/lib/libclamunrar.dylib -install_name /usr/local/clamXav/lib/libclamav.4.dylib -compatibility_version 5 -current_version 5.1 -Wl,-single_module ld: warning can't open dynamic library: /usr/local/clamXav/lib/libclamunrar.4.dylib referenced from: ../libclamunrar_iface/.libs/libclamunrar_iface.dylib (checking for undefined symbols may be affected) (No such file or directory, errno = 2) ld: Undefined symbols: _ppm_constructor referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _ppm_destructor referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _rar_init_filters referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _rar_unpack referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib _rarvm_free referenced from libclamunrar expected to be defined in /usr/local/clamXav/lib/libclamunrar.4.dylib /usr/libexec/gcc/i686-apple-darwin8/4.0.1/libtool: internal link edit command failed make[3]: *** [libclamav.la] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 It appears the ../libclamunrar_iface/.libs/libclamunrar_iface.dylib is incorrectly defined so that /usr/local/clamXav/lib/libclamunrar.4.dylib in the prefix directory. Correct me if I'm wrong. Regards, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav0.92 install problem
Hello Joey, Try to make sure the clamd daemon is not running. Also if your are running sockets that any clamd file in tmp are removed. Regards, Frank >Installing new version of clamav over clamav0.91.2 when i get to the >make install step i get this error message: > >/usr/bin/install: cannot remove '/usr/sbin/clamd': Permission Denied. > > >I tried to uninstall the old version but got the same message. This >is the first problem i've had upgraded or installing Clamav since i >started using it since 04. Any help would be appreciated. > > > >Thanks In Advance > > >Joey Mcknight >District Computer Tech >Newport School District >Newport, Arkansas > >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav gcc dependendencies ...
Hi, I just configure with CFLAGS="-O0" and did make and make install and it worked on my Mac running 10.4.11! However we in the Apple user community are at the mercy of Apple as to when Apple will update gcc to 4.1.1 or later. I had pre-release version of gcc-4.2.1 from Apple which didn't work on compiling clamav on my Mac running 10.4.11. This pre-release version of gcc-4.2.1 was for a different project so I didn't think it would work since it was partial release. Frank hey all, just to chime in with GCC 4.0.1 compiler problems on Mac OS X 10.4.10Ê Server. it breaks with the same errors mentioned: checking for a supported version of gcc... ok (4.0.1) checking for gcc bug PR27603... ok, bug not present checking for gcc bug PR28045... configure: error: your compiler hasÊ gcc PR28045 bug, use a different compiler, see http://gcc.gnu.org/ bugzilla/show_bug.cgi?id=28045 but with Edwins mentioned parameter: CFLAGS="-O0" it works CFLAGS="-O1" or CFLAGS="-O2" it fails again. is it safe to build it with CFLAGS="-O0" and to let it run onÊ production servers? i have to mention, that i'm no expert in using compiler options. thx. oliver Am 18.12.2007 um 15:10 schrieb Trk Edwin: Leonardo Rodrigues Magalhes wrote: Compiling clamav-0.92 with an old gcc (gcc 3.2 in my Fedora 4 and Fedora 5 machines) will make clamav behave strangely, slow ...Ê disable features ... or something like that ? Is it 'very bad' to compile clamav-0.92 with gcc 3.2 ?? Please note that i'm NOT running in high loaded environments, so missing some optimizations flags which would make clamav 0,05% faster will certainly NOT be a problem to me. Any compiler that passes the test in ./configure is ok (just to beÊ clear, you can use any compiler, not just gcc). For gcc versions > 4.1.1, and < 4.0 are known to work. So 3.2 is ok. --Edwin ___ Help us build a comprehensive ClamAV guide: visit http:// wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav gcc dependendencies ...
Hello, I'm on a MacBookPro running 10.4.11 with xcode 2.5 and I tried your suggestion "export CC=gcc-3.4" and I got this error: checking for gcc... gcc-3.4 checking for C compiler default output file name... configure: error: C compiler cannot create executables See `config.log' for more details. Here is what saw in config.log: ./configure: line 1: gcc-3.4: command not found configure:3220: $? = 127 configure:3258: result: configure: failed program was: | /* confdefs.h. */ | #define PACKAGE_NAME "" | #define PACKAGE_TARNAME "" | #define PACKAGE_VERSION "" | #define PACKAGE_STRING "" | #define PACKAGE_BUGREPORT "" | #define PACKAGE "clamav" | #define VERSION "0.92" | /* end confdefs.h. */ | | int | main () | { | | ; | return 0; | } configure:3265: error: C compiler cannot create executables See `config.log' for more details. I'll play around here to what will work on Mac OS X with configuring clamav. Thank you, Frank Per Jessen wrote: I guess there was no other way than to make clamav dependent on gcc, but it sure is bad timing.Ê Only a week before Christmas, most systems are frozen, people have already left for vacation etc. Updating clamav is within reason for us, but upgrading gcc too ... ÊÊ You don't need to upgrade to 4.1.2/4.2.x. gcc-3.4 can be nicely installed side-by-side with a 4.0.x/4.1.0 series gcc, all you need to do is: # apt-get install gcc-3.4 $ export CC=gcc-3.4 $ ./configure Was/is there absolutely no way of fixing this gcc problem in the clamav source? ÊÊ There are bounds checks in the code, that the compiler removes, thus leaving clamav vulnerable and crashing. Sorry, but that is a broken compiler version. --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] help, can't compile clamav-0.92 ("gcc bug")
Hi, I have the same thing happening a my MacBookPro. I get this message also: checking for gcc bug PR28045... configure: error: your compiler has gcc PR28045 bug, use a different compiler, see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045 I'm using xcode_2.4.1_8m and I'm downloading xcode_3.0 to hopefully resolve this issue and hopefully that Apple updated gcc on this newer xcode. Any other Mac people seen this issue? Thank you, Frank >Hi! > >We are using Ubuntu 6.06 LTS (Dapper Drake) on x86 boxes, and 6.06 uses gcc >4.0.3...and as such, we cannot compile the new clamav-0.92: > > checking for a supported version of gcc... ok (4.0.3) > checking for gcc bug PR27603... ok, bug not present > checking for gcc bug PR28045... configure: error: your compiler has gcc >PR28045 bug, use a different compiler, see >http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28045 > >How do you "use a different compiler"? gcc 4.0.3 is what 6.06 LTS >provides...I don't know how to change this (??). > >If I were to disable compiler optimizations in the clamav build, could I >work around this bug in gcc 4.0.3? Which clamav file(s) have a problem with >this bug? > >Thank you for any assistance! > >--Ed >___ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Quiet period for viruses?
Hi, Maybe it just me but I noticed that the clamav definitions are still at 4540 dated 14 October 2007 0143 UTC or has the virus writers has called a truce. Regards, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Interesting message in Fedora Core 6 running clamav-0.90.3.
Hello, I was doing a test clamscan using clamav-0.90.3 on a machine running Fedora Core 6 with the kernel 2.6.20-1.2948.fc6 and I got this message: LibClamAV Warning: Bad compression in flate stream I'm running this other kernel versions and didn't see this message running clamscan. Regards, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamd dying.
Hello, Last night my clamd died on my server here what my logs say: Tue Mar 13 20:48:07 2007 -> SelfCheck: Database status OK. Tue Mar 13 20:58:10 2007 -> SelfCheck: Database modification detected. Forcing reload. Tue Mar 13 20:58:10 2007 -> Reading databases from /var/lib/clamav Tue Mar 13 20:58:10 2007 -> /var/spool/qmailscan/tmp/117384468772212046/1173844690.430-0: HTML.Phishing.Bank-1156 FOUND Tue Mar 13 20:58:12 2007 -> ERROR: reload db failed: Malformed database Tue Mar 13 20:58:12 2007 -> Terminating because of a fatal error. Tue Mar 13 20:58:12 2007 -> Shutting down the main sockets. Tue Mar 13 20:58:12 2007 -> Closing the main sockets. Tue Mar 13 20:58:12 2007 -> Socket file removed.Tue Mar 13 20:58:12 2007 -> ERROR: Can't unlink the pid file /var/run/clamd.pid Tue Mar 13 20:58:12 2007 -> --- Stopped at Tue Mar 13 20:58:12 2007 What could be the cause of this problem? Thank you, Frank ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav cvd mirrors sync?
Hello, I'm noticed on several system I manage at this moment that the daily.cvd is 2107 but one of them is daily.cvd is 2108. So I did an freshclam -v --no-dns on the systems with 2107 and it showed: Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Thu Oct 26 12:23:15 2006 Connected to db.us.clamav.net (IP: 63.166.28.8). Trying to retrieve http://db.us.clamav.net/main.cvd If-Modified-Since: Wed, 16 Aug 2006 20:37:54 GMT Reading CVD header (main.cvd): OK (IMS) main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm) Connected to db.us.clamav.net (IP: 63.166.28.8). Trying to retrieve http://db.us.clamav.net/daily.cvd If-Modified-Since: Thu, 26 Oct 2006 14:55:28 GMT Reading CVD header (daily.cvd): OK (IMS) daily.cvd is up to date (version: 2107, sigs: 10372, f-level: 8, builder: sven) Freeing option list...done Are you any of you seeing this also? Warm regards, Frank ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Is there that many updates to the daily.cvd today?
Hello Christoph, Thank you and all other Clamav team members for your hard work to keep us safe. Again thank you, Frank Hello fchan, Wednesday, July 19, 2006, 12:52:05 AM, you wrote: Is there that much new malware just for today to get this many updates to the daily.cvd? Correct me if I'm wrong but today started at 1601 and it is now 1607 for the Pacific Time zone and the day isn't over yet. The mirrors are having a hard time keeping up. That«s right, at the moment someone sends out variants of a trojan.downloader, we publish as they come in. Sorry for all the traffic. -- Best regards, Christophmailto:[EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Is there that many updates to the daily.cvd today?
Is there that much new malware just for today to get this many updates to the daily.cvd? Correct me if I'm wrong but today started at 1601 and it is now 1607 for the Pacific Time zone and the day isn't over yet. The mirrors are having a hard time keeping up. Regards, Frank ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav 0.88.1 compile error.
Hello, I was doing and make on clamav 0.88.1 and I got this error message. I'm running linux 2.4.30 and I'm checking if anyone everyone seen this error. I have installed clamav 0.88.1 on several other systems without any problem but this is the first time I've seen this error. gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.so -lz -lbz2 -lgmp -lpthread -lnsl cfgparser.o: In function `parsecfg': /usr/local/flog/clamav-0.88.1/clamscan/../shared/cfgparser.c:190: undefined reference to `__ctype_tolower' manager.o: In function `scanmanager': /usr/local/flog/clamav-0.88.1/clamscan/manager.c:137: undefined reference to `__ctype_tolower' manager.o: In function `clamav_unpack': /usr/local/flog/clamav-0.88.1/clamscan/manager.c:862: undefined reference to `__ctype_tolower' ../libclamav/.libs/libclamav.so: undefined reference to `__ctype_b' ../libclamav/.libs/libclamav.so: undefined reference to `__ctype_toupper' collect2: ld returned 1 exit status make[2]: *** [clamscan] Error 1 make[2]: Leaving directory `/usr/local/flog/clamav-0.88.1/clamscan' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/flog/clamav-0.88.1' make: *** [all] Error 2 Thank you in advanced for any assistance, Frank ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamscan can see TNEF files but clamdscan cannot
Hi, You need to compile it from http://sourceforge.net/projects/tnef/. I have it and you need recompile clamav so it knows it is there. I hope this helps. Regards, Frank Hi, It seems that clamdscan cannot detect TNEF files but clamscan will detect them. I tested this with the EICAR winmail.dat test#13 Email from testvirus.org. I can't find anything I can set in /etc/clamd.conf. [root]# clamdscan temp.txt /tmp/temp.txt: OK --- SCAN SUMMARY --- Infected files: 0 Time: 0.013 sec (0 m 0 s) [root]# clamscan temp.txt temp.txt: Eicar-Test-Signature FOUND --- SCAN SUMMARY --- Known viruses: 40192 Engine version: 0.86.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Time: 1.662 sec (0 m 1 s) [root]# __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Slow scanning of large Power Point Presentations
Hi Chris, That should be understandable for what it is scanning. This is also affected by if there are large images in the file. My boss creates 40MB PowerPoints which takes 162 second (2.7 minutes) to scan. But remember the system is doing other things at the same time when it is scanning the document so this will vary. I have an 2GHz single processor 2GB RAM with ClamAV 0.87 using reformime but only have 30 users (excluding aliases) and have spamassassin scanning spam also. I hope this helps. Regards, Frank Hi, I`m running Clam AV 0.87 and have noticed some poor performance when scanning large (20Mb+) Power Point presentations. These scans can take upwards of 3 minutes. I had similar issues with 0.86.1 but upgrading has not resolved the problem. I'm running Clamd with Mimedefang on a 2.4Ghz Xeon 4 processor machine with 3Gb of RAM, running Red Hat 8. Has anyone else experienced issues with .ppt files taking large amounts of time? Chris Hannam ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav on Mac OS X 10.4 Server
I see the same thing here on a PowerBook G4 running 10.4 (Tiger). I had ClamXav with clamav engine 0.83 running okay since 10.3.9. Frank I've just "upgraded" to Mac OS X Server, which according to all the literature includes clamav... version 0.81! Upon downloading clamav-0.84, I discovered that I cannot build it successfully. During ./configure, I get the following warning: configure: WARNING: resolv.h: present but cannot be compiled configure: WARNING: resolv.h: check for missing prerequisite headers? configure: WARNING: resolv.h: see the Autoconf documentation configure: WARNING: resolv.h: section "Present But Cannot Be Compiled" configure: WARNING: resolv.h: proceeding with the preprocessor's result configure: WARNING: resolv.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## During the build, I get lots of warnings similar to these: matcher.c: In function 'cli_checkfp': matcher.c:180: warning: pointer targets in assignment differ in signedness matcher.c:185: warning: pointer targets in passing argument 1 of 'cli_vermd5' differ in signedness In the end, make fails with: In file included from ./zziplib/zzip.h:21, from zziplib/zzip-dir.c:18: ./zziplib/zziplib.h:91: error: parse error before "zzip_ssize_t" ./zziplib/zziplib.h:91: warning: data definition has no type or storage class ./zziplib/zziplib.h:194: error: parse error before "zzip_file_read" ./zziplib/zziplib.h:194: warning: data definition has no type or storage class ./zziplib/zziplib.h:201: error: parse error before "zzip_read" ./zziplib/zziplib.h:201: warning: data definition has no type or storage class make[2]: *** [zzip-dir.lo] Error 1 Mac OS X 10.4 introduces gcc-4.0, which I initially suspected as the culprit. However, even after switching to gcc-3.3 (and validating with gcc-v), I still get the same errors. Anybody else have the same issues? ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html